Meraki

Community

Will Meraki MX has Application Controll or App ID for future?

Solved
MakaraMEAS
Getting noticed
‎Mar 25 2022 7:20 PM
‎Mar 25 2022 7:20 PM

Will Meraki MX has Application Controll or App ID for future?

Dear Community,

As you NGFW nowadays we can use L7 to apply on Firewall rules, this option seem not available on MX  ( I am not sure if advantage license has that). As my experience with other vendor, with hardware warranty license only they can run L7 on Firewall rules. If you have any advise or how to enable L7 on MX( enterprise license), please kindly share.

Thanks,
Makara,

M.MAKARA
Labels:
1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee
‎Mar 25 2022 7:44 PM
‎Mar 25 2022 7:44 PM

We use the standard Cisco NBAR protocol packs. That includes 1500+ apps. You can create custom expressions in addition to that. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Network-Based_Applica...

View solution in original post

9 Replies 9
Ryan_Miles
Meraki Employee
Meraki Employee
‎Mar 25 2022 7:24 PM
‎Mar 25 2022 7:24 PM

MX supports layer 7 rules with any license level. https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Layer_7_Firewa...

In response to Ryan_Miles
MakaraMEAS
Getting noticed
‎Mar 25 2022 7:26 PM
‎Mar 25 2022 7:26 PM

I got you, you know we have thousands application. I cannot see that on MX. It is limitation? of required other setting backend?

M.MAKARA
0 Kudos
Ryan_Miles
Meraki Employee
Meraki Employee
‎Mar 25 2022 7:44 PM
‎Mar 25 2022 7:44 PM

We use the standard Cisco NBAR protocol packs. That includes 1500+ apps. You can create custom expressions in addition to that. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Network-Based_Applica...

In response to Ryan_Miles
MakaraMEAS
Getting noticed
‎Mar 25 2022 8:09 PM
‎Mar 25 2022 8:09 PM

I would review, it should be match the requirement. Anyway this require request backend to meraki team right?

M.MAKARA
0 Kudos
In response to MakaraMEAS
DarrenOC
Kind of a big deal
Kind of a big deal
‎Mar 26 2022 1:57 AM
‎Mar 26 2022 1:57 AM

Hi @MakaraMEAS , what do you see when you go to :

 

Security & SD-WAN > Configure > Firewall

 

The Layer 7 rules are configured on this page.  If you don’t have that view then your admin account doesn’t have access and you need to speak to your team.

 

403B8BA7-6B71-4E54-8E34-53E5D37AECD0.png

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
MakaraMEAS
Getting noticed
‎Mar 27 2022 6:24 PM
‎Mar 27 2022 6:24 PM

I got you, I wish application or L7 here have more than 2 thousand apps.

M.MAKARA
0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 26 2022 3:18 AM
‎Mar 26 2022 3:18 AM

I would assume the original question is to have the flexibility like on an FTD to deny and allow certain traffic based on the App and not only deny as in the actual implementation. Yes, that would be nice.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 27 2022 11:45 AM
‎Mar 27 2022 11:45 AM

Thats how I read the question as well. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
MakaraMEAS
Getting noticed
‎Mar 27 2022 6:26 PM
‎Mar 27 2022 6:26 PM

You are right, it should be by default deny, and flexible to use App ID( more than 2 thousands app), other features...

M.MAKARA
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.