Most affected operating systems Meraki Network OS

SOLVED
DHAnderson
A model citizen

Most affected operating systems Meraki Network OS

I have several clients with MX64 firewalls and MR33 access points.  In all but one of my clients, the Security Center can identify the end user devices that trigger Snort rules.  But at one of my clients, only the MR33 is showing up as triggering the rules.  Currently, the Security Center indicates that the MR33 has 245 events.

 

I am assuming that this is because the end user devices actually triggering the rules cannot be resolved, so the Security Center is pinning all the issues on the access point.  If this is true, how do I go about resolving the end user devices.

 

If the MR33 is the device causing all the problems do I have a problematic access point?

 

Any insights anyone can give me would be appreciated.

 

Thanks,

 

Dave Anderson

1 ACCEPTED SOLUTION

Accepted Solutions
Rudi
Getting noticed

Re: Most affected operating systems Meraki Network OS

Since the Meraki is in NAT mode - it knows which devices it is performing the NAT on, but the firewall on the other side only sees the traffic from the Meraki that has already received the translations. 

View solution in original post

3 REPLIES 3
BrandonS
Kind of a big deal

Re: Most affected operating systems Meraki Network OS

It sounds like the SSID at that site is in NAT mode and would explain what you are seeing.  The other sites are probably bridged to the local LAN.  It's easy enough to change, but there might be a reason is it that way.

DHAnderson
A model citizen

Re: Most affected operating systems Meraki Network OS

That is correct.  The client with this issue is a coffee shop where there are many users on the Meraki Guest network.  The other clients of mine are standard businesses that have most users on the SSID that is bridged, and few users on the guest network.

 

But If the Guest end users show up on the Network Wide Client list, why can't the firewall resolve the end user devices?

Rudi
Getting noticed

Re: Most affected operating systems Meraki Network OS

Since the Meraki is in NAT mode - it knows which devices it is performing the NAT on, but the firewall on the other side only sees the traffic from the Meraki that has already received the translations. 

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.