Meraki

Community

best pratctice firwall rules

Solved
Herixon
Here to help
‎Jun 29 2020 11:58 PM
‎Jun 29 2020 11:58 PM

best pratctice firwall rules

Hi,

 

We have different networks in a same template with autovpn between them. We want to isolate a subnet in (VLAN10) so it can't communicate with RFC1918 addresses in the network BUT we want that all vlans10 in other networks can talk to each other. What is the best practice to do it?

 

Right now I have a firewall rule in the outbound layer 3 section that deny any traffic from vlan 10 to RFC1918 addresses. Is it enough or should I add deny rules in  site-to-site outbound firewall as well?

 

BenjaminH
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 30 2020 12:05 AM
‎Jun 30 2020 12:05 AM

Allocate a supernet for all VLAN10's, for example 192.168.0.0/19.

 

Then create a firewall rules like:

permit 192.168.0.0/19 192.168.0.0/19

deny 192.168.0.0/19 all rfc1918 address space

 

 

You will need a VPN firewall rule as well.

View solution in original post

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 30 2020 12:05 AM
‎Jun 30 2020 12:05 AM

Allocate a supernet for all VLAN10's, for example 192.168.0.0/19.

 

Then create a firewall rules like:

permit 192.168.0.0/19 192.168.0.0/19

deny 192.168.0.0/19 all rfc1918 address space

 

 

You will need a VPN firewall rule as well.

In response to PhilipDAth
Herixon
Here to help
‎Jun 30 2020 1:46 AM
‎Jun 30 2020 1:46 AM

Thank you! Unfortunately we can't allocate a supernet but we will add rules in vpn firewall. 🙂

BenjaminH
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.