cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Source IP ANY destination 10.0.0.0/8

Just browsing

Source IP ANY destination 10.0.0.0/8

Hi everyone,

 

I would like a confirmation about security rule on Meraki MX64.

When I apply an ANY in Source IP address for example, which means that all subnets or IP address are authorized or only the subnets configured on my MX64 ?

If I have 2 VLans configured with 10.50.10.0/24 and 10.50.11.0/24, the ANY source IP address take only these 2 subnets ?

 

Thanks in advance for your answers.

4 REPLIES 4
Kind of a big deal

Re: Source IP ANY destination 10.0.0.0/8

Hi @EddyCan ,

 

Any means any. Do you have reason to think it doesn't?

Just browsing

Re: Source IP ANY destination 10.0.0.0/8

Hi @jdsilva

 

First of all thank you for your answer. 

I would like to challenge my network teams because it confirms me that source ANY only concerns the subnets configured locally on the Meraki mx64. 

I'm not be able to find any reason and any document on Meraki website that explain this. 

I don't want to open wide and not control the traffic properly. 

 

Thanks in advance. 

 

Highlighted
Building a reputation

Re: Source IP ANY destination 10.0.0.0/8

I believe ANY means any IP which traverses it as a L3 router. For example if you had a downstream switch, ANY on the MX would not apply to layer 2 adjacent traffic. Also, ANY on the MX is both for subnets local to the MX and any subnets coming over autovpn.
Kind of a big deal

Re: Source IP ANY destination 10.0.0.0/8

If you wish to use a single sub-net address, to simplify the rule, then rather than 

 

10.50.10.0/24 and 10.50.11.0/24

 

try using

 

10.50.10.0/23

 

But you can't get too clever with this, the Dashboard doesn't like it.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.