Meraki

Community

Limiting Internal traffic between two subnets

Solved
bpinet
Conversationalist
‎Nov 17 2022 7:12 AM
‎Nov 17 2022 7:12 AM

Limiting Internal traffic between two subnets

New to the Meraki and I have been reading documentation but do not feel I have found the right solution, hoping for some clearer direction here.

 

After a security breach, we bought new Meraki MX-95 and MS125-48 to build out an entirely new network on a 172 network.  Our old network was a 192.  We will need to do a one-way trust to transition users over.  The original plan was to dedicate one port on the MX-95 for the old 192 network then limit traffic to just let in the needed ports and protocols for the one way trust to come in to the new 172, but exclude all other traffic as we feel there is probably still issues on the old network.  We currently use Sonicwall and are finding the new Meraki rules a whole new way of thinking. 

 

I guess the question we have is are we on the right track using the firewall rules to exclude incoming traffic on one port.  If we are, any suggestions are appreciated.  We are still educating ourselves on the MX-95.  Thank You. 

0 Kudos
1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal
‎Nov 17 2022 7:19 AM
‎Nov 17 2022 7:19 AM

I think you are basically on the right track:

  1. Configure multiple VLANs on the MX, at least one for the legacy 192 network, one for the new 172 network. Or directly implement multiple different new VLANs for Servers, Users, Printers, IoT, Voice, and so on.
  2. Either assign the VLANs to two of the ports where you use your old and your new infrastructure, or use a Trunk for the connection to the switch and implement VLANs on the switch.

If you are quite new to networking, I would hire a consultant to design you a new secure environment based on your needs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal
‎Nov 17 2022 7:19 AM
‎Nov 17 2022 7:19 AM

I think you are basically on the right track:

  1. Configure multiple VLANs on the MX, at least one for the legacy 192 network, one for the new 172 network. Or directly implement multiple different new VLANs for Servers, Users, Printers, IoT, Voice, and so on.
  2. Either assign the VLANs to two of the ports where you use your old and your new infrastructure, or use a Trunk for the connection to the switch and implement VLANs on the switch.

If you are quite new to networking, I would hire a consultant to design you a new secure environment based on your needs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
bpinet
Conversationalist
‎Nov 17 2022 9:37 AM
‎Nov 17 2022 9:37 AM

Great, I do have a VLAN for both networks and the old 192 is isolated to one port.  Glad to know I got that part right.  I think the rest I need to do with Network Objects and Rulesets.  I think I found better documentation to clarify the rules/policy part.  We are used to using inbound rules which is where I think we were confused as Meraki has a different way of looking at firewall rules.  Thank You for verifying I am not wasting my time trying to do something I cant do with the firewall.  We were trying to apply rules to the port versus the subnet.  I think I am good.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.