How do I restrict a host or hosts to only access a certain website?

SOLVED
ShadowoftheDark
Getting noticed

How do I restrict a host or hosts to only access a certain website?

Hi,

 

I want to restrict a host or a number of hosts to only access a certain website, let's say 

 

cnn com

 

How do I do this?

 

I'm thinking of creating a group policy and creating a block list of "*"" and only allowing only cnn com

 

ShadowoftheDark_0-1663896201622.png

 

Next, I'll create a firewall rule and specify the host or hosts that needs to access and the ip address of the destination 

 

ShadowoftheDark_1-1663896393128.png

 

 

Then I apply the policy to the host.

 

Is this process correct?

 

I initially tried the group policy on a host and it seems that they still can go to other sites even though they're restricted by the * and the sites they're allowed to is specified.

 

Thanks

1 ACCEPTED SOLUTION
Brash
Head in the Cloud

The URL filtering should work as intended.

As per the below doc, the example provided matches what you're trying to achieve

Content Filtering - Cisco Meraki

 

I just performed a quick test of the URL filtering with a group policy and it seemed to work correctly.
It took a few minutes to apply but once applied it worked as intended.

Potentially existing flows through the MX won't be blocked so you might have to reboot the device for that.

 

As you indicated, the other way to do it is to create an L3 firewall rule to allow access only to the known public IP and deny all other traffic. This requires the public IP being relatively static but will end up being a 'stricter' policy than just URL filtering.

View solution in original post

1 REPLY 1
Brash
Head in the Cloud

The URL filtering should work as intended.

As per the below doc, the example provided matches what you're trying to achieve

Content Filtering - Cisco Meraki

 

I just performed a quick test of the URL filtering with a group policy and it seemed to work correctly.
It took a few minutes to apply but once applied it worked as intended.

Potentially existing flows through the MX won't be blocked so you might have to reboot the device for that.

 

As you indicated, the other way to do it is to create an L3 firewall rule to allow access only to the known public IP and deny all other traffic. This requires the public IP being relatively static but will end up being a 'stricter' policy than just URL filtering.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels