Meraki

Peter-DG

Hi,

Could somebody help me?

I have 2 WAN ports on my MX80 now after converting port 2 to WAN, and both have internet cables plugged in. WAN 1 is my primary uplink and it's unable to open google from it because google is blocked in the ISP side. Google is not blocked by ISP on WAN 2, so I added a flow preference to forward VLAN 20 to this port. My problem is, I can open Google, youtube. etc, now, but I can't ping them. If I connect my pc to the WAN 2's ISP router, I can open and ping google. So obviously there are something wrong with my MX settings but after checking my settings for few days, I still don't have any idea.

Please help

Thanks.

Shubh3738

You have to allow icmp services on L7 rules.

VivekT

Hi ,

How are you pingining google ? Can you pls share snapshot ? Are you trying to ping it from dashborad ?

If yes pls let us know the source ip

if you are pinging it from system connected behind MX , Can you do the nslookup for google.com?

Can you ping other destination Ip address/fqdn ?

Is there any rule in MX (Firewall rules) to block ICMP ?

Peter-DG

Hi @VivekT ,

I ping Google from my pc. when I nslookup google.com, I got:

Non-authoritative answer:
Name: www.google.com
Addresses: 2404:6800:4004:80a::2004
172.217.161.36

I can ping other destination IP addresses, like office.com, but google, youtube I cannot. I changed my DHCP DNS to WAN 2 gateway ip address, and In wireshark i can see the DNS request was sent to it when I nslookup google.com, and I can see the ICMP was trying with the IP address from the DNS request, but failed.

Peter-DG

OK I called MEraki support and their engineer told me all icmp request are directing to primary uplink, so even I added the flow preferece to forward vlan 20 traffics to WAN 2, the icmp packages are sent to WAN 1 since WAN1 is my primary uplink. that's why I can't ping google but I can open google.

Meraki

Community

Why I can't ping to Google

Why I can't ping to Google