Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group policy and Firewall inbound and outbound rules

Solved
ShlomiTufin
Just browsing
‎Dec 4 2022 5:28 AM
‎Dec 4 2022 5:28 AM

Group policy and Firewall inbound and outbound rules

Hi,

 

Can someone tell what is the exact packet inspection flow in Meraki Mx appliance?


What comes first “Firewall L3 Inbound/outbound rules” or “Group policy L3 rules”? 
And what about VPN L3 outbound rules?


can someone just add the group policy l3 rules inspection to the below diagram and for any other inspection fix it if needed?

 

packet ->

firewall L3 inbound ->

routing -> 

is going to vpn?

   vpn L3 outbound ->

Else

   firewall L3 outbound 

 

 

0 Kudos
Subscribe
1 Accepted Solution
In response to ShlomiTufin
ww
Kind of a big deal
Kind of a big deal
‎Dec 4 2022 7:00 AM
‎Dec 4 2022 7:00 AM

There is always a hit when using gp with custom fw rules, because the last rule is allow any any.

 

The gp has 3 options

  • Use the global fw rules
  • Ignore the global fw rules
  • Use custom fw rules

View solution in original post

Subscribe
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Dec 4 2022 6:26 AM
‎Dec 4 2022 6:26 AM

All Packets uses the group policy (if configured). Note: this are stateless rules.

 

if the packets have destination in vpn it (also) uses the vpn firewall rules

 

All other packets (non vpn, non gp) will use the L3 fw rules.

0 Kudos
Subscribe
In response to ww
ShlomiTufin
Just browsing
‎Dec 4 2022 6:34 AM
‎Dec 4 2022 6:34 AM

What if there is no matching rule in the gp rules? Will the firewall rules be inspected as well ?  Or packet can be inspected by gp or firewall rules only ?

0 Kudos
Subscribe
In response to ShlomiTufin
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 4 2022 6:39 AM
‎Dec 4 2022 6:39 AM

Anything not in a group policy will match the default firewall rules.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to ShlomiTufin
ww
Kind of a big deal
Kind of a big deal
‎Dec 4 2022 7:00 AM
‎Dec 4 2022 7:00 AM

There is always a hit when using gp with custom fw rules, because the last rule is allow any any.

 

The gp has 3 options

  • Use the global fw rules
  • Ignore the global fw rules
  • Use custom fw rules
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.