Over the last few months, we've had instances where the MX would categorize our switch's statically set DNS IP addresses (they're set to use Cisco Umbrella) as BitTorrent traffic, and would block it due to our layer7 firewall rules which block BitTorrent.
To be more specific, our Meraki switches are statically set to Cisco Umbrella IP addresses, so once they get categorized and blocked, our entire office goes down. I confirmed this through the event log. MX appliance is using 16.16 firmware.
Request for reclassification:
https://www.brightcloud.com/tools/change-request.php
Thats for content filtering. L7 firewall uses nbar.
Yes I know, but It's just a test, because It does not make any sense. I use Umbrella too, and It has been working well. He can try to put the switches on the allow list.
What's even weirder is I have other networks with MX 16.16 using Cisco Umbrella as DNS and they weren't affected
There are some nbar fixes in 16.16.4. Are you running 16.16 or 16.16.6?
The network should keep working even if the management tunnel is down
Running 16.16. Entire network went down. My assumption was that data plane would still function, but that was not the case. Switches all had "Bad DNS" errors.
I would try 16.16.6 or contact support to check if the nbar update in 16.16.4+ has a fix for this
Owch thats not a good problem to have, odd its taking everything offline though you should only lose management access with your dashboard reporting an issue with the device.
The other option would be do you need to use Umbrella with your switches or could you use something else like Google. I know that doesn't resolve why thats happening but at least its a work around.