1- I made an ACL on The MS 120 but it takes a long time to change the ACL.
it is about 20 min.
IT IS NOT JUST PROBLEM, packet processing slow also. so I cant make a handshake with my SQL server Authentication. that SQL Authentication gets fail when ACL is running.
The return traffic ACLs, like rule 2, are wrong.
The source and destination should be swapped.
Thank you Philip.
i just change the ACL as you can see.
172.18.0.0/24 is the subnet which i wont have full port access to my server farm 172.16.0.0/24
18 subnet need to access to subnet 16 for , HTTPS(443) RDP (3389, DNS 53, and SQL 1433
when i applied that ACL Meraki for this port and that destination became so slow.
What is the IP address of your server and what is the IP address of your client trying to access the server?
172.18.0.0/24 is my client's subnet need to connect to some server in 172.16.0..0/24
You don't have any rules to allow the return traffic.
You need a rule to allow traffic from 172.18.0.0/24 to 172.16.0.0/24 with a destination port of tcp/443 AND a rule to allow the return traffic (source 172.16.0..0/24, source port 443 to destination 172.18.0.0/24).
Ditto for the other rules.
I think for return is should be ok because at the END of the ACL i have Allow any any any any any, isn't it?
so you mean somthing like this?
Yes that looks much better to me now.
Hi Philip did you see my msg?