cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restricting Cellular Usage on certain apps, force to WiFi only

SOLVED
Go to solution
Lburk
Here to help
‎05-04-2023 07:42 AM
‎05-04-2023 07:42 AM

Restricting Cellular Usage on certain apps, force to WiFi only

I'm attempting to figure out if there is a way to force certain apps to WiFi only and not use cellular data. We are experiencing over the top cellular data usage on some of our devices. I would rather restrict them instead of removing the apps and punishing everyone for not following company protocols. Any help is greatly appreciated! Thanks.

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
In response to Lburk
PaulF
Meraki Employee
Meraki Employee
‎05-11-2023 08:14 PM
‎05-11-2023 08:14 PM

It won't show you who is abusing data. It will just prevent it.

View solution in original post

0 Kudos
Subscribe
11 REPLIES 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎05-04-2023 08:18 AM
‎05-04-2023 08:18 AM

I think it is not possible to configure via MDM only by changing directly on the smartphone.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-04-2023 02:44 PM
‎05-04-2023 02:44 PM

Are you talking about the case of blocking the apps if there is only cellular available, so they can only work over WiFi?

 

I agree with @alemabrahao , this would be an MDM function, if available.

 

Some phones have the concept of a "data saver" function.  So you might be able to configure this per phone, by getting the user's phone and configuring it, but you won't be able to automate this without an MDM.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-04-2023 02:46 PM
‎05-04-2023 02:46 PM

Going sideways - you could consider using something like Cisco Umbrella, and installing that onto all your mobile devices.  Then you can see which apps are chewing the data, and out right block non-company apps.  The block would be on cellular and WiFi.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-04-2023 02:47 PM
‎05-04-2023 02:47 PM

This would be a lot of work - but you might be able to do this with AnyConnect.  Configure AnyConnect on mobile in full tunnel mode.  Use trusted network detection to turn the VPN off when on company WiFi, and back on otherwise.

 

Create firewall rules on your MX blocking traffic from the AnyConnect subnet to the apps the users are not allowed to use when not on company WiFi.

0 Kudos
Subscribe
PaulF
Meraki Employee
Meraki Employee
‎05-08-2023 07:28 PM
‎05-08-2023 07:28 PM

So, I see that you have iOS tagged, which makes this relatively straightforward. You'll need the Network Usage Rules setting

 

Screenshot 2023-05-09 at 10.27.37 AM.png

 This should work perfectly for your use case.

Subscribe
In response to PaulF
Lburk
Here to help
‎05-09-2023 01:17 PM
‎05-09-2023 01:17 PM

I'm testing this now on a few devices to make sure no other issues crop up, but this does seem to be the way. Thank you!

0 Kudos
Subscribe
In response to Lburk
Lburk
Here to help
‎05-09-2023 02:00 PM
‎05-09-2023 02:00 PM

I've been testing various device and this works PERFECTLY. If the device isn't connected to WiFi the apps in question will not work. Just what I needed. Thankyou. Now though, I have a follow-up question if I may.

 

Take Netflix for example. If I create a security policy and enable Application (System Manager\Policies\Security Policies\ All Devices\Application) and list Netflix.com will this prevent Netflix .com from loading from in Safari or Chrome, will this work?

0 Kudos
Subscribe
In response to Lburk
PaulF
Meraki Employee
Meraki Employee
‎05-09-2023 11:24 PM
‎05-09-2023 11:24 PM

A security policy doesn't prevent something, it only allows you to show devi cos which are compliant / non compliant against this policy.

 

What you need is a Restrictions profile. Under Show / Hide Apps, you can add your app(s) here

Screenshot 2023-05-10 at 2.23.11 PM.png

0 Kudos
Subscribe
In response to PaulF
Lburk
Here to help
‎05-11-2023 06:23 AM
‎05-11-2023 06:23 AM

So by setting the policy as I stated above, it should then show me if someone is going to certain websites? Is this correct. I setup the network usage as you suggested and it's working perfectly. I'm just trying to cover my bases and curb the abuse we're seeing. Thank you once again.

0 Kudos
Subscribe
In response to Lburk
PaulF
Meraki Employee
Meraki Employee
‎05-11-2023 08:14 PM
‎05-11-2023 08:14 PM

It won't show you who is abusing data. It will just prevent it.

0 Kudos
Subscribe
In response to PaulF
Lburk
Here to help
‎05-12-2023 06:15 AM
‎05-12-2023 06:15 AM

That's even better. Thanks Paul!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki