cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Gateway in other VLAN pingable

Highlighted
Conversationalist

Gateway in other VLAN pingable

I have firewalled off a VLAN behind an MX65 and have create a FW rule to block ALL traffic from that VLAN to the other 3.

I cannot ping a host in the other networks. However, I can ping all the default gateways from those networks. Is that normal behaviour ?

 

 

1 REPLY 1
Highlighted
Kind of a big deal

Re: Gateway in other VLAN pingable

Yes that is normal, however I wish by default it would also block pings. I believe you have to create a specific ACL to also block ICMP, based on these other threads.

https://community.meraki.com/t5/Security-SD-WAN/How-to-segregate-VLANS/m-p/32991

https://community.meraki.com/t5/Security-SD-WAN/Prevent-inter-VLAN-routing-on-MX/m-p/1437

https://community.meraki.com/t5/Security-SD-WAN/MX-Firewall/td-p/20426
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.