Meraki

Community

DNS Traffic Blocked as XBOX live gaming service by Layer7 firewall rule (MX64)

Solved
NickKova
Getting noticed
‎Dec 4 2023 7:00 AM
‎Dec 4 2023 7:00 AM

DNS Traffic Blocked as XBOX live gaming service by Layer7 firewall rule (MX64)

Hello everyone,

 

Hope I can get some help on this.

We have domain controller acting as DNS server behind MX64 appliance. There are only 2 Layer7 firewall rules, denying All Gaming and P2P traffic. 

Recently we have been having issues with some users getting intermittent network issues when connecting remotely through RDP sessions. 

Upon checking firewall logs, we found out that DNS server is being blocked on different ports (like 65037, 

65260, 64395) ports  corresponding to PID process ID with the number 2360, which is a DNS service dns.exe from the Windows server. 

I was thinking of creating a group policy on Meraki and applying to the server as a client. 

Can someone provide any information on how to properly set this group policy, any thoughts?                                     Any help is greatly appreciated.

 

1.png22.png

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Dec 4 2023 11:46 AM
‎Dec 4 2023 11:46 AM

The L7 firewall rule blocking of DNS traffic is expected. Part of the NBAR functionality is that it will block DNS queries for domains which match the rule.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Mapping_Layer_7_Firew...

 

As for your RDP issues, are you sure that they correlate with the events in the event log? DNS queries for RDP should just be the hostname of what you're connecting to.

 

As for your question about group policies, you can create one under clients-> group policies. In the policy you can configure overrides and additional settings.

There are many different places it can be applied, but for testing purposes you can simply find the client on the clients page and manually apply it there 

View solution in original post

2 Replies 2
Brash
Kind of a big deal
Kind of a big deal
‎Dec 4 2023 11:46 AM
‎Dec 4 2023 11:46 AM

The L7 firewall rule blocking of DNS traffic is expected. Part of the NBAR functionality is that it will block DNS queries for domains which match the rule.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Mapping_Layer_7_Firew...

 

As for your RDP issues, are you sure that they correlate with the events in the event log? DNS queries for RDP should just be the hostname of what you're connecting to.

 

As for your question about group policies, you can create one under clients-> group policies. In the policy you can configure overrides and additional settings.

There are many different places it can be applied, but for testing purposes you can simply find the client on the clients page and manually apply it there 

In response to Brash
NickKova
Getting noticed
‎Dec 4 2023 12:52 PM
‎Dec 4 2023 12:52 PM

Hello,

 

Thank you very much for your time and response.

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.