Skip to content
Network as Code

SSID Layer 7 Firewall Rules Configuration

Dashboard Location: Wireless > Configure > SSIDs > Firewall & Traffic Shaping > Layer 7 firewall rules

Wireless SSID Layer 7 Firewall Rules Management

Section titled “Wireless SSID Layer 7 Firewall Rules Management”

SSID Layer 7 firewall rules configuration in Meraki wireless networks provides administrators with comprehensive application-layer traffic filtering and content control capabilities, enabling application-specific restrictions, category-based blocking, host filtering, port-based controls, and geographic access restrictions per SSID. This functionality supports enterprise content policies, compliance requirements, bandwidth optimization, security enforcement, and user experience management. Layer 7 firewall rules are essential for implementing granular application control, blocking malicious content, managing social media access, controlling streaming services, and enforcing organizational internet usage policies across wireless network segments.

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

ssids (meraki.domains.organizations.networks.wireless)

Section titled “ssids (meraki.domains.organizations.networks.wireless)”
NameTypeConstraintMandatoryDefault Value
firewall_l7_firewall_rulesList[firewall_l7_firewall_rules]No

firewall_l7_firewall_rules (meraki.domains.organizations.networks.wireless.ssids)

Section titled “firewall_l7_firewall_rules (meraki.domains.organizations.networks.wireless.ssids)”
NameTypeConstraintMandatoryDefault Value
policyChoicedenyNo
typeChoiceapplication, applicationCategory, host, ipRange, portNo
valueStringmin: 1, max: 127No

Examples

Section titled “Examples”

Example-1: This configuration defines the CORP SSID (0) with Layer 7 firewall rules that block traffic by application category, specific applications, hostnames, ports, and IP ranges to enforce security and restrict unwanted wireless traffic.

The available application and application category values can be retrieved using the /networks/{networkId}/appliance/firewall/l7FirewallRules/applicationCategories API.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              wireless:
                ssids:
                  - name: CORP
                    ssid_number: "0"
                    firewall_l7_firewall_rules:
                      - policy: deny
                        type: applicationCategory
                        value: "meraki:layer7/category/27"
                      - policy: deny
                        type: application
                        value: "meraki:layer7/application/106"
                      - policy: deny
                        type: host
                        value: "abc.com"
                      - policy: deny
                        type: port
                        value: "161"
                      - policy: deny
                        type: ipRange
                        value: "192.168.0.0/24"
                      - policy: deny
                        type: ipRange
                        value: "192.168.0.0/24:80"