Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to block port 445 at the Edge in a full mesh

Solved
ktv-meraki
Here to help
‎Jul 13 2023 1:56 PM
‎Jul 13 2023 1:56 PM

How to block port 445 at the Edge in a full mesh

Hello everyone, 

We have a full mesh topology so I am a little confused on how I would block port 445 or any port from that matter for inbound communication.  I am referencing the links below.  if 445 is still being used on the internal LAN, then how can we secure our environment with outside threats to 445.

 

https://www.tufin.com/blog/tech-how-to-configure-your-firewalls-to-block-the-wannacry-ransomware-att...

 

https://www.speedguide.net/port.php?port=445

0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 2:02 PM
‎Jul 13 2023 2:02 PM

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 2:02 PM
‎Jul 13 2023 2:02 PM

All inbound traffic is blocked by default unless you have inbound NAT configured.

 

Note: In Routed mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).

Outbound connections are allowed by default. Customers may need to add a default deny rule for compliance and increased security.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
ktv-meraki
Here to help
‎Jul 13 2023 2:04 PM
‎Jul 13 2023 2:04 PM

Thank you sir!

0 Kudos
Subscribe
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 2:06 PM
‎Jul 13 2023 2:06 PM

Meraki firewalls by default block all inbound traffic.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.