Unknown Firewall traffic

hfc_jzitnik
Conversationalist

Unknown Firewall traffic

Hello.  I was trying to diagnose potential connectivity problems with my Meraki Wireless Access Points.  I have rules set up on my firewall to allow my Meraki APs out to the Meraki cloud, and I see no denials.  However, I see a great deal of traffic originating from the Meraki cloud (209.206.52.240) over port udp 7351 being denied at my gateway.  It shouldn't be return traffic, since that is allowed.  Does anyone know what this is?  Traffic is below.

 

Source User
 
Source
209.206.52.240
Country
United States
Port
7351
Zone
outside
Interface
obscured

 

Destination User
 
Destination
My public interface address
Country
United States
Port
56815
Zone
outside
Interface
obscured
5 Replies 5
jdsilva
Kind of a big deal

UDP 7351 is the standard port used for cloud communication. 

hfc_jzitnik
Conversationalist

Thank you and I understand that.  Again, this isn't reply traffic.  This is traffic originating from the Meraki cloud that is being sent to my public gateway address.  I followed all the Meraki firewall rules, and all my outbound traffic to the Meraki cloud is being allowed.

jdsilva
Kind of a big deal

@hfc_jzitnik there shouldn't be any traffic initiated from the Meraki cloud, it should only be return traffic. Is there a possibility that your firewall is incorrectly identifying the return UDP traffic since UDP is connectionless?

 

If it really is not return traffic then I'd open a case with support to get their take on what's happening.

 

 

ww
Kind of a big deal
Kind of a big deal

did you add al rules specified on your dashboard "help》 firewall info"

kYutobi
Kind of a big deal

Capture.PNG

Enthusiast
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels