Meraki

Kyojuro · ‎Jan 20 2022

Is there anyway to block a port for the WAN IP address on the MX in the firewall?

Do I just put it in the layer 3? But isn't layer 3 only for LAN rules?

Can I put in layer 7?

Thank you.

ww · ‎Jan 20 2022

What traffic you want to block? Where is it originating from?

The only traffic generated by the mx itself is management tunnel traffic. Or traffic related to options like ips, content filter updates etc

Kyojuro · ‎Jan 20 2022

I need to block port 500 from all external IPs to the WAN IP address of the MX.

ww · ‎Jan 20 2022

The mx wont allow any traffic in originating from external ip's .

If you want to drop it before reaching the mx ip, then another device needs to do that

RaphaelL · ‎Jan 20 2022

Or this : https://community.meraki.com/t5/Security-SD-WAN/Meraki-MX-Inbound-Firewall-Rules/m-p/84204 ? If I'm understanding this issue correctly

PhilipDAth · ‎Jan 20 2022

As long as you don't have client VPN enabled or any non-Meraki VPNs configured, it will be blocked by default.

You don't need to do anything further to achieve this.

BlakeRichardson · ‎Jan 20 2022

By default all incoming traffic to most not just Meraki firewalls is blocked by default. I have yet to see any vendor allow any WAN > LAN traffic by default.

If you want to block port 500 outbound then simply create a rule doing so Security & SD-WAN > Configure > Firewall

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Inderdeep · ‎Jan 20 2022

Every vendor is taking this way to block by default until unless you put the allow rule in place !

www.thenetworkdna.com

Meraki

Community

Block a port on WAN IP address on the MX in the firewall?

Block a port on WAN IP address on the MX in the firewall?