Meraki

Community

Possibility of Opening 2 Specific Ports for MX84?

WeirdJupiterXD
Conversationalist
‎Dec 14 2020 2:25 PM
‎Dec 14 2020 2:25 PM

Possibility of Opening 2 Specific Ports for MX84?

Hello,


So in short, a department is wanting to send an email from a windows and they've been encountering some issues. As I'm waiting for some information from the vendor. I am wondering, since we(my company) uses GSuite, Is there any option or recommendation, to allow port 465 or 587 within our MX84? I know we tried opening the ports on the users laptop, but on a network level. 

 

I found on the firewall configuration, Layer 7 only allows the option to deny and I am not sure if adding the rule to Layer 3 would help. I think it might since it's asking for a source and destination address.

 

Any who, any advice will help and I'd be happy to provide more detail. Thank you very much.

 

 

0 Kudos
2 Replies 2
Bruce
Kind of a big deal
‎Dec 14 2020 4:21 PM
‎Dec 14 2020 4:21 PM

By default the MX should allow all outbound traffic initiated from the LAN side of the network. You shouldn't have any issues getting G Suite to work unless you've introduced restrictions on the outbound traffic. If you have (i.e. you've put Layer 3 Deny rules in place, or Layer 7 rules) you will need to determine which outbound rules are blocking the traffic and modify/remove them.

 

I believe the ports you identified are used by the G Suite /GMail SMTP service, so if you are trying to connect using SMTP from a client application then you may well need them opened.

 

EDIT: for reference if you haven't seen the MX firewall rules document, https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

In response to Bruce
WeirdJupiterXD
Conversationalist
‎Dec 15 2020 10:07 AM
‎Dec 15 2020 10:07 AM

Hey Bruce,

 

Thank you for your response, I appreciate it and providing a reference link.

 

As for any rules, we have a few in-place but it's not blocking nor disrupting GMail SMTP services. I am pretty sure its the vendor's software that has the issues. I did open those ports on the client's side and no success either.


Right now, I am waiting on the vendor to provide any IP addresses, CNAME or something I can add to our DNS records.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.