How to block access all at normal policy default
by default everything is allowed in Meraki, so the normal policy (default) will "obey" everything you have applied in the firewall settings (L3 rules, L7 rules, content filter, etc).
So if you want to block everything by default you should start with these settings.
that mean new device connected network lan will allow acces all, because new device inside to policy normal (default)
in case im need new device connected lan = block and need permit to allow any access.
how im can config it?
i have set vlan subnet 10.62.202.0/24 vlan ID 1 Group Policy Staff
but im check Monitor - Client Policy Normal, why like that?
no client at group policy Staff
why still at group policy normal?
You can create a group policy blocking everything and directly apply the VLAN interface, and allow access as needed.
Of course, this is one of the options, another way to restrict access (I particularly like this one more) is to configure the Access control.
Look at these articles:
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/Access_Control
To answer your question, the policy is applied directly to the interface, so on clients it will continue to be displayed as normal unless you apply the policy on the client.
Don't try to understand, just accept.
The documentation makes it very clear:
show normal, but actually the config is working or not?
i check not working or i misconfigured
It should have worked, maybe your policy is incorrect. I recommend you read the documentation.
Try configure like this:
But I really recommend that you study more about the features. You can take the online training here:
https://learning.meraki.net/#/dashboard
I have do it sir, but no client at group policy Staff (rules applied), that mean rule not hit
I'm sure it works as I just tested it on my MX and it worked as expected. Can you share your config?
hai sir,
I use another method to block new users connected Lan Network, user must need permit.
im just config at firewall
permit Group Objek any any
Deny Segment Lan
thanks for discus sir