Meraki

Community

Firewall rules inbound/outbound + NAT

Solved
AntoineBAK
Comes here often
‎Dec 19 2024 2:16 AM
‎Dec 19 2024 2:16 AM

Firewall rules inbound/outbound + NAT

Hello

I would like to understand why there are firewall rules inbound and outbound in two separate menus as traditional firewall, there is only one menu with inbound and outbound connections ?

can you explain what do we mean on Meraki by inbound and outbound ?

 

Other topic : What about the priority given to the different NAT configuration

If we have port forwarding and 1:1 NAT both configured for example, which one has a higher priority ?

 

thanks !

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
‎Dec 19 2024 3:12 AM
‎Dec 19 2024 3:12 AM

There is all information that you need:


https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

2 Replies 2
alemabrahao
Kind of a big deal
‎Dec 19 2024 3:12 AM
‎Dec 19 2024 3:12 AM

There is all information that you need:


https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
‎Dec 19 2024 3:20 AM
‎Dec 19 2024 3:20 AM

If you check the documentation you will notice that port forwarding and 1:1 NAT have differences.

While port forwarding uses the IP configured on the MX's WAN, in 1:1 NAT you can define another public IP within the block that your ISP provided, obviously if it is not a /30.

So there is no priority.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.