Block Internet but leave local access

Solved
LazerTony20
Conversationalist

Block Internet but leave local access

Hi, i have a few devices (tablets) used in the enterprise that we want to block the internet access but want to leave access to our local web server. Any ideas ?

1 Accepted Solution
LazerTony20
Conversationalist

I Solved it by changing the rules to this:

 

1 |  Allow  |     Any    | 192.168.0.0/16 | Any      | Allow Local Access

2 |  Deny  |     TCP    |         Any           | Any      | Block Internet

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal

Create a group policy with firewall rules.  And assign the policy  to the tablets

PhilipDAth
Kind of a big deal
Kind of a big deal

@ww is right, but note tablets often need to check into Apple/Google (depending on make) to maintain all sorts of different capabilities.

LazerTony20
Conversationalist

I tried this approach, but there is an issue. If I apply a firewall rule that looks like this:

# |  Policy | Protocol |  Destination      | Port     | Comment

1 |  Allow  |     Any    | 192.168.0.0/16 | Any      | Allow Local Access

2 |  Deny  |     Any    |         Any           | Any      | Block Internet

 

The Issue is that, it works only I apply it after the tablets have already joined the network and haven't changed AP. As soon as the devices change AP or get disconnected from the network, they cannot connect back.

 

(The error message on android is: "Failed to obtain IP address" and I have tried to add our local dhcp server's address as the first rule, but it still doesn't work).

LazerTony20
Conversationalist

I Solved it by changing the rules to this:

 

1 |  Allow  |     Any    | 192.168.0.0/16 | Any      | Allow Local Access

2 |  Deny  |     TCP    |         Any           | Any      | Block Internet

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels