Meraki

Community

Gateway in other VLAN pingable

braham2019
Here to help
‎Nov 22 2019 5:37 AM
‎Nov 22 2019 5:37 AM

Gateway in other VLAN pingable

I have firewalled off a VLAN behind an MX65 and have create a FW rule to block ALL traffic from that VLAN to the other 3.

I cannot ping a host in the other networks. However, I can ping all the default gateways from those networks. Is that normal behaviour ?

 

 

0 Kudos
1 Reply 1
NolanHerring
Kind of a big deal
‎Nov 22 2019 6:45 AM
‎Nov 22 2019 6:45 AM

Yes that is normal, however I wish by default it would also block pings. I believe you have to create a specific ACL to also block ICMP, based on these other threads.

https://community.meraki.com/t5/Security-SD-WAN/How-to-segregate-VLANS/m-p/32991

https://community.meraki.com/t5/Security-SD-WAN/Prevent-inter-VLAN-routing-on-MX/m-p/1437

https://community.meraki.com/t5/Security-SD-WAN/MX-Firewall/td-p/20426
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.