Content Filtering Help

TBisel
Getting noticed

Content Filtering Help

So having patch luck with content filtering. I have both Porn and Games listed under "Category Filtering -> Blocked Website Categories" on our MX. We do have a Catalyst switch for L3 functions so I am not sure if that has something to do with it. But for pure metaphorical reasons, lets say playboy.com and hustlerholloywood.com are both being let through, and the loopup tool is still showing them both as porn. But Newgrounds.com which is being seen as games, is being blocked because its a games site.

Any ideas on where to start to look for this?

12 REPLIES 12
Nash
Kind of a big deal

So hits against content filtering should show up in your event log. The address can be truncated, which is annoying.

 

You're not seeing hits there, and you're able to successfully hit those website's front pages? Is that what you're seeing?

TBisel
Getting noticed

I got the green light to test from my machine to see if I can actively see the sites. I can reach them from my machine, I am not seeing them being hit. I am seeing a lot of hits for parked domains and for social networking (Also listed to block) but the adult content is not being blocked. 

TBisel
Getting noticed

It seems other adult websites are being blocked but at least these two are not being blocked.

ww
Kind of a big deal
Kind of a big deal

Is your  filtering set to "full list"?

TBisel
Getting noticed

No. If I set it to full list DNS times out all the time.

Nash
Kind of a big deal


@TBisel wrote:

No. If I set it to full list DNS times out all the time.


Yeah, it'll do that til it builds up the cache. Full list can be a bear!

 

Below the blocked categories box, there's a lookup tool. Is playboy.com coming up as categorized as adult & pornography?

 

If so, what's your firmware version? I had an issue recently with a misclassification. Solution was update firmware (as it was behind) and bounce the firewall.

TBisel
Getting noticed

Yea we gave it two months to try and build it but we have stupid expensive internet connections here and my Systems Admin wasn't having it. Two 200MB symmetrical WAN connections and a 150MB Symmetrical fiber to another site. Me explaining that it was set to full list and it would take time to build just wasn't cutting it.

 

Playboy and Hustler is showing up categorized correctly in the tool. Firmware is sitting at 14.39 with an update available. Going to have to try that.

ww
Kind of a big deal
Kind of a big deal

It does get blocked  with  full list

You can stil use the url  block

Nash
Kind of a big deal

@TBisel if you've got an upgrade queued, I'd definitely give that a try. As I said, I think, going from 14.39 to 14.40 resolved a similar content filter issue for me. It was support's first recommendation.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you have them defined globally then it should work.

 

Exceptions are if you have assigned group policies against clients that override it (such as whitelisted clients).

 

If you are doing it in group policies assigned to clients then those clients need to be using the MX as their default gateway (they can not be routed through another L3 device).

@PhilipDAth 

 

What if I track by IP Address can the blocking still be done by group policy? I dont think this is whats going on but I do want to check.

PhilipDAth
Kind of a big deal
Kind of a big deal

Tracking has no impact on the way group policy is applied.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels