Is there anyway to block a port for the WAN IP address on the MX in the firewall?
Do I just put it in the layer 3? But isn't layer 3 only for LAN rules?
Can I put in layer 7?
Thank you.
What traffic you want to block? Where is it originating from?
The only traffic generated by the mx itself is management tunnel traffic. Or traffic related to options like ips, content filter updates etc
I need to block port 500 from all external IPs to the WAN IP address of the MX.
The mx wont allow any traffic in originating from external ip's .
If you want to drop it before reaching the mx ip, then another device needs to do that
Or this : https://community.meraki.com/t5/Security-SD-WAN/Meraki-MX-Inbound-Firewall-Rules/m-p/84204 ? If I'm understanding this issue correctly
As long as you don't have client VPN enabled or any non-Meraki VPNs configured, it will be blocked by default.
You don't need to do anything further to achieve this.
By default all incoming traffic to most not just Meraki firewalls is blocked by default. I have yet to see any vendor allow any WAN > LAN traffic by default.
If you want to block port 500 outbound then simply create a rule doing so Security & SD-WAN > Configure > Firewall
Every vendor is taking this way to block by default until unless you put the allow rule in place !