As far as defining whitelisted / blocked URL's to a specific VLAN in Group Policy.... does this only effect traffic on TCP 80 and TCP 443? For example, if I have a specific L3 firewall rule for "Allow VLAN10 to126.96.36.199on TCP 45200" but I also have a Group Policy applied to VLAN10 that has Blocked URL Patterns with an "*" so effectively blocking all patterns, and only Whitelisting a few that are necessary, will to traffic from VLAN10 to188.8.131.52still work on TCP 45200 because L3 rule is there?
I should mention that in my L3 firewall I have an implicit deny rule above the default allow all rule. Above that implicit deny I am allowing VLAN10 to Any on 80,443,8080, but I then use the Group Policy to restrict web traffic to only permitted URLs.
Yeah that is what I am leaning towards. Meraki Support was able to tell me that Group Policy Content Filtering Rules, like regular Content Filtering Rules only apply to HTTP streams and HTTPS streams, and other TCP / UDP-type traffic should just require it's L3 firewall rule and that should be enough.