Cisco Meraki MR Access Points and MX Security Appliances provides the ability to create layer 7 firewall rules to deny certain traffic based on traffic type. Where most firewall rules only inspect headers at layer 3 (IP address), 4 (Transport), and 5 (Port), a layer 7 rule inspects the payload of packets to match against known traffic types. To enable a layer 7 firewall rule, follow the steps below:
To remove a Layer 7 firewall rule, click its Delete icon next to the Reorder icon, then click Save Changes.
Note: Layer 3 rules are processed first, followed by layer 7, with the first match taking priority. For more information refer to Layer 3 & 7 Firewall Processing.