Blocking Remote/VPN Website Client Access IE..joinme, teamviewer, etc...

kc
Comes here often

Blocking Remote/VPN Website Client Access IE..joinme, teamviewer, etc...

Other than blocking all the sites, at the filter/URL Blocking, is there a way to block all or a majority of theses sites.  We have the categories filtering selected as well, but end users are still able to use.  Port blocking, like URL's, have a wide range.  Obviously can't add them all, especially 443.  Just seeing what others are doing to to block this with a blanket rule or filter and not have to granularly block each url website.

 

We have the MX400.  

 

Thanks for any help you can provide.

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't understand what you are asking.  Have you looked at using FQDN firewall rules instead of content filtering?

 

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings#FQDN_Support

kc
Comes here often

If I were to use FQDN, as you suggested, then we would have to find every destination (URL) and all their different ports to add.  I work in education, deploy 2500 devices, and trust me students/faculty will find a URL that maybe we would miss.  This method doesn't seem to efficient to me.  I'll put in the leg work, but my question was can this be done with, say a Layer 7 category denial.  Like Remote monitoring and management?  That way it is a blanket for these website and we don't have to input each new URL that comes out.  

 

I actually researched this question, in the community, and your suggestion to someone else was to check Proxy Avoidance and Anonymizers in the Category Filter.  We have had that category blocked and it didn't work.  

PhilipDAth
Kind of a big deal
Kind of a big deal

I still don't understand what you want.

 

You say you would have to find all the URLs - all the URL's for what?  What do you actually want to block?

kc
Comes here often

Ok, I will type slower.......I want to block... ANY... "Remote Access/ VPN Client" website.  Instead of putting all of the URL's like.....logmein, teamshare, realvnc, showmypc, gotomypc, screenconnect, splashtop, ultravnc, anydesk, and the hundreds more that we don't know about into Layer 3 and then finding and adding their ports.  Which some use 443 which is a no go on blocking.  Is it possible to block these types of sites with the filter, rule, or category, anything?

MPiechota
Conversationalist

Did you have any luck with a solution from any other sources?  Similar situation here.  VPNs breed worse than rabbits.  I've been blocking full CIDR IP blocks and I'm making some headway, but every day there's a new one.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.