Wireless firewall events

SOLVED
Nolan
Getting noticed

Wireless firewall events

I apologize in advance if this has been asked on another posted. I searched for a while but didn't see anything.

 

Is there a event log that would create events if a firewall rule setup for an SSID was blocking some traffic?

 

I recently had a scenario where my boss setup some firewall rules when he first created the SSID then was having an issue with some traffic not working. I removed the firewall rules and it resolved the traffic issue but I could not find a log of this traffic being blocked.

1 ACCEPTED SOLUTION
MilesMeraki
Head in the Cloud

You won't be able to get this information from the Event log. The only thing that springs to mind which would allow you to obtain this information would be by setting up syslog and syslog events to report on the deny rules for the MR's.

 

Have a read of this document for more information - https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

5 REPLIES 5
Dylan_YYC
Getting noticed

have you tried looking for that client in the event log itself? Under Network-wide  -> event log you can change it between your switch and AP's then filter for that client. 

Yes. I should have said that sorry. I went to the network-wide event log and selected "for access points". I see events for 802.11 association/disassociation and WPA authentication/deauthentication but that's just about it. I tired looking in filter options under event type to filter out any firewall/security type events but didn't see anything that stood out as the right option in there.

I just had a look though mine as well. i think that option is not there! Kinda leaves you in the dark. Maybe try doing a packet capture to see where they are going and what might be blocked? 

MilesMeraki
Head in the Cloud

You won't be able to get this information from the Event log. The only thing that springs to mind which would allow you to obtain this information would be by setting up syslog and syslog events to report on the deny rules for the MR's.

 

Have a read of this document for more information - https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

Thanks for the info! At least I know I'm not just missing a section of the logs or something of that nature. 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels