If you weren’t aware, every Meraki device has a local status page for provisioning, configuration, and onsite troubleshooting. No need for a USB-to-console-dingus to get access to the unit locally. Simply connect an Ethernet cable to a LAN or management port on the device, open a web browser, navigate to setup.meraki.com, and be surprised by the lovely HTML5 local web console.
If you’re rocking Meraki MX security appliances and have configured static IP addresses on the WAN interfaces, then you’re likely already familiar with the utility of the page. If elements like IP, gateway, DNS, or PPPoE need to be assigned manually to the device during the initial deployment, the local status page is a critical part of the workflow.
But what happens when you need to access the local status page after a MX appliance is deployed? What if that MX is halfway around the world?
Good news. We have options.
LAN Local Status Page Access
By default, the local status page is accessible on the MX platform via the management interface directly or by browsing to an active internal VLAN interface from a client on the LAN.
By the way, if you haven’t already please update the local credentials for the local status page. Your security team will thank you.
This LAN-side access to the appliance is useful if you’re working on a subnet behind the MX or if you have RDP access to a client local to the appliance.
But what if you need quick access remotely and don’t have a good way to get to the inside IP of the MX? There exists a little-known WAN web managemnt access option. You just have to know what you’re looking for.
WAN Local Status Page Access
If you navigate to Security appliance > Firewall and scroll down to the Security appliance services section, you’ll find a Web (local status & configuration) option listed.
Replacing the Allowed remote IPs from none to a comma-seperated list of public IP address or subnets will enable remote access to the devices’ local status page when browsing to the WAN interface’s public IP address (assuming your browser session’s source IP matches a subnet added).
Before MX13, this method was the only option available to modify WAN interface configuration elements directly throught the device’s public IP address. It’s still especially helpful in a pinch when you need to securely make local status page updates or just double-check uplink handoff health from the view of the device itself.
So there you have it. Secure, direct MX local status page via the WAN interface.