Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX68 Not Connecting to the Cloud

Solved
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

MX68 Not Connecting to the Cloud

Hello Guys,

I have a Sophos firewall and I want to integrate a new MX68 to work side by side with the Sophos firewall. Please how can I go about this?. Thanks guys

0 Kudos
Subscribe
1 Accepted Solution
In response to cmr
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

I think that is the issue. So what I have decided to do now is to connect the MX68 with a static IP on the Vlan20 to connect on a truck port to the cisco 2960 switch and test if it will connect to the cloud. It was successful. Now I need to connect the MX to the Sophos LAN4 Port that has the VLAN20 Configured. I hope this will allow the MX come online. If it work is means the Sophos will be the upstream to the MX.

View solution in original post

Subscribe
15 Replies 15
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

See the ports and addresses you need to allow to communicate with the cloud.

 

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

Thank you for the shared document. Please do I need to statically assign IP ON THE mx68? I tried to use the ISP IP in the Sophos firewall to test if I can connect the MX68 to the cloud but the LED blinks different colors and stabled at Orange which means the device is not connecting to the Cloud. I also tried to use DHCP but same result. Can you advise on this Please.

0 Kudos
Subscribe
In response to emmaozoms
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Please describe your current Internet setup.  Have you got a fibre circuit with a /29 block routed through an ISP router?  A PPPoE ADSL connection?

Subscribe
Brash
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Some further information would be crucial here.

What does the setup look like? Do you have a network diagram?
Do you have rules setup on the Sophos firewall to allow Meraki MX communication to the cloud? Do you see blocking in the Sophos logs?

Subscribe
In response to Brash
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

From the sophos 1/Lan port is connected to a Cisco switch on port 2, Then Lan 4 on sophos is connected to port 3 on the Cisco switch(2960) while the port 48 on the cisco switch(2960) is connected to a router F0/0 Port. So what I have done presently is to connect the Meraki MS120 to port 5 on the 2960 switch as a trunk port. So I want to setup the MX68 to this existing network. The below is a rough sketch.

emmaozoms_0-1713234854213.png

emmaozoms_1-1713235044002.png

 

 

Subscribe
DarrenOC
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Hi @emmaozoms , the question has been asked before but do you have a spare external IP?  If so you can have both firewalls running in parallel with each other.  If your WAN provider has a spare Ethernet port on their NTE you can connect the MX to that.  If not, and there’s just a single port place a switch in front of your firewalls.  This will give you the additional port capacity. Run both firewalls in parallel for a period until you’re ready to migrate everything to the MX.  If that’s the intention?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

@DarrenOC Thank you so much for your response. I don't have a spare IP from the WAN Provider. There is a spare ethernet port on the NTE. Will the Spare port on the WAN Provider NTE assign DHCP to the MX if I connect it to it? Yes, the intention is to run both firewalls in parallel for now.

0 Kudos
Subscribe
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Hi @emmaozoms , I’m afraid you’ll need an additional external IP otherwise you’re back to your previous setup where you’ll have to place the MX inline.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

ok noted. in addition, I observed that when I unplugged the cable from the WAN port of the Sophos and connect it to the Internet port of the Mx68,  the there is still no reachability to the cloud for the MX. I assigned same IP that the sophos is connected to the MX. Is there something I need to do before the MX can connect to the cloud using this scenario ? 

0 Kudos
Subscribe
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

If it’s a straight internet connection then you shouldn’t have to do anything. How long are you leaving the mx to connect? Could take a couple of minutes to reach out to the cloud, download firmware etc.

 

Is the MX new? Factory reset maybe? If all else fails….give Meraki TAC a call. 

 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

I allowed the MX to boot for long and it stopped at the orange LED. its a New MX. I have also don a fctory reset but same

0 Kudos
Subscribe
In response to emmaozoms
DarrenOC
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Hi @emmaozoms , please contact support in this instance. Could require an RMA. These devices normally just boot up and connect with no issues 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

Noted. Thank you

Subscribe
In response to emmaozoms
cmr
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It could be that your ISP needs to clear their ARP cache for your line.  It is probably remembering the MAC address of the Sophos firewall at the moment.  I'd call them and ask to do that (with the Meraki connected)

Subscribe
In response to cmr
emmaozoms
Getting noticed
2 weeks ago
2 weeks ago

I think that is the issue. So what I have decided to do now is to connect the MX68 with a static IP on the Vlan20 to connect on a truck port to the cisco 2960 switch and test if it will connect to the cloud. It was successful. Now I need to connect the MX to the Sophos LAN4 Port that has the VLAN20 Configured. I hope this will allow the MX come online. If it work is means the Sophos will be the upstream to the MX.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.