L3 Firewall Rules
Location in Dashboard: Security and SD-WAN
>> Configure
>> Firewall
>> Layer 3
Diagram
Classes
firewall (meraki.domains.organizations.networks.appliance)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
l3_firewall_rules | Class | [l3_firewall_rules] | No |
l3_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
rules | List | [rules] | No | |
syslog_default_rule | Boolean | true , false | No |
rules (meraki.domains.organizations.networks.appliance.firewall.l3_firewall_rules)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
comment | String | min: 1 , max: 127 | No | |
policy | Choice | allow , deny | Yes | |
protocol | Choice | any , icmp , icmp6 , tcp , udp | Yes | |
source_port | Any | Integer[min: 0 , max: 65535 ] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
source_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
destination_port | Any | Integer[min: 0 , max: 65535 ] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
destination_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
syslog | Boolean | true , false | No |
Config Sample
meraki: domains: - name: EMEA administrator: name: Foo Bar organizations: - name: Dev networks: - name: Dev-main-cx-provider product_types: - appliance - camera - switch - wireless appliance: firewall_l3_firewall: rules: - comment: "Block DNS" policy: deny protocol: udp source_port: 53 source_cidr: Any destination_port: 53 destination_cidr: Any # syslog: true - comment: "Block SSH" policy: deny protocol: tcp source_port: 22 source_cidr: Any destination_port: 22 destination_cidr: Any # syslog: true # syslog_default_rule: true