I have an MX64 for a very small public library network without the advanced security license. How does one configure the MX64 to use OpenDNS and do I need to subscribe and pay for a license to use OpenDNS?
Just need a very simple way to block porn or adult websites.
Solved! Go to solution.
There are some free and low cost options here: https://www.opendns.com/home-internet-security/
You enroll for free or paid and then tell it your public IP or IP block to filter against.
To ensure users can’t bypass this DNS that you would serve via DHCP presumably, you could create firewall rules denying all DNS port 53/UDP except OpenDNS/Umbrella and that should do a good job complying with blocking adult content for a library.
My generally understanding for the laws around this in the US is that you make a reasonable attempt such as this and are not liable for reporting or instances where people find a way around it.
@bjk : OpenDNS which is now Cisco Umbrella (Cloud DNS security and Proxy) has manual integration with Meraki MX
Have a look on below link for your reference , Check out the Meraki Group Policy with Umbrella
But doesn't this require the Advance Security License?
"This feature is available for an MX with Advanced Security license"
if you have advance security license then no body cares about the Cisco Umbrella as you have all the security features on the box.
I have an MX64 firewall. I do not have the advance security license. I am asking for a suggestion for a simple Internet filtering solution for this very small network.
So you have enterprise license on the MX ?
Yes.
To integrate Cisco Umbrella with Meraki MX you still need Advance Security license.
Check the below link and check for "Features by License Option" on the link below you will get to know.
and so integration with Cisco Umbrella
I am aware of that.
Can anyone help me with a solution that does not require and advance security license?
When you say Security from the internet what features you need ?
1. IPS/IDS
2. Advance Malware Protection
3. DNS security
4. Threat Grid
All these are not available on the enterprise license of MX.
I only need Internet content filtering for a small library network.
Content filtering is also available with the Advance security license only but not available with Enterprise license.
There are some free and low cost options here: https://www.opendns.com/home-internet-security/
You enroll for free or paid and then tell it your public IP or IP block to filter against.
To ensure users can’t bypass this DNS that you would serve via DHCP presumably, you could create firewall rules denying all DNS port 53/UDP except OpenDNS/Umbrella and that should do a good job complying with blocking adult content for a library.
My generally understanding for the laws around this in the US is that you make a reasonable attempt such as this and are not liable for reporting or instances where people find a way around it.
@bjk As @BrandonS says, you can put the firewall rules to block all the adult content for a library. You can make use of your Internet DNS pointed to Cisco Umbrella instead of your local service provider or Google whatever is now pointed. The traffic flow from the internet to your site via Cisco Umbrella.
The Umbrella IPv4 addresses are:
The Umbrella IPv6 addresses are:
We cannot use Cisco Umbrella because we do not have the advance security license.
I will try the "home" version of OpenDNS and see how that works. Thanks BrandonS.
That worked great. Thanks.
@Inderdeep wrote:if you have advance security license then no body cares about the Cisco Umbrella as you have all the security features on the box.
You won‘t be able to achieve even half of what Umbrella provides you with with an on-box solution.
Hey @bjk , bit late to the party on this one. What’s your wireless solution? Meraki MR’s? Or are your library users wired?
If Meraki MR you could filter on the SSID using Layer 7 rules.
The library has ten wired desktop computers and does also offer wifi via a MR access point.