Will Meraki MX has Application Controll or App ID for future?

Solved
MakaraMEAS
Getting noticed

Will Meraki MX has Application Controll or App ID for future?

Dear Community,

As you NGFW nowadays we can use L7 to apply on Firewall rules, this option seem not available on MX  ( I am not sure if advantage license has that). As my experience with other vendor, with hardware warranty license only they can run L7 on Firewall rules. If you have any advise or how to enable L7 on MX( enterprise license), please kindly share.

Thanks,
Makara,

M.MAKARA
1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

We use the standard Cisco NBAR protocol packs. That includes 1500+ apps. You can create custom expressions in addition to that. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Network-Based_Applica...

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

9 Replies 9
Ryan_Miles
Meraki Employee
Meraki Employee

MX supports layer 7 rules with any license level. https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Layer_7_Firewa...

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
MakaraMEAS
Getting noticed

I got you, you know we have thousands application. I cannot see that on MX. It is limitation? of required other setting backend?

M.MAKARA
Ryan_Miles
Meraki Employee
Meraki Employee

We use the standard Cisco NBAR protocol packs. That includes 1500+ apps. You can create custom expressions in addition to that. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Network-Based_Applica...

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
MakaraMEAS
Getting noticed

I would review, it should be match the requirement. Anyway this require request backend to meraki team right?

M.MAKARA
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @MakaraMEAS , what do you see when you go to :

 

Security & SD-WAN > Configure > Firewall

 

The Layer 7 rules are configured on this page.  If you don’t have that view then your admin account doesn’t have access and you need to speak to your team.

 

403B8BA7-6B71-4E54-8E34-53E5D37AECD0.png

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
MakaraMEAS
Getting noticed

I got you, I wish application or L7 here have more than 2 thousand apps.

M.MAKARA
KarstenI
Kind of a big deal
Kind of a big deal

I would assume the original question is to have the flexibility like on an FTD to deny and allow certain traffic based on the App and not only deny as in the actual implementation. Yes, that would be nice.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
BlakeRichardson
Kind of a big deal
Kind of a big deal

Thats how I read the question as well. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
MakaraMEAS
Getting noticed

You are right, it should be by default deny, and flexible to use App ID( more than 2 thousands app), other features...

M.MAKARA
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels