Firewall Layer 3 Rule for MX device and SSID

Here to help

Firewall Layer 3 Rule for MX device and SSID

Hi Team,


I have to block some specific IP facing Internet. I am confused in term Layer3 Firewall Rule available on MX firewall as well As on Wireless Option. I have MX firewall and MR AP are deployed under it also I have BSSID scenario.  


Mx Firewall-->Firewall--> Layer 3 Rule

Wireless-->Firewall and traffic Shaping--> Layer 3 Rule


---IF i apply any rule on MX firewall under layer 3 rule then will it be also applicable for clients ( Wireless-Firewall Layer 3)


---If I block anything on MX , will it block for everyone.


Kind of a big deal

Re: Firewall Layer 3 Rule for MX device and SSID

Hi @ranjankumarsgh 


If you apply Firewall rules on your MRs then only your wireless traffic will be filtered.


if you apply on the MX then all applicable traffic will be filtered.

Darren O'Connor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Here to help

Re: Firewall Layer 3 Rule for MX device and SSID

Thanks for clarification.

Can we apply Layer 3 rule with Multiple Source IP and Multiple Destination Ip's together in single rule instead of single rule for each source and destination. I am not sure whether Comma between IP's will work. Please let me know the given example as below is correct format for Layer 3 creation with multiple destination Ip's.


E, G

Source Port : Any

Source IP: ANY

Destination IP: X.x.x.x, Y.y.y.y, Z.z.z.z, A.a.a.a.

Destination Port : any


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.