I have MX, MS and MR at a customer site. I would like to block all wired and wireless devices except for some known devices. How i can achieve this via the group policy?
You could setup your global firewall rules in the MX to block everything. Then create a group policy with the desired rules and assign that to the devices that need it. Either manually or via RADIUS:
I made a layer 3 firewall policy and denied everything. Then i went to group policy and put a firewall policy as any any. I went to network wide-->clients and choose a client and applied the group policy to one specific client but client still had no internet access. I even re-joined the client to wireless still same. In the troubleshooting it mentions the access column by using + sign but i cant see the access column?
The column they're taking about is called Policy. You should be able to find it when clicking the + on the Network-Wide > Clients page.
It may take a few minutes before everything is working. Try waiting 5 mins and reconnecting the client then.
ok this is how i made it work:
1) Allow MS and MR IP and Deny everything as layer 3 policy on firewall
2) Configure MR to be in bridge mode
3) Create a group policy and in that add a layer 3 firewall policy to allow any any
4) Apply the group on a specific device
5) Wait 5 min and it works.