Skip to content

Layer 7 Firewall Rules Configuration

Dashboard Location: Security and SD-WAN > Configure > Firewall > Layer 7 firewall rules

Application Layer Security Management

Layer 7 firewall rules configuration in Meraki appliances provides deep packet inspection and application-aware security controls, enabling administrators to create sophisticated policies based on application identification, content categories, geographic locations, and specific hosts or domains. This functionality supports advanced threat protection, content filtering, and application control through intelligent traffic analysis at the application layer. L7 firewall rules are essential for implementing comprehensive security policies, controlling application usage, preventing data exfiltration, and ensuring compliance with organizational acceptable use policies.

Diagram

Diagram

Classes

firewall (meraki.domains.organizations.networks.appliance)

NameTypeConstraintMandatoryDefault Value
l7_firewall_rulesList[l7_firewall_rules]No

l7_firewall_rules (meraki.domains.organizations.networks.appliance.firewall)

NameTypeConstraintMandatoryDefault Value
policyChoicedenyNo
typeChoiceapplication, applicationCategory, host, ipRange, port, blockedCountries, allowedCountriesNo
valueStringmin: 1, max: 127No
value_countriesListString[min: 1, max: 127]No

Examples

Example-1: The example below demonstrates Layer 7 firewall rules configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
appliance:
firewall:
l7_firewall_rules:
- policy: deny
type: applicationCategory
value: "meraki:layer7/category/27"
- policy: deny
type: application
value: "meraki:layer7/application/106"
- policy: deny
type: host
value: "abc.com"
- policy: deny
type: port
value: "1433" # SQL Server