"The inbound firewall will deny any traffic that does not have a session initiated by a client behind the MX. This allows internal client machines to connect with any resources they need, but does not let outside devices initiate connections with inside client machines. The exception to this is if a Port Forward or 1:1 NAT is created. " Source: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_Appliances But, I can't think of a design where the original request would be fulfilled. You'd need to NAT, or port forward every client. In your original question: how would the outside IP know how to differentiate between internal clients from the outside?
... View more