Problem Description I have a Meraki MX with a 1:1 NAT + port-forward exposing public IP A to internal host B on TCP/UDP ports X (Remote IPs = any). A Barracuda XDR alert flagged suspicious traffic from C (SSH brute-force, VNC on port Y, C2 activity, etc.) and I want to prevent any inbound connections from that IP. I tried creating an Outbound rule to deny traffic to C, but that only blocks LAN→WAN traffic: it does not stop the outside from initiating connections to my already-exposed service. My Question Is there a native way on Meraki MX to insert a “deny” for specific Remote IPs in a port-forward (i.e. “any except C”)? If not, what architecture or workaround would you recommend to: continue exposing the service (e.g. HTTPS on ports X) but exclude certain IPs or ranges deemed malicious? Thanks in advance for your suggestions!
... View more
