Meraki

Community

Content Filtering Not working

Riser
Getting noticed
‎Jul 3 2024 12:04 PM
‎Jul 3 2024 12:04 PM

Content Filtering Not working

Hey fam,

 

We are trying to test the URL Filtering on Meraki to see how it works but it doesn't seem to block any sites. 

 

Someone suggested I do this: content filtering relies on the client using HTTP for web traffic, but your client uses the QUIC protocol instead. To resolve the issue, you can create a Layer 3 firewall rule that blocks UDP ports 80 and 443 (which the QUIC protocol uses) which also didn't seem to work.

 

Any idea. Images are attached

 

Riser_0-1720033391950.png

Riser_2-1720033427483.png

 

Labels:
0 Kudos
19 Replies 19
alemabrahao
Kind of a big deal
‎Jul 3 2024 12:14 PM
‎Jul 3 2024 12:14 PM

Is it not working to access via App or Web Browser?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Riser
Getting noticed
‎Jul 3 2024 12:15 PM
‎Jul 3 2024 12:15 PM

I can still access the sites on the Web Browser.

0 Kudos
alemabrahao
Kind of a big deal
‎Jul 3 2024 12:16 PM
‎Jul 3 2024 12:16 PM

Try using these URLs.

 

*.facebook.com

*.akamaihd.net 

*.fbcdn.net

*.fb.me

*.fbsbx.com

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Riser
Getting noticed
‎Jul 3 2024 12:21 PM
‎Jul 3 2024 12:21 PM

Facebook is still working. No, any luck.

0 Kudos
In response to Riser
Riser
Getting noticed
‎Jul 3 2024 12:21 PM
‎Jul 3 2024 12:21 PM

Riser_0-1720034486708.png

 

0 Kudos
In response to Riser
alemabrahao
Kind of a big deal
‎Jul 3 2024 12:33 PM
‎Jul 3 2024 12:33 PM

Are you sure that it's not web browser cache?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Riser
Getting noticed
‎Jul 3 2024 12:40 PM
‎Jul 3 2024 12:40 PM

I cleared the cache but no luck at all. 

0 Kudos
Inderdeep
Kind of a big deal
‎Jul 3 2024 12:21 PM
‎Jul 3 2024 12:21 PM

here you can troubleshoot 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten....

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Jul 3 2024 12:40 PM
‎Jul 3 2024 12:40 PM

Looks like the content filter block url list is broken in latest firmware

0 Kudos
In response to ww
Riser
Getting noticed
‎Jul 3 2024 12:41 PM
‎Jul 3 2024 12:41 PM

I kind of think so too because its not blocking an URL.

0 Kudos
In response to Riser
ww
Kind of a big deal
Kind of a big deal
‎Jul 3 2024 12:59 PM
‎Jul 3 2024 12:59 PM

Hmm it does seem to work, but not consistent after i put in or remove urls.

Could you try inprivate browser tab.

Also try maybe reboot mx if possible. 

0 Kudos
In response to ww
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jul 3 2024 1:07 PM
‎Jul 3 2024 1:07 PM

yeah I was going to suggest to reboot the MX to clear the active sessions / flows.

0 Kudos
In response to RaphaelL
Riser
Getting noticed
‎Jul 5 2024 6:19 AM
‎Jul 5 2024 6:19 AM

Did reboot but still didn't work.

0 Kudos
In response to Riser
alemabrahao
Kind of a big deal
‎Jul 5 2024 6:24 AM
‎Jul 5 2024 6:24 AM

I would suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Inderdeep
Kind of a big deal
‎Jul 3 2024 12:55 PM
‎Jul 3 2024 12:55 PM

but any notification and anything heard from Meraki on this ??

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
haupt
Meraki Employee
Meraki Employee
‎Jul 3 2024 2:18 PM
‎Jul 3 2024 2:18 PM

Hey community members, thank you for bringing this to our attention. Can you please open a support case so that we can investigate? At the moment, we are not aware of any widespread issue causing these problems.

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Jul 3 2024 5:36 PM
‎Jul 3 2024 5:36 PM

No comment on the content filtering specifically, but one thing to note about firewall rules is that when using an FQDN, the MX must intercept a DNS lookup for that domain before the rule will apply.
For example, if the client already has the domain resolved in its cache and you add the firewall rule, the rule won't apply until the MX see's a DNS lookup for the domain.
Solved: Meraki MX Firewall with FQDN - The Meraki Community

Aquatoes
Getting noticed
‎Feb 14 2025 4:59 PM
‎Feb 14 2025 4:59 PM

We are also having content filtering issues at 2 schools. Students are getting access to pornographic and gaming sites. We currently have this escalated to developers. Our content filtering is intermittent, we have applied a layer 3 firewall rule to block QUIC protocol on UDP 443 and 80 as recommended on a few forum posts and from the support recommendation, but it has not made any improvements. We are at a loss here and Meraki support just keeps going in circles asking us to go back onsite to collect more logs and they just keep recommending us to block those same ports. At this point I am going in circles with no resolution.

0 Kudos
tnco
Getting noticed
‎Feb 14 2025 5:47 PM
‎Feb 14 2025 5:47 PM

Regarding content filters, if you use the Quic protocol, it may not be possible to block it due to the nature of the protocol. This is described in the Meraki documentation. Therefore, it is possible to block such communications by blocking UDP 443 with an L3 firewall, but in that case, if a client terminal uses Quic for web communication, it may affect the communication. Therefore, it may be possible to avoid this by disabling Quic on the client terminal, but I thought that it would be difficult to do so easily if the scale is large. Also, this may not work in the case of umbrella web policy, and the workaround was to disable Quic.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

https://support.umbrella.com/hc/en-us/articles/360051232032-What-Are-the-Problems-with-Google-Servic...

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.