Meraki

Community

Group Policies - Syslog

RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Group Policies - Syslog

Hi ,

 

I have a blank and I can't find the information or test it at the moment.

 

Simple setup. Client connected to MS and MX is doing routing + L3 firewall.  Client has a group policy applied with "custom network firewall & traffic shaping rules". Does that mean I'm losing all visibility on flows/urls that would be sent by the MX via Syslog ? 


I don't see any options to toggle on/off syslog on the Group Policy , so I would assume that I will lose visibility since this bypass the L3 firewall of the MX that would have that option.

 

Thanks !

Labels:
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

I'm not sure, but I believe you don't lose visibility of the Syslog.

But you do lose visibility of the global Layer 3 firewall rules, because those rules stop being applied when a Group Policy with custom firewall rules is applied.

You still see client flows, URLs, security events, etc. in the Syslog, but they reflect the Group Policy rules, not the global Layer 3 MX rules.

At least that's how I understand it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

(comment removed)

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Have you tested this yet?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Update.  This is with MX26.1.2

 

I'm seeing every syslog possible even when a client is bound to a GP with custom L3 firewall rules.

 

My test scenario.

  • GP that blocks Gambling with a content filtering rule : works and logs under urls)
  • L3 rule that allows/denies a FQDN/IP : works and logs under firewall with pattern : Group Policy Allow
  • Outbound flows are logged under flows

 

 

It seems to be working just fine !  Excellent news

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.