While each of the security features mentioned previously can be configured on a network-wide basis, there are times when certain clients should have more specific policies applied than the network-wide defaults. While it certainly is possible to use static or dedicated IPs to create unique rules to bypass or enforce additional Layer 3 firewall rules, this creates additional overhead and doesn’t bypass features such as content filtering, Layer 7 firewall rules, and Cisco AMP.

For situations like this, where specific clients or users require a different set of rules or policies than the network-wide configuration, you configure group policies and assign them to either enhance or override network-wide configurations for specific clients, users, or even entire subnets. Figure 5-5 shows several group policies, each configured to allow special network access for group members, while Figure 5-6 shows the detailed configuration for an example group policy.

Figure 5-5 Example Group Policies List in the Dashboard

Figure 5-6 Example Configuration for a Specific Group Policy

To create group policies, navigate to the Network-wide > Group Policy page on the Dashboard. If you want to assign group polices manually to a specific client device, go to the Network-wide > Clients page, select the client, and use the Policy drop-down list to apply a new policy to the client. You also can choose to automatically assign group policies to specific users through the use of either Active Directory or RADIUS integration by passing specific attributes, such as Filter-ID in the case of RADIUS, matching an associated group policy configured on the Dashboard during the logon process.

Using an integration like Active Directory or RADIUS allows administrative users, for example, to automatically be provided with increased network access based on their needs without having to manually reassign device policies or create manual exceptions. This can greatly reduce the overhead required for troubleshooting and daily administration, as users will automatically be assigned an appropriate access policy based on the information passed during user logon, regardless of the device currently in use.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

OSPF – MX and MG Best Practices – Cisco Meraki

When working with an existing environment that utilizes OSPF for routing, it’s important to be aware that Meraki’s MX security appliances, at the time of writing, only support a limited

Using Webhooks, Syslog, and SNMP to Trigger Outside Automation – Automating the Dashboard – Cisco Meraki

Now that you’ve been introduced to the use of templates within the Dashboard to help automate network configuration, it’s time to start thinking outside the Dashboard. With the help of

Client VPN – MX and MG Best Practices – Cisco Meraki

In addition to the revolutionary Auto VPN solution, Meraki MX security appliances also offer the option for a direct L2TP/IPsec VPN connection for remote clients, referred to as Client VPN.