Security & SD-WAN > Configure > Firewall > Security Appliance Services --how to configure it?

SOLVED
CharlesIsWorkin
Building a reputation

Security & SD-WAN > Configure > Firewall > Security Appliance Services --how to configure it?


Hi all,
What do you guys typically set this thing to? Does this really need to be configured at all?


This is for web apps using the API to access my Meraki, right? Or perhaps the status page would be available to all the world if I left it at any....so what do you set yours at if you're not checking it at all from the outside?

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Firewall_Settings

There is the link for reference.

1 ACCEPTED SOLUTION

The only people who need access are those responsible for Mgmt.

 

If you're not use SNMP then yup, close it down.

 

Personally, I allow ICMP for pinging, but some paranoid people like to shut that down too.

 

Keep web closed unless you need it for something. Then only allow what you need.

View solution in original post

4 REPLIES 4
jdsilva
Kind of a big deal

Not for API. Those all go to the dashboard, not to a device. 

 

I generally just leave at defaults. I open the local status page one when I need to hit that remotely, but always close it again when I'm done.

 

CharlesIsWorkin
Building a reputation

So typically, would an ISP need access to the MX's SNMP info or anything like that? I'm thinking of putting "None" in all of those fields.

The only people who need access are those responsible for Mgmt.

 

If you're not use SNMP then yup, close it down.

 

Personally, I allow ICMP for pinging, but some paranoid people like to shut that down too.

 

Keep web closed unless you need it for something. Then only allow what you need.

CharlesIsWorkin
Building a reputation

Ok sounds good. Since I would look at the Meraki dashboard for status anyway, I think I'll set ICMP to "None" as well.

 

Thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels