Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About lpopejoy
lpopejoy
A model citizen
Member since Sep 1, 2017
Thursday
Community Record
190
Posts
86
Kudos
2
Solutions
Badges
Apr 26 2021
12:25 PM
1 Kudo
Yeah, I hope we get a good explanation. It creates a LOT of questions for me. (How do I know this hasn't happened somewhere else). This could be a disaster. Firewall rules are not items that should "just disappear".
... View more
Apr 26 2021
12:03 PM
Yes, Layer 7 FW rule was edited, and a bunch of switch ports. I opened a support ticket - he looked through everything for about an hour, but said he would have to "escalate to development". That feels like a black hole, but we'll see.
... View more
Apr 26 2021
8:21 AM
I have a network that lost all of its firewall rules sometime in the past 6 months. Not a good situation at all as this is in healthcare... The last entry in the change log regarding "firewall rules" was me - ADDING rules. Nothing since. I'm holding for support now, but wanted to reach out to see if anyone has seen anything like this. MX84 running 14.53.
... View more
Apr 12 2021
5:48 AM
@PhilipDAth, I like your idea of applying a default policy for the VLAN and then over riding it on a per client basis. The only potential issue I see is that if a device is offline for 30 days for some reason, I think the over ride policy will need to be reapplied, but that should be really rare. Great suggestion, thank you! 🙂
... View more
Apr 8 2021
1:29 PM
1 Kudo
It only monitors the clients you specify. What if we want to know if a previously *unknown* client connects? That's what I'm looking for. It is SOO close...
... View more
Apr 8 2021
12:57 PM
I understand that "previously unseen" may mean "previously unseen in the last 30 days", but at any rate... does anyone know of a magical way to achieve this? I'm working on security assessment, and that is one of the objectives...
... View more
Mar 16 2021
11:58 AM
1 Kudo
"Meraki-branded Depends" ...You know, they are big on swag... 😂
... View more
Feb 22 2021
5:36 AM
I've seen this when Outlook had a corrupt OST. Rebuilding the OST resolved the issue as I remember it.
... View more
Jan 27 2021
7:57 AM
2 Kudos
Just found this thread... https://community.meraki.com/t5/Security-SD-WAN/MX-Feature-Request-Separate-Firewall-SD-WAN-Rules-for-WAN1-and/m-p/83064 It looks like there is a backend hack that can be enabled by support to make cellular rules apply to wan2 traffic. I sure wish there was a list somewhere of all these backend features that support can enable for you. Better yet, just let me be in control and enable myself!
... View more
Jan 27 2021
7:50 AM
Does anyone know if there is a way to manage outbound firewall rules on a per uplink basis? I want to block some traffic from using Wan2 (in this case Wan2 is a 4g connection with limited bandwidth).
... View more
Jan 7 2021
9:50 AM
Does anyone know if this is possible without Apple School Manager? I want to use the shared iPad experience for a healthcare use case.
... View more
Nov 22 2020
5:49 PM
1 Kudo
Blank for me as well. I tried updating to 15.x firmware (and checked a site that already had it), but nothing appears to populate it, sadly.
... View more
Nov 22 2020
4:14 AM
I put a switch with a mirror port between ISP router and MX. If you capture on the MX, you won’t see the problem, because the MX can’t capture and “send to the cloud” because there is not sufficient bandwidth. Connect a pc with wire shark to the mirror port. Set Wireshark to capture and log to file. I set it to log to file in 60 sec increment, this way it wouldn’t crash. It is really easy to then go back and correlate a few files with your packet loss. Open in wire shark and go to conversations and you will likely see UDP traffic from DNS servers all over the world. (Likely not a single massive offender). to be clear, you won’t see a spike in bandwidth during this time on the MX. You won’t see any anomalies internally either. The traffic never makes it into the LAN.
... View more
Nov 21 2020
5:48 AM
1 Kudo
I dealt with similar issues at a school... turns out students were Ddos’ing the network with an external “ddos for hire” service. we had law enforcement come in and give a speech about the repercussions. ...the problem went away. I will say, the only way we were able to isolate the issue was by putting a device on the outside of the network to take packet captures on the wire of the Internet before it hit the MX. There was no way the MX could keep up with the volume of inbound traffic, even though it was all getting dropped on the wan interface. after analyzing the captures in wire shark, we were getting multiple gigabytes of traffic in a few minutes of time. It was a DNS reflection attack. This is almost certainly what you are dealing with.
... View more
Aug 28 2020
12:08 PM
Yeah, I was afraid of this. It is such a royal pain to put in *another* firewall because of this simple limitation. It seems like a no brainer to apply firewall policies to site to site VPN. Why wouldn't this be part of the solution out of the box?
... View more
Aug 27 2020
11:10 AM
Does anyone have any suggestions on a creative way to block inbound site-to-site VPN traffic? We have a software vendor that requires a site to site VPN, but I don't want to give wide open access to the entire subnet. I would prefer to only allow traffic FROM us TO them and only on port 1433.
... View more
Jul 22 2020
9:36 AM
Separate voip line is kind of a cop out isn't it? Isn't that why we have traffic shaping for? ...or am I just fanaticizing? I have done a cap of 10Mbit/client, but that still doesn't fix 3 clients from doing something at the same time. ALSO, I just found out the real issue is that they are dropping calls, NOT audio issues. I'm thinking this changes the picture a bit and the issue may not be QoS at all.
... View more
Jul 22 2020
7:07 AM
Yes, appears DSCP tagging is working (packet captured on Internet interface):
... View more
Jul 22 2020
6:31 AM
Voip problems are call quality, no issues with call setups, AFAIK. Wan1 shaper is set to 25/25. No, I have not done a packet capture, but I will do that right now.
... View more
Jul 22 2020
5:55 AM
We have a site with a 25/25 fiber connection that experiences periods of high saturation. The site is also leveraging a hosted phone system. I'm curious what this community would advise in terms of traffic shaping. Here are the facts: We have the default rules enabled We do have the phones in their own VLAN. the hosted system is using the standard SIP protocol, so nothing funky there. Uplink stats show packet loss during high utilization (as is expected) During high utilization the site has voice problems. What can/should I do to fix this? I've thought about artificially limiting the "non-phone" network to 20x20 this way the phones would always have 5mbps. However, last time I tested, there wasn't a way to limit the aggregate throughput on a network - only on a "per client" level.
... View more
May 27 2020
5:38 AM
1 Kudo
@Kieshan The short answer is that you don't, and it is insanely frustrating as a huge missing piece in the Meraki MX feature set. Meraki does a lot of things well, but live view of wan traffic utilization on a per host basis is NOT one of them. Under Appliance Status->Uplink you can see an aggregate view, but even that loses effectiveness if you have a dual wan connection - because then you lose separate graphs for upload/download. I would LOVE to have an "iftop" view or something similar for WAN traffic on the MX. I've suggested it 1000x via "make a wish" but nothing ever happens. I have used the API to get a smaller (5 min) data slice of traffic history which helps, but it still doesn't do what we both want it to. (plus you have to use the API).
... View more
Apr 23 2020
8:18 AM
Nice, you inspired me to revisit that option, and I found the issue! 🙂 In my case, I had an org that was disabled because they had closed the business, and that was causing an error and causing the JOIN node to not work correctly!
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 3175 | Jun 7 2021 7:11 AM | |
| 20703 | Jun 30 2018 9:00 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 9 | 19862 | |
| 8 | 4425 | |
| 4 | 5654 | |
| 3 | 1936 | |
| 3 | 2471 |
© 2024 Cisco Systems, Inc.
