Skip to main content

L3 Firewall Rules

Location in Dashboard: Security and SD-WAN >> Configure >> Firewall >> Layer 3

Diagram

Classes

firewall (meraki.domains.organizations.networks.appliance)

NameTypeConstraintMandatoryDefault Value
l3_firewall_rulesClass[l3_firewall_rules]No

l3_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)

NameTypeConstraintMandatoryDefault Value
rulesList[rules]No
syslog_default_ruleBooleantrue, falseNo

rules (meraki.domains.organizations.networks.appliance.firewall.l3_firewall_rules)

NameTypeConstraintMandatoryDefault Value
commentStringmin: 1, max: 127No
policyChoiceallow, denyYes
protocolChoiceany, icmp, icmp6, tcp, udpYes
source_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
source_cidrStringRegex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$No
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
destination_cidrStringRegex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$No
syslogBooleantrue, falseNo

Config Sample

meraki:
domains:
- name: EMEA
administrator:
name: Foo Bar
organizations:
- name: Dev
networks:
- name: Dev-main-cx-provider
product_types:
- appliance
- camera
- switch
- wireless
appliance:
firewall_l3_firewall:
rules:
- comment: "Block DNS"
policy: deny
protocol: udp
source_port: 53
source_cidr: Any
destination_port: 53
destination_cidr: Any
# syslog: true
- comment: "Block SSH"
policy: deny
protocol: tcp
source_port: 22
source_cidr: Any
destination_port: 22
destination_cidr: Any
# syslog: true
# syslog_default_rule: true