Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX 67 WAN Appliance Services

Solved
360IT
Here to help
6 hours ago
6 hours ago

MX 67 WAN Appliance Services

Hello, 

Question about the WAN appliance services on MX devices. I have an MX 67 that is answering login requests on the WAN port. As far as I can tell the MX is configured to not answer those requests, however port 443 is publicly open to connection requests. 

The WAN appliance services config is below. I see no firewall rules allowing the connection either, so I am a little puzzled. Obviously I don't want the MX advertising port 443 and am hoping someone in the community can shed some light on this one. 

 

Thanks in advance! 🙂

 

360IT_0-1721061520094.png

 

0 Kudos
Subscribe
1 Accepted Solution
In response to 360IT
RaphaelL
Kind of a big deal
Kind of a big deal
5 hours ago
5 hours ago

That's because you have either a legacy backend option enabled by Support OR the Early Access feature enabled ( they are the same 😞 

NAT Exceptions with Manual Inbound Firewall

 

https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

View solution in original post

Subscribe
7 Replies 7
KarstenI
Kind of a big deal
Kind of a big deal
6 hours ago
6 hours ago

What kind of login requests are you talking about? 

0 Kudos
Subscribe
360IT
Here to help
6 hours ago
6 hours ago

Entering the WAN IP in a browser results in the appliance details page and a login prompt when clicking on the configure button. Exactly the same as you would expect when connecting to the MX via IP on the locally connected network.  

The MX config page is accessible via the WAN port, which I do not want. 

0 Kudos
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
6 hours ago
6 hours ago

You probably have the remote local status page enabled : 

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

 

RaphaelL_0-1721064783738.png

 

I never enable that page. Filled with security issues and CVEs. Only enabling it if I don't have any other options.

0 Kudos
Subscribe
360IT
Here to help
6 hours ago
6 hours ago

Interesting in that I don't see a Remote device status page option. 

 

360IT_0-1721065016427.png

 

0 Kudos
Subscribe
In response to 360IT
RaphaelL
Kind of a big deal
Kind of a big deal
5 hours ago
5 hours ago

That's because you have either a legacy backend option enabled by Support OR the Early Access feature enabled ( they are the same 😞 

NAT Exceptions with Manual Inbound Firewall

 

https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

Subscribe
In response to RaphaelL
RaphaelL
Kind of a big deal
Kind of a big deal
5 hours ago
5 hours ago

I just checked on of my network that has the legacy NAT Exception option and the Remote status page option is visible. I don't know why it is not showing in your case.

 

Edit : Enable or disable access to wireless et switch device status pages at http://[device's LAN IP].

 

Forget the "Remote device status pages".  Just try to disable the local status page and check if you still have the page accessible.

0 Kudos
Subscribe
360IT
Here to help
5 hours ago
5 hours ago

The NAT Exceptions with Manual Inbound Firewall opt in is disabled. I'll call support to find out about the legacy backend option.

Thanks very much for your quick responses!! 🙂

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.