New MX85 reporting NBAR Blocked on Statistical Peer to Peer

Steve-Potter
Getting noticed

New MX85 reporting NBAR Blocked on Statistical Peer to Peer

We use Altaro VM backup on our network and actively use Altaro Offsite server. This uses TCP ports 35100 and higher.

This has become very unreliable of later and replication now fails.

I did notice these events and wonder if it is connected;

 

Destination Port 35116

Protocol TCP

NBAR ID1889

Classification Statistical Peer-To-Peer

Layer 7 firewall rule Deny

 

seems I might have to remove this rule from my MX

 

Steve

 

2 Replies 2
Adam2104
Building a reputation

Make sure you are running MX 16.13 on your MX85, there are performance issues in older versions.

Steve-Potter
Getting noticed

Tnx

I have scheduled an upgrade

 

To anyone who uses Altaro, and especially Offsite Backup, do NOT add Peer to Peer in your Layer 7 rules (on the MX) as NBAR blocks most packets on TCP ports 35100 and up which will affect both offsite backups and especially Replication.

I have removed this rule and now my replica's are replicating. 🙂

 

Steve

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels