Meraki Community

GregGriessel

Let me preface this with the fact that i have a open support case under investigation - but putting it out there for others

My AnyConnect service on my MX stopped working suddenly , after Alot of trouble shooting - it seems that the new implementation of the New MX 3 inbound FW rules block the AnyConnect clients connections..

Symptoms were the AC clients just timing out ..prior to auth

No general Log entries

i found that if i looked at the live firewall logs (under appliance status tools) then i saw the connections being denied (by rule 0)

so i added in a L3 inbound rule - Any - Any on AnyConnect Port did the trick - although im not 100% happy with this as it opens the devices to all inbound connections to the service port (seems bad)

That said surely this is something the AnyConnect Service should be doing ? and NOT a manual firewall entry ??

Anyone else seeing this ? comments ?

ww

Didnt play with it yet,

But the rule kicks in when you Are using early access "NAT Exceptions with Manual Inbound Firewall"

You could concider turning it off if you dont need it

View solution in original post

jimmyt234

What do you mean by: "the new implementation of the New MX 3 inbound FW rules" ?

Can you link the documentation describing this, please.

ww

Didnt play with it yet,

But the rule kicks in when you Are using early access "NAT Exceptions with Manual Inbound Firewall"

You could concider turning it off if you dont need it

GregGriessel

Thx WW you were 100% spot on with this - i must have enabled it and forgotten i did .. after disable and delete my Inbound FW rule - its working

for others its this "early access feature" - https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

Meraki Community

AnyConnect blocked due to "new l3 Inbound FW rules" on MX

AnyConnect blocked due to "new l3 Inbound FW rules" on MX