A & B
In Passthrough Mode, since the Meraki device is not actively performing routing functions or managing network traffic in the same way, High Availability is NOT SUPPORTED.
AB
You can enable intrusion prevention by setting the Mode drop-down to Prevention under Security & SD-WAN > Configure > Threat protection > Intrusion detection and prevention. Traffic will be automatically blocked by best effort if it is detected as malicious based on the detection ruleset specified above.
Protected Network section is used to controls the IP addresses or subnets of the systems protectied. Entries should be separated by commas or blank space(s). This will narrow down the subnets protected, it will protect only the subnets listed.
Note: The Protected Network section is only available for Security Appliances in Passthrough mode.
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#:~:text=The%20MX's%20Intrusion%20Detection%20and,to%20ensure%20networks%20are%20safeguarded.
Guys, I have this exact scenario in production right now and the answer is AE. We have two MX250s in passthrough mode for Intrusion PREVENTION and they are setup in HA. While they can technically do site-to-site VPN, but if they did, they would be considered CONCENTRATORS and not as pass-thru devices as per all Meraki official documentation as well as the description in the dashboard itself - thus AE is the most correct answer.
When in passthrough mode, the MX is best used for in-line:
Layer 3/7 firewall rules, traffic shaping, and analysis
Network asset discovery and reporting
Intrusion detection
Security and content filtering
Client and site-to-site VPN
The question was, which features ARE supported (not which are NOT), so: B and E
https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway
champ according to the link you shared,the answer is A and B
Configuration Differences
There are a number of differences in configuration between Routed and passthrough modes on the MX:
Secondary uplinks cannot be used for Internet connectivity. Thus Security & SD-WAN > Configure > SD-WAN & traffic shaping > Uplink configuration only has the option for limiting bandwidth on WAN 1.
Site-to-site VPN can only operate in split-tunnel mode when configured as a hub. Traffic bound to VPN subnets must be directed to the MX.
DHCP is no longer available. DHCP requests will simply pass through the MX.
Cellular uplink is no longer available.
VLANs cannot be configured. The MX/Z1 will act as a bridge between the Internet and LAN ports.
A and E.
intrusion PREVENTION is not support
HA in passthrough mode is support
MX Warm Spare - High-Availability Pair - Cisco Meraki
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte_
2 weeks, 2 days agosattori
2 months agoMPIAZZAL
3 months, 3 weeks agoGilgamesh_SHA
6 months ago5448108
6 months, 1 week agojzzmth
6 months, 3 weeks agoAnyParka0B
9 months agoXalaGyan
1 year agonyashac
1 year, 1 month agornunes1110
1 year, 2 months agofredbarron010
1 year, 2 months agornunes1110
1 year, 3 months agoCaptainPirate
1 year, 5 months agoJean226
1 year, 8 months agozylike
1 year, 9 months agoCaptainPirate
1 year, 6 months agoblahblahblah2
1 year, 9 months agoshonda319
1 year, 11 months ago