Actual telnet on devices is run on TCP/23. So just make an outbound rule that blocks destination port TCP/23 from or to the subnet you want to block it. Telnetting to other ports is only used to see if you can get a TCP handshake.  But you're not exchanging any commands for that protocol. ... View more

Great. So every one on MX 18.107 or 18.211 seems to be having the same issues. Somehow support doesn't know that it is affecting multiple clients. Curious. ... View more

My install is next week, so unless there's a time limit, I am going to keep this open.  ... View more

It does appear to have worked. I included colons in the hex value and it's set as below:         Running ipconfig /all on a Windows workstation reports "NetBIOS over Tcpip" as disabled.     NetBIOS over Tcpip. . . . . . . . : Disabled   ... View more

I'm guessing the remote party has a static IP address configured as their peer address for you. I'm guessing your 5G connection has a dynamic IP address? If the above is right - can you see why this will never work? ... View more

It all depends on the flow of the expected traffic. i.e. If the SFTP client is initiating the connection. Then no issue, it's what Firewalls' were built for. Simply put a firewall rule and port forwards/nat in place to limit the port and hosts. Something like the below. You could also pop the client in it's own DMZ as well. Just need to be very specific with Source and Destination hosts. https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Active_and_Passive_FTP_Overview_and_Configuration Cheers, Ivan ... View more

Can you show your configuration? ... View more