Meraki

Community

Inbound firewall rules

diablo24
Building a reputation
‎Jul 2 2018 9:25 AM
‎Jul 2 2018 9:25 AM

Inbound firewall rules

Hi,

 

I'm trying to understand what this mean "Inbound traffic will be restricted to the service and forwarding rules configured below.” when configuring firewall rules on an MX device? Does this mean that rules are automatically created when an inbound session is created? The service section in Firewall doesn't seem easy to configure or add something besides Ping which is already there. Additionally, if I configured something in the forwarding section (i.e. port forwarding), does this only take effect during an inbound session?

 

Thanks in advance,

-Jerome

 

0 Kudos
3 Replies 3
Adam
Kind of a big deal
‎Jul 2 2018 9:51 AM
‎Jul 2 2018 9:51 AM

Meraki has a unique way of doing firewall rules compared to a traditional firewall.  Here is an example.  If you were trying to prevent a network server at 8.8.8.8 from being able to ping anything in your environment.  On a traditional firewall you could prevent incoming icmp from 8.8.8.8.  On the MX you'd instead create an outgoing rule to prevent ICMP to 8.8.8.8.  It accomplishes the same thing of ultimately blocking the incoming traffic but it does it via blocking the response.  It took me a while to wrap my head around this difference since I was used to traditional Cisco ACLs and Sonicwalls.  

 

A little additional info here https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings

and here https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Layer_3_and_7_Firewa...

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
diablo24
Building a reputation
‎Jul 2 2018 9:56 AM
‎Jul 2 2018 9:56 AM

Thanks @Adam for clarifying. The documentation is a bit sparse when it comes to details about the functionality. Its difficult to understand.

0 Kudos
In response to diablo24
Adam
Kind of a big deal
‎Jul 2 2018 10:25 AM
‎Jul 2 2018 10:25 AM

@diablo24 wrote:

Thanks @Adam for clarifying. The documentation is a bit sparse when it comes to details about the functionality. Its difficult to understand.

I agree, and in this case it is a lot different.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.