Meraki

Community

How are the policies applied in order?

JungTaeMin
Conversationalist
‎Jun 17 2025 8:07 PM
‎Jun 17 2025 8:07 PM

How are the policies applied in order?

The policies can be configured as shown below. Could you please check which one takes priority?

 

Group policies
Firewall > Layer 3 > Outbound rules
wireless > Firewall & traffic shaping > Outbound rules

 

????

Labels:
0 Kudos
4 Replies 4
MartinLL
Building a reputation
‎Jun 17 2025 8:22 PM
‎Jun 17 2025 8:22 PM

You can read about it here.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal... 

 

Group policy either inherits the networks firewall settings or ignores it and applies the rules you defined.

 

If you run both wireless and mx firewall policy the wireless policy will hit first for wireless users simply because the AP is the first device in the path. 

 

For a L7 outbound rule to hit the traffic must first match a L3 rule on the MX.

 

On the MR a matching L3 rule means that traffic will buypass the L7 rule.

 

Hope this helps.

MLL
In response to MartinLL
JungTaeMin
Conversationalist
‎Jun 17 2025 9:08 PM
‎Jun 17 2025 9:08 PM

Thank you for the clarification.
As you mentioned, for wireless users, the wireless policy is applied first, followed by the group policy, and then the firewall policy.
For standard wired users, the group policy is applied first, and the firewall policy comes next?

0 Kudos
In response to JungTaeMin
MartinLL
Building a reputation
‎Jun 17 2025 9:45 PM
‎Jun 17 2025 9:45 PM

No the group policy is either or.

If in your group policy you set "inherit network settings" in the firewall and traffic shaping section the MR and MX will enforce configured policy. If you switch the group policy to custom network firewall shaping rules your MX and MR firewall policies is not applied in favour for the custom policies you defined in the group policy.

 

Otherwise correct. 

 

Some stuff on group policy.

I advise you to read up on it as different elements in the group policy is handled differently form network device to network device.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

MLL
JungTaeMin
Conversationalist
‎Jun 17 2025 9:07 PM
‎Jun 17 2025 9:07 PM

Thank you for the clarification.
As you mentioned, for wireless users, the wireless policy is applied first, followed by the group policy, and then the firewall policy.
For standard wired users, the group policy is applied first, and the firewall policy comes next?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.