Can anyone tell me why this URL is blocked on our MX84?

SOLVED
Jaestes_COS
Conversationalist

Can anyone tell me why this URL is blocked on our MX84?

1 ACCEPTED SOLUTION
Jaestes_COS
Conversationalist

Huzzahs are in order! My coworker took a look at the conversation we were all having and spotted the trail to the solution. I had been lost in the Content Filtering and hadn't fully realized there was a second blocking point in the Firewall section. He noticed we were blocking All Web File Sharing and he switched it to Binary over HTTP. 

Jaestes_COS_0-1649435960089.png

I hope this helps someone in the future! Thank you guys for all your help!

View solution in original post

13 REPLIES 13
BrandonS
Kind of a big deal

Do you have access to and did you check your logs and content filter settings?

 

I see this:

 

Screen Shot 2022-04-05 at 3.57.22 PM.png

Jaestes_COS
Conversationalist

The logs show nothing to do with the content filter, unless I am looking in the wrong place. While Content filtering categories and web search filtering is enabled, This doesn't seem to be what is catching here.

Jaestes_COS
Conversationalist

update: after combing through the help documentation, I was able to find the content filter log. The log shows no indication of anything being blocked for that IP or URL. I also checked the url against BrightCloud's URL & IP Lookup, and it says the site is trustworthy. I'm stumped.

 

BrandonS
Kind of a big deal

What firmware version are you running and what categories are you blocking? Version 16 doesn’t use Brightcloud anymore in favor of Talos. 

and what about security center do you have advanced license and maybe it is blocked there?

Talos also shows the URL as Neutral.
Firmware: MX 16.16 (Up to Date)
Categories:

Jaestes_COS_0-1649204344332.png

 

ww
Kind of a big deal
Kind of a big deal

16.x still use brightcloud

BHC_RESORTS
Head in the Cloud

Nbar is wildly inaccurate right now. It likes to classify everything as peer to peer, including dns. That was a fun one. We've had to disable l7 and content filtering rules for peer to peer which seems to fix it for now.

BHC Resorts IT Department

Why would Nbar be the blocking culprit? I wouldn't expect a PDF to be a bandwidth hog. Unless, it's the site itself, but even then, all other checks show nothing wrong with the site.

No idea - but the NBAR system is very wonky right now. Someone mentioned early 16x still uses Brightcloud, but we have systems still in the 16x train that are getting NBAR logs.

BHC Resorts IT Department
Ryan_Miles
Meraki Employee

Can you access the root domain of that site? I can hit that and the long link pdf from your screenshot. 

OVERKILL
Building a reputation

Yup, same here. I also used nslookup to run it against OpenDNS and it didn't block it either (I use CIRA on my home network). 

Actually yes, I can get to that site using the root domain! That's so bizarre. It solves the initial problem one of my clients had about not being able to download that PDF, but doesn't tell me why it's being blocked still. 

Jaestes_COS
Conversationalist

Huzzahs are in order! My coworker took a look at the conversation we were all having and spotted the trail to the solution. I had been lost in the Content Filtering and hadn't fully realized there was a second blocking point in the Firewall section. He noticed we were blocking All Web File Sharing and he switched it to Binary over HTTP. 

Jaestes_COS_0-1649435960089.png

I hope this helps someone in the future! Thank you guys for all your help!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels