Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About DonaldB
DonaldB
Here to help
Member since Apr 13, 2023
Apr 11 2024
Don Boley
Ohio
Community Record
8
Posts
3
Kudos
0
Solutions
Badges
Apr 10 2024
6:39 AM
I just re-read and noticed you already updated your firmware...my bad.
... View more
Apr 10 2024
6:37 AM
If you don't mind, let me know how that goes and if it helps your issue. I started with the MX reboots since we have an HA pair, and then found the firewall rule tweak by accident while on a call with Meraki and I was trying to permit specific traffic for a test. The reboot or firewall rule tweak only buys me 12-24 hours before the issue comes back, FYI.
... View more
Apr 10 2024
6:31 AM
The latest update from Meraki Support is that this is a "known issue" related to CPU usage and SNORT. This has a high priority with Meraki engineers due to the impact it is having at multiple organizations, though no ETA of a fix is available yet.
... View more
Apr 10 2024
6:24 AM
Interesting. The issue I have been seeing is that traffic will pass across VLANs just fine normally, then when this bug hits, traffic seems to stop passing across the MX. It will only pass traffic again if I either reboot the MX, or adjust any firewall rule on the MX (I think it's the action of refreshing the rules that temporarily resolved the issue). If I do this first thing in the morning and at the end of the day, I can keep our network running. If I miss doing this, then I get bombarded with calls and emails that the network is down. I am running a full Meraki stack...MX security appliances, switches, and APs. All devices appear to be on their expected VLANs. Is the device that appears on VLAN 1 directly connected to your MX, or are there switches in the mix?
... View more
Apr 10 2024
6:15 AM
I was in the process of planning an upgrade to 18.107.9 until we ran into this issue (I see 18.107.10 is available now too). At this point I am awaiting guidance from Meraki Support until applying any new firmware updates as I don't want to make things any worse. While not fun, I at least have a workaround that is keeping our network operational. We typically only deploy firmware versions that are considered "Stable" or are a maintenance release of a "Stable" firmware. I noticed multiple "unexpected device reboot" bugs listed for the latest firmware updates, though the revision made to the release notes for 18.107.5 now list those as well.
... View more
Apr 5 2024
9:44 AM
3 Kudos
I wanted to share some information regarding an issue I have been dealing with the past few weeks regarding our pair of Meraki MX450 security appliances as I haven’t seen any other posts related to this issue. While my intent is mostly informative, I do welcome feedback and suggestions from the community if anyone has any. I am actively working on this case with Meraki Technical Support. We began seeing problems on or around 3/21/2024. On that day, users in our call center reported problems accessing our on-premises phone system and other tools necessary to support our customers. After our initial investigation, we determined that the issue might be with our MX450, so we rebooted the pair of appliances, and the issue seemed resolved, at least until the next day. It’s as if the MX450’s stop passing traffic between VLANs/networks. After running into this issue for multiple days in a row, I opened a ticket with Meraki Support to begin investigating what was going on. During the investigation, we found that instead of rebooting the MX450 appliances, simply making a change to a firewall rule is enough to clear the issue for a period of time (less than 24 hours typically). Either adding, removing, or modifying a rule seems to clear the symptoms. I now have a “dummy” rule that I modify every night and every morning, and that keeps things moving along. If I don’t do this, then we will have problems. Meraki is aware of this issue and has indicated that it is impacting multiple organizations. They tried applying a “workaround” to SNORT IDS/IPS on our MX450, but that didn’t seem to help and currently don’t have an ETA as to when this might be resolved. Here are a few facts regarding our network: Most network VLAN interfaces have been created in the MX450 due to the need for network segmentation, though some reside on our core network Meraki switches. Networks where their VLAN interface was created on the core switches don’t experience this issue unless they are communicating with a network/VLAN where the interface was created on the MX450. Our MX450 appliances see high utilization on a daily basis (they have for over a year), and I am continuing to discuss this with Meraki. That’s a fairly high-level look at our issue, wasn’t sure if there are others out there who have seen this.
... View more
Labels:
- Labels:
-
Firewall
Apr 1 2024
9:27 AM
This sounds a lot like an issue we were seeing in 2022. While not as frequent as you are reporting here, we would see our pair of MX250 appliances perform a failover multiple times a day. At the time, Meraki support had to downgrade the version of SNORT we were running from v3 to v2, and that stopped the VRRP transitions from happening. Meraki released a firmware last year that addressed this issue (firmware version 18), and we were eventually able to go back to SNORT v3 in October 2023. Ironically, I am currently browsing the community forums due to another issue that I think SNORT is causing us (killing network communications every 12ish hours), but that's another story...lol.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 1831 |
© 2024 Cisco Systems, Inc.
