Meraki

SimonReach

Been looking at locking our network down even more than it is and been using the Site to Site VPN firewall rules and they seem to be really nice to work with and you've got the ability to add multiple ports for a single rule e.g. Port 80,443, etc.

With the Group Policy Layer 3 Firewall rules, you seem to either have a choice of Any, or doing a continuous group of ports e.g. 123-127, or adding a single port in.

Is there no way to add multiple ports with commas to the Group Policies, like there is on the Site To Site VPN Firewall?

GIdenJoe

The design issue is that group policies are designed to work with both access points and security appliances. The access points don't have support for comma based port grouping. This means the functionality cannot be given to a group policy.

That's an original design decision that can bite you in the behind 😉

View solution in original post

alemabrahao

Unfortunately not, you can only do it with a range.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

SimonReach

Thank you.

GIdenJoe

The design issue is that group policies are designed to work with both access points and security appliances. The access points don't have support for comma based port grouping. This means the functionality cannot be given to a group policy.

That's an original design decision that can bite you in the behind 😉

SimonReach

Thank you.

Meraki

Community

Group Policy Firewall Rules - Adding multiple ports on the same rule

Group Policy Firewall Rules - Adding multiple ports on the same rule