The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About sealyc
sealyc

sealyc

Conversationalist

Member since Oct 4, 2018

‎03-25-2020
Kudos from
User Count
PacerX
PacerX
1
shogan
shogan
1
View All

Community Record

4
Posts
2
Kudos
0
Solutions
Latest Contributions by sealyc
  • Topics sealyc has Participated In
  • Latest Contributions by sealyc

Port Forwarding on MX 100 Allowed Remote IPs not honoring Layer 7 Rules?

by sealyc in Security / SD-WAN
‎02-12-2020 07:32 AM
‎02-12-2020 07:32 AM
Good Day,   I have recently rolled out a security appliance and I was alerted to traffic coming in from a country I block in my Layer 7 rules (To/From traffic). I found the IP block in ARIN and set a block for the entire range. I noticed that the Forwarding Rules section listed "Allowed Remote IPs" and I was wondering if the port Forwarding rules ignore certain Layer 7 rules? After I added the remote ip range to the Layer 7 rules the traffic did stop. Is it that the block Country rules are too general and the firewall may only perform a best effort as to not get overwhelmed by requests?   Thanks for any light shedding that can be performed. ... View more

Re: Any way to force a disconnect for a client VPN connection?

by sealyc in Security / SD-WAN
‎10-05-2018 09:11 AM
1 Kudo
‎10-05-2018 09:11 AM
1 Kudo
Thank you, yes, I can't imagine I am the first person to think of this, perhaps it is innate to all firewalls? ... View more

Re: Any way to force a disconnect for a client VPN connection?

by sealyc in Security / SD-WAN
‎10-05-2018 09:10 AM
‎10-05-2018 09:10 AM
Thank you, this was my thought as well. I am glad you were able to test it. ... View more

Any way to force a disconnect for a client VPN connection?

by sealyc in Security / SD-WAN
‎10-04-2018 09:36 AM
1 Kudo
‎10-04-2018 09:36 AM
1 Kudo
I hope I am not being dense. The way I understand connections through the MX is once a connection is made it is kept alive until one end drops the connection. Is there anyway to force the drop from the MX end other than disconnecting the WAN?   For instance, a user has their VPN connection active through the MX and I want to disconnect them from my side. Say a user is being terminated or a malicious entity has somehow gotten in through one of the connected clients. Is there anyway to drop their traffic?   I tried through a Layer 3 rule, denying traffic from their IP, but the session was already connected and the endpoint still showed traffic. Luckily this time it was a test.   Thanks for any light you can shine... ... View more
Kudos from
User Count
PacerX
PacerX
1
shogan
shogan
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Any way to force a disconnect for a client VPN connection?

Security / SD-WAN
1 10560

Any way to force a disconnect for a client VPN connection?

Security / SD-WAN
1 10604
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki