Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configure Layer 7 Rules on MX64

Solved
cgw
Here to help
‎Aug 30 2023 2:19 AM
‎Aug 30 2023 2:19 AM

Configure Layer 7 Rules on MX64

We have an MX64 that is to be deployed at one of our remote sites (version: MX 18.107.2), to replace a FortiGate Firewall.

Currently looking into the configuration & the FortiGate firewall has the option of configuring policies/rules for cloud based internet services, such as Microsoft-Outlook, Microsoft-Office365 & for Zscaler etc.

Looking at the options for adding a layer 7 firewall rule under Databases & Cloud Services, none of these appear to be listed & the option is to add a rule to Deny only.

Is there another way to add rules to allow these internet services on an MX64, or any other Meraki Firewalls?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to cgw
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 30 2023 3:11 AM
‎Aug 30 2023 3:11 AM

Take a look at this documentation about integration with ZIA.

 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Zscaler_Internet_Access_(ZIA)_Integration

 

As I informed the rules of L7 are intended for blocking applications.

 

Cisco Meraki MR Access Points and MX Security Appliances provides the ability to create layer 7 firewall rules to deny certain traffic based on traffic type.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_a_Layer_7_Fi...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 30 2023 2:53 AM
‎Aug 30 2023 2:53 AM

Layer 7 rules are for application blocking. What exactly do you need to do?
 
Perhaps you need the Secure SD-WAN Plus license, but first it would be better to understand your need.
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
cgw
Here to help
‎Aug 30 2023 3:05 AM
‎Aug 30 2023 3:05 AM

Hi, thanks for the prompt reply.

In the previous deployment using a Fortigate firewall, we have layer 7 policies that allow connectivity to different internet services such as Microsoft applications & a zscaler proxy service. We would like to deploy the same polices on the Meraki MX device.

Are you are saying this is not possible, or is that supported with the SD-WAN Plus License?

0 Kudos
Subscribe
In response to cgw
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 30 2023 3:11 AM
‎Aug 30 2023 3:11 AM

Take a look at this documentation about integration with ZIA.

 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Zscaler_Internet_Access_(ZIA)_Integration

 

As I informed the rules of L7 are intended for blocking applications.

 

Cisco Meraki MR Access Points and MX Security Appliances provides the ability to create layer 7 firewall rules to deny certain traffic based on traffic type.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_a_Layer_7_Fi...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.