Meraki

Community

Denying traffic

Solved
TL_Arwen
Getting noticed
‎Mar 28 2019 12:04 PM
‎Mar 28 2019 12:04 PM

Denying traffic

Our network has the subnet of 172.16.0.0/12 and I am trying to make it so that none of the computers on the 172.20.0.0/16 part of that cannot route outside. I set a rule in the firewall for the following but it does not work. 

Deny   TCP   172.20.0.0/16   Any   Any   80   Deny HTTP

Any ideas on how I can deny that subnet outbound traffic?

0 Kudos
1 Accepted Solution
NolanHerring
Kind of a big deal
‎Mar 28 2019 12:12 PM
‎Mar 28 2019 12:12 PM

You mean to the Internet?

Assuming you are applying these rules on the MX

Try changing from TCP to ANY , or did you only want to block port 80? (might need to also add 8080, and 443 etc.)

Rule might not kick in instantly for active sessions. Existing flows will still work until new ones start.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

2 Replies 2
NolanHerring
Kind of a big deal
‎Mar 28 2019 12:12 PM
‎Mar 28 2019 12:12 PM

You mean to the Internet?

Assuming you are applying these rules on the MX

Try changing from TCP to ANY , or did you only want to block port 80? (might need to also add 8080, and 443 etc.)

Rule might not kick in instantly for active sessions. Existing flows will still work until new ones start.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
TL_Arwen
Getting noticed
‎Mar 28 2019 12:17 PM
‎Mar 28 2019 12:17 PM

I was going to make different policies for each protocol (http & https) but this will probably work better. Not sure why I didn't think of that before. haha

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.