Meraki

Community

Layer 3 Firewall Deny/All rule

Solved
Johann
Getting noticed
‎Aug 25 2020 1:57 AM
‎Aug 25 2020 1:57 AM

Layer 3 Firewall Deny/All rule

Hi all,

 

Does anyone have a definitive answer on why the Meraki Firewall rules does not end in a Deny All Rule, as is considered to be best practice when setting up firewall rules in general? As I understand it, currently if none of your firewall rules match incoming traffic, the Allow All rule will allow all traffic in. Any insight will be appreciated.

 

Thanks.

0 Kudos
1 Accepted Solution
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 25 2020 2:15 AM
‎Aug 25 2020 2:15 AM

Simplified management I'd guess, Merakis mantra.

 

On the othe rhand, nothing / nobody prevents you from using this best pratice and place a "deny all" rule directly above the last line of "defense" 😉

View solution in original post

2 Replies 2
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 25 2020 2:15 AM
‎Aug 25 2020 2:15 AM

Simplified management I'd guess, Merakis mantra.

 

On the othe rhand, nothing / nobody prevents you from using this best pratice and place a "deny all" rule directly above the last line of "defense" 😉

In response to CptnCrnch
Roger_Beurskens
Building a reputation
‎Aug 25 2020 5:00 AM
‎Aug 25 2020 5:00 AM

I would aks myself if an "outgoing layer 3 deny all rule" is still best practice...

 

what would the reason be to block ALL outgoing traffic to internet. 

Yes it is the most secure... secure what? 

Malware wil just use normal ports and without something like AMP, of layer7 firewalling it wil just make a connection to some server on a default http or https port because 99% of the firewalls have that allow rule..

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.