What you should define is very relative, there is no way to give an exact answer without knowing which applications and external ports you access. The biggest risk would be if you have inbound rules for your network. To restrict external access, you can simply define the categories you want to block in Content Filtering. But in general you can allow for example HTTPS, DNS, or anything else that is relevant to you. If you have questions, I suggest you open a support case or consult your Meraki sales representative. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MX_Security_and_SD-WAN/General_MX_Best_Practices#Layer_3_Firewall_Rules
... View more