MX Running Firmware MX 16.16 is Blocking Google Drive

Mike6116
Getting noticed

MX Running Firmware MX 16.16 is Blocking Google Drive

I upgraded  Some MX to the latest MX  16.16 firmware  and then they started to block  Google Drive  it seems  MX is identifying all traffic as youtube traffic

Mike6116_0-1649442625021.png

 

i have added the exception  to the whitelist url pattern  but it is not working at all

Mike6116_1-1649442674853.png

 

Seems new firmware identify  google drive as   Video & Music  wich i have all blocked  under L7 policy

Mike6116_2-1649442752274.png

 

 

15 REPLIES 15
alemabrahao
Kind of a big deal

It's a little strange, can you try to allow this URL list?

 

https://support.google.com/a/answer/2589954?hl=en

ww
Kind of a big deal
Kind of a big deal

Afaik the whitelist is for content filter. So you have to remove the full layer7 fw "all" group and add more specific ones.

Mike6116
Getting noticed

I can do that , but one of the issues is that I need YouTube to be blocked , so if the mx identifies all google traffic as YouTube how to block YouTube only ?

DavidLeBoeuf
Comes here often

I am seeing similar behavior. Upgraded to 16.16 on 4/4 and now I see a bunch of traffic in my logs being blocked due to the layer 7 firewall rule which is:

 

DavidLeBoeuf_1-1650466706433.png

 

I am even seeing some internal -> internal traffic being blocked by this rule.

I still have the issue,  some work warround i found was to only list Facebook, instagram and twitter, because if i list All the social web & photo sharing category  then google drive does not work...

 

Mike6116_0-1650469380379.png

 

im confused that's solve the problem or not?

Use te workaround posted above 

Mike6116
Getting noticed

Any one having this behavior with 16.16 FW,  i understand this is regarding Nbar  function as it is identifying drive as youtube as Nbar ID 82

Yep

 

similar problems here too, the categories make no sense at all

 

 

AlfredoAF
Conversationalist

Hello. Did you solve your problem?

Not yet, but i have a workarround posted above 

Use the workaround posted above , issue will be there until a new firmware is released , the L7 rules posted as workaround work fine in the meantime

Dunky
Building a reputation

The entire NBAR implementation in terms of usability is a total mess.  I am being asked to look into alternate suppliers for firewalls due to this debacle.  And once we start with firewalls, that's the start of the slippery slope to leaving Meraki altogether.

If only they had thought it through and given us the ability to have L7 ALLOW rules and specify src/dst then we would live with it.

Mike6116
Getting noticed

i think they will  add the functionality to allow L7  in the very near future,  i agree  Nbar is a total mess right now,  a lot of Meraki users have been reporting all kinds of L7 blocking   

DonnieTri
Just browsing

I have MX Running on MX 17.10.2 still have these issue.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels