Meraki

RaphaelL

Hi ,

I have read the document : https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Next-gen_Traffic_Anal...

My networks and templates are set to : Network-wide > Configure > General > Traffic analysis and set "Traffic analysis" to "Detailed: collect destination hostnames."

However when I try to create a shaping rule , I still get the default choice reported by TA :

It looks like NBAR is not enabled or leveraged by my shaping rule.

I'm running the latest MX version.

ww

The picture is not for the traffic shaping section

RaphaelL

indeed but same menu / result :

ww

That is strange. It should be working for traffic shaping rules.

For vpn traffic-policies its still not available afaik

RaphaelL

Oh really !? Bummer..

Also the menu/output is present for my L7 firewall rules which kinda suggest that NBAR is not enabled/running.

I'm running MX 19.1.7.1 , MS 17.1.4 and MR30.7 which is pretty much the latest version in every category. Might open a ticket on that one.

ww

Maybe somehow related to an old network using the same template?

RaphaelL

That's what I thought at first. I created a brand-new template + network for the purpose of testing this.

So there is only 1 network bound , still can't get it to work. Maybe I have some shaddy backend option preventing me from doing this. At this point I don't know 😥

PhilipDAth

It's not one of those features that don't work in templates is it?

RaphaelL

I hope not... 😓

tnco

Hi @RaphaelL

The documentation states that there are limitations when using configuration templates. Are the same things observed outside of template networks?

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Next-gen_Traffic_Anal...

RaphaelL

Templates, and networks bound to them, will have rulesets that are significantly more limited in terms of the classifications performed via NBAR. Due to technical limitations, the expanded NBAR rule set is not currently supported. Supported hardware and firmware versions are still required for this functionality.

Ahhhhh the MX. Love it.

*sarcasm*

NBAR works just fine in a template with SD-Internet policies , but doesn't work with anything else ☠️

jimmyt234

Another reason we stopped using templates 🙂

TyShawn

How many sites do you run?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

jimmyt234

We manage customers that range anywhere from 1 site to 100+ sites!

TyShawn

I’m assuming you’re using APIs then…?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

RaphaelL

We have 1700 networks. Half of them are using templates for "simplicity". We are mostly using the API also.

TyShawn

@RaphaelL @I’m mostly on templates as well.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

NBAR - Shaping rules

NBAR - Shaping rules