Community Record
18
Posts
12
Kudos
1
Solution
Badges
May 20 2022
11:00 AM
Totally agree. I'm so disappointed in their current design in L7/NBAR Firewall. Just a side note, I have had some success using FQDN's in Layer 3 to bypass country blocks.
... View more
May 20 2022
10:22 AM
2 Kudos
I guess I'll pile on the list here. Awesome NBAR is blocking Google Chrome Sync on TCP 5228. Thinks it's Google Hangouts/Streaming Video Category on Layer 7. NBAR 1087. Also blocking OpenDNS under NBAR ID 1087. UDP 53 and thinks it's Google Hangouts too. There's another thread on this. Who designed this garbage?
... View more
May 12 2022
5:03 PM
Sorry to hear that! I really wish Meraki would fix their L7/NBAR and add a stinkin' allow list. It's laughably inaccurate with the categories for just about any of them.
... View more
Mar 28 2022
9:04 AM
2 Kudos
I would say that's disappointing if that's their plan to resolve this. As many have said, there should be an allow option for L7 rules and/or an allow option for NBAR categories in the dashboard.
... View more
Feb 7 2022
3:42 PM
5 Kudos
We are also suffering from false positive blocks. I can't believe Meraki doesn't allow any kind of whitelisting on NBAR because it's not super accurate. +1 on the feature request.
... View more
Jan 24 2022
11:20 AM
Nice. Sounds like we've narrowed the problem. Do you use an internal DNS or any kind of DNS filtering service? I would start investigating there to see why(and where) it's resolving.
... View more
Jan 21 2022
2:18 PM
1 Kudo
Next I would try doing NSLOOKUP and see what IP address that site is resolving to from your DNS. It's resolving to 50.116.60.143 and working properly with https for me. You can also play with this from the Meraki dashboard, under appliance status and, clicking on the Tools button and using DNS Lookup. After that, you may want to check your firewall flows and do some packet captures to see if traffic is going to the correct IP. You need to export to a syslog server to see flows on an MX. Good luck!
... View more
Jan 20 2022
6:46 PM
1 Kudo
I would start by checking the Event Log on the MX Dashboard to see if it's blocking the website. You can also enter that domain/website under the content filter to see if it'll be blocked.
... View more
Nov 18 2021
11:59 AM
Thanks! Adding the IP to the content filter whitelist solved the issue.
... View more
Nov 17 2021
4:12 PM
Hi, We are on the latest Stable RC 16 for our MX100 and finding that's it's blocking a lot of things that it shouldn't. Is there anyway to make exceptions for certain websites or IP Addresses? For example, we can't access our Camera DVR system because it says it's using Statistical Peer to Peer. As we are a school, we can't unblock Peer to Peer everywhere, but need a simple exception for this device. Thanks for any help!
... View more
Feb 12 2020
5:57 PM
Sorry I didn’t make that more clear. I mean block ALL websites that don’t return a category.
... View more
May 10 2019
12:21 PM
1 Kudo
Hi, We are seeing AMP blocking websites and not logging as well. We are on 14.39. Nothing in Dashboard Event logs or syslogs. An example website is espressif.com
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 5785 | Jan 21 2022 2:18 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 5 | 35464 | |
| 2 | 33059 | |
| 2 | 34979 | |
| 1 | 5785 | |
| 1 | 5800 |
