New 443 traffic from Z3C

aweise17
Here to help

New 443 traffic from Z3C

Just today, I saw our Z3C Teleworker gateway trying to hit 208.67.220.220 on TCP 443, which is being blocked by our firewall. Our firewall (Palo Alto) identified the application as "dnscrypt". A screen shot is attached.

 

Is this traffic a new requirement for the Z3C?

 

 

aweise17_0-1682363385628.png

 

7 Replies 7
cmr
Kind of a big deal
Kind of a big deal

That is Cisco's DNS, do you have umbrella?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
alemabrahao
Kind of a big deal
Kind of a big deal

Take a look at this:

 

 

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
aweise17
Here to help

cmr, we're not using umbrella.

 

alemabrahao, I looked through that (we had that document before we set up the firewall rules), but I didn't see anything for that specific destination or the application.

alemabrahao
Kind of a big deal
Kind of a big deal

It's a OpenDNS IP, Z3 is trying to resolve some name using this DNS. Someone probably configured it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal

Have you recently upgraded to a new major version, MX16 to MX17 for instance?  What license mode is your org in?  What device is the .1 source?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
aweise17
Here to help

That was going to be my next comment....yes, I just upgraded it to MX18.107 from MX17.10.2

RaphaelL
Kind of a big deal
Kind of a big deal

I have this nightmare also. MX450 hubs trying to reach unknown destinations on AWS and/or IPs that are owned by Cisco.  No one has a clue , and TAC can't tell me what it is since it's blocked. 

 

But... I'm running a way older version that what you have.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels