Meraki

SteBettiniIT · ‎Nov 2 2018

Hi everyone,

currently i'm blocking some services (netflix, vimeo etc etc) with a layer 7 rules on the "security appliance, firewall" page.

i would like to create a group policy in order to permit to some devices to override the block and browse netflix and the other services).

i've tried some solutions but if i create a Group policy the system override as first step the layer 3 rules ( so the client will be free to do everything on the network).

i wouldn't to clone all the layer 3 rules into the "layer 3 rules " section in every group policy....

how can i permit some services without override the L3 security configuration on my mx100?

thank you.

NolanHerring · ‎Nov 2 2018

Unfortunately the L3 and L7 are tied together in the Group Policy settings. Would be nice if they separated them.

Easiest option I can think of is to create one 'master' Group Policy template that has all your firewall L3 rules copied from your security appliance.

Then just clone that to create custom/specific Group Policy rules that have different L7 policies attached to them.

This will make sure that the clients are still having the same L3 firewall rules, but able to have custom L7 rules so they can access Netflix etc.

Nolan Herring | nolanwifi.com

SteBettiniIT · ‎Nov 2 2018

hi,

thank you for your reply!

i'll try your suggestion/solutions during this week end!

i'll let you know.

Meraki

Community

Override Firewall layer 7 rules with a group policy without override layer 3 rules

Override Firewall layer 7 rules with a group policy without override layer 3 rules