Which two features and functions are supported when using an MX appliance in Passthrough mode? (Choose two.)
Which two features and functions are supported when using an MX appliance in Passthrough mode? (Choose two.)
Using an MX appliance in Passthrough mode supports intrusion prevention and site-to-site VPN. Intrusion prevention provides security by monitoring network traffic for suspicious activity and potential threats, while site-to-site VPN allows secure connections between different geographic locations. Features like secondary uplinks, DHCP, and high availability are not supported in Passthrough mode.
When in passthrough mode, the MX is best used for in-line: - Layer 3/7 firewall rules, traffic shaping, and analysis - Network asset discovery and reporting - Intrusion detection - Security and content filtering - Client and site-to-site VPN
Guys, I have this exact scenario in production right now and the answer is AE. We have two MX250s in passthrough mode for Intrusion PREVENTION and they are setup in HA. While they can technically do site-to-site VPN, but if they did, they would be considered CONCENTRATORS and not as pass-thru devices as per all Meraki official documentation as well as the description in the dashboard itself - thus AE is the most correct answer.
The question was, which features ARE supported (not which are NOT), so: B and E https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway
champ according to the link you shared,the answer is A and B Configuration Differences There are a number of differences in configuration between Routed and passthrough modes on the MX: Secondary uplinks cannot be used for Internet connectivity. Thus Security & SD-WAN > Configure > SD-WAN & traffic shaping > Uplink configuration only has the option for limiting bandwidth on WAN 1. Site-to-site VPN can only operate in split-tunnel mode when configured as a hub. Traffic bound to VPN subnets must be directed to the MX. DHCP is no longer available. DHCP requests will simply pass through the MX. Cellular uplink is no longer available. VLANs cannot be configured. The MX/Z1 will act as a bridge between the Internet and LAN ports.
BE are correct
Intrusion prevention Yes Site-to-site VPN Yes Secondary uplinks No DHCP No High availability No
Correct: A and B
When in passthrough mode, the MX is best used for in-line: Layer 3/7 firewall rules, traffic shaping, and analysis Network asset discovery and reporting Intrusion detection Security and content filtering Client and site-to-site VPN
i have configured it for production and know that both B and E are possible. two VMX in HA and both in concentrator mode. Answers BE
A,B https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway
AB You can enable intrusion prevention by setting the Mode drop-down to Prevention under Security & SD-WAN > Configure > Threat protection > Intrusion detection and prevention. Traffic will be automatically blocked by best effort if it is detected as malicious based on the detection ruleset specified above. Protected Network section is used to controls the IP addresses or subnets of the systems protectied. Entries should be separated by commas or blank space(s). This will narrow down the subnets protected, it will protect only the subnets listed. Note: The Protected Network section is only available for Security Appliances in Passthrough mode. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#:~:text=The%20MX's%20Intrusion%20Detection%20and,to%20ensure%20networks%20are%20safeguarded.
B and E Passthrough mode supportes only Intrusion Detection and NOT Prevention. A is not correct
It is A and E since we cannot have VLANs configured in passthrough VPN concentrator mode. In fact, I just checked right now that the Site to Site VPN is through the VLANs.
https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway This should be Intrusion DETECTION not Prevention
A and E. intrusion PREVENTION is not support HA in passthrough mode is support MX Warm Spare - High-Availability Pair - Cisco Meraki https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
intrustion detection, it cannot do prevention so A and E
A and B
https://originalcerts.org/ Pass CCNA,CCNP,ITIL,Prince2,CITRIX,JUNIPER,AZURE,IBM,HP exams Pay After Results
The answer is A & B.
IPS + HA
High availability can be inn both mode: Routed mode Passthrough or VPN Concentrator mode.
A & B In Passthrough Mode, since the Meraki device is not actively performing routing functions or managing network traffic in the same way, High Availability is NOT SUPPORTED.