https://www.sikich.com

Egress Filtering Meraki Firewalls

Chad Brown

Jun 18 2024

4 min read

In today’s interconnected digital landscape, securing your network against potential threats is paramount. One effective strategy is to implement egress filtering on your Meraki firewall. Egress filtering controls the outbound traffic leaving your network, allowing you to enforce security policies, prevent unauthorized access, and safeguard sensitive data. In this blog post, we’ll explore how to apply egress filtering to your Meraki firewall to enhance your network security.

Understanding Egress Filtering

Before diving into the configuration steps, let’s understand what egress filtering entails. Egress filtering involves controlling the outbound traffic flow from your network based on predefined rules. These rules determine which types of traffic are allowed to leave the network and which are blocked. By implementing egress filtering, you can mitigate the risks associated with malicious outbound connections, data exfiltration, and unauthorized access to external resources.

Configuring Egress Filtering on Meraki Firewall

Access Meraki Dashboard

Log in to the Meraki Dashboard using your administrator credentials. Navigate to “Security & SD-WAN” and select “Firewall.”

Create Egress Filtering Rules

Click on “Add a rule” to create a new firewall rule for egress filtering.
Give the rule a descriptive name that reflects its purpose, such as “Block Unauthorized Outbound Traffic.”
Choose the action for the rule, such as “Deny” to block specific traffic or “Allow” to permit authorized traffic.
Specify the protocol (e.g., TCP, UDP, ICMP) for the traffic you want to filter.
Define the source IP address or range from which the traffic originates. This can be specific IP addresses, subnets, or predefined groups.
Specify the destination IP address or range that the traffic is allowed to communicate with.
Optionally, specify the port or port range for the traffic if needed.
Decide whether to enable logging for the rule to monitor traffic activity.

Add Additional Rules

Create additional egress filtering rules as needed to cover different types of outbound traffic, applications, or services.

Review and Apply Changes

Review the egress filtering rules to ensure they align with your security policies and compliance requirements. Click “Save” to apply the changes to your firewall settings.

Create a Deny rule so that all other traffic is denied after your intended rules are in place.

The problem that I found with Meraki firewall specifically is that there isn’t a built-in way to turn off the allow any from any rule. I had been assigned to create egress filtering rules so that we can limit the traffic that goes out to the internet from our client’s protected environment but found that I couldn’t force them to be used because of the allow any from any rule. After some additional research and a phone call to Meraki support, I found that you must create your own deny any from any rule and apply it. Make sure this rule is at the bottom of the list as it should be the last rule processed. DO NOT ENABLE THIS RULE UNTIL YOU’RE READY FOR TESTING!

Test the Rules

Schedule a window to test the rules for impact. If all continues to work, you’re done! But if there are some services that no longer work you’ll need to review and make sure to add rules for those services.

Conclusion

In conclusion, applying egress filtering to your Meraki firewall is a proactive step towards enhancing your network security posture. By implementing and fine-tuning egress filtering rules, you can effectively control outbound traffic, mitigate security risks, and protect your organization’s sensitive data assets. Regular monitoring, testing, and updates to your egress filtering rules ensure that your network remains resilient against evolving threats in today’s digital landscape.

If you have any questions about this process, do not hesitate to reach out to us at any time.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author

Chad Brown

Chad Brown is a Senior Network Consultant at Sikich, assisting client in achieving their business objectives through technology and trusted advice. He holds a Bachelor’s of Science in Information Technology from University of Phoenix, as well as several industry certifications. His primary area of focus revolves around server infrastructure and Microsoft’s Cloud services.