Meraki MX Group Policy

SOLVED
acarby
Conversationalist

Meraki MX Group Policy

What is the proper way to block traffic to my production network from my guest network.  My Production network is 10.4.10.0/24 and my guest network is 10.4.40.0/24?

1 ACCEPTED SOLUTION
acarby
Conversationalist

I just learned that DHCP relay doesn't go through the firewall in that sense.  I can accomplish what I need with Group Policy. 

View solution in original post

4 REPLIES 4
Nash
Kind of a big deal

If you have Meraki APs: Go to Wireless -> Configure -> Firewall & Traffic Shaping for that SSID.

 

Under Layer 3 firewall rules, set the "Wireless clients accessing LAN" policy to deny:

 

2019-06-27 12_04_58-Firewall & traffic shaping - Meraki Dashboard.png


Otherwise, use your normal L3 firewall on the MX to deny those LANs to each other.

 

Here's a good doc: https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Using_Layer_3_Firewall_Rules

acarby
Conversationalist

I guess where I'm confused is here:

 

I have 10.4.10.0/24 - which offers a few services, one is DHCP, to the guest vlan (10.4.40.0/24).  I'm trying to fully understand what those rules would look like, specifically under the group policy section.

jdsilva
Kind of a big deal

Hi @acarby, I would recommend you do this under the MX L3 firewall rules and not under GP. 

acarby
Conversationalist

I just learned that DHCP relay doesn't go through the firewall in that sense.  I can accomplish what I need with Group Policy. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels