- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NBAR fail - we need to be able to add categories!
We have been upgrading our MXs to the 16.x release train to take advantage of the newer classification achieved using NBAR, however in our experience it seems worse as now ~90% of our traffic is classed as unknown. At least before it would come up as Non-web TCP - [remote hostname] and be divided by the remote hostnames:
Here we can see two internal clients talking to one external host, however now, as seem below, this traffic and a load more is all lumped together...
Here we can see that almost all traffic is now unknown, you can see when we upgraded...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, that sucks.
Does it make any difference if you change to "Security Appliance" clients?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd like to try that @PhilipDAth, but it is an MX only network... However the Meraki support team are looking into it so hopefully it will improve soon 🤞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
+1 on custom categories. I find MX is lacking behind the competition in this space. Content filtering on MX in general isn't very good IMO.
We recently reivewed and rpelaced our firewall, and MX was one of the firewalls we reviewed but it lacks a decent content filtering system and reporting for use in education I found.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What did you choose instead?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, since the last update we now have over 95% of traffic marked as unknown, progress of sorts!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@cmr : Well i saw similar issue for NBAR recognize apps in our Viptela SDWAN device. i think this is something NBAR database sync, Later it was resolved.
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com