cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Layer 7 Countries "not to/from"

Highlighted
Just browsing

Layer 7 Countries "not to/from"

First post here, so be kind!

 

I have a customer with MX64 with a local las vegas business internet provider (cable). When trying to use a simple (built-in) Layer 7 Countries blocking rule "not to/from" for China, Russia, Indonesia (largest IP pool of mail server attackers so far for them) they lose internet connectivity. They have an advanced license. 

 

This is not without precedent, trying it on my own MX64 for just china, my kids lose their xbox connections at the house, to just name one instance. When i first got my MX64 i dropped every country except Canada, and US into the same Layer 7 firewall rule and my internet was unusable. Anyone out there have some advice on this, the layer 7 country blocking was my favorite feature of the MX series that spurred me to buy it in the first place.

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Layer 7 Countries "not to/from"

Are you running a recent firmware like 13.28?

Highlighted
Just browsing

Re: Layer 7 Countries "not to/from"

14.17, been on the beta train for a little while, hoping it would improve things.

Highlighted
Meraki Alumni (Retired)

Re: Layer 7 Countries "not to/from"

@ortem4435When you say lose internet connectivity, do you lack certain services or everything goes down?

Highlighted
Just browsing

Re: Layer 7 Countries "not to/from"

For the customer premise I mentioned, they called me right away after I set the 3 countries “not to/from” rule in layer 7, and told me that they have no internet access. Normally I would have taken the time to troubleshoot what was and wasn’t working- but this was a production environment that cannot be without internet access. I have multiple servers on the inside of their network with backup remote access “Teamviwer” installations tied to my teamviewer account. When the customer called me, I looked at my teamviewer status and all their connected teamviewer computers showed offline. I immediately removed the rule from the Meraki dashboard and they regained internet access within 30-45 seconds.

Highlighted
Meraki Alumni (Retired)

Re: Layer 7 Countries "not to/from"

Can you PM me the serial number to this? This sounds very odd and I checked with our support and there isn't anything widespread. We would like to take a closer look to see if there is anything obvious in the logs.

Just browsing

Re: Layer 7 Countries "not to/from"

yes- on the way

Highlighted
Building a reputation

Re: Layer 7 Countries "not to/from"

If you block Germany, teamviewer will stop working. At least that was my experience from about a year ago.

Highlighted
New here

Re: Layer 7 Countries "not to/from"

I had the same problem. Had to add more countries. I can't remember which, but I think it was netherlands. Teamviewer is working for me and I have the following countries: Canada, France, Germany, Ireland, Japan, Netherlands, United Kingdom, United States.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.