Meraki

Community

Firewall rules - applying to specific vlans

CarlT
Here to help
2 weeks ago
2 weeks ago

Firewall rules - applying to specific vlans

Hi All

There are some limitations currently with the firewall rules, specifically around incoming traffic to the mx etc.

We have routers on the inside of the firewall that we route too and from, it would be good to be able to apply firewall rules to these vlans.

is this feature coming or been asked for before ?

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

But what exactly do you need to apply? There are limitations, but depending on what you need, there may be another way to do it.

In any case, you can make a feature request to Meraki.

 

https://documentation.meraki.com/General_Administration/Other_Topics/Give_your_feedback_(previously_...)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
CarlT
Here to help
2 weeks ago
2 weeks ago

I want to be able to apply "inbound" rules coming in from certain vlan (MPLS vlan) that have been routed from other networks, these MPLS routers do not sit behind the "WAN" ports

0 Kudos
In response to CarlT
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

In this case, you can apply it to the outbound rules as I mentioned in the other discussion you opened.

MX is a little different, so if you want to make the inter-VLAN restriction, just create the ACLs in outbound rules.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to CarlT
ww
Kind of a big deal
Kind of a big deal
a week ago
a week ago

You can also look into using a group policy and apply that to the vlan

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

I feel where you are coming from @CarlT , as the Meraki approach seems different.

 

As @ww has said, you can create firewall rules in a group policy and apply them to a VLAN.  HOWEVER, these are stateless.  You have to have rules that allow return traffic.

PhilipDAth_0-1746733267342.png

 

As @alemabrahao has mentioned, you can do this with the outbound firewall rules. These are stateful. I use this approach the most.

 

You can also take a more holistic view, and if you have mostly Meraki kit with C9300 switches, you can also use Adaptive Policy.  This lets you apply tags to devices, and then the traffic is filtered as it enters the port of the network.  This is the info on using ACLs with Adaptive Policy.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy_Confi...

 

Personally, for my larger clients, I am going to start using Adaptive Policy as the primary mechanism for policy enforcement. Then, outbound firewall rules, and lastly, group policy attached to a VLAN for simple cases (like a guest network, an IoT network, etc.).

In response to PhilipDAth
Brash
Kind of a big deal
Kind of a big deal
a week ago
a week ago

^ This right here.

 

Although it's worth noting that Adaptive Policy requires Advanced Licensing for switches

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.