Meraki

SCTDD · ‎Apr 28 2025

The event log for my MX84 shows a laptop blocked from URL Content filter at 2:30 am. Cameras confirm no one was here. I checked the laptop first thing in the morning and there was no internet history.

Any ideas?

Mloraditch · ‎Apr 28 2025

Is your network set to your correct time zone? If so, what type of client tracking are you using? If you use MAC tracking and have a layer 3 switch, your client data may be incorrect. You need to use IP tracking or if your layer 3 is Meraki Unique Client Identifier.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options

If everything is set correctly for your environment, compare the mac of the client in the dashboard to the client you are checking. Client naming is not an exact science and you may not be looking at the right end device.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

SCTDD · ‎Apr 28 2025

Thank you for the great suggestions. Time zone is correct. Using Unique Client Identifier. IP address option is grayed out. The mac is the same.

More info: This is my new Director. This is his old work laptop. He still has a few days and needs to use his vpn to connect to his old workplace. They are a sister organization to us, but we do not share networks in anyway.

PhilipDAth · ‎Apr 28 2025

Lots of things access the Internet on a machine besides users.

Brash · ‎Apr 29 2025

Unless the laptop was completely shut down, it's likely this is just background network connectivity on the laptop. At a worst case it could be malware connecting to a C2 server.

If you're particularly concerned, take a look at what it was trying to access at the time.

Meraki

Community

Firewall log for MX84 Filtering ghost

Firewall log for MX84 Filtering ghost