How to block port 445 at the Edge in a full mesh

Solved
ktv-meraki
Here to help

How to block port 445 at the Edge in a full mesh

Hello everyone, 

We have a full mesh topology so I am a little confused on how I would block port 445 or any port from that matter for inbound communication.  I am referencing the links below.  if 445 is still being used on the internal LAN, then how can we secure our environment with outside threats to 445.

 

https://www.tufin.com/blog/tech-how-to-configure-your-firewalls-to-block-the-wannacry-ransomware-att...

 

https://www.speedguide.net/port.php?port=445

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ktv-meraki
Here to help

Thank you sir!

DarrenOC
Kind of a big deal
Kind of a big deal

Meraki firewalls by default block all inbound traffic.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels