Meraki

Community

Different Firewall Rules per SSID on MX65W

Solved
JoeM
Here to help
‎Aug 28 2017 11:35 AM
‎Aug 28 2017 11:35 AM

Different Firewall Rules per SSID on MX65W

Is it possible to setup different Layer 7 firewall rules depending on the SSID? I have 2 SSID's, one for Business and one for Guest. On my MX65W security appliance I would like to block different sites depending on the SSID you are connected to. I can do this on my AP's but not the security appliance.

 

Any help is greatly appreciated.

1 Accepted Solution
AlexP
Meraki Employee
Meraki Employee
‎Aug 28 2017 4:01 PM
‎Aug 28 2017 4:01 PM

The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...

View solution in original post

4 Replies 4
LV_MW_MSP
Getting noticed
‎Aug 28 2017 1:10 PM
‎Aug 28 2017 1:10 PM

Hi Joe,

 

It is my understanding that there are limitations when only using the built-in WIFI on the MX firewalls. I just checked and don't see anyway to adjust layer 7 settings based on the source network, or SSID. I could be wrong, but it seems if you are using built-in WIFI on the MX your can't set different layer 7 rules per SSID.

0 Kudos
AlexP
Meraki Employee
Meraki Employee
‎Aug 28 2017 4:01 PM
‎Aug 28 2017 4:01 PM

The way to do it is make sure your SSID's are segregated by VLAN, and then apply a group policy with the appropriate ruleset on the corresponding VLANs: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...

In response to AlexP
JoeM
Here to help
‎Aug 29 2017 10:37 AM
‎Aug 29 2017 10:37 AM

AlexP,

 

I tried this and it doesn't seem to be working for me. I have a template for all my sites. I added a group policy in the template. I then went under DHCP and added the group policy to the VLAN (1). When I look under the template and group policy it says the affecting clients is 0. Am I doing something wrong?

0 Kudos
In response to JoeM
AlexP
Meraki Employee
Meraki Employee
‎Aug 30 2017 12:00 PM
‎Aug 30 2017 12:00 PM

Hey Joe,

 

That number only indicates how many clients have that policy directly applied to them, so if you apply it to a VLAN, it won't go up at all - this also applies to policies that are assigned via a RADIUS attribute or from Active Directory. Understandably a bit confusing if you're not familiar with it.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.