Layer 3 firewall rules on Group policy (from appliance)

GoOn
Here to help

Layer 3 firewall rules on Group policy (from appliance)

I built a new group policy with these layer 3 rules:

GoOn_0-1632999299413.png

Then I applied it to my device opening clients page, then my device page, and selecting it (I found it with its' name + "(from appliance)") in the Group policy dropdown menu and then save.

If now I reopen my device page, I can find the new group correctyl applied, clicking on "Show details" I view the rules I posted here.

I waited 5 minutes, but I'm anyway still able to ping 192.168.100.83, and also 192.168.1.45

 

So, what's wrong???

8 REPLIES 8
ww
Kind of a big deal
Kind of a big deal

Re: Layer 3 firewall rules on Group policy (from appliance)

What is your client ip and subnet mask?

GoOn
Here to help

Re: Layer 3 firewall rules on Group policy (from appliance)

192.168.3.5 and 255.255.255.0

ww
Kind of a big deal
Kind of a big deal

Re: Layer 3 firewall rules on Group policy (from appliance)

Your routing vlans are configured on the mx?

 

Did you disconnect/reconnect your client to the network? 

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Troubleshooting_Gr...

GoOn
Here to help

Re: Layer 3 firewall rules on Group policy (from appliance)

Your routing vlans are configured on the mx?

=> where can I find this info?

 

Did you disconnect/reconnect your client to the network? 

=> my (the source) yes, the destination not!

Bruce
Kind of a big deal

Re: Layer 3 firewall rules on Group policy (from appliance)

What firmware version are you running on the MX?

GoOn
Here to help

Re: Layer 3 firewall rules on Group policy (from appliance)

MX 15.42.3

cmr
Kind of a big deal
Kind of a big deal

Re: Layer 3 firewall rules on Group policy (from appliance)

@GoOn do you have the VLAN interfaces set up on the MX or is it in single LAN mode:

 

Screenshot_20211001-091651_Chrome.jpg

GoOn
Here to help

Re: Layer 3 firewall rules on Group policy (from appliance)

On the source I have some VLANs configured, on the destination (the IP I ping) not, single LAN

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels