AP-Cloud Communication Ports

Solved
FrancisChunga
Conversationalist

AP-Cloud Communication Ports

Hello everyone, I tell you that I have a WiFi solution with the AP-Meraki in my company and I have the following question.

 

What communication ports do these teams use to communicate with the Meraki cloud in order to manage them from the DashBoad?

 

I have these teams in a vlan (20) for administration, and the provider that configured them told me that this network has access to the internet without any restriction. In the company, a policy of restricting ports and services both incoming and outgoing is currently being carried out.

Please, if you could help me specifying if this is true, or I could only restrict in the perimeter firewall that my VLAN20 network of administration of the AP-Meraki depart for such services towards such domains of Meraki's cloud.

1 Accepted Solution

Hey @FrancisChunga,

 

Only the Meraki devices need to communicate to those addresses, so it should be sufficient to put only their IPs. 

E.g.: my MX is on 192.168.0.1, my MR on 192.168.0.5 and my clients are on 192.168.100.0/24 . Only 192.168.0.1 and 192.168.0.5 will need to be allowed. 

 

Also keep in mind that by default the MX allows outbound traffic, so you might not need to do anything unless you have a device upstream blocking traffic or unless you want to restrict the accessible ranges yourself.

 

Thanks!

 

Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!

View solution in original post

6 Replies 6
AjitKumar
Head in the Cloud

Hi Francis

The following url may help you.

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Firewall_Rules_for_Cloud_Conne...

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Hello, thanks for the help and sorry for the delay.

 

Here my question:
Regarding the image in Help-> FW info, in the Source IP field, would my VLAN administration network of the AP-Meraki only? Or should I also put the vlans that are distributed over the wifi?

Hey @FrancisChunga,

 

Only the Meraki devices need to communicate to those addresses, so it should be sufficient to put only their IPs. 

E.g.: my MX is on 192.168.0.1, my MR on 192.168.0.5 and my clients are on 192.168.100.0/24 . Only 192.168.0.1 and 192.168.0.5 will need to be allowed. 

 

Also keep in mind that by default the MX allows outbound traffic, so you might not need to do anything unless you have a device upstream blocking traffic or unless you want to restrict the accessible ranges yourself.

 

Thanks!

 

Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!

Okay, thank you very much everyone for your support.

Okay, thank you very much everyone for your support.
BrandonS
Kind of a big deal

help > firewall info will show you the outbound ports you need allowed for management.

 

for user traffic that is up to you and/or the security team I suppose.

 

 

- Ex community all-star (⌐⊙_⊙)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels