MX Blocking services

AnthonyMaddick
Here to help

MX Blocking services

Hi All, 

This is a bit odd and we have been going in circles. 

 

We are an Apple service center. When we run Apple service diags through the MX it blocks it. We have tried to open the firewall but have spent a lot of time and still cannot get to work. 

We have a permanent server on-prem and then the client machines come and go (customers machines) 

 

Can we allocate a port (lan4) on the MX68 to be fully open? and then we run the server and client through port 4 to avoid data being blocked?

Regards

Anthony

6 REPLIES 6
rymiles
Meraki Employee

Does the event log or Security Center show anything? Maybe IDS/IPS or AMP are catching something and blocking it? Or, even content filtering?

 

The server and clients are all behind/on the inside of the MX?

I cannot see anything being blocked, I will double check as there are a few events. 

The server and client are behind the MX 

PhilipDAth
Kind of a big deal

If you can't apply a group policy to a VLAN.  In the group policy have it allow everything.

I am really having trouble figuring out what event could be causing the block in the events log. There are 80 events for the server so I assume one is the culprit 

Screen Shot 2021-10-25 at 9.09.50 am.png

Si i have been reading the Apple resources. 

This is the part that is going wrong. 

 

  1. For OS-based diagnostics: The UUT searches for and NetBoots to the OS test agent image from any available local NetBoot server. The UUT will send a BOOTP/NBSearch broadcast over its LAN to reach any available NetBoot server. The first NetBoot server on the LAN to hear that request will respond. The NetBoot server will send the OS test agent image file via TFTP and NFS over NetBoot. The UUT will restart and NetBoot into the OS test agent to run the AST 2 OS diagnostic.

How would i see if something is being block during this process?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels