Denying traffic

SOLVED
TL_Arwen
Getting noticed

Denying traffic

Our network has the subnet of 172.16.0.0/12 and I am trying to make it so that none of the computers on the 172.20.0.0/16 part of that cannot route outside. I set a rule in the firewall for the following but it does not work. 

Deny   TCP   172.20.0.0/16   Any   Any   80   Deny HTTP

Any ideas on how I can deny that subnet outbound traffic?

1 ACCEPTED SOLUTION
NolanHerring
Kind of a big deal

You mean to the Internet?

Assuming you are applying these rules on the MX

Try changing from TCP to ANY , or did you only want to block port 80? (might need to also add 8080, and 443 etc.)

Rule might not kick in instantly for active sessions. Existing flows will still work until new ones start.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

2 REPLIES 2
NolanHerring
Kind of a big deal

You mean to the Internet?

Assuming you are applying these rules on the MX

Try changing from TCP to ANY , or did you only want to block port 80? (might need to also add 8080, and 443 etc.)

Rule might not kick in instantly for active sessions. Existing flows will still work until new ones start.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

I was going to make different policies for each protocol (http & https) but this will probably work better. Not sure why I didn't think of that before. haha

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels