Meraki has recently announced the release of new content filtering categories for Meraki MX devices. Talos, Cisco’s Security Intelligence and Research Group, now curates the content and threat filtering categories. These new categories provide even more granular control over what types of websites and online content can be accessed on Meraki MX devices, giving IT administrators the ability to block access to specific types of content that may be harmful or distracting to their users. The new categories can be viewed on Talo's website here.
New content filtering categories for Meraki MX devices will be available for devices with firmware version 17 and above. Prior to this firmware version, Meraki MX devices leveraged Bright Cloud as their category intelligence source. With the introduction of Cisco Talos intelligence, the previously supported Bright Cloud categories may or may not have a direct mapping to Cisco Talos categories.
After upgrading the MX to firmware version 17 or higher, the Meraki Dashboard will automatically migrate the old categories to the newly suggested Cisco Talos categories. As part of this process, users can confirm the migration and have the option to accept, remove, or enter new categories in replacement of the old ones. This will ensure that users have the most up-to-date and accurate content filtering categories to keep their networks and users safe. However, while the process is made very simple, it still requires a lot of work when done manually for tens, hundreds, or even thousands of networks one at a time. To facilitate this process, users can leverage Boundless's Flextemplates which allow deployment of configurations to many networks at once, saving time and effort. Flextemplates can be deployed to networks regardless of whether they are bound to a Meraki config template.
How to use Boundless Flextemplates to consistently apply new content filtering categories
Boundless Flextemplates now offer settings for both new and legacy content filtering categories, allowing administrators to define a single template that works with all MX devices' firmware versions. They can either create a new template or update an existing one with the new settings for both the new and legacy categories. This allows administrators to define a single template that will work with all versions of MX devices' firmware.
Once the template is created or updated, it can be deployed to user-selected networks. The system will automatically verify the firmware version in use on the target network and apply the appropriate categories accordingly. This makes it easy for administrators to ensure that all networks under their management are protected by the most current and accurate content filtering categories, regardless of their firmware version.
To add legacy and new category filtering options, go to Network Management and select Configuration. Then either click the edit icon next to an existing Flextemplate or click New Template to create a new one:
Then expand the Security and SD WAN settings and select the categories to apply for both the new and legacy category inputs:
The categories selected under Legacy blocked url categories will be applied to networks with firmware versions below 17. The categories selected under Blocked url categories will be applied to the networks with firmware versions 17 and up.
The new settings will “extend” the existing content filtering settings by default. You may also choose to replace networks’ existing settings in case Meraki Dashboard automatically migrated legacy categories to new categories incorrectly. In such case, please select “Replace existing settings” as shown below:
Other changes include the removal of the option to choose between Top Sites or Full Lists. This doesn’t require any additional work to migrate from administrators. Before firmware version MX 17, Meraki MX devices preloaded a list of categories for their Content Filtering feature, and provided users with the option to choose between Top Sites or Full Lists. With the introduction of Cisco Talos Intelligence, Meraki MX devices no longer preload category lists. Instead, the devices directly query Cisco Talos' intelligence service for the categories of URLs. These queried URLs and their respective categories are then cached locally on the device. The Content Filtering inspection and block pages will continue to function similar to how they did before firmware version MX 17.