Inbound firewall rules

diablo24
Building a reputation

Inbound firewall rules

Hi,

 

I'm trying to understand what this mean "Inbound traffic will be restricted to the service and forwarding rules configured below.” when configuring firewall rules on an MX device? Does this mean that rules are automatically created when an inbound session is created? The service section in Firewall doesn't seem easy to configure or add something besides Ping which is already there. Additionally, if I configured something in the forwarding section (i.e. port forwarding), does this only take effect during an inbound session?

 

Thanks in advance,

-Jerome

 

3 REPLIES 3
Adam
Kind of a big deal

Meraki has a unique way of doing firewall rules compared to a traditional firewall.  Here is an example.  If you were trying to prevent a network server at 8.8.8.8 from being able to ping anything in your environment.  On a traditional firewall you could prevent incoming icmp from 8.8.8.8.  On the MX you'd instead create an outgoing rule to prevent ICMP to 8.8.8.8.  It accomplishes the same thing of ultimately blocking the incoming traffic but it does it via blocking the response.  It took me a while to wrap my head around this difference since I was used to traditional Cisco ACLs and Sonicwalls.  

 

A little additional info here https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings

and here https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Layer_3_and_7_Firewa...

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
diablo24
Building a reputation

Thanks @Adam for clarifying. The documentation is a bit sparse when it comes to details about the functionality. Its difficult to understand.

Adam
Kind of a big deal


@diablo24 wrote:

Thanks @Adam for clarifying. The documentation is a bit sparse when it comes to details about the functionality. Its difficult to understand.


I agree, and in this case it is a lot different.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels