Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall source/destination order question

Announcer
Getting noticed
‎May 4 2023 9:06 AM
‎May 4 2023 9:06 AM

Firewall source/destination order question

If I have a server on vlan2 192.168.1.7/24, and a pc on vlan3 192.168.2.7/24.  I need to open up the a Symantec antivirus port for the client to get definitions from the server.  Lets say it is TCP port 8900.  What would the firewall rule look like?

 

allow <protocol> <source subnet> <src port> <destination subnet> <dst port>

 

allow ,TCP, 192.168.1.0/24, 8900, 192.168.2.0/24, 8900?

Would the source be the server side or the client side? 

Would the source port be any and destination be 8900 or vice versa?

 

Thanks!

Labels:
0 Kudos
Subscribe
5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎May 4 2023 9:14 AM
‎May 4 2023 9:14 AM

 

The client source port is most time a random port. (But not always , best is to make a capture of the traffic and check yourself)

 

allow ,TCP, 192.168.1.0/24, any, 192.168.2.7, 8900?

Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 4 2023 9:17 AM
‎May 4 2023 9:17 AM

  • Source VLAN 3, port any, destination VLAN 2 port 8900
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Announcer
Getting noticed
‎May 4 2023 10:54 AM
‎May 4 2023 10:54 AM

Thanks @alemabrahao , just wondering why it wouldn't be 

source vlan2, port 8900, destination vlan3, port any?

0 Kudos
Subscribe
In response to Announcer
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 4 2023 11:11 AM
‎May 4 2023 11:11 AM

It depends on the direction of the flow. If the server is fetching the clients then it's vlan 2 -> vlan 3.  If it is the clients that are pushing to the server it's vlan 3 -> vlan 2.  

 

Really depends on WHO initiates the sessions. Like ww said , a packet capture would be a good indicator. That or refering to the network guide of that application

Subscribe
In response to Announcer
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 4 2023 11:53 AM
‎May 4 2023 11:53 AM

@RaphaelL  answered your question. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.