[CONTEST CLOSED] Community Challenge: Firewall Rules

MeredithW
Meraki Alumni (Retired)

Screen Shot 2019-06-07 at 12.18.56 PM.png

 

UPDATE: this challenge has ended. Huge thanks to everyone who submitted entries — we were delighted to see so many of you participate! Correct answers below:

 

Solutions.png

 

Of those who submitted the correct answers above, we randomly selected two winners. Congrats to @tkamimura4 and @Raz

 

 

This month’s community challenge is brought to you by Technical Evangelist, @SandroZ! This corporate network was the victim of an April Fool’s prank and needs your help to restore effective security. Submit the correct firewall rules before the deadline Friday and be entered to win Meraki swag!

 

Firewall Challenge

What a nice April Fool’s prank! Somebody rewrote the firewall rules on the MX at the edge of this corporate network.

 

Reviewing all security requirements will take some time, and the network engineers don’t want to remove or change any of the rules already in place, but there are some pressing issues that need to be resolved immediately and accurately.

 

Information is scarce, but you do have a high-level network diagram:

diagram.png

 

And the firewall rules currently configured on the MX:

Firewall.png

 

NOTE: all MS switches are configured as L2 only. All routing decisions and firewall rules are handled by the same MX at the edge of the corporate network.

 

Your mission: Fix the 3 issues reported using one Allow firewall rule per issue to be prepended to the list of firewall rules already in place.

 

You must use the following Network Groups / Network Objects already listed in the customer’s dashboard:

 

  • Meraki cloud communication, containing all the cloud IP addresses required for the management communication between the Meraki devices and the Meraki cloud.
  • Camera streaming proxy, containing all the cloud IP addresses required to access the camera streaming outside of the corporate network over the internet.
  • Building A Clients - Building B Clients, containing the subnets used for Clients in the respective buildings
  • Building A Meraki Devices - Building B Meraki Devices, containing the subnets used for Meraki devices (MV, MR, MS) in the respective buildings

 

You already double checked the configuration of Network Groups / Network Objects and they are correct!

You have everything you need from the network diagram and image of the firewall configuration.

 

Reported issues

Issue 1: 

The IT team is complaining about a warning message appearing on all MS switches, all MV cameras and all MR Access Points:

 

“Connection to the Cisco Meraki Cloud is using the backup Cloud connection.”

 

Issue 2: 

Network engineers identified a huge spike of data downloaded from the internet, and the destination for that traffic is a wired client inside building A: the workstation of the security guard for the building. In addition, the cameras in building A are generating more upload traffic than usual.

 

Issue 3: 

The remote security guard reported to be unable to see footage from cameras located in Building B. Cameras in Building A works perfectly.

 

How to enter

Fill the table for the 3 firewall rules (1 rule for each issue).

Rules need to be as specific as possible to just solve the reported issues.

 

#

Policy

Rule description

Protocol

Source

Src port

Destination

Dst port

1

Allow

Issue 1

?

?

Any

?

?

2

Allow

Issue 2

?

?

Any

?

?

3

Allow

Issue 3

?

?

Any

?

?

 

Check for options inside the squared brackets:

Protocol: [TCP,UDP]

Source: [1 or more Network Group / Network Object  provided]

Destination: [1 or more Network Group / Network Object  provided]

Dst Port: [1 destination port number]


Everyone who submits the correct 3 firewall rules as a comment on this post before April 30th at 11am PDT will be entered to win one of two Meraki thermal bottles:

 

Thermal Water BottleThermal Water Bottle

How to win

There will be two winners for this challenge. In order to win, you must have provided the 3 correct firewall rules. In the likely event that multiple submissions contain all 3 correct answers, we will randomly select 2 winners from that group of respondents. Note that all comments will remain hidden throughout the challenge. Winners will be announced shortly after submissions are closed!

 

The Fine Print

  • Limit one entry per community member.
  • Submission period: Monday, April 26th, 2021 at 10am PDT through Friday, April 30th, 2021 at 10:59am PDT
  • Prize will be a selection of Meraki swag with value not exceeding USD 50.00
  • Official terms, conditions, and eligibility information
2 Comments