MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

IT_Tropolis
Here to help

MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

Hi:

 

I have numerous users working remotely on MacOS devices connecting to a web site hosted behind an MX84.  I've configured the MX84 with a 1:1 NAT rule allowing their public IP.  It's been working with months without an issues. As of yesterday, they can no longer connect, i.e. https://MyWebsiteBehindMX84.com returns error page: Server is unavailable now. Please try again later or contact your administrator.  Their public IP has not changed and we verified another non-MacOS device on their LAN can connect.

 

I'm thinking a MacOS update may have caused this issue, perhaps something to do with IPv6?  Any insights are greatly appreciated!

 

Thank you,
Bob H.

2 REPLIES 2
PhilipDAth
Kind of a big deal

Re: MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

I would check the security centre to make sure not IPS or AMP events have fired.

 

You'll need to check one of the machines to see if they have had any recent updates.  Perhaps they now require stronger crypto and it is a TLS protected site.

 

Can the machines "ping" the web site being accessed, and does ping return an IPv4 address?

cmr
Kind of a big deal
Kind of a big deal

Re: MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

If it is https, I'd check the certificate, apple have been looking at not allowing certificates over 13 months old, not sure if this has taken place yet?

 

Edit, I think this is due in September...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.