MX64 Won't load some websites

c2bailey
Conversationalist

MX64 Won't load some websites

Hi Everyone, first time posting... 

 

I have an MX64 that won't allow users to access certain websites. Nothing is blacklisted the device has open access outbound. I have another customer with the same device using the same ISP (same DNS) and I can access all websites on their network. It doesn't make any difference if the site is HTTP or https. Any ideas?

 

I have already rolled firmware back and updated it to the latest with no change. 

It does not matter which browser is used. Tested Chrome, Edge, IE, Firefox

I took my laptop on site last night and was not able to access the sites either. So its not a PC issue.

 

Thanks for any help on this!

 

c2bailey

12 REPLIES 12
Nash
Kind of a big deal

Do you have any content filtering enabled whatsoever? If you have content filtering enabled, if you look at the event log for the security appliance, do you see content filtering hits?

 

If you see content filtering hits, what groups are they under? Are those groups things you want to continue blacklisting?

I've seen the content filter get 'indigestion' and block things it shouldn't have before, but that's usually resolved with a reboot of the MX. If you've done a firmware rollback (from what to what?), then a reboot should have taken place.

c2bailey
Conversationalist

Hi Nash, Thanks for joining the conversation. 

 

I am not using any content filtering. It is wide open for all outgoing traffic. 

 

The firmware was rolled back to 14.39 and then updated to 14.40. Having rebooted after each install.

 

 

Nash
Kind of a big deal

Okay, just recapping:

 

1. No content filtering enabled.

2. No ACL blocking those IPs.

3. nslookup/dig internally resolve to the same IPs that you see elsewhere

4. You've rebooted the device

 

Have you called support on this one yet?

c2bailey
Conversationalist

Correct, and yes I have a ticket going with support. I more or less was posting to find out if anyone had ever seen this before. Praying for a quick fix. This customer's business lives online and these sites are critical to their day to day. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Try turning off threat protection temporarily and see if that changes the issue.

This device does not have threat protection active. 

Nash
Kind of a big deal

Do you have nmap or PowerShell available on premises?

What happens if you try the appropriate ports on nmap or via powershell at test-netconnection -comp "IP address" -port 80 -info detailed?

change -port to whatever number you're using.

 

What happens with traceroute?

What kind of WAN link do they have? Does their ISP device have a firewall on it?

 

Can you access those sites if you connect a device directly to their WAN uplink, such as your laptop w/ a nice software firewall turned on?

Just some thoughts while you work with support.

c2bailey
Conversationalist

I am not familiar with the net connection command and couldn't get that to work. If I use tracert it gets out and goes 22 hops. So I know it's getting out on some level. All websites we are having trouble with are https but they can get to all other https sites just fine. 

Hi!

 

I seem to have the exact same problem. One network with the exact same settings and ISP (AT&T Cellular) as another network. On one of the networks no websites will load for any client, regardless if connected directly to a port or connected to WiFi. Seems a bit odd. Bug? 

 

I have rebooted the device. 

 

Cheers, 

Erik 

Hi again, 

 

Well after trying more or less everything we resorted to pulling the power cable on the MX64 appliance and forcing a hard reboot. It did the trick and clients were able to load website content again.

 

Best regards,

Erik

Just out of curiosity, you mentioned earlier you rebooted. I'm presuming you did this through the console  and then you did the completely hard reboot?  I'm having a similar issue after changing internet providers. 

Hi!

 

Correct, first I rebooted using the console, Meraki dashboard. But without success. After a hard reboot it started working again.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels