Best practice for firewall rules

SOLVED
TLO3346
Getting noticed

Best practice for firewall rules

If you don't want a vlan to communicate with another VLAN on a site, is it best practice to put the firewall rule in the site firewall or within a group policy and apply that policy on the vlan?

1 ACCEPTED SOLUTION
KarstenI
Kind of a big deal

I would use the rules on the Firewall-page of the MX. These rule work statefully any return-traffic is automatically allowed. Just remember to also configure your VPN-rules if a VLAN should also be not allowed to communicate through the VPN.

View solution in original post

2 REPLIES 2
KarstenI
Kind of a big deal

I would use the rules on the Firewall-page of the MX. These rule work statefully any return-traffic is automatically allowed. Just remember to also configure your VPN-rules if a VLAN should also be not allowed to communicate through the VPN.

View solution in original post

Also get a second person to try and "break" or "Bypass" what you have done so that you get confirmation that what you want to achieve is actually happening.  A second pair of eyes is always very useful with this kind of thing. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels