Skip to main content

 

Cisco Meraki Documentation

Organization-wide Group Policy Guide

  1. Last updated
  2. Save as PDF
This article introduces the Organization-wide Group Policy feature for the MX and links to relevant articles to help configure and understand this feature.

We are making improvements to this beta feature based on your feedback. During this time, no updates or changes will be available. The feature will return soon and be available as part of the MX 26.1.2+ release going forward.​​​​​

If you were a part of early access, please remove any existing policies and recreate as needed

Overview

Network and Security policies in any organization today are becoming very complex, repetitive, and enforced across several independent devices in the network.  Although intent may be common, such as blocking network access or malicious, objectionable, and intrusive content, administrators may find themselves adding the same policy many times to different enforcement points across their organization.

The Organization policy is a framework in the Meraki Dashboard created to unify and simplify the configuration and management of network and security policies across the platform. Rulesets can be used to define firewall rules and then reuse those across many Policies in an organization. The Policies are defined once, at the organization level and can be enforced across any number of MX devices at the same time. Any changes to the policy will automatically be propagated to relevant MX devices. By centralizing policy management, organizations can maintain a more organized and scalable network and security posture, ultimately improving their overall compliance.

Benefits 

  • Object-Based Configuration: Decouples policy definitions from specific devices, simplifying management and improving configuration visibility.
  • Scalable Enforcement: Applies policies across the entire organization simultaneously, ensuring consistency.
  • Reusable Rulesets: Allows administrators to define rule logic once and apply it broadly, reducing redundancy and potential for human error.

Prerequisites, Requirements and Limitations

In order for an MX to use this feature, it must satisfy the following requirements: 

  • Firmware Version: MX appliances must be running firmware version 26.1.2 or newer.
    • Note: You can upgrade your appliance via Organization > Configure > Firmware Upgrades. Please review this document to confirm hardware compatibility.
  • Enforcement Targets: Networks running unsupported firmware versions cannot be selected as Enforcement Targets.
  • IP Protocol: Only IPv4 is supported at this time.
  • Scale Limits:
    • Maximum Policies: 50
    • Maximum Rules: 2,500
    • Maximum Networks: 5,000

Definition of Components

Understanding the core components of Organization-wide Group Policy:

  • Enforcement Target: Defines the "who" or "what" the policy applies to (acting as the "source" in a typical firewall rule). This can be a specific VLAN(s) or an SGT from which traffic originates.
  • Rulesets: A collection of firewall rules that can encompass both Layer 3 (IPv4) and Layer 7 (Application) criteria.
  • Firewall Rule: Specifies the criteria (source, destination, port, protocol) and the action (allow or deny) to be taken on traffic.

By defining the Enforcement Target(s) and associating specific Rulesets, administrators can ensure that only authorized traffic is permitted while blocking potentially harmful traffic, significantly enhancing security posture. To get started with this feature, please see these relevant articles for details:

Article name  Description
User Guide Refer to the article to learn more about the following:
  • Policy Configuration
  • Firewall Ruleset Configuration
  • Supported Firewall terms
Troubleshooting Refer to the article to learn more about the following troubleshooting this feature
FAQ Frequently Asked Questions

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Guide
    Stage
    Draft
  2. Tags
    1. Firewall
    2. org-wide group policy
    3. owp