MX Running Firmware MX 16.16 is Blocking Google Drive

Mike6116
Getting noticed

MX Running Firmware MX 16.16 is Blocking Google Drive

I upgraded  Some MX to the latest MX  16.16 firmware  and then they started to block  Google Drive  it seems  MX is identifying all traffic as youtube traffic

Mike6116_0-1649442625021.png

 

i have added the exception  to the whitelist url pattern  but it is not working at all

Mike6116_1-1649442674853.png

 

Seems new firmware identify  google drive as   Video & Music  wich i have all blocked  under L7 policy

Mike6116_2-1649442752274.png

 

 

18 REPLIES 18
alemabrahao
Kind of a big deal
Kind of a big deal

It's a little strange, can you try to allow this URL list?

 

https://support.google.com/a/answer/2589954?hl=en

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

Afaik the whitelist is for content filter. So you have to remove the full layer7 fw "all" group and add more specific ones.

Mike6116
Getting noticed

I can do that , but one of the issues is that I need YouTube to be blocked , so if the mx identifies all google traffic as YouTube how to block YouTube only ?

DavidLeBoeuf
Comes here often

I am seeing similar behavior. Upgraded to 16.16 on 4/4 and now I see a bunch of traffic in my logs being blocked due to the layer 7 firewall rule which is:

 

DavidLeBoeuf_1-1650466706433.png

 

I am even seeing some internal -> internal traffic being blocked by this rule.

I still have the issue,  some work warround i found was to only list Facebook, instagram and twitter, because if i list All the social web & photo sharing category  then google drive does not work...

 

Mike6116_0-1650469380379.png

 

im confused that's solve the problem or not?

Use te workaround posted above 

Mike6116
Getting noticed

Any one having this behavior with 16.16 FW,  i understand this is regarding Nbar  function as it is identifying drive as youtube as Nbar ID 82

Yep

 

similar problems here too, the categories make no sense at all

 

 

AlfredoAF
Conversationalist

Hello. Did you solve your problem?

Not yet, but i have a workarround posted above 

Use the workaround posted above , issue will be there until a new firmware is released , the L7 rules posted as workaround work fine in the meantime

Dunky
A model citizen

The entire NBAR implementation in terms of usability is a total mess.  I am being asked to look into alternate suppliers for firewalls due to this debacle.  And once we start with firewalls, that's the start of the slippery slope to leaving Meraki altogether.

If only they had thought it through and given us the ability to have L7 ALLOW rules and specify src/dst then we would live with it.

Mike6116
Getting noticed

i think they will  add the functionality to allow L7  in the very near future,  i agree  Nbar is a total mess right now,  a lot of Meraki users have been reporting all kinds of L7 blocking   

DonnieTri
Comes here often

I have MX Running on MX 17.10.2 still have these issue.

Hello, I still have exactly the same issue on MX 17.10.2 except it happens out of nowhere during the day. I have to reboot the MX and then we have access again to Google Drive - Google Classroom ... It is very frustrating.

I changed my layer 7 rules as someone mentioned here so I will know soon enough if that work around works for me. 

Besides, you will notice I have a burst of events each time the issue shows up.... 

I'll keep you updated.

 

 

Screenshot 2023-02-07 152720.png

It's look like a L7 rule configured. Have you tried removing it?

 

alemabrahao_0-1675776997131.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Hi, 
I changed my Layer 7 rules as mentioned above. I did it 5 minutes ago so, I will have to wait now to see is the issue shows its nose again 🙂
My new setup: i'm not blocking "all" social, etc anymore.
Screenshot 2023-02-07 155638.png

Is there a way to see what rule is blocking that traffic? Thanks!

The Nbar ID 2572 is related to Google Advertising though... 

I will keep you updated.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels