Meraki

Community

About SimonT

Re: DNS snooping for FQDN-based firewall rules

by in Security & SD-WAN
‎Dec 4 2024 5:40 AM
‎Dec 4 2024 5:40 AM
This makes sense on paper, but I am not sure how to implement it, as it would mean moving the appliance to a DMZ in front of the firewall. The appliance would then also need a route back into the network for the AD connector. Can umbrella be set to unencrypted DNS block or block 443 so that DNS requests are sent unencrypted both solutions are not perfect. ... View more

Re: DNS snooping for FQDN-based firewall rules

by in Security & SD-WAN
‎Dec 3 2024 5:25 AM
‎Dec 3 2024 5:25 AM
Thanks for the comment my understanding is from the endpoint to the Umbrella virtual appliances are not encrypted but from the virtual appliance they might be. But how would local DNS caching work as the MX wont see these DNS requests. ... View more

DNS snooping for FQDN-based firewall rules

by in Security & SD-WAN
‎Dec 2 2024 12:50 PM
‎Dec 2 2024 12:50 PM
Could anyone explain the correct setup so that Meraki can do DNS snooping for FQDN-based firewall rules with the following environment?   Windows network with Windows DHCP and DNS Servers. Windows endpoints with Secure Client and Umbrella Endpoints DNS points to Umbrella virtual appliances with local DNS pointing back to Windows DNS servers. Active directory integrated with Umbrella. MX84 Firewall MX84 does not see DNS requests from endpoints so FQDN-based firewall rules fail. How should this be setup  ? must keep Windows DHCP servers and local DNS going for Active Directory. ... View more
Labels:

Re: MX84 Port is disconnected when trying to patch another switch

by in Security & SD-WAN
‎Feb 19 2020 3:02 PM
‎Feb 19 2020 3:02 PM
On Monday I logged in to find that the port was now active, strange that nothing changed between Saturday and Monday but the port is showing as active and I can ping the remote host. ... View more

Re: MX84 Port is disconnected when trying to patch another switch

by in Security & SD-WAN
‎Feb 15 2020 4:20 PM
‎Feb 15 2020 4:20 PM
I have requested the logs for the other device, my guess is that its a port negotiation issue as soon as I am back on site I can test and confirm what happens when a notebook is plugged in as well as the port speed. ... View more

Re: MX84 Port is disconnected when trying to patch another switch

by in Security & SD-WAN
‎Feb 15 2020 11:12 AM
‎Feb 15 2020 11:12 AM
Thanks Dave for the idea's I was thinking it might be a port speed setting after reading a few more forum post. I will keep reading and then try your recommendations.  ... View more

MX84 Port is disconnected when trying to patch another switch

by in Security & SD-WAN
‎Feb 15 2020 10:19 AM
1 Kudo
‎Feb 15 2020 10:19 AM
1 Kudo
I am trying to patch a MX84 to another cisco switch and using a copper connection on one of the standard ports. The port is set to a Access port but wont come up in the interface. Patching a laptop to the same cisco switch port comes up right away. Is there any tracing that can be done on the MX84 to see why the port is not coming up ... View more
© 2025 Cisco Systems, Inc.