Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1810
Views
3
Helpful
5
Replies

VPN Concentrator mode

Go to solution
njccnp
Level 2
Level 2

‎02-17-2026 06:16 AM

I've seen inconsistent information about exactly which features are disabled in VPN concentrator mode. I know that VLANs, routing, NAT, and DHCP server are disabled. All documentation seems to agree on that, so that's not in question. But I'm not sure about firewall functionality. I initially read that all firewall services are disabled, except IDS. But now I've read other sources saying that firewall functionality is not disabled at all, and once source that says that only content filtering is disabled.

I'm looking for an exact list of which features are not available in VPN concentrator mode.

And more importantly, is this list anywhere in the Meraki online documentation?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RWelch-USA
Meraki Community All-Star
Meraki Community All-Star

‎02-17-2026 01:25 PM

image.png

> I'm looking for an exact list of which features are not available in VPN concentrator mode.

Not sure if such a list (non supported features) exists but here is a list of features for your consideration General MX Best Practices.

View solution in original post

5 Replies 5

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎02-17-2026 06:20 AM

When an MX Security Appliance is switched to VPN Concentrator / Passthrough mode, the unit essentially becomes a Layer-2 bridge and no longer functions as a full router/firewall appliance.

The firewall function will work just for inbound traffic.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
njccnp
Level 2
Level 2
In response to aleabrahao

‎02-17-2026 06:30 AM

So, does this mean it does still support all of its firewall features (L3/L7 firewall rules, content filtering, AMP, etc.), but just without routing/VLANs/NAT/DHCP service?

0 Helpful

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to njccnp

‎02-17-2026 06:42 AM

When in passthrough mode, the MX is best used for in-line:

Layer 3/7 firewall rules, traffic shaping, and analysis

Network asset discovery and reporting

Intrusion detection

Client and site-to-site VPN

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
RWelch-USA
Meraki Community All-Star
Meraki Community All-Star

‎02-17-2026 01:25 PM

image.png

> I'm looking for an exact list of which features are not available in VPN concentrator mode.

Not sure if such a list (non supported features) exists but here is a list of features for your consideration General MX Best Practices.

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎02-17-2026 06:55 PM

Site-to-site VPN firewall rules still work.

I don't know about the firewall rules used for Internet access. I have not had to use it for that case.

0 Helpful
Customers Also Viewed These Support Documents