Meraki

Community

MX68 Not Connecting to the Cloud

Solved
emmaozoms
Getting noticed
‎Apr 15 2024 12:59 PM
‎Apr 15 2024 12:59 PM

MX68 Not Connecting to the Cloud

Hello Guys,

I have a Sophos firewall and I want to integrate a new MX68 to work side by side with the Sophos firewall. Please how can I go about this?. Thanks guys

0 Kudos
1 Accepted Solution
In response to cmr
emmaozoms
Getting noticed
‎Apr 16 2024 5:25 AM
‎Apr 16 2024 5:25 AM

I think that is the issue. So what I have decided to do now is to connect the MX68 with a static IP on the Vlan20 to connect on a truck port to the cisco 2960 switch and test if it will connect to the cloud. It was successful. Now I need to connect the MX to the Sophos LAN4 Port that has the VLAN20 Configured. I hope this will allow the MX come online. If it work is means the Sophos will be the upstream to the MX.

View solution in original post

15 Replies 15
alemabrahao
Kind of a big deal
‎Apr 15 2024 1:01 PM
‎Apr 15 2024 1:01 PM

See the ports and addresses you need to allow to communicate with the cloud.

 

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
emmaozoms
Getting noticed
‎Apr 15 2024 1:46 PM
‎Apr 15 2024 1:46 PM

Thank you for the shared document. Please do I need to statically assign IP ON THE mx68? I tried to use the ISP IP in the Sophos firewall to test if I can connect the MX68 to the cloud but the LED blinks different colors and stabled at Orange which means the device is not connecting to the Cloud. I also tried to use DHCP but same result. Can you advise on this Please.

0 Kudos
In response to emmaozoms
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 15 2024 1:53 PM
‎Apr 15 2024 1:53 PM

Please describe your current Internet setup.  Have you got a fibre circuit with a /29 block routed through an ISP router?  A PPPoE ADSL connection?

Brash
Kind of a big deal
Kind of a big deal
‎Apr 15 2024 4:44 PM
‎Apr 15 2024 4:44 PM

Some further information would be crucial here.

What does the setup look like? Do you have a network diagram?
Do you have rules setup on the Sophos firewall to allow Meraki MX communication to the cloud? Do you see blocking in the Sophos logs?

In response to Brash
emmaozoms
Getting noticed
‎Apr 15 2024 7:37 PM
‎Apr 15 2024 7:37 PM

From the sophos 1/Lan port is connected to a Cisco switch on port 2, Then Lan 4 on sophos is connected to port 3 on the Cisco switch(2960) while the port 48 on the cisco switch(2960) is connected to a router F0/0 Port. So what I have done presently is to connect the Meraki MS120 to port 5 on the 2960 switch as a trunk port. So I want to setup the MX68 to this existing network. The below is a rough sketch.

emmaozoms_0-1713234854213.png

emmaozoms_1-1713235044002.png

 

 

DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 15 2024 11:05 PM
‎Apr 15 2024 11:05 PM

Hi @emmaozoms , the question has been asked before but do you have a spare external IP?  If so you can have both firewalls running in parallel with each other.  If your WAN provider has a spare Ethernet port on their NTE you can connect the MX to that.  If not, and there’s just a single port place a switch in front of your firewalls.  This will give you the additional port capacity. Run both firewalls in parallel for a period until you’re ready to migrate everything to the MX.  If that’s the intention?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
emmaozoms
Getting noticed
‎Apr 15 2024 11:24 PM
‎Apr 15 2024 11:24 PM

@DarrenOC Thank you so much for your response. I don't have a spare IP from the WAN Provider. There is a spare ethernet port on the NTE. Will the Spare port on the WAN Provider NTE assign DHCP to the MX if I connect it to it? Yes, the intention is to run both firewalls in parallel for now.

0 Kudos
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 15 2024 11:30 PM
‎Apr 15 2024 11:30 PM

Hi @emmaozoms , I’m afraid you’ll need an additional external IP otherwise you’re back to your previous setup where you’ll have to place the MX inline.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
emmaozoms
Getting noticed
‎Apr 15 2024 11:42 PM
‎Apr 15 2024 11:42 PM

ok noted. in addition, I observed that when I unplugged the cable from the WAN port of the Sophos and connect it to the Internet port of the Mx68,  the there is still no reachability to the cloud for the MX. I assigned same IP that the sophos is connected to the MX. Is there something I need to do before the MX can connect to the cloud using this scenario ? 

0 Kudos
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 15 2024 11:49 PM
‎Apr 15 2024 11:49 PM

If it’s a straight internet connection then you shouldn’t have to do anything. How long are you leaving the mx to connect? Could take a couple of minutes to reach out to the cloud, download firmware etc.

 

Is the MX new? Factory reset maybe? If all else fails….give Meraki TAC a call. 

 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
emmaozoms
Getting noticed
‎Apr 16 2024 1:22 AM
‎Apr 16 2024 1:22 AM

I allowed the MX to boot for long and it stopped at the orange LED. its a New MX. I have also don a fctory reset but same

0 Kudos
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 16 2024 1:59 AM
‎Apr 16 2024 1:59 AM

Hi @emmaozoms , please contact support in this instance. Could require an RMA. These devices normally just boot up and connect with no issues 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
emmaozoms
Getting noticed
‎Apr 16 2024 2:26 AM
‎Apr 16 2024 2:26 AM

Noted. Thank you

In response to emmaozoms
cmr
Kind of a big deal
Kind of a big deal
‎Apr 16 2024 4:36 AM
‎Apr 16 2024 4:36 AM

It could be that your ISP needs to clear their ARP cache for your line.  It is probably remembering the MAC address of the Sophos firewall at the moment.  I'd call them and ask to do that (with the Meraki connected)

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
emmaozoms
Getting noticed
‎Apr 16 2024 5:25 AM
‎Apr 16 2024 5:25 AM

I think that is the issue. So what I have decided to do now is to connect the MX68 with a static IP on the Vlan20 to connect on a truck port to the cisco 2960 switch and test if it will connect to the cloud. It was successful. Now I need to connect the MX to the Sophos LAN4 Port that has the VLAN20 Configured. I hope this will allow the MX come online. If it work is means the Sophos will be the upstream to the MX.

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.