To achieve this level of granular control you want you will struggle on the Meraki for the reasons previously outlined. You would need a firewall that supports HTTPS inspection, which basically decrypts the traffic to be able to differentiate between facebook messenger and regular Facebook.    If you are having issues with blocking mobile apps it will likely be because of the quic protocol.   a lot of apps use the new-ish QUIC protocol which uses UDP ports 80 and 443 which does not get picked up by the content filtering rules.    Once you have configured the recommended rules the QUIC traffic will get blocked by the Firewall, the app will then fall back to using traditional TLS/SSL which will be blocked by the Meraki content filtering rules.   Bedtime reading 🙂 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC#:~:text=Palo%20Alt... ... View more