Meraki

DerikA · ‎Jun 2 2022

We are using 3rd party DNS filtering similar Umbrella. To prevent savey end users from using other DNS services I created a firewall rule on my lab MX allowing traffic to my DNS servers and to the 3rd party servers. I then created rules blocking traffic from any source to any destination on UDP and TCP ports 53 and 443. Testing showed this did not prevent me from resolving address if I manually set my DNS server. I have been searching the forms and it appears others have been able to make this work so what am I missing?

Rule summary and order:

1: allow source, any internal network on ports 53 and 443 to destination my DNS and 3rd party DNS servers ports 53 and 443

2: deny source, any on ports 53 and 443 to destination any ports 53 and 443

(edited to fix a typo)

ww · ‎Jun 2 2022

Your source port need to be any. Its a rondom port. And delete all 443 because you wont be able to browse any website anymore 😛

View solution in original post

CptnCrnch · ‎Jun 2 2022

DNS is port TCP/ UDP 53, not 54. Or is that a simple typo?

DerikA · ‎Jun 2 2022

That is a typo. Sorry, I will correct that in the original post

ww · ‎Jun 2 2022

Your source port need to be any. Its a rondom port. And delete all 443 because you wont be able to browse any website anymore 😛

CptnCrnch · ‎Jun 2 2022

Apart from that, you could use https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-circumvention-of-Cisco-Umbrella-... as a base to also include other means like DoH or DoT.

Meraki

Community

Dening Unwanted DNS

Dening Unwanted DNS