Meraki

Community

Block public IP

Younisalnour
New here
‎Jan 10 2024 4:21 AM
‎Jan 10 2024 4:21 AM

Block public IP

Hi team, 
 
I've a problem that we're facing a suspicious IP in my network we need to block it from entering the network is there any way to block it 
 
thanks in advance
0 Kudos
10 Replies 10
ww
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 4:41 AM
‎Jan 10 2024 4:41 AM

This is based on mac

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Blocking_and_Allowing...

 

To  secure a network better you could consider using authentication like 802.1x

0 Kudos
In response to ww
Younisalnour
New here
‎Jan 10 2024 5:37 AM
‎Jan 10 2024 5:37 AM

thanks for your reply

but as i know this for private IP not public

0 Kudos
In response to Younisalnour
ww
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 5:49 AM
‎Jan 10 2024 5:49 AM

Ip from outside cant initiate sessions to you lan, unless you did some nat/port forwarding config. 

 

You can make a layer3 firewall rule.

Deny  any, publicIP

 

Or

You can block traffic using layer7 firewall.  Deny remote ip range

0 Kudos
In response to ww
Younisalnour
New here
‎Jan 10 2024 5:54 AM
‎Jan 10 2024 5:54 AM

There is no any NAT and port forwarding in the LAN

The question is is there any way to block specific public IP

 

thanks for reply

0 Kudos
In response to Younisalnour
ww
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 5:56 AM
‎Jan 10 2024 5:56 AM

You can make a layer3 firewall rule.

 

Deny any, publicIP

 

 

 

And/Or

 

You can block traffic using layer7 firewall. Deny remote ip range

In response to ww
Younisalnour
New here
‎Jan 10 2024 6:02 AM
‎Jan 10 2024 6:02 AM

i've tried not the meraki rejected the command 

would you please do any example

in Layer 3

 

0 Kudos
In response to Younisalnour
ww
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 6:12 AM
‎Jan 10 2024 6:12 AM

1000040062.jpg

 

1000040064.jpg

  

0 Kudos
Younisalnour
New here
‎Jan 10 2024 6:17 AM
‎Jan 10 2024 6:17 AM

i did that before but unfortunately doesn't work except /32 thanks for your help i will did it now and waiting the results then update you

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 9:26 AM
‎Jan 10 2024 9:26 AM

The inbound firewall will deny any traffic that does not have a session initiated by a client behind the MX. This allows internal client machines to connect with any resources they need, but does not let outside devices initiate connections with inside client machines. The exception to this is if a Port Forward or 1:1 NAT is created. More information on Port Forwarding and 1:1 NAT can be found here.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 10 2024 11:37 AM
‎Jan 10 2024 11:37 AM

You need to create a layer 7 firewall rule for this use case.  It will block all traffic in and out to the IP address you specify.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_a_Layer_7_Fi... 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.