Meraki

Community

Port Forwarding on MX 100 Allowed Remote IPs not honoring Layer 7 Rules?

sealyc
Conversationalist
‎Feb 12 2020 7:32 AM
‎Feb 12 2020 7:32 AM

Port Forwarding on MX 100 Allowed Remote IPs not honoring Layer 7 Rules?

Good Day,

 

I have recently rolled out a security appliance and I was alerted to traffic coming in from a country I block in my Layer 7 rules (To/From traffic). I found the IP block in ARIN and set a block for the entire range. I noticed that the Forwarding Rules section listed "Allowed Remote IPs" and I was wondering if the port Forwarding rules ignore certain Layer 7 rules?

After I added the remote ip range to the Layer 7 rules the traffic did stop.

Is it that the block Country rules are too general and the firewall may only perform a best effort as to not get overwhelmed by requests?

 

Thanks for any light shedding that can be performed.

0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 12 2020 12:05 PM
‎Feb 12 2020 12:05 PM

Block by country is not an exact science.  It is a crude measure to coarsely try and block traffic from that country.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.