The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About NordOps
NordOps

NordOps

Getting noticed

Member since Jan 29, 2018

yesterday
Kudos from
User Count
DrewAustin
DrewAustin
2
JRMM
JRMM
1
MCITDept
MCITDept
2
MarcAEC
MarcAEC
1
creepingdeth
creepingdeth
1
View All
Kudos given to
User Count
thomasthomsen
thomasthomsen
2
GiacomoS
Meraki Employee GiacomoS
1
JulienV
JulienV
1
amacaya
amacaya
2
TrevorB
TrevorB
1
View All

Community Record

22
Posts
29
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
25 Kudos
First 10 Kudos
Points Contest - Apr 2019
Lift-Off View All
Latest Contributions by NordOps
  • Topics NordOps has Participated In
  • Latest Contributions by NordOps

Re: Webroot AMP

by NordOps in Security / SD-WAN
2 weeks ago
2 weeks ago
Thanks for the feedback. Some of the webroot documentation seems to point to that URL so I think it's just an AMP update that flagged the files disposition as malicious or maybe it didn't like that the computers were trying to run executables from a website.  ... View more

Re: meraki flagging webroot installer file as malware (wsasme.exe)

by NordOps in Security / SD-WAN
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
We're seeing the same thing on multiple networks, I started a case with Meraki support and also started a post.  I am not sure if there is a way to Merge them.   https://community.meraki.com/t5/Security-SD-WAN/Webroot-AMP/m-p/155472#M39074 ... View more

Webroot AMP

by NordOps in Security / SD-WAN
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
Any Webroot users out there seeing issues with AMP?   We've received new information from the Advanced Malware Protection (AMP) cloud about 1 file downloaded on your The following files were determined to be malicious in retrospect: File Hash: 54fd619d136646c014ca6e270e4a483dce033894c918a462b5a0352290ce95db (link) Download Info:   The AMP alert shows a wsasme.exe file on webroot's site.   I opened a case to see if its a false positive but we've had a few customers that got flagged around the same time.   ... View more

Re: Meraki mx64 EOS?

by NordOps in Security / SD-WAN
‎05-05-2022 07:22 AM
‎05-05-2022 07:22 AM
Yeah, I just find it surprising they haven't extended End of Support (not End of Sale) with a lead time on an MX67 being about 8 months. ... View more

Re: Meraki mx64 EOS?

by NordOps in Security / SD-WAN
‎05-03-2022 01:38 PM
‎05-03-2022 01:38 PM
It's official which is kind of surprising given the fact the lead time is so terrible for the MX67   https://documentation.meraki.com/General_Administration/Other_Topics/Meraki_End-of-Life_(EOL)_Products_and_Dates ... View more

MX Geo-filtering problems / Russian

by NordOps in Security / SD-WAN
‎03-11-2022 12:57 PM
‎03-11-2022 12:57 PM
We just had a couple customers that called in having problems to specbooks.com    Nslookup reveals   Non-authoritative answer: Name: specbooks.com Address: 74.208.210.187 Aliases: www.specbooks.com   This tool classifies that IP block as Russian https://www.maxmind.com/en/geoip-demo     Other tools do not NetRange: 74.208.0.0 - 74.208.255.255 CIDR: 74.208.0.0/16 NetName: 1AN1-NETWORK NetHandle: NET-74-208-0-0-1 Parent: NET74 (NET-74-0-0-0-0) NetType: Direct Allocation OriginAS: AS8560 Organization: IONOS Inc. (11INT) RegDate: 2006-11-22 Updated: 2017-08-09   Anyone experience false positives with the geo filtering?  Would be nice to have the Content Filtering take priority over the Geo-Filtering but wondering if anyone else is having problems with it today.  This seems to have just started today.     ... View more

Re: Google.com incorrectly Geolocated

by NordOps in Security / SD-WAN
‎09-24-2021 10:10 AM
7 Kudos
‎09-24-2021 10:10 AM
7 Kudos
Just adding feedback based on some of the comments from other users here about how to improve things so they could be identified easier in terms of using the geo filtering.     Allow geo blocking with the ability to add a site or IP to the "allow" even though the rest of a country is denied.  That way it's not all or nothing if there is legitimate traffic in a country you want to block. geo blocking dumps should dump to the event log like content filtering and malware so it can easily be identified. The ability to sync geo rules / firewall rules throughout the organization with Configuration sync would be nice.   Maybe 3 can be done through the API's but I haven't played with that yet. ... View more

