Is anyone else experiencing strange issues with their wifi this morning? We have been unable to get mobile devices connected to wifi this morning. Devices would receive a "Connected without internet" status.
What's bizarre, is we temporarily removed the block on Hong Kong, and now mobile devices can use wireless over our network just fine. We can (as expected without Hong Kong blocked) ping Google as well, but what in the Sam Hill does a geoblock on Hong Kong have to do with our access points being able to pass traffic to the rest of non-Google internet?
The wired network is working just fine, and our wireless devices receive DHCP from the same server that the wired clients get addresses from, so DNS should work just as well as it currently is for wired clients.
How would a geoblock on Hong Kong prevent wireless clients from accessing the Internet? Is anyone experiencing this issue?????
Google's geolocating accidentally identified Google as coming from Hong Kong. We had the same issue here. If your layer 7 rule was made at the access point level and not the security appliance level, it would only impact your wireless clients and not the wired clients.
Hey Andy, good morning - we have everything firewall-related at the MX level. I could understand the geolocation issue impacting wireless clients if they were trying to reach Google services. It doesn't make sense that they would not be able to connect to the internet as a whole while a block on Hong Kong was in place, unless the issue is specific to how it is impacting Meraki devices, including access points in particular.
I suppose if you are using Google DNS for your resolution that would kill all Internet access for you. When things were down, I was unable to ping 22.214.171.124.
We have the same issue. I allowed Hong Kong and everything came up normally. @Twitch You may have a separate WLAN firewall rule blocking layer 7 traffic that is not on your layer 7 rules on your MX.
@AndyWettersten It seems we are still having the issue and I dont feel comfortable enough to allow traffic from HK while Google fixes their problem. Thanks for the information though!
@bnorrell -Good morning. No separate layer 7 firewall rules for wireless clients. Everything firewall-related runs on the MX.
@bnorrell Initially I removed the country block (we only allow about 10 countries and block all others) entirely and things came up. Later when I found that it was Hong Kong, I allowed traffic to it and loaded our regular countries back and things continued to load correctly. I figured the risk off allowing one more country was a more acceptable risk than allowing them all.
Would be nice if there was an event log for geoblocked events or to have a lookup tool, similar to what they have for content filtering.
If you don't mind me asking, where did you see the report that Google is reporting their services are coming from Hong Kong? I cant seem to find that status page anywhere.
"Please be aware that there seems to be an issue with the geolocalization of the Google.com IP address and it is now showing as moved to Hong Kong"
This had me going crazy all morning! I'm in a school where we are exclusively Google Workspace. Same issue- WiFi down, No google Services until the Hong Kong rule was deleted. The only thing I can think of for the AP's was using Google DNS? Even though it's not my primary DNS? Unsure how the HK rule impacted AP's
I do! Here's what's even more peculiar. The WiFi status on laptops, etc. Would have the standard, connected, no internet message, but...if you actually open a browser and type in any url that wasn't Google related, you could reach it. Mobile phones would also have the connected, no internet but would only connect to the cellular network.
I'm really unsure.
@Paul421- that's the exact issue we have been having as well. Our wireless clients get the same DHCP as the wired clients - same DNS as well - but the wireless mobile devices could not connect to wifi and reach the internet. Only mobile devices, though, which is even stranger. I could connect to wifi on my laptop and it worked okay. My cell phone, however, and other user's phones, and iPads - no joy. Connected without internet.
@Twitch It was really bizarre! Eventually I would like Hong Kong back as a rule, bit we really depend on Google to function. Fingers crossed for now nothing malicious from HK comes out way!
This was a problem for a couple of our customers with MX's. So not just an AP issue.
Boy wouldn't be nice if the country blocks would actually be logged. Novel idea, I know....