Meraki

Community

How to block Thunder VPN traffic and service port in MX-100?

Naw2
Just browsing
‎Aug 7 2024 10:12 PM
‎Aug 7 2024 10:12 PM

How to block Thunder VPN traffic and service port in MX-100?

Dear All,

 

I have configured Splash page for guest wireless with billing. Now, I'm facing some issue. My issue is end user can access internet without login to splash page.  I have configured Advanced splash settings >> Captive portal strength >> Block all access until sign-on is complete. But, they can bypass our splash page using Thunder VPN. So, I would like to know how to block Thunder VPN traffic and services port in MX-100.

Please help to find the solution for my issue.

 

Thanks

Naw2

 

Labels:
0 Kudos
6 Replies 6
Brash
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 10:47 PM
‎Aug 7 2024 10:47 PM

You can enable the "Proxy Avoidance and Anonymizers". content filter category

 

However it may be hit or miss for certain private VPN's.

0 Kudos
In response to Brash
Naw2
Just browsing
‎Aug 8 2024 12:03 AM
‎Aug 8 2024 12:03 AM

Hi,

 

I can't find "Proxy Avoidance and Anonymizers" in my content filter category.

Please check the following;

Naw2_0-1723100524724.pngNaw2_1-1723100541385.png

 

Please help to find the best solution. Thanks for your help.

 

Naw2

0 Kudos
In response to Naw2
Brash
Kind of a big deal
Kind of a big deal
‎Aug 8 2024 4:33 AM
‎Aug 8 2024 4:33 AM

You're right, the category changed and is now split out to "Personal VPN"

In response to Brash
cmr
Kind of a big deal
Kind of a big deal
‎Aug 8 2024 10:13 AM
‎Aug 8 2024 10:13 AM

As it looks like @Naw2 already has that category blocked, I'd install it on a client and see what servers it connects to to get started.  You can then create a rule to block those.  From the reviews I've seen they don't have many IPs per country, so whilst it will be a little bit of effort, it won't be that bad.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 8 2024 2:24 PM
‎Aug 8 2024 2:24 PM

Try capturing "port 53" as it starts up and connects.  Note all the DNS entries it talks to.  Create a firewall rule to block those DNS entries.

0 Kudos
evaelfie
New here
‎Aug 8 2024 3:02 PM
‎Aug 8 2024 3:02 PM

Reinforce Captive Portal Rules: Ensure your captive portal settings are strictly configured to block all internet access until successful authentication.
Detect VPN Traffic: Implement deep packet inspection (DPI) to identify VPN traffic qatar visa check, patterns and redirect users to the captive portal.
Update Firmware: Keep your MX-100 firmware up-to-date for the latest security features and bug fixes.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.