Meraki Community

Mkozicki · ‎Jan 9 2024

I have searched and people seem to have asked a few times over the years but is there any chance that Cisco Meraki is going to add a layer 7 rule for TIKTOK blocking?

Or has Meraki come up with a simple way to block TIKTOK on the MX?

I know this is a hard application to block but I have schools with MX firewalls asking about blocking this and with how many other social sites you have layer 7 options for it would be nice if TIKTOK could be added.

Another option would Umbrella integration into the MX be a good way to block this?

Michael Kozicki
CCIE #5367
MJK Net Inc.

PhilipDAth · ‎Jan 9 2024

What happens if you block everything to the DNS name *.tiktok.com?

Failing that, if you do a packet capture on port 53 as the app starts, what DNS names does it talk to? It must surely need to authenticate against something. You could try blocking access to those DNS names.

Obrez · ‎Jan 9 2024

If you are using Umbrella, there is an application category for TikTok. You can block it from there. Otherwise, you could try range blocking the IP/hostname like PhillipDAth says above.

BlakeRichardson · ‎Jan 9 2024

By doing a quick Google search a couple of the domains I found used are below however I suspect like most social media platforms this is just the tip of the iceberg.

tiktok.com
tiktokv.com
tiktokcn.com

btr.net.nz

Obrez · ‎Jan 9 2024

haha nice, you are correct I just did a bit of searching and pulled this list from a r/sysadmin post on blocking TicTok. It's also over a year old so your mileage may vary. I had this same problem blocking WhatsApp. The IP range list was huge because of their integration with Facebook. This is why I suggested trying to use Umbrella first. Cheers!

v16a.tiktokcdn.com

ib.tiktokv.com

v16m.tiktokcdn.com

api.tiktokv.com

log.tiktokv.com

api2-16-h2.musical.ly

mon.musical.ly

p16-tiktokcdn-com.akamaized.net

api-h2.tiktokv.com

v19.tiktokcdn.com

api2.musical.ly

log2.musical.ly

api2-21-h2.musical.ly

abtest-sg-tiktok.byteoversea.com

abtest-va-tiktok.byteoversea.com

gts.byteoversea.net

isnssdk.com

lf1-ttcdn-tos.pstatp.com

muscdn.com

musemuse.cn

musical.ly

p1-tt-ipv6.byteimg.com

p1-tt.byteimg.com

p16-ad-sg.ibyteimg.com

p16-tiktok-sg.ibyteimg.com

p16-tiktok-sign-va-h2.ibyteimg.com

p16-tiktok-va-h2.ibyteimg.com

p16-tiktok-va.ibyteimg.com

p16-va-tiktok.ibyteimg.com

p26-tt.byteimg.com

p3-tt-ipv6.byteimg.com

p9-tt.byteimg.com

pull-f3-hs.pstatp.com

pull-f5-hs.flive.pstatp.com

pull-f5-hs.pstatp.com

pull-f5-mus.pstatp.com

pull-flv-f1-hs.pstatp.com

pull-flv-f6-hs.pstatp.com

pull-flv-l1-hs.pstatp.com

pull-flv-l1-mus.pstatp.com

pull-flv-l6-hs.pstatp.com

pull-hls-l1-mus.pstatp.com

pull-l3-hs.pstatp.com

pull-rtmp-f1-hs.pstatp.com

pull-rtmp-f6-hs.pstatp.com

pull-rtmp-l1-hs.pstatp.com

pull-rtmp-l1-mus.pstatp.com

pull-rtmp-l6-hs.pstatp.com

quic-tiktok-core-proxy-i18n-gcpva.byteoversea.net

quic-tiktok-proxy-i18n-gcpva.byteoversea.net

sf1-ttcdn-tos.pstatp.com

sf16-ttcdn-tos.ipstatp.com

sf6-ttcdn-tos.pstatp.com

sgsnssdk.com

tiktok-lb-alisg.byteoversea.net

tiktok-lb-maliva.byteoversea.net

tiktok-platform-lb-alisg.byteoversea.net

tiktok.com

tiktokcdn-in.com

tiktokcdn-us.com

tiktokcdn-us.com.atomile.com

tiktokcdn.com

tiktokcdn.com.atomile.com

tiktokcdn.com.c.bytetcdn.com

tiktokcdn.com.c.worldfcdn.com

tiktokcdn.com.rocket-cdn.com

tiktokd.org

tiktokv.com

tiktokv.com.c.worldfcdn.com

tiktokv.com.c.worldfcdn2.com

tlivecdn.com

ttlivecdn.com

ttlivecdn.com.c.worldfcdn.com

ttoversea.net

ttoverseaus.net

71.18.0.193 ByteDance Inc. AS396986 71.18.0.0/24 United States

71.18.0.194 ByteDance Inc. AS396986 71.18.0.0/24 United States

71.18.0.196 ByteDance Inc. AS396986 71.18.0.0/24 United States

71.18.1.224 ByteDance Inc. AS396986 71.18.1.0/24 United States

71.18.1.248 ByteDance Inc. AS396986 71.18.1.0/24 United States

5.8.92.62

161.117.70.145

161.117.71.36

161.117.71.33

161.117.70.136

161.117.71.74

216.58.207.0/24

47.89.136.0/24

47.252.50.0/24

205.251.194.210

205.251.193.184

205.251.198.38

205.251.197.195

185.127.16.0/24

182.176.156.0/24

Mkozicki · ‎Jan 9 2024

I use Umbrella but not all the schools I work with do. I was looking for a 'simple' built in solution and thats kind of why I posted this message to see if I was missing something or perhaps Cisco Meraki would respond that something is in the works.

Michael Kozicki
CCIE #5367
MJK Net Inc.

PhilipDAth · ‎Jan 9 2024

Try using the "make a wish" function in the dashboard, quote the NBAR web link I have given, and ask that TikTok be added as an option for layer 7 firewall rules.

Make sure you make this suggestion on the firewall page, so it gets routed to the right destination.

AnythingHosted · ‎Jan 9 2024

Here is a similar thread from 2022
https://community.meraki.com/t5/Security-SD-WAN/How-to-block-TikTok-in-2022/m-p/186482#M43696

It's amazing after 2 years it's still not a simple rule that we can use. Don't worry, you can block ICQ as I mentioned in the other thread 😀

PhilipDAth · ‎Jan 9 2024

I see that TikTok was added to NBAR August 2023.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp6600/release-no...

Merkai uses NBAR, so the engine underhood can now do it. So I suspect this just needs some Dashboard changes to allow it to be selected ...

Mkozicki · ‎Jan 9 2024

And that is really what I hope for is something simple. People are buying the MX because it's a simple to deploy product. Many of the IT people at these schools that I am dealing with a more Microsoft type IT people and they can find their way around the MX mostly. They don't want to call for every change they need to make.

Also if it's a built in solution I would hope that it's kept updated as TikTok makes changes to get around firewalls then Cisco Meraki would also make changes to keep the blocking working.

Michael Kozicki
CCIE #5367
MJK Net Inc.

Meraki Community

Blocking TIKTOK in 2024

Blocking TIKTOK in 2024