Exam 500-220 topic 2 question 12 discussion

MX devices can be configured in a high-availability pair (warm spare) using one of two MX addressing options (Security & SD-WAN > Configure > Addressing & VLANs): Passthrough or VPN Concentrator mode Routed mode BE

A E is correct

It is A and E since we cannot have VLANs configured in passthrough VPN concentrator mode. In fact, I just checked right now that the Site to Site VPN is through the VLANs.

B and E Passthrough mode supportes only Intrusion Detection and NOT Prevention. A is not correct

A & B In Passthrough Mode, since the Meraki device is not actively performing routing functions or managing network traffic in the same way, High Availability is NOT SUPPORTED.

High availability can be inn both mode: Routed mode Passthrough or VPN Concentrator mode.

IPS + HA

The answer is A & B.

AB You can enable intrusion prevention by setting the Mode drop-down to Prevention under Security & SD-WAN > Configure > Threat protection > Intrusion detection and prevention. Traffic will be automatically blocked by best effort if it is detected as malicious based on the detection ruleset specified above. Protected Network section is used to controls the IP addresses or subnets of the systems protectied. Entries should be separated by commas or blank space(s). This will narrow down the subnets protected, it will protect only the subnets listed. Note: The Protected Network section is only available for Security Appliances in Passthrough mode. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#:~:text=The%20MX's%20Intrusion%20Detection%20and,to%20ensure%20networks%20are%20safeguarded.

Guys, I have this exact scenario in production right now and the answer is AE. We have two MX250s in passthrough mode for Intrusion PREVENTION and they are setup in HA. While they can technically do site-to-site VPN, but if they did, they would be considered CONCENTRATORS and not as pass-thru devices as per all Meraki official documentation as well as the description in the dashboard itself - thus AE is the most correct answer.

A,B https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway

i have configured it for production and know that both B and E are possible. two VMX in HA and both in concentrator mode. Answers BE

When in passthrough mode, the MX is best used for in-line: Layer 3/7 firewall rules, traffic shaping, and analysis Network asset discovery and reporting Intrusion detection Security and content filtering Client and site-to-site VPN

Correct: A and B

https://originalcerts.org/ Pass CCNA,CCNP,ITIL,Prince2,CITRIX,JUNIPER,AZURE,IBM,HP exams Pay After Results

A and B

Intrusion prevention Yes Site-to-site VPN Yes Secondary uplinks No DHCP No High availability No