Meraki

Community

Traffic being blocked, no events to research...

UBI_Jonathan
New here
‎Apr 19 2024 10:24 AM
‎Apr 19 2024 10:24 AM

Traffic being blocked, no events to research...

Hi all, 

I have a MX84 and it has recently started blocking traffic to a few specific URL's. I know this because if I whitelist a client, they can get to the site without issue. After, if I de-whitelist (make "normal") the client, they can continue to access the site. To me, this is indicative of the certificate being blocked, not the site itself. I had a similar issue a few years ago where a client cert was being blocked, and as soon as I would whitelist the client, it would become active again, then de-whitelisting the client allowed the client to continue to connect securely. Eventually, I traced the issue down to the layer 7 firewall rule I have to not allow traffic to anything but the US (we are a very small community-based company). Adding the country where the CA cert was based out of fixed the issue. 

The thing is if I go to Network Wide > Event Log > Filter by the client, there's no events saying anything is being blocked.

Does anyone know how I can accurately troubleshoot this issue and see why this traffic is being blocked?

Labels:
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 19 2024 10:27 AM
‎Apr 19 2024 10:27 AM

Did you do the URL test to see the category the sites are being placed in?

You can request a change of category.

What firmware are you running?

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
UBI_Jonathan
New here
‎Apr 19 2024 11:12 AM
‎Apr 19 2024 11:12 AM

It's on 18.107.2

Yeah, it passed the URL test.

To further test this, I pulled the country rule out of the layer 7 firewall, and the issue resolved, but I don't want to leave that removed. I wish the firewall would log the event so I knew what country it was matching to. 

In response to UBI_Jonathan
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 19 2024 11:20 AM
‎Apr 19 2024 11:20 AM

I suggest you make a feature request.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
UBI_Jonathan
New here
‎Apr 19 2024 11:23 AM
‎Apr 19 2024 11:23 AM

While I appreciate the comment, I'm sure that'll get tons of traction and help my immediate situation. Why denied traffic wouldn't get captured to begin with.

 

Meraki: I'm gonna block this traffic!

Me: OK. Why?

Meraki: ¯\_(ツ)_/¯

0 Kudos
jOMeraki2
Getting noticed
‎Apr 20 2024 4:30 AM
‎Apr 20 2024 4:30 AM

I prefer utilizing Google Chrome to troubleshoot content filter issues. By using this browser, you can easily view all requested URLs and identify any that are being blocked. Recently, I encountered a problem with a website where the styling was not working properly. After inspecting the site using Chrome Developer Tools, I discovered that the site was requesting Bootstrap files from an external source, which were being blocked. I resolved this issue by adding the URL to the allowed list, and now the website is functioning correctly.

jOMeraki2_0-1713612342562.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.