Meraki

Community

MX250 Firewalling and logging

Seeking a quick start document for basic subnet firewalling

WAN1 / WAN2 / Site to SIte VPNS/ Client VPNs

MX250 HA

VLAN A VLAN B VLAN C

Goal

Stop inter VLAN for A and B

Permit VLAN A AND VLAN B. Specific URLs

Permit VLAN B goes over Site to site Tunnels

Deny remaining VLAN A AND VLAN B

VLAN C. goes anywhere

VPN CLIENTS go anywhere ( NON SPLIT TUNNEL)

Is there a way to log Firewall hits to a syslog sever to watch success or failure for troubleshooting.

Thanks

4 Replies 4

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal...

Hi,

I think these links can be useful.

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia...

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Meraki Cloud Logging: Configuration, Events, and Analytics

Meraki MX Design: Designing and Configuring Warm Spare Mode

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Which rulebase has priority

IE

L3

VLAN A. deny Destination ANY.

L7

VLAN A. Allow. WEBSITE.SAFE.COM

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Welcome to the Meraki Community!

To start contributing, simply with your Cisco account. If you don't yet have a Cisco account, you can .

Labels

3rd Party VPN 166
ACLs 100
Auto VPN 311
AWS 38
Azure 70
Client VPN 427
Firewall 696
Other 583