Meraki

Community

How to configure MX85 for SFTP and allow a particular IP address

MarcW
Here to help
‎Apr 9 2024 9:12 AM
‎Apr 9 2024 9:12 AM

How to configure MX85 for SFTP and allow a particular IP address

I have a client that wants to use SFTP.  I have an MX85.  They want to send and receive data.  I have an IP that I want to allow.  What entries are needed to configure this?  I am guessing I start under firewall.  After that, looking to learn. 

Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
‎Apr 9 2024 9:24 AM
‎Apr 9 2024 9:24 AM

If you don't have any firewall rule you don't need to create any firewall rule. All traffic is allowed by default.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 10 2024 12:32 PM
‎Apr 10 2024 12:32 PM

You are going to need to configure a the MX to forward port 22 to your SFTP server.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Troubleshooting_Port_Forwarding_and_NAT_...

 

0 Kudos
In response to PhilipDAth
alemabrahao
Kind of a big deal
‎Apr 10 2024 12:41 PM
‎Apr 10 2024 12:41 PM

I hope not, opening servers to the internet is always a risk.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
IvanJukic
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Apr 10 2024 11:47 PM
‎Apr 10 2024 11:47 PM

It all depends on the flow of the expected traffic. i.e. If the SFTP client is initiating the connection. Then no issue, it's what Firewalls' were built for. Simply put a firewall rule and port forwards/nat in place to limit the port and hosts. Something like the below.

You could also pop the client in it's own DMZ as well. Just need to be very specific with Source and Destination hosts.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Active_and_Passive_FTP_Overview_and_Conf...

Cheers,

Ivan


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.