Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Most affected operating systems Meraki Network OS

Solved
DHAnderson
Head in the Cloud
‎May 23 2018 2:53 PM
‎May 23 2018 2:53 PM

Most affected operating systems Meraki Network OS

I have several clients with MX64 firewalls and MR33 access points.  In all but one of my clients, the Security Center can identify the end user devices that trigger Snort rules.  But at one of my clients, only the MR33 is showing up as triggering the rules.  Currently, the Security Center indicates that the MR33 has 245 events.

 

I am assuming that this is because the end user devices actually triggering the rules cannot be resolved, so the Security Center is pinning all the issues on the access point.  If this is true, how do I go about resolving the end user devices.

 

If the MR33 is the device causing all the problems do I have a problematic access point?

 

Any insights anyone can give me would be appreciated.

 

Thanks,

 

Dave Anderson

Dave Anderson
0 Kudos
Subscribe
1 Accepted Solution
In response to DHAnderson
Rudi
Getting noticed
‎May 23 2018 3:35 PM
‎May 23 2018 3:35 PM

Since the Meraki is in NAT mode - it knows which devices it is performing the NAT on, but the firewall on the other side only sees the traffic from the Meraki that has already received the translations. 

View solution in original post

Subscribe
3 Replies 3
BrandonS
Kind of a big deal
‎May 23 2018 2:56 PM
‎May 23 2018 2:56 PM

It sounds like the SSID at that site is in NAT mode and would explain what you are seeing.  The other sites are probably bridged to the local LAN.  It's easy enough to change, but there might be a reason is it that way.

- Ex community all-star (⌐⊙_⊙)
Subscribe
In response to BrandonS
DHAnderson
Head in the Cloud
‎May 23 2018 3:29 PM
‎May 23 2018 3:29 PM

That is correct.  The client with this issue is a coffee shop where there are many users on the Meraki Guest network.  The other clients of mine are standard businesses that have most users on the SSID that is bridged, and few users on the guest network.

 

But If the Guest end users show up on the Network Wide Client list, why can't the firewall resolve the end user devices?

Dave Anderson
0 Kudos
Subscribe
In response to DHAnderson
Rudi
Getting noticed
‎May 23 2018 3:35 PM
‎May 23 2018 3:35 PM

Since the Meraki is in NAT mode - it knows which devices it is performing the NAT on, but the firewall on the other side only sees the traffic from the Meraki that has already received the translations. 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.