Category blocking

SOLVED
Patrik73
Getting noticed

Category blocking

Can you set Category blocking on a WiFi SSID (or it's VLAN) that is set as Bridge on its own VLAN without Umbrella?
I have a VLAN 130 that has 192.168.10.0/24
The SSID is set as Brigde Mode with VLAN 130.

 

But all I can set seem to be Layer 7 Firewal Rules.

 

I would like to use the Category blocking on that SSID.

1 ACCEPTED SOLUTION
Johnfnadez
Building a reputation

Yes, you must apply the policy on the VLAN, in the same chart where you define the Gateway IP

 

Johnfnadez_0-1669669572723.png

 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

View solution in original post

8 REPLIES 8
Johnfnadez
Building a reputation

If you have an MX upstream you can set a group policy with the filtering in the VLAN in question and all devices thru the same vlan will be under that policy.

 

If you do not have an MX firewall I don’t think if that’s possible due SSID has some L7 firewall it but is more oriented to apps than website categories

 

here you can find more info

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Sorry, forgot to mention.

I do have an MX84 upstream.
The MX has Advanced Security and the MR has Enterprise.

 

When I look at the policy I created, under Security appliance only I have the option to configure Blocked website categories.

But to they really work on my WiFi SSID that is set in Brige Mode with its own VLAN?

Johnfnadez
Building a reputation

Yes it works, just double check that you are tagging the traffic from SSID with the VLAN ID in question and it should work 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Thanks, I will try it out.

Has not been able to test it on the site yet.

Just configured it remote so far.

 

Still confused though.

I have read the link you provided, and it says under Applying Group Policies that it can not be applied to VLAN on MR Access Points.

At least there are no checkbox in MR Access Points under By VLAN.

Johnfnadez
Building a reputation

Yes, you must apply the policy on the VLAN, in the same chart where you define the Gateway IP

 

Johnfnadez_0-1669669572723.png

 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Thank you, 🙂

Can you somehow see or get reports on what pages has been blocked?
Some kind of statistics.

Johnfnadez
Building a reputation

Yes, under Organization -> Summary Report you can see a report, or under Network Wide -> Event Log you can see detailed logs

 

if you consider my answers as a solution I’d appreciate if you mark them as solution 🙂

 

 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Thanks again.
I will set your answer as solution and then try this out when i'm on site. 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels