- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
port forwarding rule priority
Hi, port forwarding rule has priority on outbound deny rule?
If I have created a Outbound rules that block/deny from a specific local ip to Any, the port forwarding rule continue to works?
thanks in advance
Fabrizio
Solved! Go to solution.
- Labels:
-
Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, technical support confirms that everything is normal
Port forwarding rules do have priority over outbound Layer 3 firewall rules. This behavior is due to how traffic flows are processed in the Meraki MX:
Inbound Port Forwarding Rules: These rules apply to traffic coming from the internet into your network. When you create a port forwarding rule, the MX forwards the specified traffic to the designated internal IP address and port.
Outbound Layer 3 Firewall Rules: These rules apply to traffic initiated from your internal network going to the internet. They do not control the traffic already forwarded by the inbound rule.
When a port forwarding rule is created, the Meraki MX explicitly allows the incoming traffic to pass through to the specified internal host. The outbound Layer 3 rule that denies the internal host's traffic to all destinations does not impact the incoming traffic allowed by the port forwarding rule.
thanks for the all replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you restarted the flow? It might take a bit to kick in.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry, do you mean restarting the MX?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, recycle the port for the IP address (device) you are wanting to deny outbound ANY.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have already rebooted the PC (destination of Port Forwarding)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any chance you can share the port forwarding rule and/or the deny outbound rule to better understand?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As far I know outbound firewall rules take precedence over port forwarding rules. This means that if you have an outbound rule that blocks traffic from a specific local IP to any destination, this rule will override any port forwarding rules you have set up.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, technical support confirms that everything is normal
Port forwarding rules do have priority over outbound Layer 3 firewall rules. This behavior is due to how traffic flows are processed in the Meraki MX:
Inbound Port Forwarding Rules: These rules apply to traffic coming from the internet into your network. When you create a port forwarding rule, the MX forwards the specified traffic to the designated internal IP address and port.
Outbound Layer 3 Firewall Rules: These rules apply to traffic initiated from your internal network going to the internet. They do not control the traffic already forwarded by the inbound rule.
When a port forwarding rule is created, the Meraki MX explicitly allows the incoming traffic to pass through to the specified internal host. The outbound Layer 3 rule that denies the internal host's traffic to all destinations does not impact the incoming traffic allowed by the port forwarding rule.
thanks for the all replies