Concerns: Content Filtering (NBAR) Events


Concerns: Content Filtering (NBAR) Events

It seems to be a trend lately since Meraki moved their Content Filtering for Layer 7 to using the Cisco Talos Backend. The amount of problems this has caused with no solutions from support is concerning.


I'm actually seeing NBAR ID 2572 getting flagged on tons of legitimate traffic when the Layer 7 Rule Blocking Advertising is not in the configuration. As a result, I have Printers that have lost connections to management software, lost access to remote control tools, and just a general lack of functionality for several users.


The ONLY solution is a restart of the firewall and this only resolves the issues temporarily. Support can't assist and basically say to wait for new firmware or try restarting again. 


At what point is Meraki going to actually try and address all these issues being reported by clients with the New Content Filtering Limitations in place? (How we still can't whitelist a Layer 7 Rule is absurd when the community has asked for years)


Obviously, this isn't a post looking for help as I have already resigned that these MX's will be replaced with a new vendor in several years. Just frustrating that it feels the community at large is ignored.

1 Reply 1
Meraki Employee
Meraki Employee



Just an FYI, that NBAR, and indeed the L7 firewall as a whole,  are not related to Content Filtering in any way, including the change from our previous content filtering provider to Talos. They are two separate features that rely on entirely different methods of identifying and blocking traffic.


Please continue to work with Support on looking into this, as we've recently made some considerable changes to NBAR as of last month's 16.16.4 patch, ones large enough that demand we take fresh data sets before we can continue to evaluate this any further.

Get notified when there are additional replies to this discussion.