Recently purchased some new Meraki MR42s for our office. Since we have installed and configured them anyone who has a Yahoo account configured on their computer/phone does not receive email while on our wireless connection. The only rules we have in place is to block P2P on layer 7. Does anyone have any suggestion on what could be going on?
Yes checked both Layer 3 rules we have. Both are set to allow all traffic on this particular SSID so I didn't think it would block anything at all. I have not removed them so maybe I will try that just in case.
No I have not checked many logs either. As I am new to the Meraki's I figured it was some sort of setting. I will try to find these logs and go through them to see what I can find.
Perhaps this is Meraki doing your users a favor, every single Yahoo email account / user has been compromised. 🙂
In all seriousness, there may be something in your Firewall and Traffic Shaping rules if not I would look towards the logs.
We have a deployment for 20 or so MR42s covering about 800 users, I have not received a complaint regarding Yahoo mail and I assume there are users still using it on our campus.
I created a dummy Yahoo account and set this account up on my mac using Mail connected to Yahoo IMAP servers.
We are running MR42s with MS switching along with an MX security appliance. We are running all the latest stable firmware with the exception of the MX, its on MX 14.15.
Our WLAN clients are part of the network (bridge mode) and we do not use Meraki DHCP.
We are blocking L7 P2P, we have AMP turned on and we are also running IDS.
All in all, given all of the above I was not able to replicate the issue. Is there something upstream if the MRs that could be responsible?
If you removed the rules and it was still blocked is is unlikely to be the rules.
If the same user then connects their notebook with a wired cable it works?
Is the WiFi bridged to your local LAN, or using Meraki DHCP on the access point?
I guess this would solve it as of now. This would almost have to mean that it is something else on my end since you are able to get through. I'm going to double check some other stuff and will let you all know what I find out.
Thank you all for your help, it's really appreciated!
This is very simple, if your SSID use "Layer 3 roaming with a concentrator"
You need to create new rule in your MX to allow TCP traffic on WLAN ip's to Dst port 80,443,465,587,993.