Meraki

Community

NBAR fail - we need to be able to add categories!

cmr
Kind of a big deal
Kind of a big deal
‎Sep 9 2021 6:39 AM
‎Sep 9 2021 6:39 AM

NBAR fail - we need to be able to add categories!

We have been upgrading our MXs to the 16.x release train to take advantage of the newer classification achieved using NBAR, however in our experience it seems worse as now ~90% of our traffic is classed as unknown.  At least before it would come up as Non-web TCP - [remote hostname] and be divided by the remote hostnames:

cmr_0-1631194328095.png

Here we can see two internal clients talking to one external host, however now, as seem below, this traffic and a load more is all lumped together...

cmr_1-1631194482907.png

 

Here we can see that almost all traffic is now unknown, you can see when we upgraded...

cmr_2-1631194697921.png

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 9 2021 2:28 PM
‎Sep 9 2021 2:28 PM

Well, that sucks.

 

Does it make any difference if you change to "Security Appliance" clients?

0 Kudos
In response to PhilipDAth
cmr
Kind of a big deal
Kind of a big deal
‎Sep 9 2021 2:32 PM
‎Sep 9 2021 2:32 PM

I'd like to try that @PhilipDAth, but it is an MX only network...  However the Meraki support team are looking into it so hopefully it will improve soon 🤞

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Sep 9 2021 4:36 PM
‎Sep 9 2021 4:36 PM

+1 on custom categories. I find MX is lacking behind the competition in this space. Content filtering on MX in general isn't very good IMO. 

 

We recently reivewed and rpelaced our firewall, and MX was one of the firewalls we reviewed but it lacks a decent content filtering system and reporting for use in education I found. 

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to BlakeRichardson
ChesterX
Here to help
‎Sep 12 2021 5:27 AM
‎Sep 12 2021 5:27 AM

What did you choose instead?

0 Kudos
In response to ChesterX
cmr
Kind of a big deal
Kind of a big deal
‎Sep 30 2021 3:29 PM
‎Sep 30 2021 3:29 PM

Well, since the last update we now have over 95% of traffic marked as unknown, progress of sorts!

 

cmr_0-1633040968940.png

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Inderdeep
Kind of a big deal
Kind of a big deal
‎Sep 10 2021 11:05 AM
‎Sep 10 2021 11:05 AM

@cmr : Well i saw similar issue for NBAR recognize apps in our Viptela SDWAN device. i think this is something NBAR database sync, Later it was resolved. 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.