MX Inbound Layer3 FW Rules

Solved
Sarv
Getting noticed

MX Inbound Layer3 FW Rules

I see a default "deny all" inbound Layer3 rule on our MX. I'm going to assume that Deny All inbound layer3 rule has no effect if you create a NAT Forwarding rule. Is that correct? Just wanted to verify before I start creating Forwarding rules.

 

Thanks


Sarvjit

1 Accepted Solution
Sarv
Getting noticed

I found the documentation for this, it states the following:

 

"The inbound firewall overrides the “allowed inbound connections” field for NATs, port forwards, and firewall host services, etc"

 

Here is the link to the complete documentation

 

https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

View solution in original post

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

The deny all should be only for ipv6.

 

Unless you running a early access:

NAT Exceptions with Manual Inbound Firewall

 

Sarv
Getting noticed

Default Deny All rule is for Dual Stack and not just IPV6.  We haven't touched it so that must be the default.

ww
Kind of a big deal
Kind of a big deal

Hmm that would be new, i dont see it over here, only for the ipv6

1000049839.jpg

Can you check if this early access is enabled?

NAT Exceptions with Manual Inbound Firewall

Sarv
Getting noticed

Guess I will just play around with the rules and see how they impact each other.


Thanks

Sarvjit

Sarv
Getting noticed

I found the documentation for this, it states the following:

 

"The inbound firewall overrides the “allowed inbound connections” field for NATs, port forwards, and firewall host services, etc"

 

Here is the link to the complete documentation

 

https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels