Meraki

Johnny55 · ‎Jul 25 2022

Hello fellows

This is regarding the L3 firewall on group policy (on MX).

I want to isolate a client, only allow it to communicate to it's own subnet and to the WAN.

-> From / to 192.168.1.0/24 and from / to WAN

The thing is, I have many subnets / vlans, so although having a deny rule to each subnet would work fine, I find it cumbersome and would prefer to avoid.

So my idea is to:
- Allow 192.168.1.0/24 (all ports / proto)
- Block Any (all ports / proto)

But I think that would also block the client from accessing the WAN.

So my quesiton is: What destination sould I specify to allow traffic to the WAN?

I already tried to use the public IP and the gateway, to no avail...

maybe I did something wrong here? ... like not using the correct mask... you tell me

Many thanks!

RaphaelL · ‎Jul 25 2022

Hi ,

Simply do :

Deny 192.168.1.0/24 RFC1918 ( 10.0.0.0/8 , 192.168.0.0/16 , 172.16.0.0/12 ) Any

Permit 192.168.1.0/24 Any Any

This will block anything from 192.168.1.0/24 towards rfc1918 , except it's own vlan and will allow the flows towards the internet.

View solution in original post

RaphaelL · ‎Jul 25 2022

Hi ,

Simply do :

Deny 192.168.1.0/24 RFC1918 ( 10.0.0.0/8 , 192.168.0.0/16 , 172.16.0.0/12 ) Any

Permit 192.168.1.0/24 Any Any

This will block anything from 192.168.1.0/24 towards rfc1918 , except it's own vlan and will allow the flows towards the internet.

Johnny55 · ‎Jul 25 2022

Hi @RaphaelL

That's some good info, thank you.
But are you sure that it applies to Group Policies?

This is how I would do it based on your reply:

Screen Shot 2022-07-25 at 2.46.03 PM.png

RaphaelL · ‎Jul 25 2022

Yes that would be the way to do it !

Somehow I missed the part about the Group Policy in your post.

Johnny55 · ‎Jul 25 2022

Thanks for your help @RaphaelL !

Meraki

Community

L3 Firewall: How to specify outboud

L3 Firewall: How to specify outboud