Meraki

Community

MX67 - ipv4?

Solved
dmiss
Getting noticed
‎Apr 3 2023 6:09 AM
‎Apr 3 2023 6:09 AM

MX67 - ipv4?

I'm trialing out a MX67 connected to a Meraki Cellular gateway. I'm looking at the firewall rules on the MX and am only seeing Layer 3 rules for ipv6, none for ipv4. Does the MX only do ipv6 inbound layer 3 firewalling? 

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Apr 3 2023 6:25 AM
‎Apr 3 2023 6:25 AM

By default, the MX will block all inbound traffic that isn't return traffic from an outbound flow (as any firewall/NAT router would).

If you want to allow traffic inbound, you can open a case for support to enable inbound ipv4 firewall rules.

This would typically only be used in a No-NAT IP-VPN/MPLS scenario.

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 3 2023 6:20 AM
‎Apr 3 2023 6:20 AM

Inbound rules are just for IPV6, if you want to create a rule for IPV4 use Layer 3 Outbound Firewall Rules.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
dmiss
Getting noticed
‎Apr 3 2023 6:24 AM
‎Apr 3 2023 6:24 AM

Hmmmm, could you explain the logic behind that? So any outbound rules creates the equiv. inbound rule as well on the back end for ipv4?

0 Kudos
In response to dmiss
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 3 2023 6:29 AM
‎Apr 3 2023 6:29 AM

On the MX, outbound traffic refers to traffic originating from one VLAN that is destined for another VLAN or traffic originating from the LAN that is destined for the Internet or a remote network that is located over a static LAN route.

 

The inbound rules are destinated for traffic coming from the internet.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal
‎Apr 3 2023 6:25 AM
‎Apr 3 2023 6:25 AM

By default, the MX will block all inbound traffic that isn't return traffic from an outbound flow (as any firewall/NAT router would).

If you want to allow traffic inbound, you can open a case for support to enable inbound ipv4 firewall rules.

This would typically only be used in a No-NAT IP-VPN/MPLS scenario.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.