The Meraki Client VPN RADIUS instructions support push, phone call, or passcode authentication for desktop and mobile client connections that use SSL encryption. This configuration does not feature the interactive Duo Prompt for web-based logins.
It is a fully-fledged end-point mobility client solution. However, unlike the AnyConnect implementation on the ASA or FirePOWER with support for multiple features like Host scan, Web launch, etc, the MX security appliance supports SSL Core VPN and other AnyConnect modules that do not require additional configuration on the MX. The Meraki MX64 provides unlimited VPN users We love the Cisco Meraki VPN at Telnexus. The MX security appliance is a powerful guardian and gateway between the wild Internet and your private Local Area Network (LAN). We should have switched to MX if it only had SSL VPN Client support. That was the only feature that was a red flag for us that's why we settled for another brand for now. Hope Meraki considers to implement it soon.
General Tab
The settings configured on the General tab on the Sonicwall interface should follow the configuration below:
- Policy Type: Site to Site
- Authentication Method: IKE using Preshared Secret
- Name: Enter a name the security policy will be displayed as on the Sonicwall
- IPsec Primary Gateway Name or Address: Enter the public IP address of the MX.
- IPsec Secondary Gateway Name or Address: Use the address '0.0.0.0'
- Shared Secret: This should match the Preshared secret configured for this peer on the Security & SD-WAN >Configure > Site-to-site VPN page in Dashboard
- Local IKE ID: Select 'IP Address' and enter the public IP address of the Sonicwall.
- Peer IKE ID: Select 'IP Address' and enter the IP address configured on the MX's primary uplink. If the MX is relying on a cellular connection, use the IP address of the cellular modem. If the MX is behind a NATing device, this IP (unlike the public IP address that was used for 'IPsec Primary Gateway Name or Address' mentioned above) will be the NATed IP address of the MX.
About the connector
Cisco Meraki MX VPN Firewall gives administrators the ability to add firewall rules to restrict the traffic flow through the VPN tunnel for a Cisco Meraki MX Security Appliance.
Client Vpn Setup Meraki
This document provides information about the Cisco Meraki MX VPN Firewall connector, which facilitates automated interactions, with a service-based URI of Cisco Meraki MX VPN Firewall using FortiSOAR™ playbooks. Add the Cisco Meraki MX VPN Firewall connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of firewall rules for an organization's site-to-site VPN and updating the firewall rules of an organization's site-to-site VPN.
Version information
Meraki Mx Ssl Vpn Login
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
Installing the connector
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the
You can also use the
yum
command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root
user to install connectors:yum install cyops-connector-cisco-meraki-mx-vpn-firewall
Prerequisites to configuring the connector
- You must have the Service-based URI of Cisco Meraki MX VPN Firewall to which you will connect and perform automated operations and the API key configured for your account for using the Cisco Meraki API.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here
Meraki Ssl Vpn Client
Configuration parameters
In FortiSOAR™, on the Connectors page, click the Cisco Meraki MX VPN Firewall connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | Service-based URI to which you will connect and perform the automated operations. |
API Key | API key configured for your account for using the Cisco Meraki API. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
Actions supported by the connector
Cisco anyconnect oracle sign in. The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Organization VPN Firewall Rules | Retrieve a list of firewall rules for an organization's site-to-site VPN based on the Organization ID you have specified. | get_vpn_firewall_rules Investigation |
Update Organization VPN Firewall Rules | Updates the firewall rules of an organization's site-to-site VPN based on the Organization ID and rules you have specified. | update_firewall_rules Investigation |
operation: Get Organization VPN Firewall Rules
Input parameters
Parameter | Description |
---|---|
Organization ID | ID of the organization for which you want to retrieve the list of MX VPN firewall rules. |
Output
Mtk helio p22 vs snapdragon 665. The output contains the following populated JSON schema:
{
'policy': ',
'srcCidr': ',
'comment': ',
'srcPort': ',
'destCidr': ',
'destPort': ',
'protocol': ',
'syslogEnabled': '
}
operation: Update Organization VPN Firewall Rules
Input parameters
Parameter | Description |
---|---|
organization ID | ID of the organization whose VPN firewall rules you want to update. |
Rules | An ordered array of the MX VPN firewall rules that you want to update on the specified organization. You require to specify the following parameters:
An example of a defined rule: {'rules': [{'comment': 'Allow TCP traffic to subnet with HTTP servers.', 'policy': 'allow', 'protocol': 'tcp', 'destPort': '443', 'destCidr': '192.168.1.0/24', 'srcPort': 'Any', 'srcCidr': 'Any', 'syslogEnabled': false}]} |
![Meraki mx ssl vpn free Meraki mx ssl vpn free](http://pixellibre.net/streisand-data/autoblog/Korben/index.php?m=https://korben.info/app/uploads/2019/12/IMG_6401-473x1024.png)
Output
The output contains the following populated JSON schema:
{
'policy': ',
'srcCidr': ',
'comment': ',
'srcPort': ',
'destCidr': ',
'destPort': ',
'protocol': ',
'syslogEnabled': '
}
Included playbooks
Axure rp. The
Sample - Cisco Meraki MX VPN Firewall - 1.0.0
playbook collection comes bundled with the Cisco Meraki MX VPN Firewall connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the Cisco Meraki MX VPN Firewall connector.- Get Organization VPN Firewall Rules
- Update Organization VPN Firewall Rules
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.