Best way to block a port into WAN for the whole organization

Comes here often

Best way to block a port into WAN for the whole organization

Hi all,


im new to Meraki MX appliances and with the recent security vulnerability in Outlook CVE-2023-23397 I'm wondering what would be the best way to block SMB Port 445 into WAN for all networks / a whole organization.

It would seem quite tedious to do this on all individual appliances allow Class A / B /C networks and then deny all others.

Any advice on this? Im used to other firewalls having simply havin a WAN zone definition or being able to select the WAN interface as destination.


Regards, Holger

Kind of a big deal

Maybe something as simple as :

Deny RFC1918 SMB

Allow All SMB


Or vice versa depending on what you want to block

Comes here often

Yeah this vice versa would work, but still I have have to create two firewall-rules in 10 different networks in my case.

Yet I want to keep it simple. I'm used to Sophos and Fortigate Firewalls, with Sophos I could do this with one rule covering all networks, since I can do it based on zones.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.