What is the proper way to block traffic to my production network from my guest network. My Production network is 10.4.10.0/24 and my guest network is 10.4.40.0/24?
Solved! Go to Solution.
I just learned that DHCP relay doesn't go through the firewall in that sense. I can accomplish what I need with Group Policy.
If you have Meraki APs: Go to Wireless -> Configure -> Firewall & Traffic Shaping for that SSID.
Under Layer 3 firewall rules, set the "Wireless clients accessing LAN" policy to deny:
Otherwise, use your normal L3 firewall on the MX to deny those LANs to each other.
Here's a good doc: https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Using_Layer_3_Firewall_Rules
I guess where I'm confused is here:
I have 10.4.10.0/24 - which offers a few services, one is DHCP, to the guest vlan (10.4.40.0/24). I'm trying to fully understand what those rules would look like, specifically under the group policy section.
Hi @acarby, I would recommend you do this under the MX L3 firewall rules and not under GP.
I just learned that DHCP relay doesn't go through the firewall in that sense. I can accomplish what I need with Group Policy.