Meraki

Community

Meraki MS250-48FP Switch need help

Solved
Shorrie97
Conversationalist
‎Dec 1 2020 5:00 AM
‎Dec 1 2020 5:00 AM

Meraki MS250-48FP Switch need help

Hello guys

 

Back store on my job we have two websites our users can't access, this started 2 weeks ago. We are using Palo Alto firewalls. I'm been working with PA tech support they have tried all kind things on the firewall. Me and manager have done some troubleshooting as well. With have a Meraki MS250-48FP switch, with only router traffic inside interface. PA support thinks the problem is with the switch but we don't buy that. We have two internet providers, AT&T main provider and Comcast backup. I plugged directly into the comcast router was able to reach both websites, my manager connected his laptop to a mifi and was able to reach both websites, which makes think it has to be the router.

 

But I joined the community to see if there is a way to allow the website through Meraki switch then to get to the outside interface and by push the firewall? No answer might be no but we are trying to troubleshoot and get any help we can.

0 Kudos
1 Accepted Solution
In response to PhilipDAth
Shorrie97
Conversationalist
‎Dec 1 2020 5:13 PM
‎Dec 1 2020 5:13 PM

Hello everyone,

 

Thank you for your help with this issue. We figured what was blocking those website. We have a device/service that monitors our network and does packet sniffing. Well it has a list that is called CountyKiller, it block urls from certain counties and Brazil is on the list and that's were the urls were coming from. So we got those website unblock. No one remembered that device is out there monitoring our network.

 

Thanks again for helping me out.

View solution in original post

6 Replies 6
Shorrie97
Conversationalist
‎Dec 1 2020 5:01 AM
‎Dec 1 2020 5:01 AM

Add-on to my first post. She read bypass the firewall.

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Dec 1 2020 5:18 AM
‎Dec 1 2020 5:18 AM

Bypassing the firewall is nearly always a bad idea, also while troubleshooting. I would start with Captures (Wireshark/tcpdump) of the web-sessions. One capture for a working attempt and one capture with a failed attempt. Then compare these two captures if you spot something different.

 

Another troubleshooting: Have you tried lowering the MTU/MSS and try if the websites work with that modification? If it works, the PMTU discaovery could be broken in your environment..

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Shorrie97
Conversationalist
‎Dec 1 2020 9:21 AM
‎Dec 1 2020 9:21 AM

Hi Karstenl,

 

Thanks for responding. We have run some many packet capture, several inside the firewall, several in our switch and wireshark of course on the local pc. The website are not accessible they never load, so we can't get a good capture of it working. But we did capture a working website that use ssl like those two non-working website and compare those.

 

I we will give the MTU/MSS lowering a shot and update the board.

0 Kudos
In response to Shorrie97
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2020 1:59 PM
‎Dec 1 2020 1:59 PM

Can you ping the web site?

0 Kudos
In response to PhilipDAth
Shorrie97
Conversationalist
‎Dec 1 2020 5:13 PM
‎Dec 1 2020 5:13 PM

Hello everyone,

 

Thank you for your help with this issue. We figured what was blocking those website. We have a device/service that monitors our network and does packet sniffing. Well it has a list that is called CountyKiller, it block urls from certain counties and Brazil is on the list and that's were the urls were coming from. So we got those website unblock. No one remembered that device is out there monitoring our network.

 

Thanks again for helping me out.

In response to Shorrie97
KarstenI
Kind of a big deal
Kind of a big deal
‎Dec 2 2020 12:09 AM
‎Dec 2 2020 12:09 AM

You should rethink of and reevaluate your complete network and your security-strategy. If no one is aware of this device, it was probably never updated and could also be a thread to the network. And if there is a device no one is aware of, it is not your network any more ...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.