I wanted to share some information regarding an issue I have been dealing with the past few weeks regarding our pair of Meraki MX450 security appliances as I haven’t seen any other posts related to this issue. While my intent is mostly informative, I do welcome feedback and suggestions from the community if anyone has any. I am actively working on this case with Meraki Technical Support.
We began seeing problems on or around 3/21/2024. On that day, users in our call center reported problems accessing our on-premises phone system and other tools necessary to support our customers. After our initial investigation, we determined that the issue might be with our MX450, so we rebooted the pair of appliances, and the issue seemed resolved, at least until the next day. It’s as if the MX450’s stop passing traffic between VLANs/networks.
After running into this issue for multiple days in a row, I opened a ticket with Meraki Support to begin investigating what was going on. During the investigation, we found that instead of rebooting the MX450 appliances, simply making a change to a firewall rule is enough to clear the issue for a period of time (less than 24 hours typically). Either adding, removing, or modifying a rule seems to clear the symptoms. I now have a “dummy” rule that I modify every night and every morning, and that keeps things moving along. If I don’t do this, then we will have problems.
Meraki is aware of this issue and has indicated that it is impacting multiple organizations. They tried applying a “workaround” to SNORT IDS/IPS on our MX450, but that didn’t seem to help and currently don’t have an ETA as to when this might be resolved.
Here are a few facts regarding our network:
- Most network VLAN interfaces have been created in the MX450 due to the need for network segmentation, though some reside on our core network Meraki switches.
- Networks where their VLAN interface was created on the core switches don’t experience this issue unless they are communicating with a network/VLAN where the interface was created on the MX450.
- Our MX450 appliances see high utilization on a daily basis (they have for over a year), and I am continuing to discuss this with Meraki.
That’s a fairly high-level look at our issue, wasn’t sure if there are others out there who have seen this.