Forbidden 403

TLO3346
Getting noticed

Forbidden 403

Hello, 

I have a client that is using Laser app at https://www.laserapp.com/

However, when he's connected to the Meraki client VPN, it gives a 403 forbidden error intermittently.

I've checked the firewall rules, added the specific site in content filtering and checked the separate VPN firewall too.

Nothing is set to block anything but it only occurs when he's connected to the Meraki network (it doesnt have to be a VPN, he can be in the Meraki LAN and still see this).

Any insights on this matter? 

 

Thank you. 

6 REPLIES 6
Inderdeep
Kind of a big deal
Kind of a big deal

@TLO3346 : Can you show me Layer 3 and Layer 7 Firewall rules ?

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

Layer 3 is just Any Any

 

This is Layer 7

TLO3346_0-1619468266312.png

 

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @TLO3346  - did you get any further with this one?

 

A PING out to laserapp.com resolves to 18.210.183.211 so your L7 country firewall rule isn't being hit.  Neither are the remote IP ranges that i can see that you have configured.

 

What does a packet capture show when you try to reach the url?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Inderdeep
Kind of a big deal
Kind of a big deal

i saw two A records with the IP for this domain and yes i dont see any remote IP ranges configured as well with these two IP range. 

Inderdeep_0-1619529027746.png

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

Hi all,

I found out that if you try to connect to the site too many times in a certain time period, the site initiates the Forbidden.

So not Meraki's fault. Grr..

 

Thanks to everyone looking into it regardless...

Inderdeep
Kind of a big deal
Kind of a big deal

@TLO3346 : Really ? Hope you restored 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels