Setting up a Comcast Modem to allow VPN Traffic to Flow Through to a Meraki MX Appliance

Objective: Allow VPN traffic to the Security Appliance downstream of a Comcast gateway modem.

Comcast's April 2019 guidance on modem setup for VPN traffic distinguishes between bridge mode and passthrough mode.

Bridge Mode has three settings: Off, Pseudo, and Full.  Comcast does not advise enabling bridge mode.  Ie. Keep it off.

Passthrough Mode should be configured, and requires changing the firewall settings on the Comcast modem to:

1. Under the Gateway section -> Firewall -> IPv4, "Disable Firewall for True Static IP Subnet Only
2. Change security settings to "Custom", then check "Disable Entire Firewall".
3. Do the same for the Gateway -> Firewall -> IPv6 section
4. VERY IMPORTANT: If static IP's have been assigned to the account, they must be added by the Comcast technicians to the gateway.  This usually involves a call to Comcast customer service.  If the gateway has been reset, these settings are lost and need to reconfigured by Comcast customers service.
5. Final Step: login to the local status page of the Meraki appliance, and set up the Static IP addresses given to you by Comcast.  If there is a second WAN connection with Static IP's, you can configure it on this same page.