Is it inbound or outbound rule you placed? ... View more

Thank you Jess! ... View more

Received this feedback from support:  Thank you for your response. I believe you are running into another issue which engineering is investigating for false traffic spikes to appear on the graph. This does not truly represent actual client data seen on the network. Our engineering team is tracking this and they are working on a fix. I'll make sure to update you accordingly as I get updates from engineering. Thank you, Meraki Technical Support  ... View more

@Crocker Our team is conducting a thorough investigation and a robust review to ensure an accurate and comprehensive analysis. This process may take some time to complete.   If you have a support case please try to request the RCA on the case, if you do not have a case already logged, pelase try to log one by going to to the dashboard? > Get help and cases. ... View more

Thank you for providing the resolution status on this. ... View more

Same thing happening here.  I discovered that the user was shutting down laptop while still connected to the VPN session.  I asked the user to disconnect from the VPN before shutting down the laptop to see if that formal VPN termination fixes the issue.  I am not sure why the Meraki client VPN service would keep alive a session for that long without activity, though. ... View more

Apologies for delay in responding, I have been on hols. All looks good now, thanks Alex. ... View more

So an update, I sometimes add IOC IP addresses that are C2 to our Meraki Content Filtering / URL Filtering list.   I was testing VPN connection from home last night and got an error from http://wired.meraki.com:8090 blockng IP address - 13.107.4.52   I checked my URL list and saw that IP had been added by me earlier in the day, I removed it and bingo VPN connection stayed connected. Virus Total has mixed reviews on this IP, see below. Cisco Umbrella Investigate shows safe as well.   https://www.virustotal.com/gui/url/20991264dd712bc59c82126e951fb8f22a9cec3021a4f08f62da4e925db29f86 ... View more

I am removing our whitelisted rule tomorrow, I don't expect any issues. ... View more

We had same alert on our MX firewalls wsasme.exe SHA25654fd619d136646c014ca6e270e4a483dce033894c918a462b5a0352290ce95db   Disposition - Malicious | Type - MS_EXE | Size - 5657272 bytes   Ticket I had open with Meraki, response this morning:   Thanks for your response. Yes, I can confirm that you can trust Webroot and wsasme.exe is not a malicious file. Please ignore the alert, and I will close the ticket at this time. Thank you, Kunal Konduru Cisco Meraki Technical Support   Webroot Support response yesterday:   The reason that Joe Sandbox lists for their "Suspicious" file determination (hooking functions) is normal for an Antivirus program. Cisco appears to be marking wsasme.exe as a threat for the same reason, however only Cisco support would be able to confirm this. If you have any further questions about this false positive, we recommend reaching out to Cisco support.   Regards, The Webroot Advanced Malware Removal Team     This is a legitimate Webroot file. Please reach out to Cisco support for further assistance with this false positive.   Regards, The Webroot Advanced Malware Removal Team ... View more