Meraki MX Inbound Firewall Rules

SOLVED
wizard_123
Here to help

Meraki MX Inbound Firewall Rules

Is there any way to configure Inbound firewall rules in Meraki MX?

1 ACCEPTED SOLUTION
MerakiDave
Meraki Employee
Meraki Employee

Yes, but you need to open a case with Meraki Support and they can enable this functionality for you, it will not be visible on the firewall configuration page by default in the Meraki Dashboard.  There are only certain use cases (such as when using NAT Exceptions features) that it makes sense to do so, so it's always best to discuss this with Meraki Support to review the requirements.

 

View solution in original post

7 REPLIES 7
BrandonS
Kind of a big deal

Well, everything is denied inbound by default.  You just open up port forwarding or static NAT when/if needed.

 

What specifically are you wanting to do?

- Ex community all-star (⌐⊙_⊙)

HI,

 

Could you help more on this. If all inbound traffic is blocked by default and we have no forwarding set up, how is internet traffic and FTP traffic coming through?

 

thanks

 

Gareth

MerakiDave
Meraki Employee
Meraki Employee

Yes, but you need to open a case with Meraki Support and they can enable this functionality for you, it will not be visible on the firewall configuration page by default in the Meraki Dashboard.  There are only certain use cases (such as when using NAT Exceptions features) that it makes sense to do so, so it's always best to discuss this with Meraki Support to review the requirements.

 

BrandonS
Kind of a big deal

Oh?  Tell us more @MerakiDave  Is there any documentation about this available?  Thanks!

- Ex community all-star (⌐⊙_⊙)

By default, everything inbound is going to be blocked by default unless it's allowed by port forwarding or a 1:1 NAT rule for example, and of course any return traffic is allowed back inbound like any stateful firewall. It's not super common (which is why it's not visible by default) but there are some specific use cases where having a manual inbound firewall addresses a specific requirement.  Best to open a case with Support and review the specific situation on a case by case basis to see if it needs to be enabled and used or not.  

Hi,is there any way to configure a rule to block cell phones?

 

Inbound rules in a decent size company are critical. Things like Okta, business apps like oracle ebs/obi that are inbound for invoice approval etc. then there is rules to allow FTP, inbound for payroll etc. Is the Meraki considered an Enterprise platform? It should not take a support ticket to implement an inbound rule.

1:1 Nat should address this and perhaps policies are able to be configured once Nat is available.

Sonicwalls and Palo both have inbound capabilities out of the box. I’m sure Meraki does and perhaps the configuration is just a bit challenging like all new platforms.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels