Fun Fact - layer 3 firewall rule blocks will show up in syslog as "l7_firewall".....blocked.
Example:
l7_firewall src=192.168.40.5 dst=208.67.220.220 protocol=tcp sport=36211 dport=7 decision=blocked
This was not being blocked by a layer 7 rule (I know because I removed them all). It was being blocked by a layer 3 rule. I also confirmed this by adding an Allow rule in Layer 3.
Isn't that fun?
Thanks for making it so easy Meraki.
