Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Established sessions on a MX95

Fbell
Just browsing
‎Mar 5 2024 6:10 AM
‎Mar 5 2024 6:10 AM

Established sessions on a MX95

Hi,

 

We have have an MX95 with few services behind.

 

To publish these services we create a NAT 1:1 and allow inbound rules.

Then on the top of that we also have an outbound rule that allow any protocols from any ip to any.

 

My issue is : The published services works fine as incoming traffic is match by inbound rules, but when we try access outside resources from the server that hold the services, it does not work unless we had an inbound rule that allow incoming from any ip and from any port.

 

so it seems that firewall does not care of established sessions from the inside or return traffic.

I thought that MX95 as stateful firewall handle these kind of thing by default.

 

What could be the issue ?

 

Thanks by advance for any help.

 

FB.

Labels:
0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 6:19 AM
‎Mar 5 2024 6:19 AM

You need to have a default block rule before the Allow Any Any rule.

 

alemabrahao_0-1709648337191.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Fbell
Just browsing
‎Mar 5 2024 6:50 AM
‎Mar 5 2024 6:50 AM

Hmm my MX95 interface is quite different from your : 

 

Fbell_0-1709649988210.png

I can only allow, so it suggest that deny is implicit.

0 Kudos
Subscribe
In response to Fbell
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 7:18 AM
‎Mar 5 2024 7:18 AM

You are talking about NAT, for NAT there is no way to see the Hit count.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Fbell
Just browsing
‎Mar 5 2024 7:58 AM
‎Mar 5 2024 7:58 AM

The screen I sent is related to publish service and regarding what's on top of my Meraki config page there is no other way to add inbound rules  : 

Fbell_0-1709654257857.png

 

My forwarding rules : 

Fbell_1-1709654428361.png

 

 

 

0 Kudos
Subscribe
In response to Fbell
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 8:06 AM
‎Mar 5 2024 8:06 AM

If you want to enable inbound rules, you must ask Meraki support.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to Fbell
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 8:14 AM
‎Mar 5 2024 8:14 AM

Solved: Meraki MX Inbound Firewall Rules - The Meraki Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 8:26 AM
‎Mar 5 2024 8:26 AM

Your problem is?

The lan to wan traffic is not working/blocked for this lan server, when the server initiate the session?

0 Kudos
Subscribe
In response to ww
Fbell
Just browsing
‎Mar 5 2024 8:46 AM
‎Mar 5 2024 8:46 AM

Hi,

 

My problem is that return traffic is not allowed for server behind my publish services unless I put an inbound rule which allow any to any.

 

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.