Re: Google.com incorrectly Geolocated

by NordOps in Security / SD-WAN
‎09-24-2021 06:56 AM
4 Kudos
‎09-24-2021 06:56 AM
4 Kudos
Just a suggestion or "making a wish".  If we could add something to the whitelist that overrides the geo filtering that would be a super useful feature.    Block a country but allow this website would be a huge enhancement for security too. ... View more

Re: Hosted Services Issues

by NordOps in Dashboard & Administration
‎08-06-2021 05:59 AM
2 Kudos
‎08-06-2021 05:59 AM
2 Kudos
One other suggestion.    This isn't the first time there has been a backend cloud issue and when you call in and wait on hold forever it doesn't help anyone's patience.  It might go a long way to announce an issue like this before putting the call into the support que.  Being able to call Meraki support easily is one of the best features, but being on hold for 45 minutes waiting to talk to someone while back end issues are being worked on by engineers is extremely frustrating. ... View more

Re: Client VPN No longer working

by NordOps in Security / SD-WAN
‎08-05-2021 07:17 AM
‎08-05-2021 07:17 AM
Same issue, multiple customers/orgs reporting ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 07:30 PM
‎04-09-2019 07:30 PM
It's a better design to use Azure DNS anyways because of cloud availability vs. relying on and old server onsite so that makes sense.   If you remove the DNS from powershell, the windows PC should just follow normal networking rules and grab the DNS from whatever you specify on the vMX100.    There must be something up with your powershell script if it keeps assigning the onsite DNS server or maybe you have it defined and or hard-coded on the NIC?  The vMX100 should be assigning the onsite one, maybe try setting up the VPN client manually instead of using powershell as a test and see if you get different behavior.  ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 07:04 PM
‎04-09-2019 07:04 PM
Are you using Azure Server DNS or back to your onsite DNS server?  The internal Azure DNS should just work. If it isn't can you ping that address?  If you can ping it then you might be looking at the issue I had originally with the regedit.  If you can't ping it maybe it's the Azure routing tables.   If you're using your onsite DNS server you need to also allow that local traffic back to the meraki when you're split tunneling.  On powershelll I think you'd need to add another destination.  In this scenario lets just say 192.168.128.0/24 is Azure and 192.168.100.0/24 is your old network with your onsite DNS server.   You'd need to route both private networks back to the vMX100.  Hope that makes sense.   $Destination = "192.168.128.0/24" Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination $Destination = "192.168.100.0/24" Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 06:44 PM
‎04-09-2019 06:44 PM
@PhilipDAth that's what's worked for me in the past.  Just let the vMX100 assign it vs. the poweshell script.    ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 06:02 PM
‎04-09-2019 06:02 PM
Can you specify on the vMX100?   Security & SD-WAN > Client VPN > "Custom nameservers" and enter IP of local DNS server? ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 05:30 PM
‎04-09-2019 05:30 PM
Just a though - why not put a DNS server in Azure and assign it dynamically under "Custom nameservers" instead of trying to distribute DNS via powershell?    Alternatively you could just use an existing internal DNS server and dynamically assign it as long as your client can get from the Meraki back to that internal DNS server that already exists.  That should work assuming you have an MX or something in-front of the non-cloud internal DNS server onsite and it's reachable over VPN.  The first option is probably better because it wouldn't require that link to be up but I think either would work. ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎04-09-2019 05:24 PM
‎04-09-2019 05:24 PM
You're right about Azure, based on what I've seen they currently don't want you sending the internet traffic back over the link so it doesn't NAT outbound for remote traffic.  They might have allowed it in the early days with the vMX when there was more than one interface but it doesn't look like an option now. ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎03-28-2019 06:50 PM
‎03-28-2019 06:50 PM
This has worked pretty well for us, maybe someone will jump in and offer more options.  You need to use your server address for public IP, connection name VPN whatever you want, the pre-shared key from the MX setup and the local network is the destination.  I am not sure why more people haven't shared, maybe they're holding out for Meraki to make an SSL VPN client or something more simple to deploy.  If anyone has any good group policy deployment guides with powerhsell scripts specific to the Meraki VPN and would share that would be great....   You need to copy and paste this as admin in poweshell after you've adjusted for your own network   Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent AssumeUDPEncapsulationContextOnSendRule -Type DWord -Value 2 -Force $ServerAddress = "x.x.x.x" $ConnectionName = "VPN" $PresharedKey = "presharedkey" $Destination = "192.168.128.0/24" Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force Set-VpnConnection -Name $ConnectionName -SplitTunneling $True Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination ... View more

