Meraki

Community

Meraki Group Policy Question

nickydd9
Getting noticed
‎Mar 3 2019 12:38 AM
‎Mar 3 2019 12:38 AM

Meraki Group Policy Question

Hello,

 

As far as defining whitelisted / blocked URL's to a specific VLAN in Group Policy.... does this only effect traffic on TCP 80 and TCP 443? For example, if I have a specific L3 firewall rule for "Allow VLAN10 to 199.192.199.192 on TCP 45200" but I also have a Group Policy applied to VLAN10 that has Blocked URL Patterns with an "*" so effectively blocking all patterns, and only Whitelisting a few that are necessary, will to traffic from VLAN10 to 199.192.199.192 still work on TCP 45200 because L3 rule is there?

 

I should mention that in my L3 firewall I have an implicit deny rule above the default allow all rule. Above that implicit deny I am allowing VLAN10 to Any on 80,443,8080, but I then use the Group Policy to restrict web traffic to only permitted URLs.

0 Kudos
2 Replies 2
Ben
A model citizen
‎Mar 6 2019 12:08 AM
‎Mar 6 2019 12:08 AM

If you allow the TCP traffic on port 45200 this should work.

 

Regards,

Ben

In response to Ben
nickydd9
Getting noticed
‎Mar 6 2019 12:45 AM
‎Mar 6 2019 12:45 AM

Yeah that is what I am leaning towards. Meraki Support was able to tell me that Group Policy Content Filtering Rules, like regular Content Filtering Rules only apply to HTTP streams and HTTPS streams, and other TCP / UDP-type traffic should just require it's L3 firewall rule and that should be enough. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.