Block Normal Policy

Black
Comes here often

Block Normal Policy

How to block access all at normal policy default

12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal

by default everything is allowed in Meraki, so the normal policy (default) will "obey" everything you have applied in the firewall settings (L3 rules, L7 rules, content filter, etc).

So if you want to block everything by default you should start with these settings.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal...

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

that mean new device connected network lan will allow acces all, because new device inside to policy normal (default)

in case im need new device connected lan = block and need permit to allow any access.

how im can config it?

 

 

Black
Comes here often

i have set vlan subnet 10.62.202.0/24 vlan ID 1 Group Policy Staff

vlans.JPG

 

but im check Monitor - Client Policy Normal, why like that?

Monitor Client.JPG

 

no client at group policy Staff

Group Client.JPG

why still at group policy normal?

alemabrahao
Kind of a big deal
Kind of a big deal

 

You can create a group policy blocking everything and directly apply the VLAN interface, and allow access as needed.

Of course, this is one of the options, another way to restrict access (I particularly like this one more) is to configure the Access control.

 

Look at these articles:

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

 

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/Access_Control

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

To answer your question, the policy is applied directly to the interface, so on clients it will continue to be displayed as normal unless you apply the policy on the client.

Don't try to understand, just accept.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

The documentation makes it very clear:

 

alemabrahao_0-1668274965396.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

show normal, but actually the config is working or not?

i check not working or i misconfigured

alemabrahao
Kind of a big deal
Kind of a big deal

It should have worked, maybe your policy is incorrect. I recommend you read the documentation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Try configure like this:

 

alemabrahao_0-1668283180668.png

alemabrahao_1-1668283214026.png

 

But I really recommend that you study more about the features. You can take the online training here:

 

https://learning.meraki.net/#/dashboard

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

I have do it sir, but no client at group policy Staff (rules applied), that mean rule not hit

alemabrahao
Kind of a big deal
Kind of a big deal

I'm sure it works as I just tested it on my MX and it worked as expected. Can you share your config?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

hai sir,

 

I use another method to block new users connected Lan Network, user must need permit.

im just config at firewall

 

permit Group Objek any any

Deny Segment Lan

 

thanks for discus sir

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels