cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring firewall Rules to block/allow domain names as a name not as an IP

SOLVED
Highlighted
Getting noticed

Configuring firewall Rules to block/allow domain names as a name not as an IP

Hello Gents, 

 

I have a VPN between two Meraki MX,  which they have Enterprise licenses not  Advance License So the content filter is not available.

 

I am trying to apply a rule to block a domain name like "meraki.com "  in the Site-to-site outbound firewall under Organization-wide settings, but it seems Meraki is not supporting domain name in the Site-to-site outbound firewall but it is supported in the layer 3 Firewall.

 

for example  filter content.png

 

any advice?  
1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

View solution in original post

6 REPLIES 6
Kind of a big deal

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

You are correct, that is not supported.

Kind of a big deal

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

Are the MX's in different organisations, and as a result you are not using AutoVPN?

Getting noticed

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

Hello Phil,

 

both MX is in the Same Organization but in different Network, as one of them act as a HUB and the other as Spoke ( site ).

 

 

Kind of a big deal

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

View solution in original post

Getting noticed

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

vpn- filter site.png

Getting noticed

Re: Configuring firewall Rules to block/allow domain names as a name not as an IP

Yes, this is why I have added this post, I know how to do it using the content filter and block the URL as i show it in my previous picture.

As you said I cannot do it with Enterprise Licence, we need Advance Security.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.