Meraki

BBDave · ‎Jan 13 2021

Hi All,

We are looking at implement MX appliances and Cisco Umbrella as a move to a SDWAN solution.

I have a couple of questions and I'm hoping the collect maybe able to answer.

1. Do you need layer 7 firewall rules if you have the DNS layer protection (Cisco Umbrella) option enabled?

2. If you do need layer 7 firewall rules with the DNS layer protection (Cisco Umbrella) option enabled which take priority?

Thanks

CptnCrnch · ‎Jan 13 2021

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...

will answer all your questions 🙂

1) No, you don't need L7 rules active

2) As far as I'm informed, Umbrella policy will be handled before L7 kicks in. Makes perfect sense as "analysing" DNS requests is way less ressource intensive compared to hitting L7 rules.

View solution in original post

CptnCrnch · ‎Jan 13 2021

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...

will answer all your questions 🙂

1) No, you don't need L7 rules active

2) As far as I'm informed, Umbrella policy will be handled before L7 kicks in. Makes perfect sense as "analysing" DNS requests is way less ressource intensive compared to hitting L7 rules.

BBDave · ‎Jan 13 2021

Cheer CptnCrnch

I was hope it would be that way.

Umbrella is more flexible by the looks of it and as we can manage all the rules in one place.

Thanks

Meraki

Community

MX Group Policy and Umbrella

MX Group Policy and Umbrella