Meraki

Community

How to block port 445 at the Edge in a full mesh

Solved
ktv-meraki
Getting noticed
‎Jul 13 2023 1:56 PM
‎Jul 13 2023 1:56 PM

How to block port 445 at the Edge in a full mesh

Hello everyone, 

We have a full mesh topology so I am a little confused on how I would block port 445 or any port from that matter for inbound communication.  I am referencing the links below.  if 445 is still being used on the internal LAN, then how can we secure our environment with outside threats to 445.

 

https://www.tufin.com/blog/tech-how-to-configure-your-firewalls-to-block-the-wannacry-ransomware-att...

 

https://www.speedguide.net/port.php?port=445

0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
‎Jul 13 2023 2:02 PM
‎Jul 13 2023 2:02 PM

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
‎Jul 13 2023 2:02 PM
‎Jul 13 2023 2:02 PM

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
ktv-meraki
Getting noticed
‎Jul 13 2023 2:04 PM
‎Jul 13 2023 2:04 PM

Thank you sir!

0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 2:06 PM
‎Jul 13 2023 2:06 PM

Meraki firewalls by default block all inbound traffic.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.