Configuring firewall Rules to block/allow domain names as a name not as an IP

SOLVED
Senan_Rogers
Getting noticed

Configuring firewall Rules to block/allow domain names as a name not as an IP

Hello Gents, 

 

I have a VPN between two Meraki MX,  which they have Enterprise licenses not  Advance License So the content filter is not available.

 

I am trying to apply a rule to block a domain name like "meraki.com "  in the Site-to-site outbound firewall under Organization-wide settings, but it seems Meraki is not supporting domain name in the Site-to-site outbound firewall but it is supported in the layer 3 Firewall.

 

for example  filter content.png

 

any advice?  
1 ACCEPTED SOLUTION

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

View solution in original post

6 REPLIES 6
PhilipDAth
Kind of a big deal
Kind of a big deal

You are correct, that is not supported.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are the MX's in different organisations, and as a result you are not using AutoVPN?

Hello Phil,

 

both MX is in the Same Organization but in different Network, as one of them act as a HUB and the other as Spoke ( site ).

 

 

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

vpn- filter site.png

Yes, this is why I have added this post, I know how to do it using the content filter and block the URL as i show it in my previous picture.

As you said I cannot do it with Enterprise Licence, we need Advance Security.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels