Feature Request: Geo Blocks on Port forwards

Lukef
Here to help

Feature Request: Geo Blocks on Port forwards

It would be great if Meraki could support Geo blocking based on Port Forwards rather than a blanket block  using to / from countries layer 7 rule.

 

 

 

4 Replies 4
lpopejoy
A model citizen

You could create a Group Policy with a Layer7 Firewall rule.  Then assign that Group Policy to the device that you are port forwarding to.  Would that work?

Lukef
Here to help

Is no one else interested in this feature? Just about every other firewall out there does this.

Firepower

Fortinet

Watchguard.

 

This can sort of be done with group policies but it is not granular at all and will block any outbound traffic to those countries. It also shows all the hits in the logs as layer 7 rules do not apply to inbound nat / port forward rules.

 

 

I'm surprised that this is not largely requests as it is such a basic feature that all decent firewalls should have.

 

Thanks

CptnCrnch
Kind of a big deal
Kind of a big deal

Geo blocking itself is one of the most useless features any firewall nowadays can have...

Lukef
Here to help

It stops a whole heap of useless traffic hitting open ports preventing those services from logging traffic we do not care about, so yeah not entirely useless.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels