Network Objects for port forwarding rules?

WarrenG
Getting noticed

Network Objects for port forwarding rules?

I see the Network Objects is in open beta, but I don't see any way to use them in port forwarding rules. Please tell me this new functionality will be extended for use with port forwarding rules too?!

7 Replies 7
Omkar_Manjrekar
Meraki Employee
Meraki Employee

Hey @WarrenG 

 

Network Objects/Groups are currently limited to:

- Individual and Template Networks: Layer 3 Inbound, Layer 3 Outbound, and Failover Cellular Firewall Rules.

- Organization-wide Site to Site VPN Outbound Firewall Rules.

 

Using them for Port Forwarding rules will be a feature request at the moment. We should soon extent the usability in the future.

 

Regards,

Meraki Team

c_gal
New here

Hello from 04/21, where I just made a bunch of Policy Objects only to realize I can't utilize them in Port Forwarding rules - a predicament that Googling about has lead me here.

 

+1 for this feature request.

AlexAppleton
Conversationalist

Another +1 for me (after creating a bunch of policy objects as well)

DHAnderson
Head in the Cloud

When MX IPV6 is released, you will be happy that you made network objects.

 

We all can probably recite our IPV4 subnets from memory, and identify the subnets by IP address in firewall rules.  It will be a while before we can do that with IPV6.

 

- Dave

Dave Anderson
RBS_Managed
Conversationalist

Another +1 from May 2022, after creating a bunch of policy objects as well. 

 

2 Years in Beta for something that almost every competing firewall has had for years...?

AET-Tech
Comes here often

Any update on port forwarding?

 

To clarify, will Network Objects/Groups allow firewall to forward a port (443) to multiple LAN IPs?

 

I now use NAT with extra IPs from ISP block of 5, not used by WAN.

AlexP
Meraki Employee
Meraki Employee

You wouldn't use a port forward for this anyway - if an incoming TCP packet comes in on TCP 443, there's no mechanism that would allow us to determine how to forward it on to the LAN if there were multiple IPs specified.

The case you're talking about seems like what the existing 1:1 NAT functionality already covers.

Get notified when there are additional replies to this discussion.