Firewall Rules - SDWAN

Adoos
Building a reputation

Firewall Rules - SDWAN

Hi,

 

Scenario: We have one machine on a dedicated VLAN/Subnet that we don't want accessing the internet.


What would be the best Meraki approach for denying internet access f but allowing it to access remote and local subnets. 

 

Client is connected to a switch. 

 

Thanks

Adam

 

4 REPLIES 4
Adoos
Building a reputation

Never mind, answered it myself..
PhilipDAth
Kind of a big deal
Kind of a big deal

You should tell everyone the answer ...

Adoos
Building a reputation

Yeah @PhilipDAth I wanted to delete the post but couldn't work out how. 

 

As said above the scenario is: We have 1 OT machine in our factory on its own subnet, for the example we can call it OT Wired Data. We use direct internet(NBN) and MPLS on our MX65. 

 

We only want this OT PC to access internal local/remote subnets and restrict internet access to teamviewer.com only. 

 

Restrict internet access but allow access to remote subnets? 

 

Go to security & SDWAN -> Configure -> Firewall.

 

Firewall OT.jpg

 

 

Where xxx.xxx.xxx.xxx/xx is your OT Wired Data Subnet. 

 

The outcome is the subnet will chat with internet remote/local subnets but only be allowed to access TeamViewer over the internet.

 

What we haven't solved is controlling what access our remote sites have to the OT machine through the concentrator. 

 

OT = Operational Technology.

 

Thanks! 

 

 

Hi

do you know that using , also works?

10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

 

So you just save two lines of rules.

 

Regards

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels