Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About TimP
TimP
New here
Member since Apr 28, 2024
Apr 28 2024
Community Record
6
Posts
0
Kudos
0
Solutions
Badges
Apr 28 2024
7:17 PM
Thanks, I'll give it a go. I've got a restricted, and an unrestricted capture available. Thank you for the clear steps - I found some articles but that was only for HTTP traffic, not HTTPs
... View more
Apr 28 2024
7:10 PM
OK So you are nudging me in the sections I found and pretty sure I won't be able to achieve what I want: I think the key element you've confirmed here was the no-intra VLAN snooping etc - while I was in Umbrella checking the request logs I started diving into policies but I don't seem to be able to create a broad policy on an internal subnet (haven't read any guides on this yet, literally just found it). You've helped me confirm that it won't be available. I'm pretty sure I did find the above back in February when I was last looking at this ticket but it got deprioritised for a while. I'm going to mark the above as the solution and close this one off, thank you so very much for the speedy replies, you're worth the kudos you've been getting!
... View more
Apr 28 2024
6:31 PM
even if content filtering is disabled? I'll add my list in to the Allow list now to test
... View more
Apr 28 2024
6:26 PM
If I'm to understand this is for Content Filtering, not L3 rules? I've seen conflicting information around FQDNs in L3 rules. With content filtering, doesn't that apply to everything that passes the MX? I only want to limit the URLs to a specific subnet which is why I've been going down L3 rules
... View more
Apr 28 2024
6:24 PM
In prod, yeah but it was too noisy - I've been focusing on Umbrella and forgot about this - Wireshark isn't a strong point of mine anyway but I'll sus it out
... View more
Apr 28 2024
6:03 PM
Hey all, This has probably been asked before but my search hasn't given me what I need. I've got a network, and I'm going to simplify to the relevant parts but ask questions if needed: I have an MX84 and an MR33. DNS is routed via Umbrella. I have many VLANs/subnets that route via the MX, so I can't blanket this restriction with a L7 or Content filter (well, from my research anyway) I've got Android based Honeywell barcode readers that need to access specific URLs for Dynamics 365 mobile warehouse app: *.microsoft.com *.microsoftonline.com login.windows.net *.appcenter.ms *.ces.microsoftcloud.com *.onyx.azure.net play.google.com itunes.apple.com *.cdn-apple.com *.networking.apple login.microsoftonline.com login.microsoft.com sts.windows.net login.partner.microsoftonline.cn login.chinacloudapi.cn login.microsoftonline.us login-us.microsoftonline.com *.applicationinsights.azure.com *.applicationinsights.azure.us *.applicationinsights.azure.cn *.gstatic.com *.googleapis.com CLIENTPRODURL.operations.dynamics.com I've also allowed TCP/UDP 53 out for all for DNS I've done a few audits using Umbrella reporting - compared the URLs, thats why gstatic and googleapis is in my list. I've got a test lab set up where DHCP is the Meraki and DNS is the Meraki My reference article for these URLs is: Install the Warehouse Management mobile app - Supply Chain Management | Dynamics 365 | Microsoft Learn The problem is, despite this the app isn't working I guess there's a few points to my question 1) Has anyone successfully limited the D365 Warehouse Management Mobile app using L3 rules? 2) What's the proper formatting for wildcard rules using FQDN. Presently I have them as policy objects without wildcards (such as microsoft.com for anything microsoft.com related) 3) Any suggestion of Android based applications for troubleshooting network connectivity issues?
... View more
© 2024 Cisco Systems, Inc.
