NAT & Firewall Security Policy

New here

NAT & Firewall Security Policy

Hi All


I have not used the Security appliance before nor do I have access to one at the moment.

So just wanted to ask, when you have a inbound NAT rule configured, is it still necessary to have a corresponding Firewall rule to to permit that traffic?


Kind Regards


Getting noticed

Greetings John,


Negative. Once you have created your NAT rule and added the appropriate ports etc you should be good to go.

The NAT rule itself consists of the NAT and the firewall rule itself. There is no reason to create another inbound firewall rule pertaining to the NAT.


Hope this helps.




Thank you for your quick response, that's great to know.

I know the other vendors like ASA or Palo Alto, you still need to define the security policies after the NAT rules.

And also after some research, it appears that it is not possible to do outbound NAT on the Meraki Security Appliance, is that correct?




No problem.


By default all traffic destined to the Internet is NAT'd to WAN1's IP, however it is my understanding if there are specific NAT rules present, traffic that is initiated from a internal host that is part of a NAT the public IP specified will be used for its source IP translation when egressing the MX.




Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.