Meraki

Community

List of applications for Layer 7 FW rules

OddSox
Conversationalist
‎Apr 15 2020 9:52 AM
‎Apr 15 2020 9:52 AM

List of applications for Layer 7 FW rules

Hi Community,

Hopefully this will be a quick answer. New to the community so thanks in advance.

My customer is requesting we block such things as logmein and other remote control, but accept others that they like such as Team Viewer.

Now I am expecting it is done this way

Layer 7 - Deny Remote Mgmt and Sharing

Layer 3 - Permit associated Team Viewer info such as proxy IP/ports etc.

I need to have the above confirmed - there may be a better way to do this and also - and more importantly - is there a list of applications and which category they relate to?

Cheers

0 Kudos
6 Replies 6
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Apr 15 2020 10:26 AM
‎Apr 15 2020 10:26 AM

Unfortunately, I think this is a difficult and cumbersome task to achieve.
All these services usually use multiple endpoints, IPs and Ports.

You can block RDP by blocking port tcp/3389 and udp/3389.
I don't think the L7 rule denying, Remote Mgmt and Sharing will be enough (or even work) on all of the services.
And perhaps you can create an HTTP Hostname L7 rule matching hostnames like anydesk.com, logmein, and so on.

Furthermore, most of these services also utilise ports 80 and 443, which you probably don't want to block.

I'm not saying it's impossible, but rather difficult.

I have yet to find a list or lookup tool, which I'm rather surprised Meraki hasn't provided.
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
OddSox
Conversationalist
‎Apr 15 2020 11:56 AM
‎Apr 15 2020 11:56 AM

Thanks a lot for the quick response. I can see that this may be an interesting one. I suspect that the URL will not be that simple either. I'll wireshark Team Viewer and Logmein for a start and see where I go. If I find a list I'll share, if not I'll start compiling one, I'm not going out anyway!! 😉

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 15 2020 1:35 PM
‎Apr 15 2020 1:35 PM

L7 rules only allow you to deny - not permit.

 

It denies what appears in the drop-down box.

 

PhilipDAth_0-1586982871367.png

 

0 Kudos
In response to PhilipDAth
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Apr 15 2020 2:00 PM
‎Apr 15 2020 2:00 PM

So that list is the actual sites that are blocked?
Say one wants to block news sites. It's possible to deny traffic to New York Times, but not Wall Street Journal? Or is WSJ covered in the "All news" option?
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 15 2020 2:02 PM
‎Apr 15 2020 2:02 PM

If you want to block a specific site then I'd block it by URL.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support 

In response to PhilipDAth
OddSox
Conversationalist
‎Apr 16 2020 8:57 AM
‎Apr 16 2020 8:57 AM

I think this is going to have to be the answer. The categories are very limited on the drop down, I thought they would have a larger range to choose from but hopefully will improve with time.
Cheers all
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.