we are using Z1 in all our branches and i need to block all websites except some and we have MX100 @ HQ but our license is Enterprise so the content filtering is not allowed but even if it's advanced also the Z1s @ the branches doesnt have this feature also i need to block all adult content ,
so kindly help me find any work around to overcome this annoying issue.
Solved! Go to solution.
Lets assume you are not using full tunnel AutoVPN.
What you'll have to do is use layer 3 outbound firewall rules and FQDN.
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support
So the bottom rule needs to be a "deny any" and then you create rules above that allowing access to whatever web sites you want.
HOWEVER the tricky bit is many web sites need many other URLs to be allowed to work because they use shared components and modules.
So before you put in place restrictions, do a packet capture on port 53. Access what you want to be allowed. And then allow everyone of those URLs.
Lets assume you are not using full tunnel AutoVPN.
What you'll have to do is use layer 3 outbound firewall rules and FQDN.
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support
So the bottom rule needs to be a "deny any" and then you create rules above that allowing access to whatever web sites you want.
HOWEVER the tricky bit is many web sites need many other URLs to be allowed to work because they use shared components and modules.
So before you put in place restrictions, do a packet capture on port 53. Access what you want to be allowed. And then allow everyone of those URLs.
Thanks for your help and sorry for latency it's working well after testing
and i am still collecting all our URLs and it's shared components .
but during testing the whats-app have a lag behavior not slowness but you feel like its buffering for one Minuit and after that all messages sent at the same time and this also in receiving messages
and what about "blocking adult content" without advanced license
also i will feedback if i face any issue
"Block all adult content"
I think you mean porn.
Otherwise, an exclusive diet of children's programs will pall real soon now.
Trying to block adult content usually creates more problems than it solves.
For starters, the following regions, counties/cricket clubs are out:
Then you can add
I think you get the picture.
One of the advantages of allowing anything is that it provides more ammunition when you wish to get rid of an employee.
Kindly can you explain little bit more how block it using my enterprise license "Without content filtering" did you mean i can use this words in the layer 3 like that or what
I am trustworthy of this work in front of ALLAH. so i can't choose this one>>>>>
😉 😃"One of the advantages of allowing anything is that it provides more ammunition when you wish to get rid of an employee".
@mohamed_mashaal wrote:
Kindly can you explain little bit more how block it using my enterprise license "Without content filtering" did you mean i can use this words in the layer 3 like that or what
I am trustworthy of this work in front of ALLAH. so i can't choose this one>>>>>
😉 😃"One of the advantages of allowing anything is that it provides more ammunition when you wish to get rid of an employee".
Ahh, one of the complications of Christianity is the relative awfulness of sins of commission and omission. 😈👻😇😎 In your shoes, I'd consult Nasruddin on your dilemma, his take is sure to be instructive.
>did you mean i can use this words in the layer 3 like that
Yes. Except convert rules 7 and 8 to a "deny any" rather than "deny tcp" and "deny udp".