Skip to content
Network as Code

Layer 7 Firewall Rules Configuration

Dashboard Location: Security and SD-WAN > Configure > Firewall > Layer 7 firewall rules

Application Layer Security Management

Layer 7 firewall rules configuration in Meraki appliances provides deep packet inspection and application-aware security controls, enabling administrators to create sophisticated policies based on application identification, content categories, geographic locations, and specific hosts or domains. This functionality supports advanced threat protection, content filtering, and application control through intelligent traffic analysis at the application layer. L7 firewall rules are essential for implementing comprehensive security policies, controlling application usage, preventing data exfiltration, and ensuring compliance with organizational acceptable use policies.

Diagram

Diagram

Classes

firewall (meraki.domains.organizations.networks.appliance)

NameTypeConstraintMandatoryDefault Value
l7_firewall_rulesList[l7_firewall_rules]No

l7_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)

NameTypeConstraintMandatoryDefault Value
policyChoicedenyNo
typeChoiceapplication, applicationCategory, host, ipRange, port, blockedCountries, allowedCountriesNo
valueStringmin: 1, max: 127No
value_countriesListString[min: 1, max: 127]No

Examples

Example-1: The example below demonstrates Layer 7 firewall rules configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "!env network_name"
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                firewall:
                  l7_firewall_rules:
                    - policy: deny
                      type: applicationCategory
                      value: "meraki:layer7/category/27"
                    - policy: deny
                      type: application
                      value: "meraki:layer7/application/106"
                    - policy: deny
                      type: host
                      value: "abc.com"
                    - policy: deny
                      type: port
                      value: "1433"  # SQL Server