Home > Security Appliances > Firewall and Traffic Shaping > Creating a Layer 7 Firewall Rule

Creating a Layer 7 Firewall Rule

Table of contents
No headers

Cisco Meraki MR Access Points and MX Security Appliances provides the ability to create layer 7 firewall rules to deny certain traffic based on traffic type. Where most firewall rules only inspect headers at layer 3 (IP address), 4 (Transport), and 5 (Port), a layer 7 rule inspects the payload of packets to match against known traffic types. To enable a layer 7 firewall rule, follow the steps below:

  1. Select the Dashboard network where the rule is to be configured.
  2. Navigate to Wireless > Configure > Firewall and traffic shaping (or Security appliance > Configure > Firewall on the MX).
  3. (wireless only) Select the SSID the firewall rule will apply to, through the SSID dropdown.
  4. Under Layer 7 firewall rules, click Add a layer 7 firewall rule.
  5. Select an Application to be blocked, using the second drop-down to be more specific if necessary.
  6. Click Save Changes.


To remove a Layer 7 firewall rule, click its Delete icon next to the Reorder icon, then click Save Changes.

Note: Layer 3 rules are processed first, followed by layer 7, with the first match taking priority. For more information refer to Layer 3 & 7 Firewall Processing.

You must to post a comment.
Last modified
08:24, 2 Aug 2017


This page has no custom tags.


This page has no classifications.

Article ID

ID: 2293

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community