Meraki MX Layer 7 Geolocation Rules

Solved
sailorli96
Conversationalist

Meraki MX Layer 7 Geolocation Rules

If a user is traveling to another country, is it possible to allow traffic in that country for that specific user or do you have to allow all traffic from that country?

1 Accepted Solution
kYutobi
Kind of a big deal

Meraki MX Layer 7 firewall rules allow traffic filtering by geolocation, but they operate on a broad basis: they can block or allow traffic from/to an entire country rather than allowing more granular, user-specific controls.

 

  • Allow All Traffic from That Country: You can create a Layer 7 firewall rule that allows traffic from the entire country where the user is traveling. However, this rule would apply to all users on the network, not just the specific traveler.
  • Create a Custom VPN or Split Tunnel Solution: For finer control, you might consider setting up a VPN that the user can connect to when they are in the specific country. This way, their traffic is routed through the corporate network, bypassing geolocation restrictions. Alternatively, you could use a split-tunnel configuration to allow only certain traffic types (like web or email) through the VPN, letting other traffic go directly.

 

Enthusiast

View solution in original post

3 Replies 3
kYutobi
Kind of a big deal

Meraki MX Layer 7 firewall rules allow traffic filtering by geolocation, but they operate on a broad basis: they can block or allow traffic from/to an entire country rather than allowing more granular, user-specific controls.

 

  • Allow All Traffic from That Country: You can create a Layer 7 firewall rule that allows traffic from the entire country where the user is traveling. However, this rule would apply to all users on the network, not just the specific traveler.
  • Create a Custom VPN or Split Tunnel Solution: For finer control, you might consider setting up a VPN that the user can connect to when they are in the specific country. This way, their traffic is routed through the corporate network, bypassing geolocation restrictions. Alternatively, you could use a split-tunnel configuration to allow only certain traffic types (like web or email) through the VPN, letting other traffic go directly.

 

Enthusiast
sailorli96
Conversationalist

Thank you!

Inderdeep
Kind of a big deal
Kind of a big deal

rightly said by @kYutobi 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels