Content Filtering for Guest SSID

Solved
bluegreene
Here to help

Content Filtering for Guest SSID

When configuring a Guest SSID on an MR using the Meraki AP assigned (NAT mode) option, under the firewall settings, there are options to block certain types of traffic like peer-to-peer or gaming, but there isn't anything for adult content, gambling, etc.  How do we bock these as well?  Do these devices adhere to the content filtering settings on the MX even though they are using Meraki AP assigned (NAT mode)?

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

Adult Content Filtering Overview

Adult content filtering on an MR prevents a wireless client from accessing sites that contain pornographic, sexual, or other objectionable adult material.

This feature is configured on a per-SSID basis on the Wireless > Configure > Access control page. It is only available when NAT Mode is selected for client IP addressing.

Note: Adult content filtering is not available for networks on the Meraki China Dashboard (meraki.cn).

There are three possible options with regards to adult content filtering:

  1. Don't filter adult content
  2. Use Meraki's custom built-in adult content filtering ('Block adult content'), and
  3. Use a custom DNS server.

When option #1 is chosen, no content filtering is performed and all websites will be displayed as-is. Use this option if you do not wish to restrict any traffic for your users.

When option #2 is chosen, filtering is performed at the AP level with pre-populated lists of common adult sites. If a user tries to access a blocked site, they will see a splash page stating that the site is blocked by Meraki, and that they should contact their administrator for more details. This feature provides basic adult content filtering for applications in which advanced filtering techniques are not required (e.g., filtering for guests in the office lobby). If more advanced filtering is required, a separate content filtering solution is recommended, such as content filtering on the Meraki MX product line.

Option #3 allows for the specification of a third party DNS server, if the user wishes to leverage solutions such as DNS Redirector or OpenDNS Enterprise. If a DNS IP address is specified, the AP will query the specified DNS server for DNS queries sent by a client. More information on this flow is available here.

Information for existing (pre October 2012) adult content filtering customers

Prior to October of 2012, Meraki's adult content filtering functionality relied on OpenDNS' free DNS servers for dynamic adult content filtering via DNS lookups. In October of 2012, OpenDNS transitioned to a paid enterprise model, and in order to continue to provide free content filtering, Meraki implemented its own proprietary custom filtering lists for enhanced performance and optimization.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

3 Replies 3
Brash
Kind of a big deal
Kind of a big deal

As you mentioned, you can block those types of categories with content filter.

Yes, the content filter should also apply to NAT mode.

alemabrahao
Kind of a big deal
Kind of a big deal

Adult Content Filtering Overview

Adult content filtering on an MR prevents a wireless client from accessing sites that contain pornographic, sexual, or other objectionable adult material.

This feature is configured on a per-SSID basis on the Wireless > Configure > Access control page. It is only available when NAT Mode is selected for client IP addressing.

Note: Adult content filtering is not available for networks on the Meraki China Dashboard (meraki.cn).

There are three possible options with regards to adult content filtering:

  1. Don't filter adult content
  2. Use Meraki's custom built-in adult content filtering ('Block adult content'), and
  3. Use a custom DNS server.

When option #1 is chosen, no content filtering is performed and all websites will be displayed as-is. Use this option if you do not wish to restrict any traffic for your users.

When option #2 is chosen, filtering is performed at the AP level with pre-populated lists of common adult sites. If a user tries to access a blocked site, they will see a splash page stating that the site is blocked by Meraki, and that they should contact their administrator for more details. This feature provides basic adult content filtering for applications in which advanced filtering techniques are not required (e.g., filtering for guests in the office lobby). If more advanced filtering is required, a separate content filtering solution is recommended, such as content filtering on the Meraki MX product line.

Option #3 allows for the specification of a third party DNS server, if the user wishes to leverage solutions such as DNS Redirector or OpenDNS Enterprise. If a DNS IP address is specified, the AP will query the specified DNS server for DNS queries sent by a client. More information on this flow is available here.

Information for existing (pre October 2012) adult content filtering customers

Prior to October of 2012, Meraki's adult content filtering functionality relied on OpenDNS' free DNS servers for dynamic adult content filtering via DNS lookups. In October of 2012, OpenDNS transitioned to a paid enterprise model, and in order to continue to provide free content filtering, Meraki implemented its own proprietary custom filtering lists for enhanced performance and optimization.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
bluegreene
Here to help

This confirms what I suspected.  Thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels