valper marwynne rebequa

0 views
Skip to first unread message

Vita Wanberg

unread,
Aug 2, 2024, 12:29:08 PM8/2/24
to doorderolland

So still working on becoming skilled on our MX400. So we filtered Netflix so it would be blocked. is there a way then to add clients (devices) to a group to then allow Netflix for them, but continue to block everyone else. Looking for any advice.

No need for apologies, @CaseyBrown. I'm working with a combined network for simplicity of policy enforcement and probably don't have a network the size of yours. Since you have your MX and MR in two separate dashboard networks, I think your best bet would be to allow Netflix in your default policy on your MX or within a group policy tied to the VLAN for your MR and MR Clients. Then have two different policies on your MR network. One that blocks Netflix and one that allows.

@CaseyBrown, you have the option to "Clone" existing group policies that you can in turn mold to fit another use. You can also apply group policies to entire VLANs which may benefit depending on your network structure. You could copy your campus wide policy and remove the Netflix restriction and apply that to the clients that need it. Make sure to remember the order in which the policies are applied, as well.

Sorry for the confusion.....So through the Appliance/Content Filtering/URL Blocking we have Netflix.com blocked. I have created a wireless group policy called Netflix that I will addd clients to. The new policy copies what we have for campus wide. So with the new Netflix Policy how do you then circumvent the content filtering?

If the MX and MR are in the same (combined) network, then you have the option of altering settings in the Group Policy that affect just wired/wireless filters. You'll see "Wireless Only" and "Security Appliance only" in the group policy settings page. Here, you can "use network default" (follows the network-wide rules), "append" (adds to the existing list of rules), or "override" (creates a completely new list of rules and disregards the network's).

In this instance, you would create a group policy that overrides the network-wide list (make sure to include anything that should still stay), then apply that policy in the Network-wide > Clients list.

It sounds like your "Campus Wide" filtering is the Default Network Policy, rather than a separate Group Policy. In your case, I would create a copy of your Default Network settings in a Group Policy to use as a template going forward. You will have to recreate these settings in a Group Policy manually the first time. You might name it Default Template, Campus Wide Template, or something along those lines. This will give you a group policy that mirrors your default network policy and one you can Clone to create different variations as needed. (I would also include a note to manually update the template policy as changes network wide are made in the future). Now you can clone the newly created Group Policy and change it's settings to allow Netflix. When you apply a group policy to a client, it overrides the Network Default (or your Campus Wide). Apply it to your client that need Netflix and you should be good to go and decently setup for changes in the future.

So I go into Network/Wireless group policy and copy the policy that we are using currently. I call it Netflix. Nowhere in there can I see to override the blacklist. What amI missing here? Sorry for being a noob.

Thank you Wade for the continual follow up. Your last reply is the lost in translation feeling I am having. So the screen shot you sent is from the Group Policy for our Appliance. So we have three Networks.....Appliance, Wireless, and Switches. Per our Meraki rep's advice. So on the Appliance network that screen shot is available, but those Group Policies are not available to the Wireless Network. This is the "network" I need to create the Group Policy on. When I create a group policy for Netflix on the Wireless Network the only screen I get is this one. So not sure how to create a Group Policy on the Wireless Network, and have a different Firewall options for Netflix. Again sorry about my lack of knowledge.

So we are built just like you suggested. The MX (appliance) has the firewall and some group policies. The policies allow for Netfliux, but we turned off at the content filter. The Wireless Network, which 99% of all devices use, has one group policy that they use. So we block Netflix via the content filter. Should we block via the filter or somehow in the actual group policy? Because the problem we are having is I create a new group policy, on the Wireless Network, that is allowing Netflix, but gets blocked at the content filter.

Thank you all for your help. Per your advice, just gave the original group policy a Layer 7 Deny for Netflix. Then made a new Netflix Policy without the Deny. Added clients and all is working as it should.

I just ran a test on my MacBook and it streams fine here. I run a Nokia gateway here and it is on the most recent firmware available. Maybe it has something to do with the gateway you have or there is something going on with the network in that location. That might need a bit more troubleshooting there. Not sure what you are streaming to maybe it is worth trying another client.

If your streaming to the TV was not working you could check to see if the application on the TV is in need of an update. It might be software on the TV that is resulting in the problem. I have seen times when I had to update the Netflix application so it would work. Clearing the cache for the application might help. It has been some time since I had to play that game with it. I have seen times when one of my devices needed an update and that impacted services working until I did the update. I know I have seen such issues on the Windows clients here. I have seen less with the Apple devices and/or my Linux clients. Between the clients and the Playstation, Xbox, WiiU, and Switch and the AV receiver I stay busy at times keeping all the tech here working as no one else here has much of a clue.

Good point. Yesterday I checked for updates on the Netflix app as well as the Vizio. They were both current. Just to be safe I deleted the Netflix app and reinstalled it. Also Netflix provided a link so that I could clear the cache. All to no avail.

Does your TV have multiple HDMI inputs? If so you could connect a FireStick and stream to the TV with a FireStick and have Netflix delivery direct to the Visio that way. It seems like a problem with the Visio TV or the application on the TV.

If you can stream to the TV from your client that might do the trick. Our TV is not that smart so I have to deliver content via the Pioneer Elite AV receiver. That actually works quite well for us. I have been told so many times to just get a smart TV. Well, the Sony TV still works and does 1080p and the lamp is cheap to replace so until it dies it lives on in our house. I added a FireStick to our solution as I find the Xbox interface to be a bother. The FireStick works great and was super easy to get connected. It was fast and just super easy to get connected. Much more so than some of the other things.

So once you get the stream launched on the phone then when you connect from the hotspot back to the gateway for content delivery through the gateway the session will continue and you can then stream the video?

So the TV with the Netflix app cannot connect to the server and just presents that screen on the TV but if you feed the service through the hotspot, get the server connection made then switch the content delivery back sourced across the gateway the content stream will continue. This is not just a brief run of cached information? The service will continue to stream. Very odd the application cannot make a connection to the server from the app on the TV. I still tend to believe the Netflix application is a HTML based communication on 433 secure HTTP. Maybe it has something to do with credentials delivery.

Between chats I again pulled up Safari and went to Netflix and then launched Troll and it pops and runs no problem. That is HTTPS. I would think they would be doing the same with the Netflix app as it would not make much sense to do otherwise. More development effort.

So it makes me more intent on thinking it is maybe with the authentication services given it has to be a secured session for the user. Once the session is established the service transition does not seem to be a problem. It is still the same client source just some routing changes more than likely. Well, at least you have a bit of a workaround until it can be figured out.

Well, ok. 1.00.16 I think that might be the most recent one but when I try to navigate to the wireless support info it fails. There seems to be a problem with the server or the linkage to the server. Very odd that it can confirm the servers but that probably does not have an identical step like the user authentication process.

I recently set up an OpenWRT router with client pptp, the router and VPN access work fine, but I can't get Netflix to work on smart tv.
I am using Private Internet Access.
The TV is connected via ETHERNET cable.
Youtube works perfectly, only netfix doesn't work.

assuming this diagnosis is correct ( likely )... the simple answer is "you don't"... the most common/pragmatic solution for this situation is to use Policy Routing to send netflix traffic only over the regular WAN and not the VPN.

You may also let netflix know... as a paying user, that this policy is not to your liking. Good luck with that... but assuming 15% of their user base did this tomorrow and then cancelled subscriptions.... you'd wonder what might result.

90f70e40cf
Reply all
Reply to author
Forward
0 new messages