Meraki

Community

NBAR Blocking DNS for a PC

Solved
Bala1
Here to help
‎Jul 12 2023 3:00 PM
‎Jul 12 2023 3:00 PM

NBAR Blocking DNS for a PC

I see this error on MX 

Source IP: 192.168.128.55, Source Port: 43467, Destination IP: 9.9.9.10  « hide

Destination Port53
ProtocolUDP
Block TypeDNS
NBAR ID3086
Classification 
Layer 7 firewall ruleDeny

Category : NBAR

Event Type : Layer 7 rule

 

is there anyway to unblock or allow this? Blocking DNS like this is a headscratcher ? Any help would be appreciated.

Labels:
0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Jul 12 2023 3:49 PM
‎Jul 12 2023 3:49 PM

Your Layer 7 firewall rules have detected and blocked a DNS request based on NBAR ID 3086 (OpenX Advertising).

The blocking of the DNS request is part of the Meraki MX functionality.

 

NOTE: DNS traffic (TCP/UDP Port 53) may also get blocked by Layer 7 rules if it contains a query for a domain the rule in question covers.

For example, you may see a block on UDP port 53 classified as "abc.com" if the "All News" rule is configured on Dashboard, and a user device sends a DNS query for said domain. 

 

Mapping Layer 7 Firewall Rules to NBAR IDs - Cisco Meraki

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
‎Jul 12 2023 3:23 PM
‎Jul 12 2023 3:23 PM

Don't you have any layer 7 firewall rule blocking it?

 

Can you show your firewall configuration please?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Bala1
Here to help
‎Jul 12 2023 4:06 PM
‎Jul 12 2023 4:06 PM

I do. I’m blocking all Advertising and some countries. 

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Jul 12 2023 3:49 PM
‎Jul 12 2023 3:49 PM

Your Layer 7 firewall rules have detected and blocked a DNS request based on NBAR ID 3086 (OpenX Advertising).

The blocking of the DNS request is part of the Meraki MX functionality.

 

NOTE: DNS traffic (TCP/UDP Port 53) may also get blocked by Layer 7 rules if it contains a query for a domain the rule in question covers.

For example, you may see a block on UDP port 53 classified as "abc.com" if the "All News" rule is configured on Dashboard, and a user device sends a DNS query for said domain. 

 

Mapping Layer 7 Firewall Rules to NBAR IDs - Cisco Meraki

In response to Brash
Bala1
Here to help
‎Jul 12 2023 4:07 PM
‎Jul 12 2023 4:07 PM

Ah ok. This must be it. Thanks for the quick response. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.