Meraki

Community

New 443 traffic from Z3C

aweise17
Here to help
‎Apr 24 2023 12:09 PM
‎Apr 24 2023 12:09 PM

New 443 traffic from Z3C

Just today, I saw our Z3C Teleworker gateway trying to hit 208.67.220.220 on TCP 443, which is being blocked by our firewall. Our firewall (Palo Alto) identified the application as "dnscrypt". A screen shot is attached.

 

Is this traffic a new requirement for the Z3C?

 

 

aweise17_0-1682363385628.png

 

0 Kudos
7 Replies 7
cmr
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 12:17 PM
‎Apr 24 2023 12:17 PM

That is Cisco's DNS, do you have umbrella?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
alemabrahao
Kind of a big deal
‎Apr 24 2023 12:20 PM
‎Apr 24 2023 12:20 PM

Take a look at this:

 

 

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
aweise17
Here to help
‎Apr 24 2023 12:29 PM
‎Apr 24 2023 12:29 PM

cmr, we're not using umbrella.

 

alemabrahao, I looked through that (we had that document before we set up the firewall rules), but I didn't see anything for that specific destination or the application.

0 Kudos
In response to aweise17
alemabrahao
Kind of a big deal
‎Apr 24 2023 12:34 PM
‎Apr 24 2023 12:34 PM

It's a OpenDNS IP, Z3 is trying to resolve some name using this DNS. Someone probably configured it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 12:36 PM
‎Apr 24 2023 12:36 PM

Have you recently upgraded to a new major version, MX16 to MX17 for instance?  What license mode is your org in?  What device is the .1 source?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
aweise17
Here to help
‎Apr 24 2023 12:39 PM
‎Apr 24 2023 12:39 PM

That was going to be my next comment....yes, I just upgraded it to MX18.107 from MX17.10.2

0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 4:26 PM
‎Apr 24 2023 4:26 PM

I have this nightmare also. MX450 hubs trying to reach unknown destinations on AWS and/or IPs that are owned by Cisco.  No one has a clue , and TAC can't tell me what it is since it's blocked. 

 

But... I'm running a way older version that what you have.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.