Inbound Firewall Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Inbound firewall rules
WAN-to-LAN Traffic Control
Section titled “WAN-to-LAN Traffic Control”Inbound firewall rules configuration in Meraki appliances provides comprehensive security control for traffic entering the network from external sources, such as the internet or WAN connections. This functionality enables administrators to define granular policies for incoming traffic based on source and destination IP addresses, protocols, and ports, supporting both allow and deny actions with detailed logging capabilities. Inbound firewall rules are critical for protecting internal network resources from external threats, controlling remote access, and implementing secure ingress policies while maintaining operational requirements for legitimate external connections.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| inbound_firewall_rules | Class | [inbound_firewall_rules] | No |
inbound_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “inbound_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| rules | List | [rules] | No | |
| syslog_default_rule | Boolean | true, false | No |
rules (meraki.domains.organizations.networks.appliance.firewall.inbound_firewall_rules)
Section titled “rules (meraki.domains.organizations.networks.appliance.firewall.inbound_firewall_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| comment | String | min: 1, max: 127 | No | |
| policy | Choice | allow, deny | Yes | |
| protocol | Choice | any, icmp, icmp6, tcp, udp | Yes | |
| source_port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| source_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?|VLAN\((?:[1-9]|[1-9]\d|[1-9]\d{2}|[1-3]\d{3}|40[0-8]\d|409[0-4])\)\.(?:\*|[1-9]|[1-9]\d|1\d\d|2[0-4]\d|25[0-4]))(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?|VLAN\((?:[1-9]|[1-9]\d|[1-9]\d{2}|[1-3]\d{3}|40[0-8]\d|409[0-4])\)\.(?:\*|[1-9]|[1-9]\d|1\d\d|2[0-4]\d|25[0-4])))*$ | No | |
| destination_port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| destination_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?|VLAN\((?:[1-9]|[1-9]\d|[1-9]\d{2}|[1-3]\d{3}|40[0-8]\d|409[0-4])\)\.(?:\*|[1-9]|[1-9]\d|1\d\d|2[0-4]\d|25[0-4]))(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?|VLAN\((?:[1-9]|[1-9]\d|[1-9]\d{2}|[1-3]\d{3}|40[0-8]\d|409[0-4])\)\.(?:\*|[1-9]|[1-9]\d|1\d\d|2[0-4]\d|25[0-4])))*$ | No | |
| syslog | Boolean | true, false | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates basic inbound firewall rules for common remote access and external service requirements.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless appliance: firewall_inbound_firewall: rules: - comment: "Allow HTTPS Web Server" policy: allow protocol: tcp source_port: "Any" source_cidr: "Any" destination_port: "443" destination_cidr: "!env web_server_ip" syslog: true - comment: "Allow SSH from Admin Network" policy: allow protocol: tcp source_port: "Any" source_cidr: "!env admin_network_range" destination_port: "22" destination_cidr: "!env management_subnet" syslog: true - comment: "Allow RDP from Admin Network" policy: allow protocol: tcp source_port: "Any" source_cidr: "!env admin_network_range" destination_port: "3389" destination_cidr: VLAN(10).*,10.10.196.10/32 syslog: true syslog_default_rule: true