Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic being blocked, no events to research...

UBI_Jonathan
New here
2 weeks ago
2 weeks ago

Traffic being blocked, no events to research...

Hi all, 

I have a MX84 and it has recently started blocking traffic to a few specific URL's. I know this because if I whitelist a client, they can get to the site without issue. After, if I de-whitelist (make "normal") the client, they can continue to access the site. To me, this is indicative of the certificate being blocked, not the site itself. I had a similar issue a few years ago where a client cert was being blocked, and as soon as I would whitelist the client, it would become active again, then de-whitelisting the client allowed the client to continue to connect securely. Eventually, I traced the issue down to the layer 7 firewall rule I have to not allow traffic to anything but the US (we are a very small community-based company). Adding the country where the CA cert was based out of fixed the issue. 

The thing is if I go to Network Wide > Event Log > Filter by the client, there's no events saying anything is being blocked.

Does anyone know how I can accurately troubleshoot this issue and see why this traffic is being blocked?

Labels:
0 Kudos
Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Did you do the URL test to see the category the sites are being placed in?

You can request a change of category.

What firmware are you running?

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
UBI_Jonathan
New here
2 weeks ago
2 weeks ago

It's on 18.107.2

Yeah, it passed the URL test.

To further test this, I pulled the country rule out of the layer 7 firewall, and the issue resolved, but I don't want to leave that removed. I wish the firewall would log the event so I knew what country it was matching to. 

Subscribe
In response to UBI_Jonathan
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

I suggest you make a feature request.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
UBI_Jonathan
New here
2 weeks ago
2 weeks ago

While I appreciate the comment, I'm sure that'll get tons of traction and help my immediate situation. Why denied traffic wouldn't get captured to begin with.

 

Meraki: I'm gonna block this traffic!

Me: OK. Why?

Meraki: ¯\_(ツ)_/¯

0 Kudos
Subscribe
jOMeraki2
Getting noticed
2 weeks ago
2 weeks ago

I prefer utilizing Google Chrome to troubleshoot content filter issues. By using this browser, you can easily view all requested URLs and identify any that are being blocked. Recently, I encountered a problem with a website where the styling was not working properly. After inspecting the site using Chrome Developer Tools, I discovered that the site was requesting Bootstrap files from an external source, which were being blocked. I resolved this issue by adding the URL to the allowed list, and now the website is functioning correctly.

jOMeraki2_0-1713612342562.png

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.