Meraki

dlevasseur · ‎Jul 16 2024

Annoying situation. We have a vendor who's cloud endpoint reaches into our on premises server (their software) via a public IP:Port with all connections blocked except their IPs. They recently changed cloud configuration and now want us to use a DNS record for this allow. As far as I can tell I can only use IPs in the "Allowed Remote IPs" section of the NAT port forwarding rules.

I figured I'd just look up the records for that host name, and allow those. Even just a day later their servers have changed a few IP addresses.

Is there any way to allow only that specific DNS domain to that port? If I do put the FQDN into that box, the settings will save without error, but the list is not used.

RaphaelL · ‎Jul 16 2024

Hi ,

According to https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX it doesn't seem to be supported.

You could leverage the API to run a script hourly to do a DNS resolution and update the firewall / NAT rules. Not ideal but I don't think you have other options.

View solution in original post

RaphaelL · ‎Jul 16 2024

Hi ,

According to https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX it doesn't seem to be supported.

You could leverage the API to run a script hourly to do a DNS resolution and update the firewall / NAT rules. Not ideal but I don't think you have other options.

dlevasseur · ‎Jul 16 2024

Thanks. That's pretty much what I was thinking. I know a lot of their customers are in our same sector and many of them use Meraki gear, so it seems so odd to me that they would force this change through.

PhilipDAth · ‎Jul 17 2024

Site to site VPN?

Meraki

Community

Firewall Nat "Allowed Remote IPs" domain name?

Firewall Nat "Allowed Remote IPs" domain name?