cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AMP Internal Application Timeouts

SOLVED
Here to help

AMP Internal Application Timeouts

We have several internal applications that end users reach over the Meraki VPN tunnels. When we enable AMP we get timeouts on several different parts of the application. This is not a bandwidth issue. The moment we bypass AMP users do not have a problem. There is no logs of these connection failures that I can find on the MX appliance. Support has suggested packet captures but the problems occur so fast that I have to get the users back into the application fast so while i'm waiting to get those I wanted to reach out to the community. Some of the connections are over ports 21/22/80/81/443/8443 

 

Thank you 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: AMP Internal Application Timeouts

If it is AMP blocking then it _should_ appear under Security appliance > Security centre under the Events tab. Note that I say _should_ ...

 

You could also just whitelist your internal applications in AMP under Security appliance > threat detection. 

 

And last thought, what version are you on? We've had much better AMP performance / results up in version 14.x than in some of the older firmwares.

12 REPLIES 12
Kind of a big deal

Re: AMP Internal Application Timeouts

If it is AMP blocking then it _should_ appear under Security appliance > Security centre under the Events tab. Note that I say _should_ ...

 

You could also just whitelist your internal applications in AMP under Security appliance > threat detection. 

 

And last thought, what version are you on? We've had much better AMP performance / results up in version 14.x than in some of the older firmwares.

Here to help

Re: AMP Internal Application Timeouts

Thank you. Yes should and do are a major issue I hope the Meraki team can fix on logging AMP. I will do the firmware upgrade on two of my sites to Beta Code tonight and then add Whitelist again. I was hoping some of you had better whitelist formulas then the default help page which was kinda blah in my thoughts.
Kind of a big deal

Re: AMP Internal Application Timeouts

I wish I had better whitelist formulas to offer you... 😞

 

 

Here to help

Re: AMP Internal Application Timeouts

learning process for me and my internal apps team which they do not know what URL's they call so that has been fun figuring out. Thank you all for the support I'm still deploying another 20 sites. But this is much smaller then my 2500 site deployment from 2 years ago so lot more manageable.
Kind of a big deal

Re: AMP Internal Application Timeouts


@RogerO wrote:
my internal apps team which they do not know what URL's they call

I'd act surprised... But I'm not.

 

Man, life would be so much better without developers 🙂

Here to help

Re: AMP Internal Application Timeouts

We could making a drinking game of that. thank you
Kind of a big deal

Re: AMP Internal Application Timeouts

There was a lot of improvements in AMP in the 14.x code.  If you are not using it yet, I would suggest using 14.30.

Here to help

Re: AMP Internal Application Timeouts

Thank you PhilipDAth as the other poster said the same thing I will do the upgrades. 

Here to help

Re: AMP Internal Application Timeouts

Still no fixes for several known AMP issues, even with the latest 15.x that you need a support engineer to push.  AMP is not going to be internal application friendly for quite sometime, based upon my experience with our internal SharePoint sites and forms, and a fix still not available in even the lastest beta.

Here to help

Re: AMP Internal Application Timeouts

Can anyone from Meraki please help us out?

Highlighted
Here to help

Re: AMP Internal Application Timeouts

Older thread here, but I just wanted to post that Meraki supports states that this is fixed in 15.12: "The issue is fixed in 15.12. "Updated the AMP service to more gracefully handle cases where there are many out-of-order packets. This will result in fewer instances of file downloads failing when AMP is enabled." Please upgrade your MX(es) to 15.13 get the fix."" I have not verified this, but thought it worth sharing, anyway.
Here to help

Re: AMP Internal Application Timeouts

Thank you I will have to check and see. I'm in the middle of sourcefire upgrades at data centers so apple/orange in progress. 

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.