Anyone else starting to see issues reaching google.com through an MX device? This is looking curiously like the incident(s) in 2017 when we had trouble reaching google.com through the firewalls. There is nothing in the logs that I can see. There have been no config changes. This surfaced yesterday in one of our offices using an MX64 device and has started, today, in another office using an MX 80.
The errors we're getting seem to be related to https but we can attach to other sites using https such as Amazon, Microsoft, and anything else we try....except for google.
Google.com has been whitelisted since the issue in 2017.
I recall the issue in 2017. But there's no reason to assume the same problem is happening.
What happens when you run a pcap while attempting to get to Google.com? What's the traffic show? I'd probably dump it into Wireshark to review, btw, since you'll need to look at both the LAN and Internet interfaces and that's a good bit of traffic.
I can tracert to google.com fine. When using any browser I get a variation (browser dependent) of https connection error.
i.e. from Firefox:
An error occurred during a connection to www.google.com. PR_CONNECT_RESET_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Tracert is an entirely different protocol from HTTPS. We're talking ICMP vs TCP.
What happens when you run a pcap on your Internet interface while attempting to go to Google? And on your LAN? That will show you what's happening with the TCP connection on 443.
Hahahaha, we tried that. Did not work. Curiously, two machines that exhibited this beahviour yesterday in the office with the MX64 can access google.com fine, today.
The machine identified with this issue in the office with the MX80 still has the issue. Looking to not be a firewall issue at all, I think but perhaps a DNS issue. Allowing DoH did not resolve the issue. Still digging and will try packet sniffing next.
when in doubt... reboot. We've had issues today with 3 different devices that rebooting them resolved.
As a matter of best practice, I wouldn't do this as an initial step. If you reboot, you lose the local logs on the device. Sometimes support needs to review those when you call in about a problem.
@Polymathink what happens if you try using 220.127.116.11 for the devices DNS does the problem go away?
Using 18.104.22.168 (google DNS) did not work, nor did using Umbrella DNS. Not all machines had the issue, either, so it (very likely) wasn't firewall related, after all. Odd that it was only google.com.
It seems a restart worked. Not a simple reboot, but a complete shutdown and fire the machine back up was what worked. When we simply restarted the machine, it still would not connect to Google.com
Last week I had an incident where Google DNS was briefly being Content Filtered under the category of Proxy Avoidance and Anonymizers. All the clients had no internet access when that happened. Meraki tech support said a third party controls the block list and basically said it wasn't their problem.
Got it, It helps more of we also check in detail https://community.meraki.com/t5/Security-SD-WAN/Trouble-Reaching-Google-com-Again-fifa/td-p/73309
Anyhow! Bundle of thanks