Meraki

Community

Block IP address for inbound \ outbound traffic

Solved
Mad_Dog_82
Here to help
‎Jul 15 2024 7:59 PM
‎Jul 15 2024 7:59 PM

Block IP address for inbound \ outbound traffic

Hi All,

 

I have MX68CW-WW.

Could you please advise how to block IP address for inbound \ outbound traffic.

 

Thanks. 

0 Kudos
1 Accepted Solution
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 15 2024 10:45 PM
‎Jul 15 2024 10:45 PM

Hi @Mad_Dog_82 , the firewall is stateful (edited @CptnCrnch 😉) so all inbound traffic is blocked by default.  For outbound traffic you need to add a Layer 3 firewall rule.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 15 2024 10:45 PM
‎Jul 15 2024 10:45 PM

Hi @Mad_Dog_82 , the firewall is stateful (edited @CptnCrnch 😉) so all inbound traffic is blocked by default.  For outbound traffic you need to add a Layer 3 firewall rule.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 15 2024 10:46 PM
‎Jul 15 2024 10:46 PM

Take a look here for config guidance:

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#:~:text=The%20....

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jul 16 2024 12:29 AM
‎Jul 16 2024 12:29 AM

Sorry @DarrenOC, but it's stateful in that case. 😉

In response to CptnCrnch
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 16 2024 1:10 AM
‎Jul 16 2024 1:10 AM

Thanks for keeping me inline @CptnCrnch 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
jimmyt234
Building a reputation
‎Jul 16 2024 12:34 AM
‎Jul 16 2024 12:34 AM

If you happened to have inbound NAT/PAT rules configured with any source allowed then I would use the Layer 7 firewall to block Remote IP Range, this should block those IP's coming in on your NAT rules.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.