Feature Request, More useful Layer 7 rules on MX devices

Solved
steinat
Conversationalist

Feature Request, More useful Layer 7 rules on MX devices

It would be great to have the selection of layer 7 rules updated, for example, under "Databases &Cloud Services" we only can choose from AWS, Azure, IBM, and SAP. 

 

It would be great to be able to choose from some of the more well known bad actor cloud platforms that are marketed as "Bullet proof" hosts and block their entire ranges instead of needed to hunt and peck for subnet ranges to add to layer 3 rules.

1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

MX16 uses NBAR for app classification and there are quite a few more canned apps listed

 

Screen Shot 2021-12-21 at 5.54.09 PM.png

Ryan / Meraki SE

If you found this post helpful, please give it Kudos. If my answer solved your problem click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
MilesMeraki
Head in the Cloud

If you have specific instances of cloud providers and their ranges that you would like to get classified I'd recommend logging a "make a wish" feature in the dashboard.

 

In regards to blocking ranges outside of the NBAR classifications have you maybe thought about using the Geolocation (Countries) option of layer7 rules for blocking suspect countries where these cloud providers operate? 

 

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
MarkB2
Here to help

What MX firmware are you on? I think there are significant improvements in 16 vs 15.

Ryan_Miles
Meraki Employee
Meraki Employee

MX16 uses NBAR for app classification and there are quite a few more canned apps listed

 

Screen Shot 2021-12-21 at 5.54.09 PM.png

Ryan / Meraki SE

If you found this post helpful, please give it Kudos. If my answer solved your problem click Accept as Solution so others can benefit from it.

We are on MX15, I see that MX 16 is currently on a release candidate, we will need to wait for it to be an official release before moving to this build.  We are already implementing geo-blocking, however, the providers that we are having issues with are us based

Get notified when there are additional replies to this discussion.