Hi, just an update did a test with a technician, and confirmed that traffic like hairpin routing (using port forwarding) did bypass layer 3 restriction, and currently I believe Meraki did not have any feature to restrict this for now (correct me if I am wrong). Maybe if there is a way to disable hairpin or enable no-nat for certain traffic like this, it will help this vulnerability. So the alterative solution to technician had provided, was to use ACL which block and stop the traffic on the switch from reaching the router. It is fine for now, but it is not scalable as we need to create a rule for each VLAN, and each port. (If ive got 3 VLANs to restrict from using 3 port forwarding rules, I have to create 9 rules)
... View more