Block public IP

Younisalnour
New here

Block public IP

Hi team, 
 
I've a problem that we're facing a suspicious IP in my network we need to block it from entering the network is there any way to block it 
 
thanks in advance
10 Replies 10
ww
Kind of a big deal
Kind of a big deal

This is based on mac

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Blocking_and_Allowing...

 

To  secure a network better you could consider using authentication like 802.1x

Younisalnour
New here

thanks for your reply

but as i know this for private IP not public

ww
Kind of a big deal
Kind of a big deal

Ip from outside cant initiate sessions to you lan, unless you did some nat/port forwarding config. 

 

You can make a layer3 firewall rule.

Deny  any, publicIP

 

Or

You can block traffic using layer7 firewall.  Deny remote ip range

Younisalnour
New here

There is no any NAT and port forwarding in the LAN

The question is is there any way to block specific public IP

 

thanks for reply

ww
Kind of a big deal
Kind of a big deal

You can make a layer3 firewall rule.

 

Deny any, publicIP

 

 

 

And/Or

 

You can block traffic using layer7 firewall. Deny remote ip range

Younisalnour
New here

i've tried not the meraki rejected the command 

would you please do any example

in Layer 3

 

ww
Kind of a big deal
Kind of a big deal

1000040062.jpg

 

1000040064.jpg

  

Younisalnour
New here

i did that before but unfortunately doesn't work except /32 thanks for your help i will did it now and waiting the results then update you

alemabrahao
Kind of a big deal
Kind of a big deal

The inbound firewall will deny any traffic that does not have a session initiated by a client behind the MX. This allows internal client machines to connect with any resources they need, but does not let outside devices initiate connections with inside client machines. The exception to this is if a Port Forward or 1:1 NAT is created. More information on Port Forwarding and 1:1 NAT can be found here.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

You need to create a layer 7 firewall rule for this use case.  It will block all traffic in and out to the IP address you specify.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_a_Layer_7_Fi... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels