Hey everyone,
So I've deployed my MR-74s and they are working great, other than the connectivity to the Meraki Cloud Dashboard. The Dashboard hasn't updated the new status of the APs for over an hour that they've been up and running now.
I have looked at my firewall, and it is blocking the port 7351 traffic (as intended!). However, the APs should resort to sending 80/443 traffic, which doesn't seem to be the case. Does anyone know if there is a way to force the APs to send their dashboard traffic via http/https?
According to https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Firewall_Rules_for_Cloud_Conne... I shouldn't be required to have firewall holes.
Thanks!
Solved! Go to solution.
Ended up opening a ticket with support.
Thank You for the reply.
If You refer to the documentation section which explains what happens in case if You might no be able to configure recommended firewall settings; this is for the backup cloud connection. Please note that backup cloud communication also requires specific IP addresses allowed on the outbound firewall rules.
Please verify information needed for outbound communication on the dashboard under Help > Firewall info.
Was the reply I got after a couple of back and forth e-mails. I'm not sure if the support member I got a hold of entirely understood my question. But we ended up creating some rules in the end on the firewall.
Thanks for everyone who offered up assistance.
Usually it's plug and play since almost every firewall rule is going to be outbound in nature, unless there's a restrictive firewall ruleset that even blocks outbound traffic. If outbound UDP/7351 to the Meraki data centers is blocked, that's the primary Meraki Cloud Communications mechanism, and with that blocked the devices (if they're up an running normally) should have fallen back to ports 80/443 to establish a backup cloud controller connection.
Was the AP previously up and running normally using the primary cloud connection and subsequently UDP/7351 was blocked? I'd consider rebooting the AP and allowing it to proceed through its normal connectivity and health checks to see if it is in fact using the backup cloud connection. Also run a packet capture on the wired side of the AP and look for traffic on UDP/7351 for example and see if it's matched by any return traffic, as opposed to seeing traffic on 80/443 between the AP and the destination IPs on your FW rules page.
If the weirdness continues, open a ticket with Meraki Support, they'll have some lower level visibility into the pass/fail state of specific firewall tests. Hope that helps!
Agreed let's open a ticket to confirm and they'll have deeper visibility and can confirm the timeout period. I believe the devices will always proceed through their "normal/preferred" method of establishing cloud connectivity. There's no way to alter that via Dashboard or the local status/config page, so I don't believe there's a way to force it to use 80/443 by default, that's always going to be considered the backup connection.
I think you should check the local status page on an affected access point and check what it is reporting.
It might be a different issue - like DNS not working properly - that just happens to have the same impact.
Ended up opening a ticket with support.
Thank You for the reply.
If You refer to the documentation section which explains what happens in case if You might no be able to configure recommended firewall settings; this is for the backup cloud connection. Please note that backup cloud communication also requires specific IP addresses allowed on the outbound firewall rules.
Please verify information needed for outbound communication on the dashboard under Help > Firewall info.
Was the reply I got after a couple of back and forth e-mails. I'm not sure if the support member I got a hold of entirely understood my question. But we ended up creating some rules in the end on the firewall.
Thanks for everyone who offered up assistance.