Hi All,
Just throwing this out to the community.
I have a client that has a large network with branches having MX67W and an attached MG21. The second WAN port(MG21) is primarily used for failover but some sites do use it for load balancing.
Question:
Is there a way I can apply layer 7 firewall rules to the WAN2 port thereby limiting the type of traffic across the 4G modem? For example I want to block all gaming sited when using the MG21 link.
Thanks,
Solved! Go to solution.
I also have no easy solution and having separate rules per WAN-interface would be really great for this use-case.
But how are your Python skills? Based on the availability of the primary link, you could change the L7 firewall rules with the Dashboard-API.
I can't quite remember, but I think if you open up a support ticket they can configure WAN2 to act like cellular backup and then it uses the cellular firewall rules.
Hey mate,
Yes I did read that on a previous post but regardless from what I can see the cellular rules are only layer 3. I really need to apply different layer 7 rules.
I also have no easy solution and having separate rules per WAN-interface would be really great for this use-case.
But how are your Python skills? Based on the availability of the primary link, you could change the L7 firewall rules with the Dashboard-API.
Indeed this is my current work around. I have a webhook that fires off a Python script that modifies the layer 7 rules when the WAN link changes.
It's a bit of a hack but it works.
There is a beta feature for cellular firewall rules but it seems limited to layer 3 rules. I may be able to manually group some layer 7 rules into a "Object" and use the new beta object rules filtering.
@Cain wrote:Indeed this is my current work around. I have a webhook that fires off a Python script that modifies the layer 7 rules when the WAN link changes.
Do you have a blog? Would be worth publishing your solution.
I don't but I probably should...
I work for a large telco here in AUS so I need to be careful with regards to IP etc.