List of applications for Layer 7 FW rules

OddSox
Conversationalist

List of applications for Layer 7 FW rules

Hi Community,

Hopefully this will be a quick answer. New to the community so thanks in advance.

My customer is requesting we block such things as logmein and other remote control, but accept others that they like such as Team Viewer.

Now I am expecting it is done this way

Layer 7 - Deny Remote Mgmt and Sharing

Layer 3 - Permit associated Team Viewer info such as proxy IP/ports etc.

I need to have the above confirmed - there may be a better way to do this and also - and more importantly - is there a list of applications and which category they relate to?

Cheers

6 Replies 6
rhbirkelund
Kind of a big deal
Kind of a big deal

Unfortunately, I think this is a difficult and cumbersome task to achieve.
All these services usually use multiple endpoints, IPs and Ports.

You can block RDP by blocking port tcp/3389 and udp/3389.
I don't think the L7 rule denying, Remote Mgmt and Sharing will be enough (or even work) on all of the services.
And perhaps you can create an HTTP Hostname L7 rule matching hostnames like anydesk.com, logmein, and so on.

Furthermore, most of these services also utilise ports 80 and 443, which you probably don't want to block.

I'm not saying it's impossible, but rather difficult.

I have yet to find a list or lookup tool, which I'm rather surprised Meraki hasn't provided.
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
OddSox
Conversationalist

Thanks a lot for the quick response. I can see that this may be an interesting one. I suspect that the URL will not be that simple either. I'll wireshark Team Viewer and Logmein for a start and see where I go. If I find a list I'll share, if not I'll start compiling one, I'm not going out anyway!! 😉

PhilipDAth
Kind of a big deal
Kind of a big deal

L7 rules only allow you to deny - not permit.

 

It denies what appears in the drop-down box.

 

PhilipDAth_0-1586982871367.png

 

rhbirkelund
Kind of a big deal
Kind of a big deal

So that list is the actual sites that are blocked?
Say one wants to block news sites. It's possible to deny traffic to New York Times, but not Wall Street Journal? Or is WSJ covered in the "All news" option?
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you want to block a specific site then I'd block it by URL.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support 

OddSox
Conversationalist

I think this is going to have to be the answer. The categories are very limited on the drop down, I thought they would have a larger range to choose from but hopefully will improve with time.
Cheers all
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels