Organization-Wide Outbound Firewall Rules

Location in Dashboard: Security and SD-WAN >> Configure >> Site-to-site VPN >> Site-to-site outbound firewall

Diagram

Classes

appliance (meraki.domains.organizations)

Name	Type	Constraint	Mandatory	Default Value
vpn_firewall_rules	Class	[vpn_firewall_rules]	No

vpn_firewall_rules (meraki.domains.organizations.appliance)

Name	Type	Constraint	Mandatory	Default Value
rules	List	[rules]	No
syslog_default_rule	Boolean	true, false	No

rules (meraki.domains.organizations.appliance.vpn_firewall_rules)

Name	Type	Constraint	Mandatory	Default Value
comment	String	min: 1, max: 127	No
policy	Choice	allow, deny	Yes
protocol	Choice	any, icmp, icmp6, tcp, udp	Yes
source_port	Any	Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
source_cidr	String	Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$	No
destination_port	Any	Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
destination_cidr	String	Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$	No
syslog	Boolean	true, false	No

Config Sample

meraki:
  domains:
    - name: EMEA
      administrator:
        name: Foo Bar
      organizations:
        - name: Dev
          appliance:
            vpn_firewall_rules:
              rules:
                - comment: "Allow HTTPS"
                  policy: allow
                  protocol: tcp
                  source_port: "Any"
                  source_cidr: "192.168.1.0/24"
                  destination_port: "443"
                  # The CIDR Object must be created in Policy Objects in order to be applied.
                  destination_cidr: "10.0.0.0/24"
                  syslog: true
                - comment: "Deny all UDP"
                  policy: deny
                  protocol: udp
                  source_port: "Any"
                  source_cidr: "Any"
                  destination_port: "Any"
                  destination_cidr: "Any"
                  syslog: false
                - comment: "Deny all TCP"
                  policy: deny
                  protocol: tcp
                  source_port: "Any"
                  source_cidr: "Any"
                  destination_port: "Any"
                  destination_cidr: "Any"
                  syslog: false
              syslog_default_rule: true