Meraki

knightrider · ‎Apr 15 2021

We want the Client VPN prevent from connecting from certain countries, We have firewall Layer 7 rule "Deny Traffic not to/ from USA, Canada, UK" ,but this rule did not helped , we found user able to connect from India.

WE open the t case with meraki support , they reply "Layer 7 rules do not apply to inbound Client VPN connections"

Is any one have idea how we can implement client vpn prevent from connecting from certain countries.

PhilipDAth · ‎Apr 15 2021

I can't think of any way to do this.

Going sideways, if you want to improve your security posture, consider using MFA with Client VPN, such as Cisco Duo.

https://duo.com/docs/meraki-radius

View solution in original post

Inderdeep · ‎Apr 15 2021

@knightrider : You can do that as shown below using Layer 7 rules

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/

knightrider · ‎Apr 15 2021

Yes this is what we have L7 rule in place, but user still able to connect .

Inderdeep · ‎Apr 15 2021

What license you have on the MX ?

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/

knightrider · ‎Apr 15 2021

we have advanced security license for MX100

PhilipDAth · ‎Apr 15 2021

I can't think of any way to do this.

Going sideways, if you want to improve your security posture, consider using MFA with Client VPN, such as Cisco Duo.

https://duo.com/docs/meraki-radius

knightrider · ‎Apr 15 2021

Thanks this way we think off to go with