Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inbound Site-To-Site VPN Firewall Rules Are Getting Removed

Solved
RH6379
Getting noticed
‎Oct 12 2018 8:18 AM
‎Oct 12 2018 8:18 AM

Inbound Site-To-Site VPN Firewall Rules Are Getting Removed

We set up a VPN tunnel from our MX84 in our Phoenix office to a checkpoint firewall in our HQ.  On the MX84, I have outbound vpn firewall rules that allow a PC in phoenix to communicate to 4 individual servers at HQ over any protocol.  I have a 5th rule that is a deny any any.  I disabled the default outbound rule that is a allow any any.

On the inbound VPN firewall rules, I created rules to permit the 4 servers we're allowing outbound access to to talk to the pc.  I also disabled the default inbound rule that is allow any any.

 

If I navigate away from that page and then go back to it, all the rules I created in the inbound VPN firewall are gone.

I'd like to know why this is happening and if it's a normal function of the MX84 or if have run into a bug.

 

I opened a ticket with Meraki Support.

0 Kudos
Subscribe
1 Accepted Solution
In response to MacuserJim
RH6379
Getting noticed
‎Oct 12 2018 10:53 AM
‎Oct 12 2018 10:53 AM

Meraki support told me today that they don't support site-to-site VPN inbound firewall rules even though it's there on the dashboard under Security appliance>Site-to-site VPN. They suggested I submit a feature request.  When I asked why I should have to submit a feature request for an option that's on their dashboard, their response was:

 

"It was an engineering team's decision and sorry about the confusion. If you need further assistance, please let me know or call Support Hotline at 415-937-6671."

 

 

View solution in original post

0 Kudos
Subscribe
4 Replies 4
MacuserJim
A model citizen
‎Oct 12 2018 8:28 AM
‎Oct 12 2018 8:28 AM

Do the changes show up under "Organization > Change Log"? Also have you tried logging into the dashboard with an incognito window or another browser to see if it is something weird with your session?

0 Kudos
Subscribe
In response to MacuserJim
RH6379
Getting noticed
‎Oct 12 2018 10:53 AM
‎Oct 12 2018 10:53 AM

Meraki support told me today that they don't support site-to-site VPN inbound firewall rules even though it's there on the dashboard under Security appliance>Site-to-site VPN. They suggested I submit a feature request.  When I asked why I should have to submit a feature request for an option that's on their dashboard, their response was:

 

"It was an engineering team's decision and sorry about the confusion. If you need further assistance, please let me know or call Support Hotline at 415-937-6671."

 

 

0 Kudos
Subscribe
In response to RH6379
katy_BIMALOY12
New here
‎Oct 13 2018 12:26 PM
‎Oct 13 2018 12:26 PM

 

@RH6379 wrote:

Meraki support told me today that they Notepad++ don't support site-to-site VPN inbound Malwarebytes  firewall rules even though it's there on the dashboard under Security appliance>Site-to-site VPN. They suggested I submit a feature request.FileZilla  When I asked why I should have to submit a feature request for an option that's on their dashboard, their response was:

 

"It was an engineering team's decision and sorry about the confusion. If you need further assistance, please let me know or call Support Hotline at 415-937-6671."

 

 

at the inbound VPN firewall guidelines, I created rules to allow the four servers we're permitting outbound get admission to to to talk to the computer. I also disabled the default inbound rule that is allow any any.

 

If I navigate faraway from that page after which move returned to it, all the regulations I created inside the inbound VPN firewall are long past.

i might like to know why this is occurring and if it is a everyday feature of the MX84 or if have run right into a bug 

0 Kudos
Subscribe
In response to RH6379
Net-Dave
New here
‎Jul 11 2020 6:33 PM
‎Jul 11 2020 6:33 PM

Wow.. that's crazy! I am less than impressed with that decision from Cisco.

 

I have 5 site to site vpn's setup and my full network is exposed to them when I want to restrict their access to a couple of internal ip addresses...??

 

Come on Cisco , you should know better!

 

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.