Firewall source/destination order question

Getting noticed

Firewall source/destination order question

If I have a server on vlan2, and a pc on vlan3  I need to open up the a Symantec antivirus port for the client to get definitions from the server.  Lets say it is TCP port 8900.  What would the firewall rule look like?


allow <protocol> <source subnet> <src port> <destination subnet> <dst port>


allow ,TCP,, 8900,, 8900?

Would the source be the server side or the client side? 

Would the source port be any and destination be 8900 or vice versa?



Kind of a big deal
Kind of a big deal


The client source port is most time a random port. (But not always , best is to make a capture of the traffic and check yourself)


allow ,TCP,, any,, 8900?

Kind of a big deal
Kind of a big deal

  • Source VLAN 3, port any, destination VLAN 2 port 8900

Thanks @alemabrahao , just wondering why it wouldn't be 

source vlan2, port 8900, destination vlan3, port any?

Kind of a big deal
Kind of a big deal

It depends on the direction of the flow. If the server is fetching the clients then it's vlan 2 -> vlan 3.  If it is the clients that are pushing to the server it's vlan 3 -> vlan 2.  


Really depends on WHO initiates the sessions. Like ww said , a packet capture would be a good indicator. That or refering to the network guide of that application

@RaphaelL  answered your question. 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.