Meraki Community

knovukna · ‎Jan 1 2018

Hi All

I have not used the Security appliance before nor do I have access to one at the moment.

So just wanted to ask, when you have a inbound NAT rule configured, is it still necessary to have a corresponding Firewall rule to to permit that traffic?

Kind Regards

John

General-Zod · ‎Jan 1 2018

Greetings John,

Negative. Once you have created your NAT rule and added the appropriate ports etc you should be good to go.

The NAT rule itself consists of the NAT and the firewall rule itself. There is no reason to create another inbound firewall rule pertaining to the NAT.

Hope this helps.

Cheers

knovukna · ‎Jan 1 2018

Thank you for your quick response, that's great to know.

I know the other vendors like ASA or Palo Alto, you still need to define the security policies after the NAT rules.

And also after some research, it appears that it is not possible to do outbound NAT on the Meraki Security Appliance, is that correct?

General-Zod · ‎Jan 1 2018

No problem.

By default all traffic destined to the Internet is NAT'd to WAN1's IP, however it is my understanding if there are specific NAT rules present, traffic that is initiated from a internal host that is part of a NAT the public IP specified will be used for its source IP translation when egressing the MX.

Cheers

Meraki Community

NAT & Firewall Security Policy

NAT & Firewall Security Policy