Skip to main content
Cisco Meraki

Private Access Policies Configuration

The Secure Connect cloud-delivered firewall provides firewall services, without the need to deploy, maintain and upgrade physical or virtual appliances at each site.  

Through the firewall policy rules, you can filter traffic that is destined for private applications or networks at layer 3 and layer 4.

Prerequisites
Deployment Considerations
  • By default  a rule is in place to block all private access traffic.

defaultrule.png

This rule can be edited to allow traffic rather than block, but no change to source or destination traffic is possible.  This provides the flexibility to accommodate a block all or permit all policy model.

Configuration 
  1. Navigate to Policies->Firewall 

SCFWlink.png

OR

Click on Network-Based Access Policy following a new private app definition

naplink.png

  1. In the upper right hand corner of the page, click Add

FirewallAdd.png

  1. Select the Rule Type as Private Applications and Networks

Ruletypeprivate.png

  1. Give your rule a good descriptive Name, a Description for the rule, and choose a Priority Order.  Priority Order positions rules in the Firewall Policy in the order in that rules are evaluated and then applied. Rules are applied sequentially, with the Default Rule always in the last position.

FWruledetails.png

  1. Choose the Rule Action

FWRuleAction.png

  1. Choose the rule's critieria:
  • Source CIDR IP Addresses (optional)- The source addresses (IP or CIDR) to which the rule applies- choose Specify IP and add each CIDR IP address or choose Any
  • Identities (optional if source IP was previously selected)- Select the groups and/or users  to which the rule applies

Group/user identity is only evaluated for traffic sourced from remote access (client based) users

  • Destination CIDR IP Addresses- The destination addresses (IP or CIDR) to which the rule applies- choose Specify IP and add each CIDR IP address or choose Any
  • Private Applications- Select the application and/or application groups to which the rule applies

rulecriteria.png

  1. Choose a Time Zone, configure Start and Expiration dates and times.
    Optionally, check Does Not Expire so that this rule never expires.

 

  1. Select an interval for the hit counter. If you disable logging for this firewall rule, the hit counter is also disabled. For more information, see Monitor Hit Count.
  1. Specify whether logging is desired

Logging.png

  1. Click Save 
  • Was this article helpful?