Hi All,
I am trying to piece together a basic and Cisco Rule list I can share with customers. We have had feedback and feel that the Firewall rules are not very clear. The main problem is that they are bundled together.
I hope this post will assist those who may feel the same.
Stage 1 - Barebones
AIM: This is to get the iOS device activated, DEP Profile downloaded, time automatically set.
https://documentation.meraki.com/SM/Other_Topics/Systems_Manager_Firewall_Rules
https://support.apple.com/en-us/HT210060#apns
From Apple, this should be:
TCP 80, TCP 443, TCP 2197, TCP 5223, UDP 123 for 17.0.0.0/8 (Class A block that Apple own).
However, Meraki included an additional 2195-2196 which I cannot see mentioned by Apple. Is this required?
Additionally, why does ios.meraki.com on TCP 443 need to be an end-point?
Now on to the Cisco rules;
*** Before this section you would set your VLAN->WAN
set srcaddr "XXXXXXX" - Customer Subnet
set dstaddr "all" - Include Everything for a moment (Lazy, but far easier)
set action accept
set schedule "always"
set service "Meraki-Services"
next
end
edit "Meraki-Services"
set member "HTTP" "HTTPS" "TCP-2197" "TCP-5223" UDP-123"
This is what I have got. Can someone at Cisco Meraki confirm this would work?
*** Obviously at the end you need to copy your temp in to your main file
Stage 2 - Barebones + iOS SM App
*Place holder; This would be the bare minimum to get the iOS Device setup and the SM App communicating.
Thank you,
Peter James