Meraki

Community

Assign layer 7 rules to WAN2

Solved
Cain
Here to help
‎Sep 17 2020 7:27 PM
‎Sep 17 2020 7:27 PM

Assign layer 7 rules to WAN2

Hi All,

 

Just throwing this out to the community.

 

I have a client that has a large network with branches having MX67W and an attached MG21.  The second WAN port(MG21) is primarily used for failover but some sites do use it for load balancing.

 

Question:

 

Is there a way I can apply layer 7 firewall rules to the WAN2 port thereby limiting the type of traffic across the 4G modem?   For example I want to block all gaming sited when using the MG21 link.

 

Thanks,

0 Kudos
1 Accepted Solution
In response to Cain
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 18 2020 2:24 AM
‎Sep 18 2020 2:24 AM

I also have no easy solution and having separate rules per WAN-interface would be really great for this use-case.

But how are your Python skills? Based on the availability of the primary link, you could change the L7 firewall rules with the Dashboard-API.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 17 2020 9:15 PM
‎Sep 17 2020 9:15 PM

I can't quite remember, but I think if you open up a support ticket they can configure WAN2 to act like cellular backup and then it uses the cellular firewall rules.

0 Kudos
In response to PhilipDAth
Cain
Here to help
‎Sep 17 2020 9:23 PM
‎Sep 17 2020 9:23 PM

Hey mate,

 

Yes I did read that on a previous post but regardless from what I can see the cellular rules are only layer 3.  I really need to apply different layer 7 rules.

0 Kudos
In response to Cain
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 18 2020 2:24 AM
‎Sep 18 2020 2:24 AM

I also have no easy solution and having separate rules per WAN-interface would be really great for this use-case.

But how are your Python skills? Based on the availability of the primary link, you could change the L7 firewall rules with the Dashboard-API.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Cain
Here to help
‎Sep 18 2020 2:43 AM
‎Sep 18 2020 2:43 AM

Indeed this is my current work around.  I have a webhook that fires off a Python script that modifies the layer 7 rules when the WAN link changes.

 

It's a bit of a hack but it works.

 

There is a beta feature for cellular firewall rules but it seems limited to layer 3 rules.  I may be able to manually group some layer 7 rules into a "Object" and use the new beta object rules filtering.

0 Kudos
In response to Cain
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 18 2020 2:48 AM
‎Sep 18 2020 2:48 AM

@Cain wrote:

Indeed this is my current work around.  I have a webhook that fires off a Python script that modifies the layer 7 rules when the WAN link changes.

Do you have a blog? Would be worth publishing your solution.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Cain
Here to help
‎Sep 18 2020 3:05 AM
‎Sep 18 2020 3:05 AM

I don't but I probably should...

 

I work for a large telco here in AUS so I need to be careful with regards to IP etc.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.