Meraki Access Control Policy

Before you onboard to Security Cloud Control, the Meraki MX devices may have been managed by the Meraki dashboard, and the device may already have some outbound rules. These rules will appear as access control rules in Security Cloud Control.

You can modify these rules and create additional rules within the access control policy. To customize your access control policy, create and attach objects. For more information, refer to the related articles section.

Note

The action of the Meraki access control policy is Allow by default. You cannot change the action.

Use this procedure to edit a Meraki access control policy using Security Cloud Control:

Procedure

Step 1

Choose Security Devices.

Step 2

Click the Templates tab.

Step 3

Click the Meraki tab, and select the Meraki MX device template whose access control policy you want to edit.

Step 4

In the Management pane, select Policy.

Step 5

Do any of the following:

  • To create a new rule, click the add button Add button..

  • To edit an existing rule, select the rule and click the edit button Edit button. in the Actions pane. You can make simple edits inline without entering edit mode.

  • To delete a rule you no longer need, select the rule and click the remove button Delete button. in the Actions pane.

  • To move a rule within the policy, select the rule in the access control table and click the up or down arrow at the end of the rule row to move the rule.

Step 6

In the Order field, select the position for the rule within the policy. Network traffic is evaluated against the list of rules in numerical order, from 1 to the "last" rule.

Rules are applied on a first-match basis. Rules with highly specific traffic matching criteria must appear before policies with general criteria that would otherwise apply to the matching traffic.

The default is to add the rule to the end of the list. If you want to change a rule's location later, edit this option.

Step 7

Enter the rule name. You can use alphanumeric characters, spaces, and the special characters: + . _ -

Note

The Name of the access control rule is used as the name of the rule in Security Cloud Control while the Remark field is treated as the name of the rule in the Meraki dashboard. The two fields are not dependent on each other.

Step 8

Select the action to apply if the network traffic is matched by the rule:

  • Block: Drop the traffic unconditionally. The traffic is not inspected.

  • Allow: Allow the traffic subject to the intrusion and other inspection settings in the policy.

Note

You can only set or modify the rule action. You cannot change the default policy action from Security Cloud Control.

Step 9

Define the traffic matching criteria by using any combination of attributes in these tabs.

  • Source: Click the Source tab and add or remove networks (which includes networks and continents) or ports from which the network traffic originated. The default value is "Any."

  • Destination: Click the Destination tab and add or remove networks (which includes networks and continents), or ports on which the traffic arrives. The default value is "Any."

Note

The source and destination networks must be within one of the configured VLAN subnets, or if a VLAN subnet is not manually configured, the default VPN subnet. Deploying a rule that includes an invalid source or destination network will fail.

Step 10

Click Save.

Step 11

Review and deploy the changes you made now, or wait and deploy multiple changes at once.

What to do next

Related Articles