Both MX hub sites trying to talk on UDP 4314 & 4191 - Can't work out why
We have two of our SD-WAN Hub MX's VRRP IPs trying to establish comms to a public IP owned by Vodafone in New Zealand. We do have some sites using Vodafone NZ internet links but I've checked all our spoke public IPs and don't get a match.
Nothing in the Merkai doco to suggesting 4314 & 4191 might be used for in normal operations.
The source IPs are the VRRP addresses of both MX HA pairs.
Meraki Auto VPN uses random UDP ports for connectivity between sites, it could be that Auto VPN trying to establish connectivity. However, Auto VPN should only try connecting to other MX/Z devices in your organisation. The ports and IP addresses are all contained within the VPN registry, but you’ll need to log a support case to have them look at that for you.
Is it possible it’s just an internal application being NATed out as it’s meant to? You would need to capture Syslog of the flows through the MX and see if you can find the relevant flow.