Group policy - Allow URL list not functioning correctly

SOLVED
ErnstTFD
Here to help

Group policy - Allow URL list not functioning correctly

I have an MX64 with the latest firmware 16.16

 

In one of my Group Policies I have added "wetransfer.com" as well as "we.tl". Despite this I cannot access this website and get and error "website can't be found". If I plug a PC directly into my router bypassing the MX64 then wetransfer works perfectly.

 

I do have "All Web file sharing" enabled in the "Layer 7 firewall" settings, but the whitelist should overrule this setting right?

 

In "Blocked website categories" only "peer-to-peer" is blocked nothing else relating to file sharing is blocked.

 

Also in this specific group policy I'm blocking ports 50,000 to 65,535. Should this be a problem?

 

Thank you for any advice.

 

Screenshot 2022-04-20 134315.png

 

Screenshot 2022-04-20 134342.png

 

Screenshot 2022-04-20 134411.png

 

Screenshot 2022-04-20 134433.png

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

Whitelist is for content filtering. Not for layer7 firewall

 

P2p category  can be tricky  on 16.x nbar

 

Try to test without web sharing (if it does not help also try without p2p)

View solution in original post

3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

Whitelist is for content filtering. Not for layer7 firewall

 

P2p category  can be tricky  on 16.x nbar

 

Try to test without web sharing (if it does not help also try without p2p)

It works with web file sharing removed. This is unfortunate, as it severely limits the use of layer 7 rules.

ww
Kind of a big deal
Kind of a big deal

Yes it would be better if it was also possible to make "allows"

 

You can still deny the more specific web file sharing applications, but you get a bigger list.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels