Meraki

Community

MX Webfilter

Daniel24
Here to help
‎Sep 1 2022 7:20 AM
‎Sep 1 2022 7:20 AM

MX Webfilter

I will be moving to the MX's soon for firewall and web filtering needs. I believe I have read that the web filtering solutions within the MX devices do not provide a splash page to alert users of a blocked page. If this is true is there anyway to resolve this with additional software/license add on? Is this something Cisco Umbrella license resolves?

Labels:
0 Kudos
4 Replies 4
GreenMan
Meraki Employee
Meraki Employee
‎Sep 1 2022 7:51 AM
‎Sep 1 2022 7:51 AM

This is true, for sites using HTTPS (which is a lot of sites, these days):   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

Blocked sites using HTTP will generate a block page back to the client:   https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_the_Defau...

 

To my knowledge the issue with HTTPS can't be resolved natively with the Meraki solution alone but, whilst I'm no expert on Umbrella specifically, I believe that can address this, provided the clients trust the cert which Umbrella uses for the block page:   https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbre...
This is likely to be a problem if your clients are unmanaged (e.g. Guest users)

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 1 2022 11:25 AM
‎Sep 1 2022 11:25 AM

On Umbrella you can use SSL decryption. On Meraki, the HTTPS Inspection feature was announced, and It's is still in development and in beta.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Daniel24
Here to help
‎Sep 8 2022 2:31 PM
‎Sep 8 2022 2:31 PM

Will I be able to have the SSL Decryption at the Umbrella Secure Internet Gateway Essentials or do I need a different level of licensing for this feature?

0 Kudos
In response to Daniel24
GreenMan
Meraki Employee
Meraki Employee
‎Sep 9 2022 1:53 AM
‎Sep 9 2022 1:53 AM

HTTPS decryption is part of the Intelligent Proxy component of Umbrella SIG, which is included with Essentials.  Check out the first line of this ready comparison:
https://umbrella.cisco.com/products/umbrella-enterprise-security-packages

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.