I've been encountering an issue while using the Meraki webhooks. The same webhook setup has been working with no problems for several time, but then we suddenly stopped receiving requests from the Meraki Dashboard. Furhter investigation on Wireshark dumps, showed the following pattern happening. Meraki -> Server Client Hello Server -> Meraki Server Hello, Cert, Server Key Exchange, Hello Done Meraki -> Server ACK Meraki -> Server ACK Meraki -> Server Client Key Exchange Meraki -> Server Change Cipher Spec Server -> Meraki ACK Meraki -> Server RST assumptions: It seems that for some reason the client drops the connection after the handshake. I assume that the RST packet comes directly from the client as we cannot find any evidence of our company firwall messing with the connection, and our http server itself is not load balanced. other information: - the server is hosted on Windows Server 2019 under IIS - we experience this problem only during the interaction with the 'Meraki client' - no explicit SSL/TLS errors - no traces in SCHANNEL logs - the webhooks are tracked in the meraki logs with status -1 - triggering a test webhook from the Dashboard api, gives a webhook in a state indicated as 'abandoned' Thank in advance for any help UPDATE contrary to what was stated before, the RST packet was actually forged by a Checkpoint device one hop before our server (the RST packet TTL in the capture highlighted that). The connection was forcibidly closed because the firewall was detecting a false positive SSL renegotiation attack.
... View more