Meraki Community

dmiss · ‎Apr 3 2023

I'm trialing out a MX67 connected to a Meraki Cellular gateway. I'm looking at the firewall rules on the MX and am only seeing Layer 3 rules for ipv6, none for ipv4. Does the MX only do ipv6 inbound layer 3 firewalling?

Brash · ‎Apr 3 2023

By default, the MX will block all inbound traffic that isn't return traffic from an outbound flow (as any firewall/NAT router would).

If you want to allow traffic inbound, you can open a case for support to enable inbound ipv4 firewall rules.

This would typically only be used in a No-NAT IP-VPN/MPLS scenario.

View solution in original post

alemabrahao · ‎Apr 3 2023

Inbound rules are just for IPV6, if you want to create a rule for IPV4 use Layer 3 Outbound Firewall Rules.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

dmiss · ‎Apr 3 2023

Hmmmm, could you explain the logic behind that? So any outbound rules creates the equiv. inbound rule as well on the back end for ipv4?

alemabrahao · ‎Apr 3 2023

On the MX, outbound traffic refers to traffic originating from one VLAN that is destined for another VLAN or traffic originating from the LAN that is destined for the Internet or a remote network that is located over a static LAN route.

The inbound rules are destinated for traffic coming from the internet.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal...