Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block list URL patterns in Group Policy doesn't work for me

Solved
LakesideLion
Getting noticed
‎Nov 27 2023 10:33 AM
‎Nov 27 2023 10:33 AM

Block list URL patterns in Group Policy doesn't work for me

I'm trying to block some URLs in a group policy and it doesn't work for me.   Here is what I have.

 

1) I created a group policy called test_group_policy

2) Under wireless only, I specify Tag VLAN and 1100

3) Under Security Appliance Only under Block list URL Patterns, I selected "Append" and for the URL pattern, I put "*.*" so as an experiment, trying to block everything.

4) after saving it,  I Iooked for my client and under policy, for Device Policy, I selected "test_group_policy".

 

After waiting for 5 minutes,  I can still access any website from my laptop.

 

Is this not how it's supposed to work?   Interesting is if I click on "show details"  under "policy" for the client laptop there is a column showing "test_group_policy" with rules.   It doesn't show my URL pattern as part of the policy.

 

I did *.* because any single URL I put in wasn't getting blocked so I thought lets just try blocking everything.

 

What am I missing?  

0 Kudos
Subscribe
1 Accepted Solution
LakesideLion
Getting noticed
‎Nov 30 2023 8:22 AM
‎Nov 30 2023 8:22 AM

After working for about a month on it was a few different support people, they've all seen it not work like they were expecting.  One even mentioned I might have stumbled across a known problem.  So it is being escalated up to the development team.

View solution in original post

0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 27 2023 10:57 AM
‎Nov 27 2023 10:57 AM

Use override instead of append.

 

Override: Means that the settings of the group policy will take precedence over the existing network settings. If a group policy is set to override, it will replace the current settings with its own.


Append: Means that the settings of the group policy will be added to the existing network settings. If a group policy is set to append, it will add its settings to the current ones without removing or altering the existing settings.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
LakesideLion
Getting noticed
‎Nov 27 2023 11:25 AM
‎Nov 27 2023 11:25 AM

Thanks for the suggestion.  However, appending is really what I want. On the security appliance we have a base amount of stuff we want to block.   Then with the group policy we wanted to block a little more for a certain group of users.   I created this test_group_policy to try things out and I'm not getting any behavior that I would be expecting.  I've been working with Meraki support and they confirm it should work like I think it should.   It's been painful working with them.  It's been moving at a glacial pace.   After 3 weeks they've had me try 3 different things all of which has not worked.

0 Kudos
Subscribe
In response to LakesideLion
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 27 2023 11:34 AM
‎Nov 27 2023 11:34 AM

I would try the way I'm suggesting in both allow and block, just to validate if it will work.
 
It may be that you have more specific rules releasing something and that's why it's not blocking it.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 27 2023 11:46 AM
‎Nov 27 2023 11:46 AM

I just tested it and it worked perfectly.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
JJRiebeling
Meraki Employee
Meraki Employee
‎Nov 27 2023 4:25 PM
‎Nov 27 2023 4:25 PM

Since the question shows the catch-all as *.*, just confirming if you are indeed using the asterisk symbol "*" as catch-all? Also, how does your normal/default policy look for block and allow URLs?

0 Kudos
Subscribe
In response to JJRiebeling
LakesideLion
Getting noticed
‎Nov 28 2023 8:18 AM
‎Nov 28 2023 8:18 AM

I do have the asterisk symbol as a catchall.  I wanted to try it to see if that would really block everything.    We just installed all new Meraki devices this summer so things are really clean.   The only content filtering set so far are categories that are specified in the category blocking on our MX450.   Under the URL filtering we don't have anything in the blocked list or the allow list.

0 Kudos
Subscribe
In response to JJRiebeling
LakesideLion
Getting noticed
‎Nov 30 2023 8:19 AM
‎Nov 30 2023 8:19 AM

Ah.  I get the question now.  I was told by the support engineer I should have just used a '*'.  Fortunately for me he saw that it still didn't work after changing that.

0 Kudos
Subscribe
LakesideLion
Getting noticed
‎Nov 30 2023 8:22 AM
‎Nov 30 2023 8:22 AM

After working for about a month on it was a few different support people, they've all seen it not work like they were expecting.  One even mentioned I might have stumbled across a known problem.  So it is being escalated up to the development team.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.