Netflix Users

SOLVED
CaseyBrown
Here to help

Netflix Users

Good morning,

 

So still working on becoming skilled on our MX400.  So we filtered Netflix so it would be blocked.  is there a way then to add clients (devices) to a group to then allow Netflix for them, but continue to block everyone else.  Looking for any advice.

 

Thanks to everyone for your help.

1 ACCEPTED SOLUTION

No need for apologies, @CaseyBrown. I'm working with a combined network for simplicity of policy enforcement and probably don't have a network the size of yours. Since you have your MX and MR in two separate dashboard networks, I think your best bet would be to allow Netflix in your default policy on your MX or within a group policy tied to the VLAN for your MR and MR Clients. Then have two different policies on your MR network. One that blocks Netflix and one that allows. 

 

You could use a Layer 7 firewall rule on your MR policy to block Netflix. Something like this: 

Layer7.JPG


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

View solution in original post

14 REPLIES 14
WadeAlsup
A model citizen

Hi @CaseyBrown

 

You can create Group Policies to apply to those users who need access to Netflix under Network wide > Group Policies. 

 

Meraki Group Policy documentation


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Thank you Wade, but the client can only use one policy correct?  So if we want them to use our campus wide filtered policy, but have access to Netflix how do you give two policies?

@CaseyBrown, you have the option to "Clone" existing group policies that you can in turn mold to fit another use. You can also apply group policies to entire VLANs which may benefit depending on your network structure. You could copy your campus wide policy and remove the Netflix restriction and apply that to the clients that need it. Make sure to remember the order in which the policies are applied, as well. 

 

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Troubleshooting_G...


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Sorry for the confusion.....So through the Appliance/Content Filtering/URL Blocking we have Netflix.com blocked.  I have created a wireless group policy called Netflix that I will addd clients to.  The new policy copies what we have for campus wide.  So with the new Netflix Policy how do you then circumvent the content filtering?  

@CaseyBrown

 

If the MX and MR are in the same (combined) network, then you have the option of altering settings in the Group Policy that affect just wired/wireless filters. You'll see "Wireless Only" and "Security Appliance only" in the group policy settings page. Here, you can "use network default" (follows the network-wide rules), "append" (adds to the existing list of rules), or "override" (creates a completely new list of rules and disregards the network's).

 

In this instance, you would create a group policy that overrides the network-wide list (make sure to include anything that should still stay), then apply that policy in the Network-wide > Clients list.

 

If the MX and MR are in different networks, then you'll have to manage separate policies on your MR and MX for that client, both of which would allow Netflix.

 

Hope this helps!

Zak

No worries, @CaseyBrown

 

It sounds like your "Campus Wide" filtering is the Default Network Policy, rather than a separate Group Policy. In your case, I would create a copy of your Default Network settings in a Group Policy to use as a template going forward. You will have to recreate these settings in a Group Policy manually the first time. You might name it Default Template, Campus Wide Template, or something along those lines. This will give you a group policy that mirrors your default network policy and one you can Clone to create different variations as needed. (I would also include a note to manually update the template policy as changes network wide are made in the future). Now you can clone the newly created Group Policy and change it's settings to allow Netflix. When you apply a group policy to a client, it overrides the Network Default (or your Campus Wide). Apply it to your client that need Netflix and you should be good to go and decently setup for changes in the future. 

 

When you change the Cloned policy, you can override the blacklist and not include netflix.com. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Maybe some clarification is needed.......because maybe we set it up wrong.  On the Network/Appliance side we have our content filter set up.  No Netflix.

 

Then we have a Network/Wireless group policy that all our clients are on that follow the filter.  No Netflix

 

So I go into Network/Wireless group policy and copy the policy that we are using currently.  I call it Netflix.  Nowhere in there can I see to override the blacklist.  What amI missing here?  Sorry for being a noob.

@CaseyBrown, at the bottom of the page of your new Netflix group policy, does it look something like this? 

 

gpsettings.JPG

You should be able to hit your drop down menu by "Blocked URL patterns" (what I called blacklist) and override. You can add the rest of your blacklisted URLs and leave off Netflix. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Good morning all,

 

Thank you Wade for the continual follow up.  Your last reply is  the lost in translation feeling I am having.  So the screen shot you sent is from the Group Policy for our Appliance.  So we have three Networks.....Appliance, Wireless, and Switches. Per our Meraki rep's advice.  So on the Appliance network that screen shot is available, but those Group Policies are not available to the Wireless Network.  This is the  "network" I need to create the Group Policy on.  When I create a group policy for Netflix on the Wireless Network the only screen I get is this one.  So not sure how to create a Group Policy on the Wireless Network, and have a different Firewall options for Netflix.  Again sorry about my lack of knowledge.Screen Shot 2017-11-14 at 9.09.14 AM.png

No need for apologies, @CaseyBrown. I'm working with a combined network for simplicity of policy enforcement and probably don't have a network the size of yours. Since you have your MX and MR in two separate dashboard networks, I think your best bet would be to allow Netflix in your default policy on your MX or within a group policy tied to the VLAN for your MR and MR Clients. Then have two different policies on your MR network. One that blocks Netflix and one that allows. 

 

You could use a Layer 7 firewall rule on your MR policy to block Netflix. Something like this: 

Layer7.JPG


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Whew, thought I was going nuts.  Yes you are correct we are a 1 to 1 campus so our network is quite large.

 

So we are built just like you suggested.  The MX (appliance) has the firewall and some group policies.  The policies allow for Netfliux, but we turned off at the content filter.  The Wireless Network, which 99% of all devices use, has one group policy that they use.  So we block Netflix via the content filter.  Should we block via the filter or somehow in the actual group policy?  Because the problem we are having is I create a new group policy, on the Wireless Network, that is allowing Netflix, but gets blocked at the content filter.

Thank you all for your help.  Per your advice, just gave the original group policy a Layer 7 Deny for Netflix.  Then made a new Netflix Policy without the Deny.  Added clients and all is working as it should.

 

Again thank you all for your time and help.  This community is a great reflection of what is great about Meraki.

Good to hear it's working now! I realized I had started a reply back and got tied up and never posted. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂
PhilipDAth
Kind of a big deal
Kind of a big deal

If you want the user to have no restrictions, assign them the "White List" group policy.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels