Content Filtering

Solved
Daniel24
Here to help

Content Filtering

Sooo after working with Meraki be aware if you are working on implementing Content filtering you really need your VLAN Interfaces on the MX and not the Layer 3 Core switches. I had my interfaces there to help with just dedicating the MX to Firewall duties only. The problem is when you are trying to look for content filter logs it will report back as the switch not the specific client. Only way Meraki informed me to fix it was moving VLANs to the MX, which does appear to have worked. 

 

But the follow up problem now that I am seeing. So, does content filter with Meraki only show when something is actually blocked? Doesn't actually show when there is approved URLs passing through the MX only showing the blocked content. Even if I have the filter set to "All Filtering".  

 

Anyone else have the first reported issue?

 

And second paragraph issue a common thing?

1 Accepted Solution
Daniel24
Here to help

I'll reply to this if anyone in the future needs it for reference. Yes, for sure the only way to see allowed traffic is by using a Syslog server. I deployed Manage Engine Event Log Analyzer which works great to now see all traffic, not just the denied. 

View solution in original post

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

I supose it depend on what client tracking is used.  Did you also try Unique client identifier or Track by IP? https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options

Daniel24
Here to help

I was recommended due to no longer having any interfaces configured at Layer 3 that I should do Mac. I originally had it on Unique Client identifier trying to resolve the first paragraph of reporting on from the switch. 

Malwina
Meraki Employee
Meraki Employee

Network-wide → Event Log would only display blocked Content Filtering Events.

Daniel24
Here to help

So is there anyway to see traffic that was allowed? Syslog server?

Daniel24
Here to help

I'll reply to this if anyone in the future needs it for reference. Yes, for sure the only way to see allowed traffic is by using a Syslog server. I deployed Manage Engine Event Log Analyzer which works great to now see all traffic, not just the denied. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels