Meraki

lc-gabriellima

Hi everyone, hope you're doing well.

Could you please help me with something?

I have a Meraki MX105 firewall and I'm trying to block the use of AnyDesk on the network.

I've already tried two approaches:

Blocking by application category in the firewall, but AnyDesk is not listed;

Layer 7 firewall rule (deny based on the HTTP hostname anydesk.com), but this didn’t work either.

Is there a more effective way to completely block AnyDesk on this model?

PhilipDAth

I would do a packet capture on port 53 (DNS). Start up AnyDesk, and see what DNS entries it talks to (especially any login or authentication-related DNS entries), and then block access to those DNS entries.

alemabrahao

AnyDesk uses a variety of domains and IPs. You can try blocking these in Layer 7 firewall rules or content filtering.

*.anydesk.com
*.net.anydesk.com
*.relay.anydesk.com
*.download.anydesk.com

Ports used:

TCP 80, 443 (standard web ports)
TCP 6568 (sometimes used for direct connections)
TCP 7070 (used for direct connections within LAN)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

BlakeRichardson

^^ This

Most applications use different FDQN for the actual inner workings of software as you as often routed to use the closest server geographically as well as many other reasons.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

bperezgo

Hi @lc-gabriellima,

I would recommend adding a Layer 3 firewall rule to block traffic destined to 239.255.102.18 on any port and a Layer 7 firewall rule denying hostname "anydesk.com."

You would still need to apply anydesk.com to the blocked URL list in your content filtering.

When testing, the changes may take up to 5 minutes before taking effect as the MX firewall will have to pull down the configuration from the cloud servers. Disconnect and re-connect the client device to ensure you're working with a new flow as well.

https://support.anydesk.com/knowledge/firewall

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

lc-gabriellima

Hi @bperezgo, @PhilipDAth, @alemabrahao, @BlakeRichardson

Thanks everyone for your input and suggestions.

Unfortunately, I’ve applied all the recommended measures, including:

Layer 3 firewall rule blocking traffic to 239.255.102.18;

Layer 7 firewall rule denying hostname anydesk.com;

Adding all known AnyDesk domains to the Content Filtering blocked URL list (e.g., *.anydesk.com, *.net.anydesk.com, *.relay.anydesk.com, etc.).

I've also waited over 10 minutes and restarted the client device to ensure a new flow was created.

Despite all of that, AnyDesk is still working normally on the network.

If anyone has additional ideas or a more advanced workaround, maybe involving DPI or other techniques. I’d really appreciate your help.

Thanks again,
Gabriel

alemabrahao

As we discussed, the most effective way I see to block the application is via the Machine's Firewall.

If you have Trellix or any other corporate firewall that users do not have access to, you can block the application without any difficulty.

I hope I have helped you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Assistance Needed – Blocking AnyDesk on Meraki MX105

Assistance Needed – Blocking AnyDesk on Meraki MX105