Community Record
23
Posts
11
Kudos
3
Solutions
Badges
Nov 12 2024
12:43 PM
I don't think the MX has a SIP ALG. However, if your Voice service provider configured your service for TLS, that would ensure that no ALG could possibly impact voice traffic. You might also consider enabling the standard Traffic Shaping rules under SD-Wan & traffic shaping. Be sure to configure your wan bandwidth correctly in the Uplink section, it's important.
... View more
Nov 11 2024
11:46 AM
2 Kudos
I can't quite tell what I'm seeing there. TCP 443 is HTTPS, I'd have expected to see udp/tcp 5060 or 5061 for SIP, or whatever you changed it to. But if you're not getting audio somewhere, it's either a routing issue (unlikey over autovpn) or firewall rules blocking traffic perhaps?
... View more
Jun 3 2024
9:18 AM
3 Kudos
i can help
... View more
I'd think this might be a good use for a dedicated VLAN on those two ports and the MX.
... View more
Apr 21 2023
12:51 PM
I was always suspicious that I wouldn't see everything if the interface flapped, tcpdump stopping when the interface goes down. It's also worth checking the logs on that switch.
... View more
Apr 21 2023
12:42 PM
2 Kudos
This is in the release notes for 18.106, Fixed a rare issue that could result in the WAN interfaces for MX appliances incorrectly transitioning to a down state for a brief period of time. I've seen this as well. Other than that, packet capture between the isp and the mx is the next best thing for what you can't see
... View more
Mar 20 2023
2:28 PM
I really appreciate both of your responses, I hope you didn't feel anything but that appreciation. We're reaching out to our rep to see if anything can be done to enable the feature. I understand that even a small change can be significant, but it really feels worth quite a bit to me as a network operator. This problem, where our DHCP clients in network A have Internet connectivity but no DNS connectivity to network B where the DNS servers live (for varying reasons), is one that clients end up experiencing way more than they need to, at least in my world. I think the benefit is large and it's another thing that makes a Meraki network 'just work' even when components on it don't.
... View more
Mar 20 2023
2:11 PM
Understood that another product can do this, several others can including NRPT in windows. But it makes so much sense to me for this really simple configuration item that already exists in the underlying product to be leveraged in the dashboard.
... View more
Mar 19 2023
12:55 PM
I think I understand that the MX firewalls internally run dnsmasq. If that's the case, what are the chances that Meraki is looking to supportthe use of the Server= configuration option that dnsmasq has, allowing admins to send dns queries for some domains to specific servers? My use case is multi site Micrsoft based organizations that have all server resources in one of the networks, my server= command could direct windows domain queries to the internal servers and lookups for external domains could be sent out to the internet. There are unfortunately times when the servers become unavailable and everything breaks because dns is broken. Is this even being considered and if not, how would i get that on folks' radar?
... View more
Labels:
- Labels:
-
Firewall
Jan 11 2023
12:24 PM
How helpful, thank you. I don't know why I didn't find that myself.
... View more
Jan 11 2023
7:07 AM
I'm looking for some details on the categories offered in the traffic shaping rules. I'm particularly interested in how traffic is matched. For instance, what is the difference between Real-time Transport Protocol and Real-time Transport Protocol Audio. Same questions for WebRTC. And if my voice traffic is SIP-TLS, can the RTCP rules work anyway? I'm curious about the other rules and how traffic is classified too, but this is my starting point. thanks in advance
... View more
Jul 5 2022
4:22 AM
some IPSEC implementations support responder, initiator or both implementations. It your peer is configured as an initiator only, it won't respond to the MX's attempts to initiate the tunnel.
... View more
Apr 14 2022
5:08 AM
I don't think there is a choice, at least not for me. I can only delay firmware upgrade until sometime in May it seems. Clients won't be thrilled that we can't use the layer 7 rules that they want though.
... View more
Apr 5 2022
12:08 PM
we're looking around but so far, no, we don't. Good to know there's a model that does not exhibit these problems. Very painful.
... View more
Apr 5 2022
10:38 AM
I should have mentioned, we're confident our problem is unrelated to crashing nor load issues. And we don't see the problems on MX-84's that we swapped in place of the 85's.
... View more
Apr 5 2022
10:36 AM
We too saw this behavior on MX 85's with Cisco SG110 switches, and possible Netgear 105s (we don't have a record of what we swapped in for our test), on the wan side. My ticket is still awaiting input from engineering, but we had to remove our MX-85's from production as it was impacting voice. If anyone has more information, or a recommended switch, would appreciate input.
... View more
Mar 14 2022
7:33 AM
i did disable traffic analysis for all networks in the organization, however I learned on Saturday that this did not disable NBAR. Apparently NBAR is enabled if you use any layer 7 rules. We had to revert to a previous firmware version
... View more
Mar 11 2022
10:58 AM
I had similar problems where some traffic was being miscategorized and NBAR blocked, for me it was Avaya IP Office communications as well as internal and external dns. Turning traffic analysis off fixed that for me
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1399 | Sep 27 2023 12:29 PM | |
| 1322 | Jul 5 2022 4:22 AM | |
| 3114 | Mar 14 2022 7:33 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 2506 | |
| 2 | 777 | |
| 2 | 1399 | |
| 2 | 2606 |
