Best practice for firewall rules

SOLVED
TLO3346
Here to help

Best practice for firewall rules

If you don't want a vlan to communicate with another VLAN on a site, is it best practice to put the firewall rule in the site firewall or within a group policy and apply that policy on the vlan?

1 ACCEPTED SOLUTION

Accepted Solutions
KarstenI
Head in the Cloud

Re: Best practice for firewall rules

I would use the rules on the Firewall-page of the MX. These rule work statefully any return-traffic is automatically allowed. Just remember to also configure your VPN-rules if a VLAN should also be not allowed to communicate through the VPN.

View solution in original post

2 REPLIES 2
KarstenI
Head in the Cloud

Re: Best practice for firewall rules

I would use the rules on the Firewall-page of the MX. These rule work statefully any return-traffic is automatically allowed. Just remember to also configure your VPN-rules if a VLAN should also be not allowed to communicate through the VPN.

View solution in original post

BlakeRichardson
Kind of a big deal

Re: Best practice for firewall rules

Also get a second person to try and "break" or "Bypass" what you have done so that you get confirmation that what you want to achieve is actually happening.  A second pair of eyes is always very useful with this kind of thing. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.