Meraki

Community

Content filtering not working at 2 schools

Aquatoes
Getting noticed
yesterday
yesterday

Content filtering not working at 2 schools

We have 2 schools with MX devices and content filtering. This has been working fine for years and suddenly started having intermittent issues.

 

SSID is tagged to VLAN for students with Group policy setup with content filtering.

 

Meraki support and engineers recommended blocking UDP 443 and 80 with a layer 3 outbound rule for QUIC protocol

 

This has not yielded and resolution and we are still seeing intermittent connectivity to multiple blocked websites.

 

Has anyone else experienced this and or have a potential solution?

0 Kudos
3 Replies 3
tnco
Here to help
yesterday
yesterday

@Aquatoes 

Regarding content filters, if you use the Quic protocol, it may not be possible to block it due to the nature of the protocol.

This is described in the Meraki documentation. Therefore, it is possible to block such communications by blocking UDP 443 with an L3 firewall, but in that case, if a client terminal uses Quic for web communication, it may affect the communication.

Therefore, it may be possible to avoid this by disabling Quic on the client terminal, but I thought that it would be difficult to do so easily if the scale is large.

Also, this may not work in the case of umbrella web policy, and the workaround was to disable Quic.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

 

https://support.umbrella.com/hc/en-us/articles/360051232032-What-Are-the-Problems-with-Google-Servic...

 

0 Kudos
In response to tnco
Aquatoes
Getting noticed
yesterday
yesterday

No device is using QUIC and with the Layer 3 UDP rule to block port 443 and 80 in place content is still getting through. Meraki engineers think there is a bigger issue, however this is affecting multiple locations. So I believe it is a bug in recent firmware that just has not surfaced.

0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
9 hours ago
9 hours ago

Unfortunately this is why I’ve struggled with MXs in the edu space - filtering and real-time reporting.

 

The majority of my edu customers are using securely and comes highly rated.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.