Firewall Rules

StOPS
Here to help

Firewall Rules

We are using a Free AP.  It's a School but we don't have technical support.  The AP cannot see the Internet  Anyone help with writing firewall rules. firewall.jpg

11 REPLIES 11
MRCUR
Kind of a big deal

You can access the required firewall info in Dashboard under Help - Firewall Info. The free AP from a webinar includes a license which includes support. You can create a support case in Dashboard or by calling - go to Help - Get Help for the phone numbers & your passcode. 

MRCUR | CMNO #12

Thanks MRCUR.  I have the info but not being Techie I'm unwilling to implement.  Tried Support but since the Firewall is third party they will not get involved.

 

 

Is the AP plugged into a port where it can successfully grab a DHCP IP address automatically?  If you plug a laptop into the same switchport where you would plug in the AP, and run an ipconfig command, you're getting an IP address?  Or do you need to configure a static IP address on the AP?  You can also associated to any SSID on the AP and point a browser to ap.meraki.com to get to the local status page on the AP and maybe get an idea if it's trying to connect to the cloud.  More info here https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_M...

 

Does your firewall allow outbound traffic in general?  If so, Meraki equipment is pretty much plug and play, and all connections for Meraki cloud communications will be initiated outbound from the AP.  It's generally only when you're on a LAN behind a very restrictive firewall or proxy environment that you may need to go to Help > Firewall Rules as @MRCUR mentioned.  If that's the case, and your firewall is even blocking outbound connections, you would have to put in outbound firewall rules, for example UDP/7351 for Dashboard communications, TCP/7734 for firmware and configuration downloads, etc.  Or if you're behind a web proxy, using the local status page I mentioned above, there is a configuration option to input proxy credentials, so the AP could make a backup cloud connection via a proxy.

 

You could circle back with Support (just respond to the most recent email, even if the case was closed) and ask for assistance with some of this local status/config troubleshooting.  Also, if it's definitely firewall related, maybe if it's possible as a temporary test, whitelist the AP's IP address with an allow any/any/any rule just to make sure the AP fully comes online in Dashboard, just to prove it out, and then you would know it's just a matter of firewall rule updates.

Hi

 

If you are at a school with a network and no network tech support, have you considered asking around to see if there is a parent who can help?

People in this community tend towards the dark techie side, they have forgotten that non-darkside normal folk don't always know what the techies are on about. So we unwittingly make assumptions about what non-tech people are familiar with.

 

Is that a Kerio firewall?

 

Progress would be more certain, if you could find somebody to assist who talks tech.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Well I don't talk tech but I understand it - just like I don't speak Spanish but I understand what they are saying if they take it easy.

 

It's a Kerio Firewall - early vintage.

 

 

Uberseehandel
Kind of a big deal

@StOPS

 

We need to know a little bit more about your network and how you want the Wireless Access Point (WAP) to fit in and operate.

So, for starters -

  • How is the network connected to the service provided by the Internet Service Provider?
  • Apart from the Kerio firewall, what other equipment is connected to the local network?
  • Do you have an existing operational WiFI network, if so, what channels and how many SSIDs are used?
  • Have you been able to set up an account at Meraki?

 

Once we know more about these points, we can start offering some practical advice ;-[]

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MRCUR
Kind of a big deal

@Uberseehandel I think the first issue is that the AP can't connect to Dashboard... 

MRCUR | CMNO #12
Uberseehandel
Kind of a big deal


@MRCUR wrote:

@Uberseehandel I think the first issue is that the AP can't connect to Dashboard... 


Whilst we could just point @StOPS at Firewall Rules for Cloud Connectivity I'm taking a belt and braces approach and anticipating one or two questions that have not yet been asked . . .  ;-[]

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Apologies.  I am away from school at moment and will revert asap when I have tried the suggestions.

 

Thank you so much for your help

I think I have AP up and running. Class arriving in the morning will test it very quickly. Thanks to @Uberseehandel, @MerakiDave, @MRCUR for all the help here. I liked what @Uberseehandel said "People in this community have forgotten that normal folk don't always know what the techies are on about" but sometimes the community folk know how to encourage the ordinary folk to keep trying.

The unfortunate part for us is that we are 1/2 way through a new build and have gone out to tender for the provision of WiFi throughout the school. Through reseller advice we pursued the Free AP but when the chips were down reseller wasn't able to assist in getting us up and running.

Thanks again.

Sounds good, hope all is well.  If you are connected to any SSID on the Meraki access point, you can of course open a browser and try hitting some web sites and/or run some of the typical applications the users will need... But you can also open a browser and go to ap.meraki.com which will be intercepted by the access point and show you a local status page.  There you can confirm that the AP has a valid working Internet connection to the Meraki cloud, and you'll also be able to see your signal strength, run a speed test, see your network information and what channel you're on, etc.  Let us know if you have more questions.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels