Meraki Community

BIZ · ‎Oct 15 2020

Hi Everyone,

Do GP L3 rules work with L3 FW rules? I mean, do they work in a hierarchical model or it's always one or another?

For example, user accesses http scenario:

1. HTTP traffic -> GP L3 rules, if not blocked -> MX L3 rule, if not blocked -> Internet

If this is not possible, what would be the best way to permit a special port for a group of people based on AD group, provided a company wide policy already there on MX.

Thanks.

bmehta · ‎Oct 15 2020

Group policy has 3 options
-To follow the network default Firewall and Shaping rules
-Ignore network default Firewall and Shaping rules
-Custom Firewall and Shaping Rules

Appending the default rules for L3 is not possible. However, it is possible to append URL and blocked website categories on group policies.

The best way to permit a special port according to me would be set to custom rules for firewall and add all default rules with an additional rule as needed.

PhilipDAth · ‎Oct 15 2020

One special note is that L3 firewall rules are stateful - group policy firewall rules are not. This doesn't usually have an impact unless you have a pair of interfaces on them both with group policy applied and suddenly they can't talk to each other without grief.

Meraki Community

MX Group Policy vs L3 Firewall Rule

MX Group Policy vs L3 Firewall Rule