Objective: Allow VPN traffic to the Security Appliance downstream of a Comcast gateway modem.
Comcast's April 2019 guidance on modem setup for VPN traffic distinguishes between bridge mode and passthrough mode.
Bridge Mode has three settings: Off, Pseudo, and Full. Comcast does not advise enabling bridge mode. Ie. Keep it off.
Passthrough Mode should be configured, and requires changing the firewall settings on the Comcast modem to:
- Under the Gateway section -> Firewall -> IPv4, "Disable Firewall for True Static IP Subnet Only
- Change security settings to "Custom", then check "Disable Entire Firewall".
- Do the same for the Gateway -> Firewall -> IPv6 section
- VERY IMPORTANT: If static IP's have been assigned to the account, they must be added by the Comcast technicians to the gateway. This usually involves a call to Comcast customer service. If the gateway has been reset, these settings are lost and need to reconfigured by Comcast customers service.
- Final Step: login to the local status page of the Meraki appliance, and set up the Static IP addresses given to you by Comcast. If there is a second WAN connection with Static IP's, you can configure it on this same page.