Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block non-HTTP/HTTPS trafic on TCP/80 and 443

NDNR
New here
‎Aug 31 2023 3:31 AM
‎Aug 31 2023 3:31 AM

Block non-HTTP/HTTPS trafic on TCP/80 and 443

Hello,

We are having a security breach in our environment, we are using SD-WAN solution based on MX.

We have a L3 FW rule that permit TCP/80 and TCP/443 for web surfing and we are limiting websites by configuring whitelist.

We are discovered that some non-HTTPS trafic can pass through the MX bypassing the web filtering probably because the web filtering is acting only for HTTP/HTTPS.

We are now trying to find a way to block those trafic and only allow HTTP/HTTPS protocols.

Is there a way to achieve this ?

Thanks

0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 3:47 AM
‎Aug 31 2023 3:47 AM

What is the URL category? 

 

Isn't it easier to block everything by default and only allow what you need?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
DarrenOC
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 3:59 AM
‎Aug 31 2023 3:59 AM

Agree with @alemabrahao , if you’re dealing with a breach restrict everything and only allow through what’s required.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
NDNR
New here
‎Aug 31 2023 4:21 AM
‎Aug 31 2023 4:21 AM

This is what we do, the port tcp/443 is open for any destinations and we are only allowing domains on the webfiltering but some tools that are not allowed like teamviewer are bybassing the webfiltering.

0 Kudos
Subscribe
In response to NDNR
ww
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 4:36 AM
‎Aug 31 2023 4:36 AM

I dont see teamviewer in the L7 firewall. 

You could try add a deny  in the L3 and/or L7 firewall to

*.teamviewer.com

0 Kudos
Subscribe
In response to ww
DarrenOC
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 4:42 AM
‎Aug 31 2023 4:42 AM

Not sure that will work @ww @as TeamViewer is also available as an App

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
ww
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 4:51 AM
‎Aug 31 2023 4:51 AM

Teamviewer advises to block that.

 

I think it could work in some cases. (Asuming apps also use some  dns lookup)

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support

 

But with doh and other encryptions im not to sure

Subscribe
NDNR
New here
‎Aug 31 2023 6:23 AM
‎Aug 31 2023 6:23 AM

Ok, we just did a test by adding L3 FW rule to deny tcp/443 to *.teamviewer and it works but in this way it will only block Teamviewer and not some other tools that are working in the same way.

Dificult to imagine that a solution like Meraki cannot block specific apps of threats.

0 Kudos
Subscribe
In response to NDNR
ww
Kind of a big deal
Kind of a big deal
‎Aug 31 2023 6:45 AM
‎Aug 31 2023 6:45 AM

There are some apps that the L7 firewall can block. You could take a look at those options.  (But the list could be bigger..)

 

threats (should) be blocked  by the IPS

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.