Not to hijack a thread, but every other security appliance I have ever administered, will open the ports received in the PASV command coming from the FTP/SFTP server. Most also have an implicit deny at the end of all access lists. Meraki has an implicit allow, therefore requiring a deny any any rule to be created. Otherwise the MX devices are nothing more than a router. How do we go about requesting that this be added as a feature. I feel confident if we as a company knew this was the way these appliances behaved from a security perspective, we would have chosen a different vendor.
... View more
