Meraki

Community

MS250 routing issue when connected to new firewalls

SACole
Conversationalist
18 hours ago
18 hours ago

MS250 routing issue when connected to new firewalls

I have a core stack of ms425 switches connected to a Palo Alto firewall via aggregate link. We are replacing the older firewalls with newer models but when the uplink is connected to the new devices the OSPF routing is not established, therefore, no traffic is getting out of the internal network. The configs between the old and new firewall are exactly the same. We have tried changing the uplink to a standard ethernet as well as rebooting the core stack when connected. 

 

Has anyone else run into this issue? Any advice or guidance is greatly appreciated. 

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
18 hours ago
18 hours ago

What firewall model are you replacing with? Have you checked the log messages?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
SACole
Conversationalist
18 hours ago
18 hours ago

Replacing the older hardware with 1420s. The logs do not indicate that there is any neighbor establishment. 

0 Kudos
In response to SACole
alemabrahao
Kind of a big deal
18 hours ago
18 hours ago

Would it be possible to share what the settings are like on both sides?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
18 hours ago
18 hours ago

Couple of things jump to mind working through the OSI:

 

- Layer 1 - you’ve got a solid physical connection at both ends?  Both sides are UP, UP

 

- Layer 2 - I did initially think ARP but you’ve rebooted the MS425 stack so that should have flushed the tables.

 

Is it just OSPF not working here?  Can you test with a static route from the core into the firewall?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
SACole
Conversationalist
18 hours ago
18 hours ago

Right now it seems to be OSPF. I am having my team set up a mock scenario in the lab to see if we can replicate the issue. 

PhilipDAth
Kind of a big deal
Kind of a big deal
13 hours ago
13 hours ago

Check the log on the Palo Alto.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.