Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki behind Palo Alto Networks Firewall

hunt41lb
New here
‎Feb 18 2023 3:08 PM
‎Feb 18 2023 3:08 PM

Meraki behind Palo Alto Networks Firewall

Have a Cisco Meraki that's behind a Palo Alto Networks Firewall, unable to connect the Meraki to the Dashboard for updates or to make changes to the configuration.  Only have one Public IP Address that's currently on the Palo Alto FW as it's the gateway, and planned on only using the MX for WiFi and switching.  Not sure if anyone has a way of connecting the MX to the Dashboard ot get updates while leaving the PA in line.

0 Kudos
Subscribe
3 Replies 3
DarrenOC
Kind of a big deal
Kind of a big deal
‎Feb 18 2023 3:42 PM
‎Feb 18 2023 3:42 PM

Hi @hunt41lb , you just need to open up the relevant ports on the Palo to allow the MX to register out:

 

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
In response to DarrenOC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 18 2023 5:09 PM
‎Feb 18 2023 5:09 PM

Have you checked the logs on Palo Alto? It's probably blocking the communication.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
rhbirkelund
Kind of a big deal
‎Feb 19 2023 12:41 AM
‎Feb 19 2023 12:41 AM

On your Meraki Dashboard, if you hit the question mark in the top right corner, you'll see a link to Firewall Info.

rbnielsen_0-1676795795345.png

This will show you all the relevant IP Addesses and ports on upstream firewalls, neccessary for proper Merak Cloud connectivity.

rbnielsen_1-1676795931405.png

 

These openings are different network to network/organization to organization, and may be subject to change, depending on which products you have in the Dashbaord. E.g. If you have Meraki Cameras, you'll see entries in the list for IPs and Ports required by the MV Cameras.

You should lean towards what your own Dashboard informs you of neccessary IPs and Port openings.

 

Tldr; make sure udp/7351, udp/9350-9351 and tcp/443 are open outbound from the Meraki MX, as well as ICMP...

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.