Purpose of this article is to walk you through adding countries to the Geo-IP based Layer7 Firewall Rules in the Meraki Portal. The policy is set up to “Deny traffic NOT to/from the following countries: USA,CAN,UK. Countries not listed will be blocked.

To add countries to the allow list:

1. Log into the Meraki Portal
2. Go to Adstra>>>Datacenter
3. Go to Security & SDWAN>>>Firewall>>>Layer7 Rules
4. Add the country you wish to allow traffic to in the policy listed “Deny countries traffic not to/from:”
5. Click Save. Wait at least 2 minutes after saving the configuration before having the client test it.

---

There are risks of causing unintended network interruptions if the policy is applied incorrectly. Conversely, you may open up network access to countries not approved if the policy is applied incorrectly.

---

Dependent on admin access to the Meraki Admin Portal. Dependent on change control with vITM and Client approval to execute changes. Dependent on the Meraki Datacenter firewall, hostname: ALC-LWDC-MX-1

---

• EXTERNAL only – i.e., industry best practices, CIS18, this is not for cIT internal references

Note: Please add KB relationships to appropriate CI on the right.