Blocking update site

samgbuyi
Getting noticed

Blocking update site

What do i need to setup or configure to block devices from running update?

7 REPLIES 7
cmr
Kind of a big deal
Kind of a big deal

What devices do you not want to update?

ww
Kind of a big deal
Kind of a big deal

all devices 》 use layer7 firewall

specific devices 》use group policy with layer7 firewall .

samgbuyi
Getting noticed

I have layer 7 and group policy configured already but still some devices gain access to their various manufacturer and run update

Are you talking Apple products?

I had to do the following to block them from being able to perform updates:

Deny - HTTP hostnam... - mesu.apple.com
Deny - HTTP hostnam... - appldnld.apple.com
Deny - HTTP hostnam... - updates-http.cdn-apple.com

The why I do that is because when Apple releases an update, every time it slams our guest internet circuits for all sites. If they want to update their phones they can do that at home lol
Nolan Herring | nolanwifi.com
TwitterLinkedIn

at L3 or L7?

Mine are L7 rules (either on the MR or MX device). I don't have anything at L3 for that.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

i have it enable at L7 but still some client jump through and still run update.

Network Wides >Group Policy > Software & anti-virus updates > All softwares and anti-virus updates

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels