SM via Edge

Solved
Polymathink
Getting noticed

SM via Edge

Over the last week or so, I've had intermittent issues with connecting to the Systems Manager while using Microsoft Edge. More often than not, the SM page won't load, giving me the following error:

 

Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

 

Anyone else having this issue? I've been using Firefox as a workaround.

1 Accepted Solution
Polymathink
Getting noticed

I did some more sleuthing based on a user request. She reported the inability to reach doodle.com. I couldn't find any reason why that site was blocked, so I did a WHOIS lookup. It's based in Ireland. I had blocked Ireland in our firewall.

 

Turns out, if you block Ireland in your firewall, you can't reach cisco.com. This also breaks facebook.com and the aforementioned doodle.com.

 

I removed the Ireland block from the firewall, and all is right with the world again.

View solution in original post

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

Is this via the normal dashboard?

Polymathink
Getting noticed

Actually, this happens when trying to reach meraki.cisco.com. I can't even get to the login. I went to Firefox to change to the old dashboard, which expires May 29, and I still have the same result in Edge and, it turns out, in IE 11, as well. I've cleared the Web caches in both browsers, closed them and reopened, added https://meraki.cisco.com to safe sites. Still, the same error. Thinking this must be due to Microsoft's tightening on the TLS standard, forgoing the 1.0 minimum in favour of 2.0, but I'm not sure where the issue exactly lies. In IE, I've got Use TLS 1.0, 1.1, and 1.2 all ticked.

 

I'm on Windows 10 Pro, v. 1803, Build 17134.48, but this began in the previous build, as well (Win10 just pushed an update this week).

PhilipDAth
Kind of a big deal
Kind of a big deal

I checked abs the Meraki site is definitely using TLSv1. 2 and and supports strong elliptical curve encryption algorithms.

Are you sure the date is correct on your machine?
Polymathink
Getting noticed

Date, time, and time zone are correct on my machine.

Polymathink
Getting noticed

While doing some after hours maintenance from a remote location, I found I could access everything through Edge. During the maintenance, I found a Meraki patch note that some IP addresses were set to change and to be sure my Firewall rules were updated to match and to go to Help > Firewall Info to get the latest rules.

 

I input the rules, and I can access the site again through Edge while at work. Not sure why that would happen in Edge and IE and not in Firefox, or if this is merely coincidence, but I now have access in Edge.

 

While typing this, I tried in IE and failed, getting the same error...So this is looking like intermittent access.

 

::Sad Trombone::

Polymathink
Getting noticed

Yep, confirmed today, no access via Edge at work. So odd.

 

Just to cover bases, whitelisted cisco.com in AMP and Content Filtering, as well. Still the same TLS error. So far, it's only manifested at cisco.com.

 

Also turned off Web caching on the MX 80 running MX 14.25.

Polymathink
Getting noticed

I did some more sleuthing based on a user request. She reported the inability to reach doodle.com. I couldn't find any reason why that site was blocked, so I did a WHOIS lookup. It's based in Ireland. I had blocked Ireland in our firewall.

 

Turns out, if you block Ireland in your firewall, you can't reach cisco.com. This also breaks facebook.com and the aforementioned doodle.com.

 

I removed the Ireland block from the firewall, and all is right with the world again.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels