@Jason1 I know its a long time closed post but where you able to resolve this?? ... View more

OK so they think they may have possibly found a bug... needs confirming BUT this is what it looks like from a flow caputre.  We attempted to access a website not in the cache (my local gym of all things) The category look up completed in 27ms (great nice a n quick) however the MX seems to.... ignore the result... waits about 1 second and tries again... it loops like this for about 10 seconds until it finally accepts the category response and allows the connection.   so it does not look like a cloud response time issue.. and more of a MX firmware bug... ill keep you posted when I get an update ... View more

Hey Fucomyoo, I have a case open with Meraki regarding this.. It is the exact same experience we had with version 15 and 16 of firmware when you enabled the "Full list" option in content filtering.   In version 17 there is no option to select "Top list" or "Full List" since they moved from "Bright cloud" to " Cisco Talos Intelligence" so my first thought is that they are now using the process for "Full list" as standard. This heavily leans on the MX cache to speed things up (we are running MX 250) I'm not sure how long the cache TTL is (how long a record stays in the cache) or how large the cache is (how many records are kept until they are cycled in for newer results)   regardless of this though.. its the initial lookup of the site that is slow.. so cache wont make a difference until after the first lookup. As we speak the Meraki support agent just captured a "slow" site lookup... ill keep you posted. ... View more

Also to top it off.. if you use MX250 and IDS IPS set to prevent... do NOT go anywhere near the 16.15 stable RC firmware... it no longer abides by the whitelist for snort rules... so everything gets blocked!! an with no way to unblock it...we experianced this on multiple MX250 recently when moving the Stable RC as advised by Meraki due to ANOTHER issue with their firmware on on the current stable fork... (memory overload causing MX to panic and reboot)  nightmare. ... View more

Its not the Pen Testers that hate it.. its the customers.. as we have to turn off a key security feature to let pen testers do their job... We also have issues with 2 diffrent pairs of endpoints talking across SDWAN... i have MANY time woken up to our reporting system blaring alarms stating Replication of VM has failed... or that Emails are queued up because the mailbox server cannot talk to each other....  It has become a complete joke! literally any issue with have that is remotely related to 2 devices communicating that goes via an MX appliance you can place a pretty firm bet that its IDS and IPS messing stuff up again! ... View more