Meraki

FabrizioF

Hi, port forwarding rule has priority on outbound deny rule?

If I have created a Outbound rules that block/deny from a specific local ip to Any, the port forwarding rule continue to works?

thanks in advance

Fabrizio

FabrizioF

Hi, technical support confirms that everything is normal

Port forwarding rules do have priority over outbound Layer 3 firewall rules. This behavior is due to how traffic flows are processed in the Meraki MX:

Inbound Port Forwarding Rules: These rules apply to traffic coming from the internet into your network. When you create a port forwarding rule, the MX forwards the specified traffic to the designated internal IP address and port.
Outbound Layer 3 Firewall Rules: These rules apply to traffic initiated from your internal network going to the internet. They do not control the traffic already forwarded by the inbound rule.

When a port forwarding rule is created, the Meraki MX explicitly allows the incoming traffic to pass through to the specified internal host. The outbound Layer 3 rule that denies the internal host's traffic to all destinations does not impact the incoming traffic allowed by the port forwarding rule.

thanks for the all replies

View solution in original post

RWelch

Have you restarted the flow? It might take a bit to kick in.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

FabrizioF

sorry, do you mean restarting the MX?

RWelch

No, recycle the port for the IP address (device) you are wanting to deny outbound ANY.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

FabrizioF

I have already rebooted the PC (destination of Port Forwarding)

RWelch

Any chance you can share the port forwarding rule and/or the deny outbound rule to better understand?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

alemabrahao

As far I know outbound firewall rules take precedence over port forwarding rules. This means that if you have an outbound rule that blocks traffic from a specific local IP to any destination, this rule will override any port forwarding rules you have set up.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

ww

https://community.meraki.com/t5/Security-SD-WAN/Port-Forwarding-and-Firewall-Rules/m-p/133567#M33440

FabrizioF

Hi, technical support confirms that everything is normal

Port forwarding rules do have priority over outbound Layer 3 firewall rules. This behavior is due to how traffic flows are processed in the Meraki MX:

Inbound Port Forwarding Rules: These rules apply to traffic coming from the internet into your network. When you create a port forwarding rule, the MX forwards the specified traffic to the designated internal IP address and port.
Outbound Layer 3 Firewall Rules: These rules apply to traffic initiated from your internal network going to the internet. They do not control the traffic already forwarded by the inbound rule.

When a port forwarding rule is created, the Meraki MX explicitly allows the incoming traffic to pass through to the specified internal host. The outbound Layer 3 rule that denies the internal host's traffic to all destinations does not impact the incoming traffic allowed by the port forwarding rule.

thanks for the all replies

Meraki

Community

port forwarding rule priority

port forwarding rule priority