Meraki L7 Firewall Rule on Client VPN Traffic

Basha1996
Here to help

Meraki L7 Firewall Rule on Client VPN Traffic

Hi Team,

We have AnyConnect configured on Meraki with the client routing only for our internal network segments. We want to enable L7 rule in Meraki Firewall for blocking traffic for a specific country. We know that the internal traffic will not hit the firewall and it take s2s vpn path, however wanted to double check if the L7 rule takes effect for the client vpn traffic.

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

If you are using split-tunnel yes, otherwise no.

Client Routing: This is used to specify full or split-tunnel rules pushed to the AnyConnect client device. You can send all traffic through VPN, all traffic except traffic going to specific destinations, or only send traffic going to specific destinations.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#How_to_Enable_AnyConne..._Dashboard

 

You can also apply this via Group Policy.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Basha1996
Here to help

exactly, in our setup we are using only send traffic to our internal  segments 10.10.0.0/16. so the L7 rule will not take effect on this right . 

Malwina
Meraki Employee
Meraki Employee

You could test with Group Policy assignments for your AnyConnect users
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Group_Policies 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels