Meraki

Community

MX layer 7 country (Russia) traffic block vs. MS Office 365 not working

NGOrfomPL
Conversationalist
‎Sep 1 2021 5:34 AM
‎Sep 1 2021 5:34 AM

MX layer 7 country (Russia) traffic block vs. MS Office 365 not working

Hi, I wonder anyone else got this problem: for several months we got layer 7 traffic blocked from China, Russia and Andorra - destinations from we got most attacks registered.

For about 2 weeks our MS Office 365 applications started not to respond, hang, not refresh. MS Support engineers cannot recognize the problem. I can see all web applications wait endlessly for java scripts from modernb.akamai.odsp.cdn.office.net

Tracert seems to work fine as I can check only heartbeat responses from web servers but cannot check what does not  work deeper.

So, I removed first China then Andorra from the filtering. No change. I removed Russia and.. voila!

Is anybody able to explain how is it possible the MS cloud started to work only with Russia located switches? Is our data from UE passed by MS to Russia and back???

How do you propose to bypass the Russian network still blocking traffic to and from this destination within layer 7? 

Thanks in advance for any suggestions.

Michal.

0 Kudos
5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal
‎Sep 1 2021 6:43 AM
‎Sep 1 2021 6:43 AM

Hi @NGOrfomPL , this could be down to the host IP that you’re communicating with being incorrectly labelled as located within Russia.

 

What IP address is being flagged?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
NGOrfomPL
Conversationalist
‎Sep 1 2021 10:18 AM
‎Sep 1 2021 10:18 AM

thanks for the quick response.

It all hangs at modernb.akamai.odsp.cdn.office.net hosts. Then, after several minutes the transfer looks to be switched to modernb.verizon.odsp.cdn.office.net, and the pages load. We have also problems with OneDrive and Teams in browsers - they do not load or load very slow, apps look to work fine although emoticons are not displayed correctly in the Teams app.

 

Any suggestions taking these into consideration?

 

Thanks in advance,

Michal.

0 Kudos
In response to NGOrfomPL
DarrenOC
Kind of a big deal
Kind of a big deal
‎Sep 1 2021 10:36 AM
‎Sep 1 2021 10:36 AM

Interesting - just ran both hostnames through Cisco Talos to check their reputation and they both are based in the US.  So not sure why they're being flagged as Russian based.

 

Worth running a packet capture on the MX to see whats happening?  Once with the rule applied and then again with it removed to compare?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
NGOrfomPL
Conversationalist
‎Sep 3 2021 1:47 PM
‎Sep 3 2021 1:47 PM

Well, looks like the root hosts are US based unfortunately the work mules are Russia located, indeed 😞

Then layer 7 filtering works fine with MX, and it is Microsoft who should be unrest, I hope.

I sent them this picture and waiting for their response. I will publish it here. Thanks.

 

MS servers in Russia.png

In response to NGOrfomPL
DarrenOC
Kind of a big deal
Kind of a big deal
‎Sep 3 2021 2:14 PM
‎Sep 3 2021 2:14 PM

Crikey. Well done for pursuing.

 

Interested to see how this progresses 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.