cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Rules - SDWAN

Highlighted
Building a reputation

Firewall Rules - SDWAN

Hi,

 

Scenario: We have one machine on a dedicated VLAN/Subnet that we don't want accessing the internet.


What would be the best Meraki approach for denying internet access f but allowing it to access remote and local subnets. 

 

Client is connected to a switch. 

 

Thanks

Adam

 

4 REPLIES 4
Highlighted
Building a reputation

Re: Firewall Rules - SDWAN

Never mind, answered it myself..
Highlighted
Kind of a big deal

Re: Firewall Rules - SDWAN

You should tell everyone the answer ...

Highlighted
Building a reputation

Re: Firewall Rules - SDWAN

Yeah @PhilipDAth I wanted to delete the post but couldn't work out how. 

 

As said above the scenario is: We have 1 OT machine in our factory on its own subnet, for the example we can call it OT Wired Data. We use direct internet(NBN) and MPLS on our MX65. 

 

We only want this OT PC to access internal local/remote subnets and restrict internet access to teamviewer.com only. 

 

Restrict internet access but allow access to remote subnets? 

 

Go to security & SDWAN -> Configure -> Firewall.

 

Firewall OT.jpg

 

 

Where xxx.xxx.xxx.xxx/xx is your OT Wired Data Subnet. 

 

The outcome is the subnet will chat with internet remote/local subnets but only be allowed to access TeamViewer over the internet.

 

What we haven't solved is controlling what access our remote sites have to the OT machine through the concentrator. 

 

OT = Operational Technology.

 

Thanks! 

 

 

Highlighted
Conversationalist

Re: Firewall Rules - SDWAN

Hi

do you know that using , also works?

10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

 

So you just save two lines of rules.

 

Regards

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.