System Manager Firewall Rules; Confusion / 3rd Line Assistance Required

Head in the Cloud

System Manager Firewall Rules; Confusion / 3rd Line Assistance Required

Hi All,


I am trying to piece together a basic and Cisco Rule list I can share with customers. We have had feedback and feel that the Firewall rules are not very clear. The main problem is that they are bundled together.


I hope this post will assist those who may feel the same.


Stage 1 - Barebones


AIM: This is to get the iOS device activated, DEP Profile downloaded, time automatically set.


From Apple, this should be:

TCP 80, TCP 443, TCP 2197, TCP 5223, UDP 123 for (Class A block that Apple own).


However, Meraki included an additional 2195-2196 which I cannot see mentioned by Apple. Is this required?


Additionally, why does on TCP 443 need to be an end-point?



Now on to the Cisco rules;


*** Before this section you would set your VLAN->WAN


set srcaddr "XXXXXXX"  - Customer Subnet
set dstaddr "all" - Include Everything for a moment (Lazy, but far easier)
set action accept
set schedule "always"
set service "Meraki-Services"


edit "Meraki-Services"

set member "HTTP" "HTTPS" "TCP-2197" "TCP-5223" UDP-123"

This is what I have got. Can someone at Cisco Meraki confirm this would work?


*** Obviously at the end you need to copy your temp in to your main file



Stage 2 - Barebones + iOS SM App


*Place holder; This would be the bare minimum to get the iOS Device setup and the SM App communicating.


Thank you,

Peter James

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.