In regard to the order of which ruleset is applied first, take a look at this doc https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewall_Processing_Order As it states in the doc, content filtering is a separate feature and so if it's allowed in a l3 or l7 rule but denied in content filtering, it is still denied overall (and vice versa). As for the best place to apply these policies and config, it really comes down to how you logically want to apply and manage it. Once you get an idea of how/where it's applied across your networks, I recommend using the API (assuming you don't already have templates) to standardize the content filter and firewall rules.
... View more