cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BULK IP ADDRESS BLOCKING

SOLVED
Getting noticed

BULK IP ADDRESS BLOCKING

Guys, is there a way in meraki mx to block a lots of ip addresses in one entry?

Just like these ip addresses:

46.233.0.70
204.17.56.42
89.31.57.5
162.247.73.206
162.247.72.217
46.235.227.70
193.107.85.56
5.79.68.161
37.48.120.196
37.187.7.74
162.247.72.199
109.169.33.163
176.10.107.180

 

I want to block all of this in one entry in the firewall not manual per ip address or segment. Since in the Cisco firepower services, i am able to upload a list of ip addresses in a notepad.

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

I'm using 14.x firmware. Perhaps it is a new feature.
15 REPLIES 15
Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

Just comma separate them and copy and paste them in.

 

Screenshot from 2018-05-29 17-46-54.png

Getting noticed

Re: BULK IP ADDRESS BLOCKING

mx.PNG

Getting noticed

Re: BULK IP ADDRESS BLOCKING

I also try it with ip address only without cidr but it shows error.

Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

I'm using 14.x firmware. Perhaps it is a new feature.
Kind of a big deal ww
Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

what ip did you put in there?  .../24

Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

I copied and pasted the first three in your list and comma separated them.

Getting noticed

Re: BULK IP ADDRESS BLOCKING

yeah its the version of the mx.

Anyway thanks sir.

Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

Also did you just try doing the IP/32?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Getting noticed

Re: BULK IP ADDRESS BLOCKING

yes I tried /32 and /24 but it is the same error.

A model citizen

Re: BULK IP ADDRESS BLOCKING

Just tried on 13.28 firmware (latest stable). Can confirm it works and not a new feature on 14.xx firmware.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Getting noticed

Re: BULK IP ADDRESS BLOCKING

I am on the same version as you mention but it doesn't work.

A model citizen

Re: BULK IP ADDRESS BLOCKING

I just spent the last 30 minutes going thru this. I was able to recreate the error you showed. The error only occurred when trying to summarize the IPs in Group Policy using "Custom network firewall & shaping rules". I am unable to combine multiple IPs into the one rule and the error message you showed is generated. This happens regardless of firmware version.

 

When placed in Security Appliance > Configure > Firewall, the rule works without any issue. This leaves me to believe that it is a problem with group policy looking for only ONE IP when creating custom rules. Have you tried placing the rule in the Layer 3 section of the Security Appliance > Configure > Firewall page? This will apply to ALL groups on your MX unless you create a custom rule under group policy. If everyone is to be blocked from these IPs, my recommendation would be to place it there.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Getting noticed

Re: BULK IP ADDRESS BLOCKING

@Mr_IT_Guythank sir.
It works.

OND
New here

Re: BULK IP ADDRESS BLOCKING

Meraki newbie here.  The answer you give looks to be for OUTBOUND traffic.  This doesn't seem to be able to keep these IPs from hitting my devices behind our MX67.  Obviously the OUTBOUND rule will keep any further traffic TO those problem IPs, but I'm wondering if this is sufficient.  For example, what would keep IPs I've enter in this OUTBOUND rule from DDOSing my servers?

Thanks in advance for any clarity you might be able to shed on this matter!

Highlighted
Kind of a big deal

Re: BULK IP ADDRESS BLOCKING

Traffic can only come into your internal devices if they first made a request out - and that case is handled.

 

The other case is if you NAT/port forward an inbound port.  In this case you wont be able to block the inbound packet.  You can only create an "allow" list that blocks everything except what is listed.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.