Layer 7 Firewall issues

SOLVED
RichardAUSA
Conversationalist

Layer 7 Firewall issues

Hey guys , i have an mx64, trying to add deny rules to layer 7 firewall, but i still keep seeing the ip range listed in the firewall still getting hit event, any suggestions or thoughts , TY ahead of time

1 ACCEPTED SOLUTION

Accepted Solutions
BrechtSchamp
Kind of a big deal

Re: Layer 7 Firewall issues

A bit higher on the same page, it would be something like this:

BrechtSchamp_0-1574610655392.png

 

View solution in original post

8 REPLIES 8
BrechtSchamp
Kind of a big deal

Re: Layer 7 Firewall issues

Can you share some details about the firewall rules you've defined? I can try to reproduce it on my MX64.

RichardAUSA
Conversationalist

Re: Layer 7 Firewall issues

sure basically its just one rule

Security & SD-WAN

Layer7 Firewall Rules

deny

remote ip range

xxx.xxx.xxx.xxx/22

 

now saying this i do have port forwards also, but layer7 is before these, so logic would dictate the layer 7 rules deny first then goto the port forwards.

 

RichardAUSA
Conversationalist

Re: Layer 7 Firewall issues

actually, are port forwards layer3/4 so this is why they are being bypassed due to being process earlier?

BrechtSchamp
Kind of a big deal

Re: Layer 7 Firewall issues

Is this range in your network or on the internet?

RichardAUSA
Conversationalist

Re: Layer 7 Firewall issues

internet

BrechtSchamp
Kind of a big deal

Re: Layer 7 Firewall issues

All right. Why don't you use the L3 firewall rules?

RichardAUSA
Conversationalist

Re: Layer 7 Firewall issues

where would i locate layer 3 firewall rules?

BrechtSchamp
Kind of a big deal

Re: Layer 7 Firewall issues

A bit higher on the same page, it would be something like this:

BrechtSchamp_0-1574610655392.png

 

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.