Meraki

Community

How to use OpenDNS as an Internet Filter MX64

Solved
bjk
Here to help
‎Apr 12 2021 1:21 PM
‎Apr 12 2021 1:21 PM

How to use OpenDNS as an Internet Filter MX64

I have an MX64 for a very small public library network without the advanced security license.  How does one configure the MX64 to use OpenDNS and do I need to subscribe and pay for a license to use OpenDNS?

Just need a very simple way to block porn or adult websites.

0 Kudos
1 Accepted Solution
In response to Inderdeep
BrandonS
Kind of a big deal
‎Apr 12 2021 2:07 PM
‎Apr 12 2021 2:07 PM

There are some free and low cost options here: https://www.opendns.com/home-internet-security/

 

You enroll for free or paid and then tell it your public IP or IP block to filter against. 

 

To ensure users can’t bypass this DNS that you would serve via DHCP presumably, you could create firewall rules denying all DNS port 53/UDP except OpenDNS/Umbrella and that should do a good job complying with blocking adult content for a library. 

My generally understanding for the laws around this in the US is that you make a reasonable attempt such as this and are not liable for reporting or instances where people find a way around it. 

 

- Ex community all-star (⌐⊙_⊙)

View solution in original post

19 Replies 19
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:27 PM
‎Apr 12 2021 1:27 PM

@bjk : OpenDNS which is now Cisco Umbrella (Cloud DNS security and Proxy) has manual integration with Meraki MX

Have a look on below link for your reference , Check out the Meraki Group Policy with Umbrella

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_... 

 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 1:30 PM
‎Apr 12 2021 1:30 PM

But doesn't this require the Advance Security License?

"This feature is available for an MX with Advanced Security license"

In response to bjk
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:33 PM
‎Apr 12 2021 1:33 PM

if you have advance security license then no body cares about the Cisco Umbrella as you have all the security features on the box. 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 1:37 PM
‎Apr 12 2021 1:37 PM

I have an MX64 firewall.  I do not have the advance security license.  I am asking for a suggestion for a simple Internet filtering solution for this very small network. 

0 Kudos
In response to bjk
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:39 PM
‎Apr 12 2021 1:39 PM

So you have enterprise license on the MX ?

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 1:41 PM
‎Apr 12 2021 1:41 PM

Yes.

0 Kudos
In response to bjk
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:42 PM
‎Apr 12 2021 1:42 PM

To integrate Cisco Umbrella with Meraki MX you still need Advance Security license.

Check the below link and check for "Features by License Option" on the link below you will get to know. 

 

https://documentation.meraki.com/General_Administration/Licensing/Meraki_MX_Security_and_SD-WAN_Lice... 

 

and so integration with Cisco Umbrella 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_... 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 1:44 PM
‎Apr 12 2021 1:44 PM

I am aware of that.  

Can anyone help me with a solution that does not require and advance security license?

0 Kudos
In response to bjk
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:48 PM
‎Apr 12 2021 1:48 PM

When you say Security from the internet what features you need ?

1. IPS/IDS

2. Advance Malware Protection 

3. DNS security

4. Threat Grid

 

All these are not available on the enterprise license of MX. 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 1:50 PM
‎Apr 12 2021 1:50 PM

I only need Internet content filtering for a small library network.

0 Kudos
In response to bjk
Inderdeep
Kind of a big deal
‎Apr 12 2021 1:51 PM
‎Apr 12 2021 1:51 PM

Content filtering is also available with the Advance security license only but not available with Enterprise license.

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
BrandonS
Kind of a big deal
‎Apr 12 2021 2:07 PM
‎Apr 12 2021 2:07 PM

There are some free and low cost options here: https://www.opendns.com/home-internet-security/

 

You enroll for free or paid and then tell it your public IP or IP block to filter against. 

 

To ensure users can’t bypass this DNS that you would serve via DHCP presumably, you could create firewall rules denying all DNS port 53/UDP except OpenDNS/Umbrella and that should do a good job complying with blocking adult content for a library. 

My generally understanding for the laws around this in the US is that you make a reasonable attempt such as this and are not liable for reporting or instances where people find a way around it. 

 

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
Inderdeep
Kind of a big deal
‎Apr 12 2021 2:17 PM
‎Apr 12 2021 2:17 PM

@bjk As @BrandonS says, you can put the firewall rules to block all the adult content for a library. You can make use of your Internet DNS pointed to Cisco Umbrella instead of your local service provider or Google whatever is now pointed. The traffic flow from the internet to your site via Cisco Umbrella. 

The Umbrella IPv4 addresses are:

  • 208.67.222.222
  • 208.67.220.220

The Umbrella IPv6 addresses are:

  • 2620:119:35::35
  • 2620:119:53::53
Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
bjk
Here to help
‎Apr 12 2021 2:19 PM
‎Apr 12 2021 2:19 PM

We cannot use Cisco Umbrella because we do not have the advance security license.

0 Kudos
In response to BrandonS
bjk
Here to help
‎Apr 12 2021 2:20 PM
‎Apr 12 2021 2:20 PM

I will try the "home" version of OpenDNS and see how that works.  Thanks BrandonS.

0 Kudos
In response to BrandonS
bjk
Here to help
‎Apr 12 2021 6:49 PM
‎Apr 12 2021 6:49 PM

That worked great.  Thanks.

0 Kudos
In response to Inderdeep
CptnCrnch
Kind of a big deal
‎Apr 13 2021 11:32 AM
‎Apr 13 2021 11:32 AM

@Inderdeep wrote:

if you have advance security license then no body cares about the Cisco Umbrella as you have all the security features on the box. 

You won‘t be able to achieve even half of what Umbrella provides you with with an on-box solution.

0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 12 2021 3:13 PM
‎Apr 12 2021 3:13 PM

Hey @bjk , bit late to the party on this one. What’s your wireless solution? Meraki MR’s? Or are your library users wired?

 

If Meraki MR you could filter on the SSID using Layer 7 rules.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
bjk
Here to help
‎Apr 12 2021 3:37 PM
‎Apr 12 2021 3:37 PM

The library has ten wired desktop computers and does also offer wifi via a MR access point.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.