I need to block traffic between branch offices

Dom2003
New here

I need to block traffic between branch offices

I have the following requirement:


I have multiple stores and branch offices connected via SD-WAN, with the hubs located in my Data Center. I need to block traffic between branch offices and only allow traffic from the stores to the Data Center.

Does Meraki have any feature that allows this directly, or would I need to configure it using a traditional firewall by creating inbound rules on the hub?

3 Replies 3
ww
Kind of a big deal
Kind of a big deal
Brash
Kind of a big deal
Kind of a big deal

As said above, there's a separate section for site-to-site vpn rules that can be used to block spoke to spoke communication.

Suar_Mustafa
Here to help

Yes you can do this directly in Meraki without an external firewall.
Go to Security & SD-WAN → Site-to-site VPN in Dashboard. In the VPN settings section, look at the VPN firewall rules (sometimes labeled “VPN firewall” or “Custom rules” under “Site-to-site VPN”).

These rules control traffic that traverses the AutoVPN fabric. You can explicitly deny branch-to-branch subnets while allowing branch-to-DC traffic. For example:

Deny: Source = Branch subnet(s), Destination = other Branch subnet(s)

Allow: Source = Branch subnet(s), Destination = DC subnet(s)

 

Since these rules are enforced in the VPN overlay, the block happens before traffic can pass between branches, and you don’t need to touch the traditional firewall at the hub.

Get notified when there are additional replies to this discussion.