Meraki

RichardAUSA · ‎Nov 24 2019

Hey guys , i have an mx64, trying to add deny rules to layer 7 firewall, but i still keep seeing the ip range listed in the firewall still getting hit event, any suggestions or thoughts , TY ahead of time

BrechtSchamp · ‎Nov 24 2019

A bit higher on the same page, it would be something like this:

View solution in original post

BrechtSchamp · ‎Nov 24 2019

Can you share some details about the firewall rules you've defined? I can try to reproduce it on my MX64.

RichardAUSA · ‎Nov 24 2019

sure basically its just one rule

Security & SD-WAN

Layer7 Firewall Rules

deny

remote ip range

xxx.xxx.xxx.xxx/22

now saying this i do have port forwards also, but layer7 is before these, so logic would dictate the layer 7 rules deny first then goto the port forwards.

RichardAUSA · ‎Nov 24 2019

actually, are port forwards layer3/4 so this is why they are being bypassed due to being process earlier?

BrechtSchamp · ‎Nov 24 2019

Is this range in your network or on the internet?

RichardAUSA · ‎Nov 24 2019

internet

BrechtSchamp · ‎Nov 24 2019

All right. Why don't you use the L3 firewall rules?

RichardAUSA · ‎Nov 24 2019

where would i locate layer 3 firewall rules?

BrechtSchamp · ‎Nov 24 2019

A bit higher on the same page, it would be something like this:

Meraki

Community

Layer 7 Firewall issues

Layer 7 Firewall issues