Home > Security Appliances > Firewall and Traffic Shaping > Creating a Layer 7 Firewall Rule

Creating a Layer 7 Firewall Rule

Table of contents
No headers

Cisco Meraki MR Access Points and MX Security Appliances provides the ability to create layer 7 firewall rules to deny certain traffic based on traffic type. Where most firewall rules only inspect headers at layer 3 (IP address), 4 (Transport), and 5 (Port), a layer 7 rule inspects the payload of packets to match against known traffic types. To enable a layer 7 firewall rule, follow the steps below:

  1. Select the Dashboard network where the rule is to be configured.
  2. Navigate to Wireless > Configure > Firewall and traffic shaping (or Security appliance > Configure > Firewall on the MX).
  3. (wireless only) Select the SSID the firewall rule will apply to, through the SSID dropdown.
  4. Under Layer 7 firewall rules, click Add a layer 7 firewall rule.
  5. Select an Application to be blocked, using the second drop-down to be more specific if necessary.
  6. Click Save Changes.

 

To remove a Layer 7 firewall rule, click its Delete icon next to the Reorder icon, then click Save Changes.

Note: Layer 3 rules are processed first, followed by layer 7, with the first match taking priority. For more information refer to Layer 3 & 7 Firewall Processing.

You must to post a comment.
Last modified
18:21, 9 Feb 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2293

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case