How To Block Fortnite

SOLVED
jasongay
Conversationalist

How To Block Fortnite

I've got someone asking me to block the game Fortnite at their office.  The trouble is that it appears to be hosted in AWS and the servers are dynamic.  Anyone run into this or have any suggestions on how to do it?

1 ACCEPTED SOLUTION
Dylan_YYC
Getting noticed

Heh... check this out. I did this for our school, Fortnite will load, but with ping times of well over 1000ms its mostly useless! To find this information, i loaded up the game on a work computer and did a wireshark capture, from there i made this rule. Works wonders!2018-04-27 08_47_35-Traffic Shaping - Meraki Dashboard.png

 

Message from Meraki

 

Hi there!  We have noticed that this thread is one of the top Google search results for “How to block Fortnite” (and similar queries).  Given this thread’s popularity, many of you will see it and perhaps have no idea what this “Meraki” thing is.  If that’s you, allow us to answer that.

 

Meraki is the “cloud managed networking” segment of Cisco Systems.  Meraki became a part of Cisco in 2012, became one of their most successful acquisitions ever, and is now a multi-billion dollar business inside of Cisco and growing rapidly.  Cisco Meraki is all about IT simplicity, and we develop cloud-managed IT infrastructure (access points, switches, security appliances, cameras, and software for mobile device management and application analytics), with rich enterprise feature sets, combined with the world’s simplest and most intuitive IT management solution, the Meraki Dashboard.  Our mission in all we develop is to provide powerful technology that simply works, and is all centrally managed from any browser, on any device, from any place at any time.  A Meraki solution monitors its own health, keeps itself up to date, allows automation with open APIs, and can alert you when things go wrong.

 

Setting up things for online gaming like traffic shaping, application blocking, and content filtering are simple and intuitive to set up in the Meraki Dashboard with just a few clicks.  If you are hearing of Meraki for the first time, please watch this video for a 2-minute introduction.  And please join us for an upcoming webinar (and get a free AP if eligible), or check out this webinar recording for an Introduction to Cloud Managed IT with Meraki.  If you would like a free trial of some Meraki equipment, that’s also simple to do right here.

View solution in original post

16 REPLIES 16
Dylan_YYC
Getting noticed

Heh... check this out. I did this for our school, Fortnite will load, but with ping times of well over 1000ms its mostly useless! To find this information, i loaded up the game on a work computer and did a wireshark capture, from there i made this rule. Works wonders!2018-04-27 08_47_35-Traffic Shaping - Meraki Dashboard.png

 

Message from Meraki

 

Hi there!  We have noticed that this thread is one of the top Google search results for “How to block Fortnite” (and similar queries).  Given this thread’s popularity, many of you will see it and perhaps have no idea what this “Meraki” thing is.  If that’s you, allow us to answer that.

 

Meraki is the “cloud managed networking” segment of Cisco Systems.  Meraki became a part of Cisco in 2012, became one of their most successful acquisitions ever, and is now a multi-billion dollar business inside of Cisco and growing rapidly.  Cisco Meraki is all about IT simplicity, and we develop cloud-managed IT infrastructure (access points, switches, security appliances, cameras, and software for mobile device management and application analytics), with rich enterprise feature sets, combined with the world’s simplest and most intuitive IT management solution, the Meraki Dashboard.  Our mission in all we develop is to provide powerful technology that simply works, and is all centrally managed from any browser, on any device, from any place at any time.  A Meraki solution monitors its own health, keeps itself up to date, allows automation with open APIs, and can alert you when things go wrong.

 

Setting up things for online gaming like traffic shaping, application blocking, and content filtering are simple and intuitive to set up in the Meraki Dashboard with just a few clicks.  If you are hearing of Meraki for the first time, please watch this video for a 2-minute introduction.  And please join us for an upcoming webinar (and get a free AP if eligible), or check out this webinar recording for an Introduction to Cloud Managed IT with Meraki.  If you would like a free trial of some Meraki equipment, that’s also simple to do right here.

You could use a layer 3 firewall rule and block the FQDN and ports give in the traffic shapping example.

 

You could probably also use content filtering and block "Gaming",

Yeah - that's what I wanted to do.  I just can't find any documentation online of what ports or destinations fortnite can be found at.

PhilipDAth
Kind of a big deal
Kind of a big deal

Here is what I would do.  Start with the gaming device off.  Start a packet capture of all DNS queries.  Start up the gaming device, and then the game.  Stop the packet capture.

 

Now you have a list of the DNS names it needs to work.  Chances are one of them is used to login or verify that the game is legal and legit.  There is possible one or more domains used to start the actual game as well.

 

Now that you have these, create a firewall rule blocking these domain names using FQDN rules.

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings#FQDN_Support

 

 

I'm thinking you'll be finished the whole job in 15 minutes.


@PhilipDAth wrote:

Here is what I would do.  Start with the gaming device off.  Start a packet capture of all DNS queries.  Start up the gaming device, and then the game.  Stop the packet capture.

 

Now you have a list of the DNS names it needs to work.  Chances are one of them is used to login or verify that the game is legal and legit.  There is possible one or more domains used to start the actual game as well.

