cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Layer 7 Firewall issues

SOLVED
Conversationalist

Layer 7 Firewall issues

Hey guys , i have an mx64, trying to add deny rules to layer 7 firewall, but i still keep seeing the ip range listed in the firewall still getting hit event, any suggestions or thoughts , TY ahead of time

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Layer 7 Firewall issues

A bit higher on the same page, it would be something like this:

BrechtSchamp_0-1574610655392.png

 

View solution in original post

8 REPLIES 8
Kind of a big deal

Re: Layer 7 Firewall issues

Can you share some details about the firewall rules you've defined? I can try to reproduce it on my MX64.

Conversationalist

Re: Layer 7 Firewall issues

sure basically its just one rule

Security & SD-WAN

Layer7 Firewall Rules

deny

remote ip range

xxx.xxx.xxx.xxx/22

 

now saying this i do have port forwards also, but layer7 is before these, so logic would dictate the layer 7 rules deny first then goto the port forwards.

 

Conversationalist

Re: Layer 7 Firewall issues

actually, are port forwards layer3/4 so this is why they are being bypassed due to being process earlier?

Kind of a big deal

Re: Layer 7 Firewall issues

Is this range in your network or on the internet?

Conversationalist

Re: Layer 7 Firewall issues

internet

Kind of a big deal

Re: Layer 7 Firewall issues

All right. Why don't you use the L3 firewall rules?

Conversationalist

Re: Layer 7 Firewall issues

where would i locate layer 3 firewall rules?

Highlighted
Kind of a big deal

Re: Layer 7 Firewall issues

A bit higher on the same page, it would be something like this:

BrechtSchamp_0-1574610655392.png

 

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.