Meraki

TimGeo · ‎Jan 18 2022

Our website, www.clinedesignassoc.com, shows up as "not secure" when visiting on our network. If I go to the website from my phone or if I take my laptop home and use my home WiFi it shows up with the correct certificates as secure. I'm wondering if our mx85 is doing something? Anyone have any suggestions? FYI this has been going on for awhile, I've even changed to a brand new laptop during so please don't suggest to clear the cache on the device.

HScar · ‎Jan 21 2022

Next I would try doing NSLOOKUP and see what IP address that site is resolving to from your DNS. It's resolving to

50.116.60.143 and working properly with https for me. You can also play with this from the Meraki dashboard, under appliance status and, clicking on the Tools button and using DNS Lookup.

After that, you may want to check your firewall flows and do some packet captures to see if traffic is going to the correct IP. You need to export to a syslog server to see flows on an MX. Good luck!

View solution in original post

CptnCrnch · ‎Jan 18 2022

Anything else regarding your setup? Currently we know that you're using MX85. Have your configured it to act as Web Proxy? Are your using Umbrella as Cloud Web proxy?

TimGeo · ‎Jan 18 2022

No to both of those. Let me know if any other info is helpful.

CptnCrnch · ‎Jan 18 2022

What's the certificate showing up when you're browsing internally and how does it look like when you're coming from "external" sources? Especially: what's the signing party for that cert?

BlakeRichardson · ‎Jan 18 2022

Internal DNS setup correctly?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

PhilipDAth · ‎Jan 19 2022

You only get "secure" if using https. Are you using https when browsing the website internally?

If you click on the "insecure" part next to the address, what reason has the browser given for reporting it as insecure?

HScar · ‎Jan 20 2022

I would start by checking the Event Log on the MX Dashboard to see if it's blocking the website. You can also enter that domain/website under the content filter to see if it'll be blocked.

TimGeo · ‎Jan 21 2022

I tried your suggestions and the website isn't getting blocked. The content filtering labeled it as safe.

HScar · ‎Jan 21 2022

Next I would try doing NSLOOKUP and see what IP address that site is resolving to from your DNS. It's resolving to

50.116.60.143 and working properly with https for me. You can also play with this from the Meraki dashboard, under appliance status and, clicking on the Tools button and using DNS Lookup.

After that, you may want to check your firewall flows and do some packet captures to see if traffic is going to the correct IP. You need to export to a syslog server to see flows on an MX. Good luck!

TimGeo · ‎Jan 24 2022

Good thinking on the NSLOOKUP. So on the same laptop it's getting the same IP as you when hotspot to my phone but a different one when on our network. I'm not sure how to correct this though. I'll do some research but let me know if you have any tips.

HScar · ‎Jan 24 2022

Nice. Sounds like we've narrowed the problem. Do you use an internal DNS or any kind of DNS filtering service? I would start investigating there to see why(and where) it's resolving.

TimGeo · ‎Jan 24 2022

We have a pretty basic setup, mostly just using Meraki for our networking setup. We don't have any kind of DNS filtering.

TimGeo · ‎Jan 24 2022

So after doing some digging it was just a DNS issue. Thanks for pointing me in the right way.

We had two old entries in our DNS server that didn’t get changed along with the external records when the website changed addresses

Meraki

Community

Website Not Secure Only within internal Network

Website Not Secure Only within internal Network