a lot of event are block, how can i allow and what is ID 2836 ( blocking access to internal gitlab !!!)
I have to suppress all L7 rules to things work again !!!
Strangely enough, I'm unable to find NBAR ID 2836 within the Protocol Pack docs. Not sure if this one is Meraki customized.
yes i didn't find it too, it's block some internal site like gitlab, jenkins but not for everybody but always on high port > 50000 !!
Guess your best option here is to give Meraki support a call.
thanks i do this
all my internal site are seen as "Miscellaneous video". perhaps the problem is here ( and i block video site )
If you have a case number to provide, I would like to do some internal following-up on this if possible
Thank you - I will be doing some internal following-up to see if we need to file a bug report about this, because I'm not sure where that errant NBAR classifier is coming from if it's not defined under the previously referenced protocol pack documentation.
For context, we use Cisco protocol packs, so no customized IDs
Exactly, but Meraki uses a bit more than what is shown in the Protocol packs. 😉
Meraki support provide me the link for official documentation of NBAR !! 👍
but i just need an explanation of why my internal site are classified "Miscellaneous video" nbar 2836 or to change this classification.
today all request to https site are classified "Encrypted TCP (SSL)" !!! ( L7 rules : i will be back )
We have this issue as well, was blocking RDP traffic and DNS traffic. It flagged it as random things, like P2P. We had to disable most L7 rules for it to go away. Support recommended we upgrade to the latest firmware, but it had no notes about NBAR so we declined.
i have false p2p too ( so i disable L7 p2p ), but lot of nbarid 121 "Binary over HTTP" block and no ways to disable this one.
I would also like to recommend that Meraki add more ways to Whitelist NBAR. It's a real pain to have to create group policies for devices and lose our 2 way MX firewall rules. As a school, we can't realistically turn off Peer to Peer and NBAR blocks too many false positives.
you are lucky to have whitelist, i have no access to "content filtering " !!! not in the enterprise licence
i just went to 16.16 on several networks in an organization and am seeing it misclassify internal and external DNS traffic, and internal Avaya IP Office to IP Office traffic as well. And for good measure, some internet based line of business applications for a health care facility.
Would be great to be able to more knobs related to NBAR. My choices today seem to be able to remove l7 rules for all social media to make dns work. I must be missing some docs
My ticket is 07775843
Same things here.
Blocked DNS requests as "XBOX Live" 😞
Disabled NBAR in Traffic analysis but i would like to maintain it to "detailed" and "all gaming" L7 rules!