We are currently configuring individual rules in the layer 3 configuration of the MX Firewall section to block inter-VLAN traffic.
Let’s suppose that we have 100 VLANs which should be totally isolated, anytime that a new VLAN is added, many individual rules must be manually created. I have already discussed this with Meraki support and they say that using L3 firewall rules is indeed the method they recommend to block inter-VLAN traffic.
They do not have an automation feature available directly on this, but it is possible to perform rules updates using the dashboard API rather than manually. Do you have any recommendation for this? We would like to understand the best practices to block inter-vlan traffic in the Meraki structure and also avoid manual configurations whenever possible.
I suppose you already know this but if you have a default deny you don't need to add any rules to block inter-vlan communication when you add a new VLAN. You will have to add rules to allow certain communication to take place.