Meraki

peto · ‎May 3 2019

Hi,

my question is simple. I found out that the global L3 firewall is statefull, but is the L3 firewall under the group-policy stateful? Because from my test it doesn't seem to be so.

thank you

jdsilva · ‎May 3 2019

No. GP L3 firewall rules are not stateful.

http://blog.brokennetwork.ca |

@jdsilva

View solution in original post

jdsilva · ‎May 3 2019

No. GP L3 firewall rules are not stateful.

http://blog.brokennetwork.ca |

@jdsilva

peto · ‎May 3 2019

well, this complicates everything for me 🙂

but thank you for clarification

GIdenJoe · ‎May 3 2019

Are you kidding me?
I hope this is not the case because that would be plain silly.

Applying a group policy that has L3 rules only enforces rules at the MX or MR depending what is closest to you, and those devices do it stateful, so why do you think it would be stateless, that makes absolutely no sense and that would break alot of designs.

jdsilva · ‎May 3 2019

I think it's stateless because I've tested it out in my lab and proven that it is stateless.

http://blog.brokennetwork.ca |

@jdsilva

GIdenJoe · ‎May 3 2019

Then please share how you set up your test and what TCP/UDP port you explicitly allowed outbound in a group policy that didn't allow return traffic.

peto · ‎May 3 2019

Well, same result in my lab as well

@jdsilva wrote:
I think it's stateless because I've tested it out in my lab and proven that it is stateless.

jdsilva · ‎May 3 2019

@GIdenJoe Sorry, busy afternoon over here. I'll try and get the details up in the next day or two.

http://blog.brokennetwork.ca |

@jdsilva

KarbonX1 · ‎Aug 6 2019

This thread is old, but figured I would post here anyways since it was in question.
https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Troubleshooting_G...
Confirms it is in fact stateless (and is stupid IMHO)

Meraki

Community

L3 firewall vs group-policy L3 firewal

L3 firewall vs group-policy L3 firewal