 

Now that you have these, create a firewall rule blocking these domain names using FQDN rules.

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Firewall_Settings#FQDN_Support

 

 

I'm thinking you'll be finished the whole job in 15 minutes.


That 15 minutes will be deducted from your paycheck though.

cta102
Building a reputation

According to the Epic Games web site the ports 80, 433 and 5220 are the ports uses, so that may be a little awkward.

 

However they state that epicgames.com must be accessible to play, so I guess a layer 7 rule for that domain would be a good place to start.

 

http://fortnitehelp.epicgames.com/customer/en/portal/articles/2443365-network-connectivity-troublesh...

It's best to block Fortnite by DNS or TLS SNI. But if you can't for some reason, you can still block it by IP address.

 

 

I've been maintaining an IP list at http://beeline.org/fortnite for both Fortnite (~700 IP's) and Twitch (~150 IP's). The lists seem to grow every time my kid plays!

 

cta102
Building a reputation

I forced myself to visit this as initial tests revealed that I think Fortnite is absolutely awful for so many reasons and I have played PvP games since they were first available (including way back to Midi Maze and (nc-)snipes.)

 

Interestingly there is a difference between platforms for the way endpoints are dealt with

 

The Nintendo Switch version is nice as it uses the expected epicgames.com domain names.

 

However the XBox uses some of the IP addresses, which I assume are gathered via the XBox Live service (as it isn't routed purely through the MS service.)

 

Edit: The dame doesn't directly connect to the Epic authentication serves the first time you play it (if you select 'Use my Gamer Tag')

After that it uses ol.epicgames.com so a L7 rule on epicgames.com does allow you to play with connectivity/throughput till your heart is content.

I don't know what the Playstation 4 uses as I don't have access to one at the moment.

What program did you use to create the rule?

cta102
Building a reputation

In my case I simply created a L7 firewall rule on my MX64 as shown in the attached image (though I have disabled it by adding zzz to the URL as one of the offspring would not have been too happy if left the block in place)Block Fortnite.PNG

Hi, I was wondering if I could use this same software but instead to lower my ping instead of make it in the thousands for fortnite. The only other way to do this is by buying a $200 router that has DumaOs geo filter capabilities. 


@issathor wrote:

Hi, I was wondering if I could use this same software but instead to lower my ping instead of make it in the thousands for fortnite. The only other way to do this is by buying a $200 router that has DumaOs geo filter capabilities. 


I guess if the issue of high lag is caused by the game choosing a server that is not in your region, the GeoIP firewall rules could help. But you need an MX firewall and the advanced security license for that. That'll cost at least that. It's not "software".

cta102
Building a reputation

The only thing I could think of is of Epic have a peering agreement with your ISP (which I doubt) you could possibly edit a hosts file on your machine to point epic.com (and whatever other servers) to the service your ISP is directly connected to.

 

However I don't know enough about Fortnite to say if this is the case.

viking
Here to help

Find out who is playing the game at work and for how long, then deduct that time from their paycheck. If they can still complete their work, then they are being efficient and your company will save money by only paying them for the time they worked.  They can be rewarded for their efficiency by using their leftover time to either complete more work for more pay, or have unpaid time to play games. If they don't complete their work, then you can replace them with someone else who would rather get paid then play games.  I think allowing people to be responsible for themselves as much as possible is the best method for cases like this.  Otherwise, you will always be playing whack-a-mole with every new time-wasting app/game/site.  This also forces managers to pay attention to their employees, instead of relying on the I.T. police while they play games too 😉

jasongay
Conversationalist

Not disagreeing at all.  But I'm an IT consultant and it's not my place to do that for them!  They asked more for something specific and it's my job to deliver it.

MerakiDave
Meraki Employee
Meraki Employee

Hi there!  We have noticed that this thread is one of the top Google search results for “How to block Fortnite” (and similar queries).  Given this thread’s popularity, many of you will see it and perhaps have no idea what this “Meraki” thing is.  If that’s you, allow us to answer that.

 

Meraki is the “cloud managed networking” segment of Cisco Systems.  Meraki became a part of Cisco in 2012, became one of their most successful acquisitions ever, and is now a multi-billion dollar business inside of Cisco and growing rapidly.  Cisco Meraki is all about IT simplicity, and we develop cloud-managed IT infrastructure (access points, switches, security appliances, cameras, and software for mobile device management and application analytics), with rich enterprise feature sets, combined with the world’s simplest and most intuitive IT management solution, the Meraki Dashboard.  Our mission in all we develop is to provide powerful technology that simply works, and is all centrally managed from any browser, on any device, from any place at any time.  A Meraki solution monitors its own health, keeps itself up to date, allows automation with open APIs, and can alert you when things go wrong.

 

Setting up things for online gaming like traffic shaping, application blocking, and content filtering are simple and intuitive to set up in the Meraki Dashboard with just a few clicks.  If you are hearing of Meraki for the first time, please watch this video for a 2-minute introduction.  And please join us for an upcoming webinar (and get a free AP if eligible), or check out this webinar recording for an Introduction to Cloud Managed IT with Meraki.  If you would like a free trial of some Meraki equipment, that’s also simple to do right here.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels