1. Home
  2. Networking
  3. Meraki MX
  4. A Comprehensive Guide to Implementing Stateful Layer 3 & 4 Firewall Rules on Meraki Firewalls
Searching...

A Comprehensive Guide to Implementing Stateful Layer 3 & 4 Firewall Rules on Meraki Firewalls


When it comes to network security, a stateful firewall is essential for monitoring and controlling incoming and outgoing traffic based on state, port, and protocol. Cisco Meraki’s cloud-managed firewall makes this process user-friendly, even if you’re not a networking expert. In this guide, we’ll walk you through how to implement a stateful Layer 3 and Layer 4 firewall using the Meraki Dashboard GUI — no command line needed, just simple clicks and settings.

What is a Stateful Layer 3 & 4 Firewall?

Before diving into the implementation, let’s clarify what this firewall does:

  • Layer 3 firewall operates at the network layer, filtering traffic based on IP addresses.

  • Layer 4 firewall works at the transport layer, filtering traffic based on TCP/UDP ports and protocols.

  • Stateful firewall remembers the state of active connections and makes decisions based on the context of traffic, offering enhanced security compared to stateless filtering.

Cisco Meraki firewalls are inherently stateful, enabling you to define powerful, granular rules that control traffic flow efficiently.

Step 1: Log in to the Meraki Dashboard

Head to dashboard.meraki.com and log into your account. If you don’t have a Meraki network set up yet, this is an excellent time to create one and add your devices.

Step 2: Navigate to Security & SD-WAN > Firewall

Once inside your chosen network:

  • On the left sidebar, select Security & SD-WAN.

  • Under this section, find and click on Firewall.

This is where you’ll configure your Layer 3 and Layer 4 stateful firewall rules.

Step 3: Understand the Primary Sections in the Firewall Page

The page is divided into key parts:

  • Layer 3 firewall rules: These rules filter traffic based on source and destination IP addresses.

  • Layer 7 firewall rules (for app blocking): For deeper inspection (optional).

  • Port forwarding and port triggering: Advanced traffic management.

  • Inbound and outbound rules: Control direction-specific traffic.

For this guide, we’ll focus on Layer 3 and Layer 4 rules.

Step 4: Create Layer 3 Firewall Rules

Layer 3 rules allow you to block or allow traffic by IP addresses.

  1. Scroll to Layer 3 firewall rules.

  2. Click Add a rule.

  3. Configure the following attributes:

    • Policy: Choose Allow or Deny.

    • Protocol: Select Any, TCP, UDP, or ICMP depending on your needs.

    • Source: Specify the IP range or subnet where the traffic originates.

    • Destination: Specify the target IP range/subnet.

    • Port: For Layer 4 filtering, define the port(s) here.

    • Comment: Add a descriptive note (e.g., “Block inbound SSH from WAN”).

  4. Click Save.

Pro Tip: Rules are processed top to bottom. Place your most specific rules at the top for priority.

Step 5: Work on Layer 4 Firewall Rules

Although Layer 4 rules are integrated within the Layer 3 rule interface via port and protocol selection, you can create very granular rules to block or allow traffic based on TCP or UDP ports.

For example: To block all inbound HTTP traffic on port 80:

  • Policy: Deny

  • Protocol: TCP

  • Source: Any (or specific WAN ranges)

  • Destination: Your LAN subnet or WAN IP

  • Port: 80

Step 6: Manage Inbound and Outbound Rules

Layer 3 firewall settings in Meraki can be set to control inbound and outbound traffic separately:

  • Inbound firewall rules: Manage traffic entering your LAN from the Internet or other WANs.

  • Outbound firewall rules: Manage traffic leaving your LAN towards WAN or external destinations.

Ensure you set rules on both inbound and outbound to maintain balanced security without blocking legitimate traffic.

Step 7: Save and Test Your Configuration

After configuring your firewall rules, click Save changes at the bottom of the page to apply the settings immediately.

For testing:

  • Use tools like ping, traceroute, or port scan utilities.

  • Verify the expected traffic is allowed or denied according to your rules.

  • Check the Meraki Dashboard’s event logs under Security & SD-WAN > Event log for firewall-related entries.

Step 8: Monitor and Adjust as Needed

Firewall management is an ongoing process. Use Meraki’s dashboard analytics and reporting tools to monitor traffic trends and firewall hits over time.

If you notice unexpected blocks or passes, revisit your firewall rules and tweak them to balance security and usability.

Why Use Meraki’s Stateful Firewall?

  • Cloud-managed simplicity: Configure anywhere without complex software or CLI.

  • Intelligent state tracking: No need to define return rules explicitly; the firewall automatically keeps track of connection states.

  • Granular control: Define rules based on IP, protocol, port, and direction.

  • Seamless integration: Works smoothly with other Meraki security features like IDS/IPS and content filtering.

Wrapping Up

Implementing a stateful Layer 3 and Layer 4 firewall using the Meraki Dashboard brings enterprise-grade security within reach for businesses of all sizes. By following this guide, you can confidently control network access, protect your assets, and maintain smooth operations through the intuitive Meraki GUI.

Stay proactive, review your rules regularly, and enjoy the peace of mind that comes with having a versatile, cloud-managed firewall guarding your network.

Updated on July 29, 2025
Was this article helpful?
Yes No

About The Author

mdc

mdc has not written a bio yet29

Related Articles

Leave a Comment