MX64 Rule matches

NGleich
Here to help

MX64 Rule matches

Hi everyone,

 

I was having problems with an MX firewall rule block.

I have not found a way to see which firewall rule applied to the traffic.

(For layer 3 rules there is at least a hit counter ; for layer 7 rules not)

 

In network wide event log i can only see content filter blocks.

(My problem was because china was blocked as a layer 7 country rule, however it was just trial and error to find out about this).

 

So my question would be if there is a way to see which rules applied to traffic.

 

May it be like that because the MX is placed in bridging mode (layer 2 ?)

 

Hope someone can help.

BTW, it is not urgent since the given deployment is at my home for testing purposes.

 

Kind Regards

Niklas

2 REPLIES 2
GIdenJoe
Kind of a big deal
Kind of a big deal

If you run a syslog server behind the MX you can send syslog messages to it for every flow that is allowed or denied by the rules if you put logging on for a certain rule.

However I have never tested L7 rules on a syslog server so I'm not sure if it leaves an entry for those.

 

Might be worth testing.

Thanks, GldenJoe!

That's a good idea and I will test this.

 

Best Regards

Niklas

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels