If you're connecting to the MX via VPN (non-Meraki or AutoVPN) then the Security & SD-WAN > Firewall configuration does not come into play (including port forwarding etc). You do need to get your VPN configuration right though, to enable the desired subnets to communicate: https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_peers If the VLANs on the destination MX, that you need to scan, do not have VPN enabled, they will not be reachable. This is configured under Security & SD-WAN > Addressing & VLANs In terms of traffic filtering, the ones that affect in-VPN traffic are configured within the Security & SD-WAN > Site-to-site VPN menu.
... View more