cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL Filtering has broken SM monitoring

SOLVED
Here to help

URL Filtering has broken SM monitoring

I have MR42, MX64 and MS220-8

 

Based on the guides I created a Group policy that blacklists * and whitelists 2 websites and also meraki.com

 

I have applied this group policy to a VLAN for a specific SSID (for some reason group policy applied via sentry tags wasnt working which I created a post about here: https://community.meraki.com/t5/Network-Wide/Group-Policy-via-Sentry-Tag-not-working/m-p/2972#M76

 

However, this has broken Systems Manager MDM on the ipads.  When I added meraki.com to the whitelist it caused the Meraki app on the Ipad to show all green check marks but the ipads show offline in Systems Manager and I can not send commands to them anymore.  The guide doesnt say what I need to put in the URL filtering whitelist, it mentions meraki.com but that clearly isnt enough.  These are URL filters so I cant whitelist ip addresses afaik.

 

This was the guide I followed: https://documentation.meraki.com/MX-Z/Content_Filtering_and_Threat_Protection/Content_Filtering

 

Anyone can help me with this?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: URL Filtering has broken SM monitoring

Try whitelisting *.apple.com.

4 REPLIES 4
Highlighted
Kind of a big deal

Re: URL Filtering has broken SM monitoring

Try whitelisting *.apple.com.

Here to help

Re: URL Filtering has broken SM monitoring


@PhilipDAth wrote:

Try whitelisting *.apple.com.


I totally didnt think that MDM might go through apple, I thought it was direct to meraki, going to whitelist *.apple.com now.  Thanks.

Kind of a big deal

Re: URL Filtering has broken SM monitoring

Apple devices are very much tied to Apple (consider Apple push notifications).

 

Have you got any way to log the DNS queries being made (even if by a packet capture)?  If so use that method to get a definitive list of what is needed.

Here to help

Re: URL Filtering has broken SM monitoring

I whitelisted *.apple.com and it fixed my issue, thank you!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.