Meraki

Community

MX-84 Order of Rules

Solved
DannyR76
Here to help
‎Oct 13 2022 6:04 PM
‎Oct 13 2022 6:04 PM

MX-84 Order of Rules

On an MX-84 will a Layer 3 Firewall Rule trump a Layer 7 Rule?

 

For example: I want a certain address and port configuration in a country that I block with a Layer 7 rule to work, so can I create a Layer 3 Firewall Rule to accomplish that?

Or do I still have to "allow" the country in the Layer 7 Rule?

Labels:
0 Kudos
1 Accepted Solution
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 13 2022 6:29 PM
‎Oct 13 2022 6:29 PM

Hi ,

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

 

 MX Series Security Appliances are processed in a top down fashion, with Layer 3 rules being processed, followed by Layer 7 rules. Unless traffic is explicitly blocked by at least one rule, it will be allowed through by a default allow all rule. 

 

On the MX, if traffic matches an allow rule on the L3 firewall, it can still be blocked by an L7 firewall rule.

 

MXL3L7.png

View solution in original post

1 Reply 1
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 13 2022 6:29 PM
‎Oct 13 2022 6:29 PM

Hi ,

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

 

 MX Series Security Appliances are processed in a top down fashion, with Layer 3 rules being processed, followed by Layer 7 rules. Unless traffic is explicitly blocked by at least one rule, it will be allowed through by a default allow all rule. 

 

On the MX, if traffic matches an allow rule on the L3 firewall, it can still be blocked by an L7 firewall rule.

 

MXL3L7.png

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.