Meraki

Community

Blocking Layer 7 in MX not working but Logged

EdgeFarming
Here to help
7 hours ago
7 hours ago

Blocking Layer 7 in MX not working but Logged

Hi, 

 

I`m blocking some apps in Layer 7 Firewall (Youtube, Instagram and Sports)

 

EdgeFarming_1-1741797260636.png

They are never blocked but you can see the match in Event Log, Why? Am I missing anything? Thanks

 

 

EdgeFarming_0-1741797232952.png

 

0 Kudos
5 Replies 5
michalc
Meraki Employee
Meraki Employee
7 hours ago
7 hours ago

Hi there,

Could you clarify what is not being blocked? Are the clients using web versions or apps on their phones?
If apps on the phones than the QUIC protocol is being used. I'd recommend blocking UDP 443 using L3 but please check for collateral damage. 

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
In response to michalc
EdgeFarming
Here to help
6 hours ago
6 hours ago

Hi Michalc, 

 

None of them, youtube, instagram, and any sport page like. nba, nfl, nike, etc.

Clients are using we version.

0 Kudos
In response to EdgeFarming
michalc
Meraki Employee
Meraki Employee
6 hours ago
6 hours ago

There's been a lot of similar topics on the forum regarding this with accepted solutions.

Please see some of those threads below

2

3

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Mloraditch
Head in the Cloud
7 hours ago
7 hours ago

Do the clients in question have an overriding group policy? I wouldn't think so based on the logs you've shown, but that's the only thing that should override the Layer 7 rules. If not it sounds like some sort of bug you would need to contact support about.

Layer 3 is also processed before Layer 7, but I don't believe you'd get that log entry if you somehow had a layer 3 rule overriding the layer 7

You sound familiar but here is the reference documentation: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_a_Layer_7_Fi...
https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
4 hours ago
4 hours ago

I quite like using layer 3 FQDN firewall rules.  Then just block access to the DNS name "youtube.com".

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.