Firewalled Services Configuration

Dashboard Location: Security and SD-WAN > Configure > Firewall > Firewalled services

Network Service Access Control

Firewalled services configuration in Meraki appliances provides granular access control for built-in network services and protocols, enabling administrators to define security policies for essential network functions such as ICMP, web management, SNMP, and SSH access. This functionality supports flexible access control with unrestricted, restricted (IP-based), or blocked access modes for each service, ensuring that critical network services are protected while maintaining operational requirements. Firewalled services are essential for securing appliance management interfaces, controlling diagnostic protocols, and implementing defense-in-depth security strategies.

Diagram

Classes

firewall (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory	Default Value
firewalled_services	List	`[firewalled_services]`	No

firewalled_services (meraki.domains.organizations.networks.appliance.firewall)

Name	Type	Constraint	Mandatory
service_name	String	min: `1`, max: `127`	Yes
access	Choice	`blocked`, `restricted`, `unrestricted`	Yes
allowed_ips	List	Any[IP or String[matches: `[Aa]ny`]]	No

Examples

Example-1: The example below demonstrates firewall firewalled services configuration.

This configuration controls access to specific network services on the appliance itself. The example includes service definitions, access restrictions, and allowed source networks for secure appliance management and service exposure.

This configuration manages access to built-in appliance services using “service_name” to identify specific services (ICMP, web, SNMP) and “access” levels including “blocked” (no access), “restricted” (limited to specific IPs), and “unrestricted” (open access). The web service uses “access: restricted” with “allowed_ips” specifying source IP addresses (2.2.2.2, 3.3.3.3) that can access the management interface. These settings control direct access to the appliance’s own services rather than traffic passing through the appliance.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                firewall:
                  firewalled_services:
                    - service_name: "ICMP"
                      access: "blocked"
                    - service_name: "web"
                      access: "restricted"
                      allowed_ips:
                        - "2.2.2.2"
                        - "3.3.3.3"
                    - service_name: "SNMP"
                      access: "unrestricted"