Meraki

Community

Group Policy not updating

MrMatt
Just browsing
‎Oct 10 2023 10:42 AM
‎Oct 10 2023 10:42 AM

Group Policy not updating

Thanks in advance for any help you can provide a Meraki Noob.  I inherited a system with a MX75 and I'm missing something. 

If I create a group policy with a level 7 firewall rule blocking social media, it works fine. These are applied on a per-client basis and sites are blocked as intended.  However, if I then go into Client details for a specific client and change the policy back to normal or even whitelisted, the websites remain blocked for that client. Clients who never had the Group policy changed retain access.

 

Also, i can go into the group policy and remove the level 7 firewall rule, returning access to all clients including the whitelisted/normal client.  It seems that even though I'm choosing a different policy option in client details, once I have applied a group policy to a client, it remains applied.

 

I'm sure I'm missing something super obvious, but cannot figure it out.  Any help would be much appreciated

0 Kudos
7 Replies 7
ww
Kind of a big deal
Kind of a big deal
‎Oct 10 2023 10:47 AM
‎Oct 10 2023 10:47 AM

Did the client reconnect the network after you changed the policy?

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Troubleshooting_Gr...

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 10 2023 11:30 AM
‎Oct 10 2023 11:30 AM

Have you tested it on an incognito tab to see if it's not the browser cache?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Inderdeep
Kind of a big deal
Kind of a big deal
‎Oct 10 2023 11:31 AM
‎Oct 10 2023 11:31 AM

@MrMatt : make sure you did it right 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Islam-Hussien
Here to help
‎Oct 10 2023 1:21 PM
‎Oct 10 2023 1:21 PM

 

 

  could you please follow these steps and give us the updates :

 

  1. Make sure the client disconnects and reconnects to the network. A policy will not be applied until the device connects to the network.
  2. Under Monitor > Clients, look under the Access column and see if the policy is being applied (if you do not see this column, press the plus icon and enable it). If the policy is not listed here for that client, check that the client fits the criteria for the policy to be applied.
  3. Check that the desired policy is not being overwritten by policies that take a higher priority (see below, under "What is the order of priority for Group Policies").
  4. If the part of the policy that's not working is a content filtering/layer-7 firewall rule, check that the client is not using HTTPS or a proxy. This can prevent content filtering from working properly.
  5. Check your policy to determine if Blocked Website Categories has been set to Override with no categories defined. This would enforce the network-default categories (Configure > Content Filtering)
  6. If possible, delete the policy and see if that changes client behavior, then recreate the policy and follow previous steps.
  7. Create a more limited test policy (only blocking one website, for example) and manually apply that policy to the client, to see if any policies work.
Islam Hussien
0 Kudos
In response to Islam-Hussien
MrMatt
Just browsing
‎Oct 12 2023 10:04 AM
‎Oct 12 2023 10:04 AM

First of all, I appreciate all the information.  However, I feel I may have explained poorly.  I will try to do better. 

example:

I create a GP with a single lvl7 rule blocking, say FB, then apply that GP to a client, it will block FB as intended.  However, when I change that client back to normal, or even whitelisted, FB remains blocked. 

If I edit the GP and remove the lvl7 rule, FB becomes accessible to the client that is no longer assigned to that GP.   It's like there's an "update policy" button I'm missing, but that doesn't seem to be the case.  

 

I am selecting the Group Policy to apply via the drop down in client details. 

This is the only Group Policy that has been created. 

My test group policy contains nothing but a single level 7 rule. 

I am disconnecting from the network after changes are made.

I can reproduce this on other clients, as well as by recreating the Group Policy. 

I am on the latest FW version.

I looked through the documentation you folks kindly provided, but am not seeing the issue there. 

 

Any help is much appreciated

0 Kudos
In response to MrMatt
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 12 2023 10:32 AM
‎Oct 12 2023 10:32 AM

I suggest you to open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
MrMatt
Just browsing
‎Oct 13 2023 7:40 AM
‎Oct 13 2023 7:40 AM

Bummer, I was afraid of that.  Just hoped it was something I had obviously done wrong that would be apparent 😞 

Thanks to everyone who took the time to offer suggestions all the same.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.