Firewall behavior when rule is deleted

RaphaelL
Kind of a big deal
Kind of a big deal

Firewall behavior when rule is deleted

Hi ,

 

We currently have MX running 14.53. 

 

Let's say we have a firewall rule that allows  1.1.1.1 to 2.2.2.2 on tcp/443 and we have an active session between the two hosts and we remove the rule that allows that trafic.The session will still be active.

 

I was surprised to see the session no to be purged by the MX. The MX will not be blocking the trafic as long as the session is active OR the MX reboots... 

 

In our case it took more than 24 hours for the MX to stop logging hits to the ''ghost'' rule.

That doesn't seem to secure to me. Any other firewalls that are doing that behavior ? I would expect the sessions concerned to be purged the second that the trafic is no longer permitted.

 

Meraki TAC have confirmed that this is the expected behavior.

Thanks.

1 Reply 1
ww
Kind of a big deal
Kind of a big deal

you could change to stateless fw rules by using group policy.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels