Is it possible to block inbound traffic from remote site connected via MPLS link which is connected on the LAN 1 interface of an MX-64 to prevent NAT. The LAN network of the site is connected on LAN 2 interface . The internet interface is for the local internet breakout. As far I can see, the L3 Firewall is for outbound traffic, but I was wondering if it possible to use this same L3 firewall rule in opposite direction to deny traffic sourcing from remote site's.
I'm not able to test this setup yet, as I'm working a configuration to replace other firewalls.
Thanks in advance.
I trying to blocked traffic from entering the Site-A from Site-B, without having to update all the Debian Firewall rules. If I can blocked inbound traffic on the MX LAN interface, then I don't have to update the Debian. We are now replacing those firewalls with Meraki MX's.
That is a good diagram! I'm not 100% sure this will work, but I think it will.
You can assign a group policy to a VLAN. So start by creating a group policy (Network Wide/Group Policies), lets call it VLAN10 (you can call it anything you want). Then go "Security Appliance/Addressing and VLANS", click on the VLAN you created, and select the group policy you created.
Then go into your new group policy and for "Firewall and traffic shaping" select "custom" to create layer 3 firewall rules. Then create "deny" rules to block traffic to the other site. Make sure you move the deny rules to the top, as the last rule is a permit.