Communication Ports between AP and Cloud through Proxy server

CHGR
Comes here often

Communication Ports between AP and Cloud through Proxy server

Hello.

We have our own proxy server and APs and Cloud are communicating through it.

We only see 80 port is used for communication between AP and Cloud even we open 7351, 7734, 7752 on our firewall. (We monitored it on firewall. )

I think Port 80 is a backup route and we get alert as Meraki communication is using backup route.

Is this a proper way to communicate between AP and Cloud through proxy server?

 

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

You really should avoid running the Meraki device communication via a proxy server - but if you really must, then you you just need to configure it on the local status page on the device.

 

The Meraki devices only use the other ports when communicating directly with the cloud - not when going via a proxy server.

Phio
Conversationalist

I am on the same situation. Because i am new to Meraki and Fortigate(FG). I have NAT public IP of meraki cloud and open their ports on my Firewall. 

My Client connect to the internet well but i cannot pick from which policy of my FG,but when i access blocked site i can pick up which policy blocks the apps and the devices accessing the site. On my firewall logs i cant locate Addresses or sources address of my client going succesfully to the internet.

 

Meraki Support has written back saying they can see the AP checked into the portal but there is failure to communicate with the cloud. I believe them because though i get to internet, i cannot ping the AP, but ARP and DNS are said to be fine.

 

One more thing i have realised even in the FG, if i switch off the policy for meraki, i still access the net but my setup is that everything through should go through the proxy. My boss do not like bypassing this proxy, this proxy is my Firewall again.

 

So my problem are in two parts: The AP and The FG. What policy are they using to access the net, how do clients access the Internet if i cannot ping this AP?

CHGR
Comes here often

Hello. Thank you for your reply.

We must use proxy so we must keep using port 80 for communication between AP and Cloud.

Is there any restriction for this communication which is like AP's firmware upgrade can not be done or some other?

 

And, also isn't this communication safe at all because it is using port 80?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels