Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

UDP7351 giving way too many problem.

CDA
Comes here often
‎Jul 20 2023 12:53 PM
‎Jul 20 2023 12:53 PM

UDP7351 giving way too many problem.

Im using a private circuit and i have allowed 7351 UDP for MX84/100 but they seem to be failing to communicate.

I see the traffic going out once every hour ~ but nothing... the devices show unreachable and from time to time they would show reachable.

 

There are no apparent drops at all for UDP 7351. Is there any way to change this to only https like MX67 for example?

 

Have a case open already but was wondering what the community can add to this.

 

Thanks!

0 Kudos
Subscribe
6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎Jul 20 2023 1:31 PM
‎Jul 20 2023 1:31 PM

You allowed any traffic from the wan IP to internet, or at least all traffic mentioned at help>firewall info

https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 20 2023 1:54 PM
‎Jul 20 2023 1:54 PM

Go to the top right-hand corner and then down to "Firewall info" to get the complete list of firewall rules.  You need far more than just udp/7351.

 

PhilipDAth_0-1689886444566.png

 

0 Kudos
Subscribe
In response to PhilipDAth
CDA
Comes here often
‎Jul 21 2023 5:33 AM
‎Jul 21 2023 5:33 AM

Yup. All this was already done. The unit was working and it stopped reporting. Additionally we have incoming traffic from meraki replying the upd 7351 which is confusing.

We have other appliances including mx67 that works without issues.

0 Kudos
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jul 20 2023 6:55 PM
‎Jul 20 2023 6:55 PM

Pretty sure that MX84 and MX100 do support NextTunnel : 

 

  • While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances.

 

You should probably open a case to investigate that

0 Kudos
Subscribe
In response to RaphaelL
CDA
Comes here often
‎Jul 21 2023 5:35 AM
‎Jul 21 2023 5:35 AM

Correct. We have allowed all that traffic. We can see the matches on our firewall hitting the public ip going out with 7351. Its a bit odd. Plus like i stated to another reply earlier, for some reason meraki is replying in udp that 7351. I wonder if that is clogging in some way the service.

0 Kudos
Subscribe
In response to RaphaelL
AlexP
Meraki Employee
Meraki Employee
‎Jul 25 2023 11:13 AM
‎Jul 25 2023 11:13 AM

This is not true unfortunately - MX64s, 65s, 84s, 100s, 400s and 600s do not support the use of TLS for management traffic, and there's no way for support to override this (due to reasons I'm not at liberty to disclose)

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.