I Want to block one of the site users to direct access to all other sites over site-to-site VPN. I have created the below test rule for one device block to all sites. But the rule is not working; maybe I am doing something wrong.
Site-to-Site outbound firewall
I apreciate your support in advance.
Solved! Go to solution.
See some considerations.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior
See some considerations.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior
You doing a test from that source ip to that destination subnet?
Did you wait 10 minutes after apllying the rule
Yes, You are right. It's been an hour, but nothing happened. But I understand the behavior shared by @alemabrahao. I have created two new rules and vice versa and tested it was working fine. see below screenshot.
Let me test more. I will update the results.
It could be another way of looking at it but you could have a group policy on that user (if WiFi on the AP) or via 802.1X (on switches) to put that user in another VLAN that is not passed to a site to site peer.
To block a specific site user from accessing all other sites over a site-to-site VPN, you have created a test rule. However, it seems that the rule is not functioning as expected. To resolve this issue, you may need to review and troubleshoot the rule configuration. Check if the rule is properly applied, the device is correctly identified, and the settings align with the desired blocking behavior. Adjustments or corrections to the rule may be necessary to successfully block the targeted user's access to all other sites.