Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring firewall Rules to block/allow domain names as a name not as an IP

Solved
Senan_Rogers
Getting noticed
‎Feb 22 2018 9:43 AM
‎Feb 22 2018 9:43 AM

Configuring firewall Rules to block/allow domain names as a name not as an IP

Hello Gents, 

 

I have a VPN between two Meraki MX,  which they have Enterprise licenses not  Advance License So the content filter is not available.

 

I am trying to apply a rule to block a domain name like "meraki.com "  in the Site-to-site outbound firewall under Organization-wide settings, but it seems Meraki is not supporting domain name in the Site-to-site outbound firewall but it is supported in the layer 3 Firewall.

 

for example  filter content.png

 

any advice?  
0 Kudos
Subscribe
1 Accepted Solution
In response to Senan_Rogers
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2018 11:45 AM
‎Feb 22 2018 11:45 AM

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

View solution in original post

0 Kudos
Subscribe
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2018 11:40 AM
‎Feb 22 2018 11:40 AM

You are correct, that is not supported.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2018 11:40 AM
‎Feb 22 2018 11:40 AM

Are the MX's in different organisations, and as a result you are not using AutoVPN?

0 Kudos
Subscribe
In response to PhilipDAth
Senan_Rogers
Getting noticed
‎Feb 22 2018 11:42 AM
‎Feb 22 2018 11:42 AM

Hello Phil,

 

both MX is in the Same Organization but in different Network, as one of them act as a HUB and the other as Spoke ( site ).

 

 

0 Kudos
Subscribe
In response to Senan_Rogers
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2018 11:45 AM
‎Feb 22 2018 11:45 AM

Is the spoke using a full tunnel to the hub and access the Internet that way - and you want to block some Internet requests?

 

Normally I would use the content filtering and block the URL.  Not sure how to go about this with only an Enterprise licence.

0 Kudos
Subscribe
In response to PhilipDAth
Senan_Rogers
Getting noticed
‎Feb 22 2018 11:51 AM
‎Feb 22 2018 11:51 AM

vpn- filter site.png

0 Kudos
Subscribe
In response to PhilipDAth
Senan_Rogers
Getting noticed
‎Feb 22 2018 11:54 AM
‎Feb 22 2018 11:54 AM

Yes, this is why I have added this post, I know how to do it using the content filter and block the URL as i show it in my previous picture.

As you said I cannot do it with Enterprise Licence, we need Advance Security.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.