Home > Security Appliances > Firewall and Traffic Shaping > Blocking Applications Not Listed under Layer 7 Firewall Rules

Blocking Applications Not Listed under Layer 7 Firewall Rules

MX Security Appliances and MR Access Points can block clients from accessing specific applications using Layer 7 firewall rules. Dashboard lists the most popular applications within each predefined category, but there might be a specific application the network administrator needs to block that is not listed. Consider the example below, for an administrator who would like to block access to the game League of Legends

 

Note that League of Legends is currently not listed under the Gaming category, but it can be blocked by following the steps below. 

  1. Identify public IP addresses and URLs used by the application's servers
  2. Configure a Layer 3 rule that blocks outbound connections to the application's servers
  3. Create a Layer 7 rule that blocks the URLs used by the application

Some services, such as Amazon Video, may be included in the traffic shaping applications list but not included in the layer 7 firewall application list. When blocked, these services fail over to a content distribution network (CDN) that may be shared by many content services. Meraki makes every effort to identify services from CDNs, however in some cases the traffic is not distinguishable from other services hosted on the CDN. In cases like these, we recommend that the application be limited to extremely minimal bandwidth usage instead of attempting to block the traffic entirely.

Identify Public IP Addresses

As of this writing, League of Legends uses the following subnets and URLs:

  • IP Addresses
    • 192.64.168.0/24 

    • 192.64.169.0/24 

    • 192.64.170.0/24 

    • 216.133.234.0/24

    • 31.186.224.0/24

    • 31.186.226.0/24

    • 64.7.194.0/24

    • 66.150.148.0/24

    • 95.172.70.0/24

    • 95.172.65.0/24

  • URLs

    • pvp.net

    • leagueoflegends.com

Create a Layer 3 Firewall Rule for IPs

Navigate to Security Appliance/Wireless > Configure > Firewall & traffic shaping and select “Add a layer 3 firewall rule” for the SSID(s) you would like to block League of Legends on. Deny the subnets listed as shown below. The Layer 3 rules will block wireless clients from accessing any of the servers hosting League of Legends on these subnets:

Create a Layer 7 Rule for URLs

Navigate to Security Appliance/Wireless > Configure > Firewall & traffic shaping and Add a layer 7 firewall rule for the SSID(s) you would like to block League of Legends on. Deny the listed URLs as shown below. The Layer 7 rules will block wireless clients on that SSID from connecting to pvp.net and leagueoflegends.com. For more detailed instructions on setting Layer 7 firewall rules click here

You must to post a comment.
Last modified
09:57, 3 Feb 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2275

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case