I've been encountering an issue while using the Meraki webhooks.
The same webhook setup has been working with no problems for several time,
but then we suddenly stopped receiving requests from the Meraki Dashboard.
Furhter investigation on Wireshark dumps, showed the following pattern happening.
Meraki -> Server Client Hello
Server -> Meraki Server Hello, Cert, Server Key Exchange, Hello Done
Meraki -> Server ACK
Meraki -> Server ACK
Meraki -> Server Client Key Exchange
Meraki -> Server Change Cipher Spec
Server -> Meraki ACK
Meraki -> Server RST
assumptions:
It seems that for some reason the client drops the connection after the handshake.
I assume that the RST packet comes directly from the client as we cannot find any evidence
of our company firwall messing with the connection, and our http server itself is not load balanced.
other information:
- the server is hosted on Windows Server 2019 under IIS
- we experience this problem only during the interaction with the 'Meraki client'
- no explicit SSL/TLS errors
- no traces in SCHANNEL logs
- the webhooks are tracked in the meraki logs with status -1
- triggering a test webhook from the Dashboard api, gives a webhook
in a state indicated as 'abandoned'
Thank in advance for any help
UPDATE
contrary to what was stated before, the RST packet was actually forged by a Checkpoint device
one hop before our server (the RST packet TTL in the capture highlighted that).
The connection was forcibidly closed because the firewall was detecting a false positive SSL renegotiation attack.
