Hi,
We have have an MX95 with few services behind.
To publish these services we create a NAT 1:1 and allow inbound rules.
Then on the top of that we also have an outbound rule that allow any protocols from any ip to any.
My issue is : The published services works fine as incoming traffic is match by inbound rules, but when we try access outside resources from the server that hold the services, it does not work unless we had an inbound rule that allow incoming from any ip and from any port.
so it seems that firewall does not care of established sessions from the inside or return traffic.
I thought that MX95 as stateful firewall handle these kind of thing by default.
What could be the issue ?
Thanks by advance for any help.
FB.
You need to have a default block rule before the Allow Any Any rule.
Hmm my MX95 interface is quite different from your :
I can only allow, so it suggest that deny is implicit.
You are talking about NAT, for NAT there is no way to see the Hit count.
The screen I sent is related to publish service and regarding what's on top of my Meraki config page there is no other way to add inbound rules :
My forwarding rules :
If you want to enable inbound rules, you must ask Meraki support.
Solved: Meraki MX Inbound Firewall Rules - The Meraki Community
Your problem is?
The lan to wan traffic is not working/blocked for this lan server, when the server initiate the session?
Hi,
My problem is that return traffic is not allowed for server behind my publish services unless I put an inbound rule which allow any to any.