Blocking inbound WAN IP addresses with Layer 7 rule

Convergint
Conversationalist

Blocking inbound WAN IP addresses with Layer 7 rule

So we have some certain ports being forwarded to an internal server and we have to use the "Any" tag to allow all clients to connect due to the clients being on dynamic WAN IP addresses.  However, occasionally I see foreign source country IP attempts at connecting on this port and I want to block these ranges but not the entire country.

 

The only place I see where I might be able to do this is the Layer 7 rules with Deny Remote IP Range.  I can't find any documentation on exactly what this option does if it is outbound only or both inbound and outbound.  Is that what this option is used for?

 

If not, is there any other way to "blacklist" incoming wan ip addresses in the "Allowed remote IPs" on the port forwarding section?  IE, could I use something like "any, not 123.456.789"?

1 Reply 1
mmmmmmark
Building a reputation

Yes, that's what the layer 7 deny rule for remote ip range is for. I don't think you can do anything in the forwarding section for this though.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels