Hello everyone, I tell you that I have a WiFi solution with the AP-Meraki in my company and I have the following question.
What communication ports do these teams use to communicate with the Meraki cloud in order to manage them from the DashBoad?
I have these teams in a vlan (20) for administration, and the provider that configured them told me that this network has access to the internet without any restriction. In the company, a policy of restricting ports and services both incoming and outgoing is currently being carried out.
Please, if you could help me specifying if this is true, or I could only restrict in the perimeter firewall that my VLAN20 network of administration of the AP-Meraki depart for such services towards such domains of Meraki's cloud.
Solved! Go to solution.
Hey @FrancisChunga,
Only the Meraki devices need to communicate to those addresses, so it should be sufficient to put only their IPs.
E.g.: my MX is on 192.168.0.1, my MR on 192.168.0.5 and my clients are on 192.168.100.0/24 . Only 192.168.0.1 and 192.168.0.5 will need to be allowed.
Also keep in mind that by default the MX allows outbound traffic, so you might not need to do anything unless you have a device upstream blocking traffic or unless you want to restrict the accessible ranges yourself.
Thanks!
Giacomo
Hi Francis
The following url may help you.
Hello, thanks for the help and sorry for the delay.
Here my question:
Regarding the image in Help-> FW info, in the Source IP field, would my VLAN administration network of the AP-Meraki only? Or should I also put the vlans that are distributed over the wifi?
Hey @FrancisChunga,
Only the Meraki devices need to communicate to those addresses, so it should be sufficient to put only their IPs.
E.g.: my MX is on 192.168.0.1, my MR on 192.168.0.5 and my clients are on 192.168.100.0/24 . Only 192.168.0.1 and 192.168.0.5 will need to be allowed.
Also keep in mind that by default the MX allows outbound traffic, so you might not need to do anything unless you have a device upstream blocking traffic or unless you want to restrict the accessible ranges yourself.
Thanks!
Giacomo
Okay, thank you very much everyone for your support.
help > firewall info will show you the outbound ports you need allowed for management.
for user traffic that is up to you and/or the security team I suppose.