Hello - new to using the Meraki GP and probably doing something wrong but has anyone managed to successfully block social media from a device with Group Policies ?
We have a teenage daughter who has "an addiction" and we are trying to stop the "addiction" interfering with homework time by blocking access on a device that should be being used for schoolwork. Apple Screentime has failed us too many times so we are now trying to use GPs.
This is a set of L7 FW rules that I have added to a GP and applied that same GP to my iPad but I still see all 3 apps from my iPad
Any ideas what I am missing ?
You’ll still see the apps, group policy doesn’t remove them. You need to test them and see if they work...
Thanks and yes I realise that but the issue is that they do still work.....was not expecting to see them removed but was not expecting them to work
It's possible your MX still holds active sessions for those applications from the device in question, which are likely to be maintained. Have you tried disconnecting the device from the network for a period of time - or even just rebooting the MX - to clear?
Honestly not but can try that later when I am no longer working.....rebooting will take my business network down
Just tried and no dice - Instagram and Facebook still loaded on a device that was supposed to be restricted
When you select the client device in the Dashboard (under Network-wide > Clients), does it show your configured Group Policy as being applied to that device? (Bottom left, under 'Device policy:')
Assuming so, have you checked for any permit rules which might apply to these flows and be applied before the Group Policy rules you have configured? as per: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...
Thanks and yes have checked both - see attached
Meraki have just suggested that we also need to block UDP 443 so added a rule for this too
Searching wider this looks like it will block QUIC which does not strike me as a major issue because she is on an iPad and mainly using Safari and because her Chrome can still fall back to HTTP/HTTPS but am I missing anything else ?
All of the apps that she is supposed to be using from the iPad are Google Classroom based but I don't imagine these need QUIC ?
Any chance the 'Private Addresses' setting is toggled on, on the devices in question? That could stop the GP from applying to the device.
Hi @bluemoon61,
Instead of using the Layer 7 settings, try to use the Blocked website categories option under Security appliance only just below the Layer 7 settings. Choose the Social Networking as Facebook, Snapchat and Instagram falls into this category. You can also block other categories if you want.
Hope it helps.
Thanks for the suggestion - can I ask why this is a better approach ? Just trying to understand ?