I have a need to have L3 firewall settings at the group policy level. I'm curious if i'm able to use the "Local Lan" as a destination in Group Policy the same way it is using in the "Firewall" section of an SSID. And if so will it implicitly allow DNS and DHCP through?
Here is the most efficient way I can think of writing the policy.
Thanks for the input.
This group policy is to be used in conjuction with 802.1x, specifically the role being passed by the aruba clearpass server will dictate which group policy the user gets. So if a user has been given a role as employee and user will be giving the group policy of employee and will have access to everything. If the user is being given the policy of guest it will only have access to the internet.
My policy is working I was just trying to figure out a way of making it shorter.
Just an FYI. In your example you give below i'm finding that if a client joins and gets 172.16.0.10 it WILL NOT be able to access anything else in that same subnet. For instance that client will be able to get out to the internet but it will not be able to ping it's default gateway of 172.16.0.1 or any other client on that network.
Thanks again for your help.
EDIT: My device is just an AP using Bridge mode for the SSIDs
Just an FYI. In your example you give below i'm finding that if a client joins and gets 172.16.0.10 it WILL NOT be able to access anything else in that same subnet. For instance that client will be able to get out to the internet but it will not be able to ping it's default gateway of 172.16.0.1 or any other client on that network.
Sorry I may not have been clear on this. Yes that is accurate. However something I have noticed (at least strictly on the Meraki side) is if you do not have L2 LAN Isolation (bridge-mode only) then you can do L2 discoveries on that network, see other clients etc. You won't be able to talk to them but just something to keep in mind. When I enable the L2 LAN Isolation, do a scan, I only see myself and the gateway.
Don't forget that DNS requires UDP and TCP on port 53. UDP is used for small queries and TCP is used for large replies.