Layer 7 Firewall Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Layer 7 firewall rules
Application Layer Security Management
Section titled “Application Layer Security Management”Layer 7 firewall rules configuration in Meraki appliances provides deep packet inspection and application-aware security controls, enabling administrators to create sophisticated policies based on application identification, content categories, geographic locations, and specific hosts or domains. This functionality supports advanced threat protection, content filtering, and application control through intelligent traffic analysis at the application layer. L7 firewall rules are essential for implementing comprehensive security policies, controlling application usage, preventing data exfiltration, and ensuring compliance with organizational acceptable use policies.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l7_firewall_rules | List | [l7_firewall_rules] | No |
l7_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “l7_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy | Choice | deny | No | |
| type | Choice | application, applicationCategory, host, ipRange, port, blockedCountries, allowedCountries | No | |
| value | String | min: 1, max: 127 | No | |
| value_countries | List | String[min: 1, max: 127] | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates Layer 7 firewall rules configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: l7_firewall_rules: - policy: deny type: applicationCategory value: "meraki:layer7/category/27" - policy: deny type: application value: "meraki:layer7/application/106" - policy: deny type: host value: "abc.com" - policy: deny type: port value: "161" - policy: deny type: ipRange value: "192.168.0.1" - policy: deny type: ipRange value: "192.168.0.2:80" - policy: deny type: blockedCountries value_countries: - GB - US - policy: deny type: allowedCountries value_countries: - DE - GB