Meraki

Community

About GregGriessel

Re: AnyConnect blocked due to "new l3 Inbound FW rules" on MX

by in Security & SD-WAN
‎Jul 4 2024 4:06 AM
2 Kudos
‎Jul 4 2024 4:06 AM
2 Kudos
Thx WW you were 100% spot on with this - i must have enabled it and forgotten i did .. after disable and delete my Inbound FW rule - its working    for others its this "early access feature" - https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Appliances ... View more

AnyConnect blocked due to "new l3 Inbound FW rules" on MX

by in Security & SD-WAN
‎Jul 4 2024 2:23 AM
‎Jul 4 2024 2:23 AM
Let me preface this with the fact that i have a open support case under investigation - but putting it out there for others    My AnyConnect service on my MX stopped working suddenly , after Alot of trouble shooting - it seems that the new implementation of  the New MX 3 inbound FW rules block the AnyConnect clients connections..    Symptoms were the AC clients just timing out ..prior to auth    No general Log entries    i found that if i looked at the live firewall logs (under appliance status tools) then i saw the connections being denied  (by rule 0) so i added in a L3 inbound rule - Any - Any on AnyConnect Port did the trick - although im not 100% happy with this as it opens the devices to all inbound connections to the service port (seems bad)    That said surely this is something the AnyConnect Service should be doing ? and NOT a manual firewall entry ??   Anyone  else seeing this ? comments ?  ... View more
Labels:
© 2024 Cisco Systems, Inc.