Meraki

Community

Best way to block a port into WAN for the whole organization

hrafnagaldr
Comes here often
‎Mar 22 2023 2:16 AM
‎Mar 22 2023 2:16 AM

Best way to block a port into WAN for the whole organization

Hi all,

 

im new to Meraki MX appliances and with the recent security vulnerability in Outlook CVE-2023-23397 I'm wondering what would be the best way to block SMB Port 445 into WAN for all networks / a whole organization.

It would seem quite tedious to do this on all individual appliances allow Class A / B /C networks and then deny all others.

Any advice on this? Im used to other firewalls having simply havin a WAN zone definition or being able to select the WAN interface as destination.

Thanks!

Regards, Holger

Labels:
0 Kudos
2 Replies 2
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 22 2023 11:59 AM
‎Mar 22 2023 11:59 AM

Maybe something as simple as :

Deny RFC1918 SMB

Allow All SMB

 

Or vice versa depending on what you want to block

0 Kudos
hrafnagaldr
Comes here often
‎Mar 22 2023 11:38 PM
‎Mar 22 2023 11:38 PM

Yeah this vice versa would work, but still I have have to create two firewall-rules in 10 different networks in my case.

Yet I want to keep it simple. I'm used to Sophos and Fortigate Firewalls, with Sophos I could do this with one rule covering all networks, since I can do it based on zones.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.