Meraki

NC_Chris · ‎Jul 27 2021

Hi,

I have a customer wanting to change their Sonicwall out for a MX250. The problem I see is that their Sonicwall is based on zones so some of the rules on the Sonicwall do not have those subnets present on the firewall. When moving to the MX250 if the subnet doesn't exist on the MX then I cannot add that rule. In some of these cases there are physically no more addresses in the small subnet that I can use to add anything on the MX.

At the end of the MX firewall rules I add my DENY ANY ANY and this is where my question comes. If I did a port forwarding or a 1:1 NAT will those override and pass through the firewall even if those subnets do not match my firewall list or will they still be caught in the DENY ANY ANY rule?

PhilipDAth · ‎Jul 27 2021

Huh? You can put any IP address or subnet in a firewall rule, whether it exists on the MX or not.

NC_Chris · ‎Jul 27 2021

When trying to add the rules for subnets that do not exist on the MX250 I get the error:

There were errors in saving this configuration:

The IP address range x.x.x.x does not apply to any configured local or VPN subnets.

PhilipDAth · ‎Jul 27 2021

Can you post a screenshot if what you are trying to do?

CaptainBeRad · ‎Mar 18 2022

I think you need to make a route to the subnet you are trying to make a rule for. If the subnet doesn't exist anywhere in the meraki I don't think they let you make it.

Meraki

Community

Firewall Rule Override

Firewall Rule Override