Is it possible to setup different Layer 7 firewall rules depending on the SSID? I have 2 SSID's, one for Business and one for Guest. On my MX65W security appliance I would like to block different sites depending on the SSID you are connected to. I can do this on my AP's but not the security appliance.
Any help is greatly appreciated.
Solved! Go to Solution.
The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...
Hi Joe,
It is my understanding that there are limitations when only using the built-in WIFI on the MX firewalls. I just checked and don't see anyway to adjust layer 7 settings based on the source network, or SSID. I could be wrong, but it seems if you are using built-in WIFI on the MX your can't set different layer 7 rules per SSID.
The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...
AlexP,
I tried this and it doesn't seem to be working for me. I have a template for all my sites. I added a group policy in the template. I then went under DHCP and added the group policy to the VLAN (1). When I look under the template and group policy it says the affecting clients is 0. Am I doing something wrong?
Hey Joe,
That number only indicates how many clients have that policy directly applied to them, so if you apply it to a VLAN, it won't go up at all - this also applies to policies that are assigned via a RADIUS attribute or from Active Directory. Understandably a bit confusing if you're not familiar with it.