After replacing a third party firewall with a MX Security Appliance its active 1:1 NAT rules may not forward traffic properly. This is because the upstream modem or router has not updated its ARP table and needs to be restarted or cleared. The upstream modem/router handles the packets that are being forwarded to the MX that are not addressed to the public address of the MX. For more information on the ARP protocol refer to this article.
File transfer protocol (FTP) is a popular application-layer protocol that is used for file transfers across TCP networks. FTP supports two modes: active and passive. These modes use different connection mechanisms, and each require different firewall configurations to allow access. This article discusses the differences between these modes and the necessary firewall configurations for Cisco Meraki MX Security Appliances.
1:1 NAT Translation on the MX Security Appliance maps specific public IP address to an internal IP address. This is useful when internal servers need to be accessed by external clients using multiple public IP addresses. This article briefly describes example configurations, considerations, and best practices for 1:1 NAT translation.
This article discusses a pitfall that must be avoided when configuring Site-to-Site VPN with Manual Port Forwarding. If the Manual Port Forwarding is configured for ports UDP 500 or 4500, it will break the Client VPN.