Layer 7 Firewall Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Layer 7 firewall rules
Application Layer Security Management
Layer 7 firewall rules configuration in Meraki appliances provides deep packet inspection and application-aware security controls, enabling administrators to create sophisticated policies based on application identification, content categories, geographic locations, and specific hosts or domains. This functionality supports advanced threat protection, content filtering, and application control through intelligent traffic analysis at the application layer. L7 firewall rules are essential for implementing comprehensive security policies, controlling application usage, preventing data exfiltration, and ensuring compliance with organizational acceptable use policies.
Diagram
Classes
firewall (meraki.domains.organizations.networks.appliance)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
l7_firewall_rules | List | [l7_firewall_rules] | No |
l7_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
policy | Choice | deny | No | |
type | Choice | application , applicationCategory , host , ipRange , port , blockedCountries , allowedCountries | No | |
value | String | min: 1 , max: 127 | No | |
value_countries | List | String[min: 1 , max: 127 ] | No |
Examples
Example-1: The example below demonstrates Layer 7 firewall rules configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: l7_firewall_rules: - policy: deny type: applicationCategory value: "meraki:layer7/category/27" - policy: deny type: application value: "meraki:layer7/application/106" - policy: deny type: host value: "abc.com" - policy: deny type: port value: "1433" # SQL Server