Re: Layer 7 rule to block countires

by NordOps in Security / SD-WAN
‎12-17-2018 06:20 PM
11 Kudos
‎12-17-2018 06:20 PM
11 Kudos
We've found it useful to just allow certain countries rather than deny a huge list.       ... View more

Re: vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎11-12-2018 06:26 AM
‎11-12-2018 06:26 AM
Progress, I can now connect!  I can also connect locally to hosts on the Azure environment, but my internet is not working. A trace reveals second hop to be a public IP but can't get past it.   I think I read something about Azure not allowing outbound internet traffic from VPN clients, so I'll manually add routes to bypass the default behavior of full tunnel and see if that works...will update after testing is complete.   ... View more

vMX100 Azure Windows VPN client issues

by NordOps in Security / SD-WAN
‎11-07-2018 06:53 PM
‎11-07-2018 06:53 PM
I have a vMX100 setup in Azure and have site to site VPN's successfully working.  We have a number of MX64's passing auto VPN traffic just fine.   The Windows VPN client just doesn't work.  I get prompted for a username and password but it is almost as if UDP 500 or UDP 4500 is being blocked on the Azure side.  I've seen a bunch of posts saying that VPN can connect but can't pass traffic but I can't even seem to get that far.  Anyone have any advice?  Does anything need to be opened on the Azure side?  I routed traffic back to the next hop for the VPN traffic, but like I said we aren't even getting that far.   I get prompted for a username and password but it is almost like the local authentication on the Meraki is failing.    This is the error I get from a windows 10 PC.     Running a packet sniffer while trying to connect I see 192.168.128.4.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]   In the event logs I am seeing something like this which seems pretty odd. msg: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY   If anyone has any ideas it would be greatly appreciated! ... View more

Re: VPN stops passing traffic between Meraki Security Appliances and Cisco ...

by NordOps in Security / SD-WAN
‎07-23-2018 07:35 PM
‎07-23-2018 07:35 PM
Thanks for this info, I noticed you referenced your case below. I gave that to support since they haven't been of much help. What I've noticed (Site to Site to vShield VMware firewall) with third party VPN - Internet on both sides up - Third party firewall is in a private cloud with multiple carriers - Meraki Auto-VPN's don't drop - I can kick the tunnel off by booting the Meraki - It recovers on its own after about 8 minutes - Event logs always have "Non-Meraki / Client VPN negotiation msg: phase1 negotiation failed due to time up" but nothing really useful. Thanks for referencing your case I hope that helps and they dig something up ... View more
Kudos from
User Count
DrewAustin
DrewAustin
2
JRMM
JRMM
1
MCITDept
MCITDept
2
MarcAEC
MarcAEC
1
creepingdeth
creepingdeth
1
View All
Kudos given to
User Count
thomasthomsen
thomasthomsen
2
GiacomoS
Meraki Employee GiacomoS
1
JulienV
JulienV
1
amacaya
amacaya
2
TrevorB
TrevorB
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Layer 7 rule to block countires

Security / SD-WAN
11 21627

Re: Google.com incorrectly Geolocated

Security / SD-WAN
7 20743

Re: Google.com incorrectly Geolocated

Security / SD-WAN
4 23104

Webroot AMP

Security / SD-WAN
2 471

Re: Hosted Services Issues

Dashboard & Administration
2 10897
View All
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2022 Meraki