What is the maximum amount of entries in Firewall and in Content filtering?

ShadowoftheD
Here to help

What is the maximum amount of entries in Firewall and in Content filtering?

Hi,

 

 

I have a Deny rule in my firewall where I block malicious IPs attacking our network. At the same time I also block malicious website from being accessed in our content filtering. I'd like to ask is what is the Maximum number of Ip addresses in Firewall configuration that I can block and the maximum number of websites that I can block as well in Content filtering? 

 

And in the case of reaching that maximum number, what do I do next?

 

I'm using MX84

 

Thanks

3 REPLIES 3
MerakiDave
Meraki Employee
Meraki Employee

I won't claim it is "unlimited" but it is unlimited in Dashboard, there is no maximum stated number of rules, and no limit at which it would be considered unsupported.  That said, you will come to a point where it becomes too cumbersome to examine and maintain THAT many rules on a single page in Meraki Dashboard. 

 

For some administrators that's in the low hundreds of rules, for others it's in the high hundreds, and we do have some customers with well over 1,000 rules on a single MX.  I would usually make the argument that the MX and Dashboard can handle as many rules as you might want and STILL consider it practical and be able to administer it properly.  I would further argue that (unless it's a corner case) that if you needed 500, 800 or 1200 firewall rules, then it's not designed properly and should be simplified.

 

Same in general for content filtering, there is no hard limit to how many filters you can turn on.

Thanks. Although, its not a number of rules, but rather 1 rule where i just continually add in ip addresses. like x.x.x.x/32, y.y.y.y/32, z.z.z.z/32, etc

i'm actually concerned since we've been doing this for around 2 + years now and I know there will come a time that the ip addresses entries and urls will cause a slowdown or worse might hang the device and i want to know what is that threshold or what's the next possible step that i should do when that happens.

Thanks

Also, how many IPs we can add in a Rule. Does adding each IP in a rule will count as a single Rule. Ex. If I add 10 subnets in a Rule does it act as a single rule or 10 rules ?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels