Different Firewall Rules per SSID on MX65W

SOLVED
JoeM
Conversationalist

Different Firewall Rules per SSID on MX65W

Is it possible to setup different Layer 7 firewall rules depending on the SSID? I have 2 SSID's, one for Business and one for Guest. On my MX65W security appliance I would like to block different sites depending on the SSID you are connected to. I can do this on my AP's but not the security appliance.

 

Any help is greatly appreciated.

1 ACCEPTED SOLUTION
AlexP
Meraki Employee
Meraki Employee

The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...

View solution in original post

4 REPLIES 4
LV_MW_MSP
Getting noticed

Hi Joe,

 

It is my understanding that there are limitations when only using the built-in WIFI on the MX firewalls. I just checked and don't see anyway to adjust layer 7 settings based on the source network, or SSID. I could be wrong, but it seems if you are using built-in WIFI on the MX your can't set different layer 7 rules per SSID.

AlexP
Meraki Employee
Meraki Employee

The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...

JoeM
Conversationalist

AlexP,

 

I tried this and it doesn't seem to be working for me. I have a template for all my sites. I added a group policy in the template. I then went under DHCP and added the group policy to the VLAN (1). When I look under the template and group policy it says the affecting clients is 0. Am I doing something wrong?

AlexP
Meraki Employee
Meraki Employee

Hey Joe,

 

That number only indicates how many clients have that policy directly applied to them, so if you apply it to a VLAN, it won't go up at all - this also applies to policies that are assigned via a RADIUS attribute or from Active Directory. Understandably a bit confusing if you're not familiar with it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels