Meraki Community

MarcW

I have a client that wants to use SFTP. I have an MX85. They want to send and receive data. I have an IP that I want to allow. What entries are needed to configure this? I am guessing I start under firewall. After that, looking to learn.

alemabrahao

If you don't have any firewall rule you don't need to create any firewall rule. All traffic is allowed by default.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth

You are going to need to configure a the MX to forward port 22 to your SFTP server.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Troubleshooting_Port_Forwarding_and_NAT_...

alemabrahao

I hope not, opening servers to the internet is always a risk.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

IvanJukic

It all depends on the flow of the expected traffic. i.e. If the SFTP client is initiating the connection. Then no issue, it's what Firewalls' were built for. Simply put a firewall rule and port forwards/nat in place to limit the port and hosts. Something like the below.

You could also pop the client in it's own DMZ as well. Just need to be very specific with Source and Destination hosts.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Active_and_Passive_FTP_Overview_and_Conf...

Cheers,

Ivan

Meraki Community

How to configure MX85 for SFTP and allow a particular IP address

How to configure MX85 for SFTP and allow a particular IP address