Forbidden 403

TLO3346
Here to help

Forbidden 403

Hello, 

I have a client that is using Laser app at https://www.laserapp.com/

However, when he's connected to the Meraki client VPN, it gives a 403 forbidden error intermittently.

I've checked the firewall rules, added the specific site in content filtering and checked the separate VPN firewall too.

Nothing is set to block anything but it only occurs when he's connected to the Meraki network (it doesnt have to be a VPN, he can be in the Meraki LAN and still see this).

Any insights on this matter? 

 

Thank you. 

6 REPLIES 6
Inderdeep
Head in the Cloud

Re: Forbidden 403

@TLO3346 : Can you show me Layer 3 and Layer 7 Firewall rules ?

Regards
Inderdeep Singh
www.thenetworkdna.com
TLO3346
Here to help

Re: Forbidden 403

Layer 3 is just Any Any

 

This is Layer 7

TLO3346_0-1619468266312.png

 

UCcert
Kind of a big deal

Re: Forbidden 403

Hi @TLO3346  - did you get any further with this one?

 

A PING out to laserapp.com resolves to 18.210.183.211 so your L7 country firewall rule isn't being hit.  Neither are the remote IP ranges that i can see that you have configured.

 

What does a packet capture show when you try to reach the url?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Inderdeep
Head in the Cloud

Re: Forbidden 403

i saw two A records with the IP for this domain and yes i dont see any remote IP ranges configured as well with these two IP range. 

Inderdeep_0-1619529027746.png

 

Regards
Inderdeep Singh
www.thenetworkdna.com
TLO3346
Here to help

Re: Forbidden 403

Hi all,

I found out that if you try to connect to the site too many times in a certain time period, the site initiates the Forbidden.

So not Meraki's fault. Grr..

 

Thanks to everyone looking into it regardless...

Inderdeep
Head in the Cloud

Re: Forbidden 403

@TLO3346 : Really ? Hope you restored 

Regards
Inderdeep Singh
www.thenetworkdna.com
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.