aleealec ingrid amlothi

0 views
Skip to first unread message

Kellye Tunks

unread,
Aug 2, 2024, 1:02:24 PM8/2/24
to onintuhi

So still working on becoming skilled on our MX400. So we filtered Netflix so it would be blocked. is there a way then to add clients (devices) to a group to then allow Netflix for them, but continue to block everyone else. Looking for any advice.

No need for apologies, @CaseyBrown. I'm working with a combined network for simplicity of policy enforcement and probably don't have a network the size of yours. Since you have your MX and MR in two separate dashboard networks, I think your best bet would be to allow Netflix in your default policy on your MX or within a group policy tied to the VLAN for your MR and MR Clients. Then have two different policies on your MR network. One that blocks Netflix and one that allows.

@CaseyBrown, you have the option to "Clone" existing group policies that you can in turn mold to fit another use. You can also apply group policies to entire VLANs which may benefit depending on your network structure. You could copy your campus wide policy and remove the Netflix restriction and apply that to the clients that need it. Make sure to remember the order in which the policies are applied, as well.

Sorry for the confusion.....So through the Appliance/Content Filtering/URL Blocking we have Netflix.com blocked. I have created a wireless group policy called Netflix that I will addd clients to. The new policy copies what we have for campus wide. So with the new Netflix Policy how do you then circumvent the content filtering?

If the MX and MR are in the same (combined) network, then you have the option of altering settings in the Group Policy that affect just wired/wireless filters. You'll see "Wireless Only" and "Security Appliance only" in the group policy settings page. Here, you can "use network default" (follows the network-wide rules), "append" (adds to the existing list of rules), or "override" (creates a completely new list of rules and disregards the network's).

In this instance, you would create a group policy that overrides the network-wide list (make sure to include anything that should still stay), then apply that policy in the Network-wide > Clients list.

It sounds like your "Campus Wide" filtering is the Default Network Policy, rather than a separate Group Policy. In your case, I would create a copy of your Default Network settings in a Group Policy to use as a template going forward. You will have to recreate these settings in a Group Policy manually the first time. You might name it Default Template, Campus Wide Template, or something along those lines. This will give you a group policy that mirrors your default network policy and one you can Clone to create different variations as needed. (I would also include a note to manually update the template policy as changes network wide are made in the future). Now you can clone the newly created Group Policy and change it's settings to allow Netflix. When you apply a group policy to a client, it overrides the Network Default (or your Campus Wide). Apply it to your client that need Netflix and you should be good to go and decently setup for changes in the future.

So I go into Network/Wireless group policy and copy the policy that we are using currently. I call it Netflix. Nowhere in there can I see to override the blacklist. What amI missing here? Sorry for being a noob.

Thank you Wade for the continual follow up. Your last reply is the lost in translation feeling I am having. So the screen shot you sent is from the Group Policy for our Appliance. So we have three Networks.....Appliance, Wireless, and Switches. Per our Meraki rep's advice. So on the Appliance network that screen shot is available, but those Group Policies are not available to the Wireless Network. This is the "network" I need to create the Group Policy on. When I create a group policy for Netflix on the Wireless Network the only screen I get is this one. So not sure how to create a Group Policy on the Wireless Network, and have a different Firewall options for Netflix. Again sorry about my lack of knowledge.

So we are built just like you suggested. The MX (appliance) has the firewall and some group policies. The policies allow for Netfliux, but we turned off at the content filter. The Wireless Network, which 99% of all devices use, has one group policy that they use. So we block Netflix via the content filter. Should we block via the filter or somehow in the actual group policy? Because the problem we are having is I create a new group policy, on the Wireless Network, that is allowing Netflix, but gets blocked at the content filter.

Thank you all for your help. Per your advice, just gave the original group policy a Layer 7 Deny for Netflix. Then made a new Netflix Policy without the Deny. Added clients and all is working as it should.

Netflix will not load on any wireless device on the wireless network. My phone and TV cannot connect. My sister-in-law tried to connect on her phone under a different sign in, but could not. The app on the TV times out and provides an error message, while the app on the phone spins endlessly trying to load. I can watch Netflix on my desktop computer which is hard-wired to my router.

if it works on "802.11a/n/ac mixed" ... it means TP-LINK borked the wifi on the AX50, I also own this router and it currently is just in AP mode since i used a different router for the main router, the main router is running OPENWRT and I have SQM installed on it to auto manage bandwidth for my devices.

thanks for your reply! I am not on Smart Connect. I changed the settings as directed, still having the same issues on phone and TV. There were a few different wireless settings- I was already on the one you had recommended. I tried switching to the other two, but no dice.

its normal not to see the 5Ghz frequency when you turn on SMART CONNECT since it combines the SSiD or network name to just one name, usually the name of the 2.4Ghz network and the router manages which devices connect to the 2.4Ghz or 5Ghz frequencies.

I managed to get Netflix, YT and Google TV to work when under IPv6 - MAC Clone - Router Mac Adress I set it to Clone Current Device Mac. I have now just one iPhone that connects to network but without internet. Also changed my DNS adresses to 8.8.8.8 and 8.8.4.4

I am not seeing anywhere that I can change my DNS. I've been in the settings there, but it's not clear to me how to do it. Admittedly, I'm a bit out of my depth fiddling with these kinds of settings.

I have not downgraded firmware, but other threads have indicated that doesn't do anything. This seems to be a common enough problem on these devices that I am honestly confused why there has not been a patch to address it.

I just ran a test on my MacBook and it streams fine here. I run a Nokia gateway here and it is on the most recent firmware available. Maybe it has something to do with the gateway you have or there is something going on with the network in that location. That might need a bit more troubleshooting there. Not sure what you are streaming to maybe it is worth trying another client.

If your streaming to the TV was not working you could check to see if the application on the TV is in need of an update. It might be software on the TV that is resulting in the problem. I have seen times when I had to update the Netflix application so it would work. Clearing the cache for the application might help. It has been some time since I had to play that game with it. I have seen times when one of my devices needed an update and that impacted services working until I did the update. I know I have seen such issues on the Windows clients here. I have seen less with the Apple devices and/or my Linux clients. Between the clients and the Playstation, Xbox, WiiU, and Switch and the AV receiver I stay busy at times keeping all the tech here working as no one else here has much of a clue.

Good point. Yesterday I checked for updates on the Netflix app as well as the Vizio. They were both current. Just to be safe I deleted the Netflix app and reinstalled it. Also Netflix provided a link so that I could clear the cache. All to no avail.

Does your TV have multiple HDMI inputs? If so you could connect a FireStick and stream to the TV with a FireStick and have Netflix delivery direct to the Visio that way. It seems like a problem with the Visio TV or the application on the TV.

If you can stream to the TV from your client that might do the trick. Our TV is not that smart so I have to deliver content via the Pioneer Elite AV receiver. That actually works quite well for us. I have been told so many times to just get a smart TV. Well, the Sony TV still works and does 1080p and the lamp is cheap to replace so until it dies it lives on in our house. I added a FireStick to our solution as I find the Xbox interface to be a bother. The FireStick works great and was super easy to get connected. It was fast and just super easy to get connected. Much more so than some of the other things.

So once you get the stream launched on the phone then when you connect from the hotspot back to the gateway for content delivery through the gateway the session will continue and you can then stream the video?

So the TV with the Netflix app cannot connect to the server and just presents that screen on the TV but if you feed the service through the hotspot, get the server connection made then switch the content delivery back sourced across the gateway the content stream will continue. This is not just a brief run of cached information? The service will continue to stream. Very odd the application cannot make a connection to the server from the app on the TV. I still tend to believe the Netflix application is a HTML based communication on 433 secure HTTP. Maybe it has something to do with credentials delivery.

90f70e40cf
Reply all
Reply to author
Forward
0 new messages