Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to get firewall to stop blocking specifc ports

JLHSolutions
Here to help
‎Apr 17 2024 7:03 PM
‎Apr 17 2024 7:03 PM

Unable to get firewall to stop blocking specifc ports

I have the Meraki MX67 Security appliance and I configured a port forwarding rule to allow a specific port to go to a specific client IP address. But I am unable to access this client remotely. When I am using the internal LAN IP and port number, it works. But when I try my WAN IP and Port number, it just spins and finally times out. I don't know what the issue is. This is my first go with Meraki products and I thought it would be easier and more secure than off the store items, but apparently its not. I tried setting up a Layer 3 rule, but that didn't work either. Then I tried a 1:1 NAT rule, but that didn't solve it either. I have been reading thru all the different pages that come up when I google this. 

Hopefully someone here can tell me what I need to do to get this port open so I can access my device remotely.

Thanks!

Labels:
0 Kudos
Subscribe
5 Replies 5
Brash
Kind of a big deal
Kind of a big deal
‎Apr 17 2024 7:22 PM
‎Apr 17 2024 7:22 PM

What is your WAN IP address? Does it look like 100.x.x.x?
If so, you might be behind CG-NAT

 

Subscribe
In response to Brash
JLHSolutions
Here to help
‎Apr 17 2024 7:38 PM
‎Apr 17 2024 7:38 PM

Yes my WAN IP looks like that. What is CG-NAT?

0 Kudos
Subscribe
In response to JLHSolutions
Brash
Kind of a big deal
Kind of a big deal
‎Apr 17 2024 7:58 PM
‎Apr 17 2024 7:58 PM

CG-NAT (Carrier Grade NAT) is when instead of giving you a true Public IP address, the ISP has given you an 'private IP'.
It allows the ISP to NAT multiple customer's onto a single Public IP address.

One of the limitations of this is that end customer's cannot perform port-forwarding, as they do not have a dedicated Public IP address for their service.

You will need to contact the ISP to request a static public IP be assigned directly to you. (This may require additional costs and will require an outage of some length during the transition).


A longer but better explanation of CG-NAT can be found at the following link
What is Carrier Grade NAT (draytek.co.uk)

Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Apr 17 2024 7:25 PM
‎Apr 17 2024 7:25 PM

If the device you are connection to is a Windows device have you set a remote device scope in your Windows firewall?

 

Screenshot 2024-04-18 at 2.24.58 PM.png

 

 

btr.net.nz
Subscribe
In response to BlakeRichardson
JLHSolutions
Here to help
‎Apr 17 2024 7:40 PM
‎Apr 17 2024 7:40 PM

It is a Zimaboard that runs CasaOS. I am trying to set up a little automation server that I can access remotely. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.