Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group policy - Allow URL list not functioning correctly

Solved
ErnstTFD
Getting noticed
‎Apr 20 2022 4:45 AM
‎Apr 20 2022 4:45 AM

Group policy - Allow URL list not functioning correctly

I have an MX64 with the latest firmware 16.16

 

In one of my Group Policies I have added "wetransfer.com" as well as "we.tl". Despite this I cannot access this website and get and error "website can't be found". If I plug a PC directly into my router bypassing the MX64 then wetransfer works perfectly.

 

I do have "All Web file sharing" enabled in the "Layer 7 firewall" settings, but the whitelist should overrule this setting right?

 

In "Blocked website categories" only "peer-to-peer" is blocked nothing else relating to file sharing is blocked.

 

Also in this specific group policy I'm blocking ports 50,000 to 65,535. Should this be a problem?

 

Thank you for any advice.

 

Screenshot 2022-04-20 134315.png

 

Screenshot 2022-04-20 134342.png

 

Screenshot 2022-04-20 134411.png

 

Screenshot 2022-04-20 134433.png

0 Kudos
Subscribe
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Apr 20 2022 4:59 AM
‎Apr 20 2022 4:59 AM

Whitelist is for content filtering. Not for layer7 firewall

 

P2p category  can be tricky  on 16.x nbar

 

Try to test without web sharing (if it does not help also try without p2p)

View solution in original post

0 Kudos
Subscribe
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Apr 20 2022 4:59 AM
‎Apr 20 2022 4:59 AM

Whitelist is for content filtering. Not for layer7 firewall

 

P2p category  can be tricky  on 16.x nbar

 

Try to test without web sharing (if it does not help also try without p2p)

0 Kudos
Subscribe
In response to ww
ErnstTFD
Getting noticed
‎Apr 20 2022 5:15 AM
‎Apr 20 2022 5:15 AM

It works with web file sharing removed. This is unfortunate, as it severely limits the use of layer 7 rules.

0 Kudos
Subscribe
In response to ErnstTFD
ww
Kind of a big deal
Kind of a big deal
‎Apr 20 2022 5:40 AM
‎Apr 20 2022 5:40 AM

Yes it would be better if it was also possible to make "allows"

 

You can still deny the more specific web file sharing applications, but you get a bigger list.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.