We have a VPN tunnel with a non-Meraki peer, with subnet 192.168.aaa.0/24.
I have to block a source ip address range to access one destination on my subnet (192.168.bbb.ccc/32).
Please note that I defined a VLAN with the subnet 192.168.bbb.0/24.
If I try insert the following rule on the firewall:
Deny | Any | 192.168.aaa.0/24 | 192.168.bbb.ccc/32 | Any | Some comment
I receive the following error:
So, how to filter them via Firewall policy, not Group policy?
Many thanks in advance!
For vpn traffic you need to use vpn firewall, but that does not work for incoming traffic from 3rd party vpn.
Only option is to use a group policy with stateless rules assigned to a vlan
But on Group Policies you have the possibility to indicate the destination only, not the origin.
I think to have difficulties to understand "group policy with stateless rules assigned to a vlan", sorry!
You apply a group policy to a specific host - so that is the origin. The origin is the machine you apply the group policy to.
With the group policy attached to vlan traffic will come in, but all returning traffic will be dropped.
Yes, thanks. But I have to avoid that incoming traffic will come in!