Products
Platform
General
Public groups
Hi,
Can someone tell what is the exact packet inspection flow in Meraki Mx appliance?
What comes first “Firewall L3 Inbound/outbound rules” or “Group policy L3 rules”? And what about VPN L3 outbound rules?
can someone just add the group policy l3 rules inspection to the below diagram and for any other inspection fix it if needed?
packet ->
firewall L3 inbound ->
routing ->
is going to vpn?
vpn L3 outbound ->
Else
firewall L3 outbound
Solved! Go to solution.
There is always a hit when using gp with custom fw rules, because the last rule is allow any any.
The gp has 3 options
View solution in original post
All Packets uses the group policy (if configured). Note: this are stateless rules.
if the packets have destination in vpn it (also) uses the vpn firewall rules
All other packets (non vpn, non gp) will use the L3 fw rules.
What if there is no matching rule in the gp rules? Will the firewall rules be inspected as well ? Or packet can be inspected by gp or firewall rules only ?
Anything not in a group policy will match the default firewall rules.