Meraki

vagner_lima

I am encountering an issue while configuring content filtering on our Meraki. We have a Group Policy named "expedicao_internet", which applies category-based blocking.

Currently, we are blocking the "Education" category within this policy, but we need to allow specific URLs within that category without disabling the category-wide block.

The problem is as follows: when I add the site cieers.org.br to the Allow List within the Group Policy, it does not get unblocked. Even after adding various domain variations like:

*.cieers.org.br
www.cieers.org.br
cieers.org.br

The site continues to be blocked. However, if I remove the "Education" category from the policy, access to the site is correctly allowed.

after remove category education.

Our goal is to keep the "Education" category blocked while still allowing access to cieers.org.br and other specific URLs that may be needed.

We would like to know if there are any additional settings or adjustments we can make to allow specific URLs within the blocked category without having to remove the category block altogether.

Mloraditch

Based on the documentation (https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering) and my experience, you appear to have things setup correctly to do as you want. Allows are supposed to take precedence over blocks and the allow/block list are supposed to be processed before the category rules.

I would make sure you are on the latest firmware for your MX and contact support.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

vagner_lima

I opened a ticket with support and am waiting for a response. However, the situation is quite strange. The configuration appears to be correct, and the block is coming from the category itself because if I remove it, the site becomes accessible. But when I add the category back and put the site on the allowed list, it remains blocked. 😞

RWelch

Content filtering allows you to block certain categories of websites based on your organizational policies. You can also block or allow list individual websites for additional customization. For example, if you block the "Internet Communications" category this also blocks gmail.com and facebook.com because both websites are communication platforms. You can allow list gmail.com and facebook.com to make sure that both websites are fully operational while all other websites providing chat functionality are blocked.

Content Filtering

URL Block List and Allow List Patterns

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

vagner_lima

Yes, I understand that, and I've already read all the documentation, but it's not working as expected because the site is correctly listed. 😞

RWelch

I had a similar issue in the past and putting all of the URLs in the allow list alphabetically helped resolve my issue. Not sure if that is the case with your scenario.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

vagner_lima

I will try.

vagner_lima

Do you add URLs like this:

facebook.com

*.facebook.com

? Is there any trick to this? In other firewalls, I have always used the asterisk, but in Meraki, this also seems to have some particularity.

PhilipDAth

When you make changes like this, they only apply to NEW TCP flows being made by the client. Existing flows keep the existing settings. As a result, it can take 10 minutes for you to see the change if you use the same test machine.

vagner_lima

I understand, in this case, I have already waited but I continue trying new tests.

Meraki

Community

Help WEB Filter Firewall Meraki Block URL ALLOWED LIST GROUP POLICY

Help WEB Filter Firewall Meraki Block URL ALLOWED LIST GROUP POLICY