Content filter group policy

Here to help

Content filter group policy

Hello All. We licensed advanced and are still struggling with the active directory group policies mapping to the meraki group policy. Basically we left the network default contact filter policy to allow access to all sites and then use group policies to apply content rules starting at the top the less restrictive to the most restricted at the bottom of the group policy list. I am correct in assuming that the mx will process from the top down the group policies until it gets a hit on a user and then stops right there? Or does it continue to see if that user is in subsequent groups? I assume the former. So basically we have people at the top of the list as unrestricted and then under that have the same categories defined at the very bottom of the list (most restrictive) with url white lists. However users are still able to go anywhere they want. The event logs do show the users being mapped into specific groups but the policies are not working. 


Am I understanding this order of operations correctly? 


Thanks very much 

Head in the Cloud


Ideally the policy shall apply when it finds the user for the first time.

However Quick thoughts

Need to understand the network topology?

Incase your VLANs are defined on MX there shall not be an issue. However if your VLANs are on the Core you may try to enable "Track clients by IP address" and test the functionality.


Security Appliance->Addressing and VLANs-> Client Tracking -> "Track clients by IP Address"

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.