PureConnect

 View Only
Discussion Thread View
  • 1.  Meraki Firewall Issues

    Posted 03-20-2022 01:04
    Edited by Jon Mercer 03-23-2022 11:33
    This is part a question, and part a let people know thing.

    I updated our Meraki MX250's to their new firewall software of MX16.16.  A couple days afterwards, someone tried to login to Interaction Administrator, it it came up and asked for a password and server.  It had never done this before, so I tried, and got the same thing.  It also caused it where one of our CIC servers stopped talking to the other one.  They could ping each other just find, but if the Switch server utility was logged in to, they wouldn't see each other.

    After much troubleshooting with our local support group, it was found that the TLS certificate was being stripped from the IP package by the IDS protection system.

    When I switched it from protective to monitor on the one firewall (the other location firewall wasn't updated yet), then everything started working.  I set it back to protective, and it went back to how it was.  Thankfully through all this, calls were still working, along with Interactive Desktop and ICBM.  If I set the IDS to balanced from security, it works fine also, but that removes some of the protection.

    I have a request in with Meraki about this, and talking with the support people, they had seen someone else with the same issue.

    My question would be, has anyone else seen this that use Meraki, and found a solution that didn't involve turning down the protection level or rolling back the firmware?

    *EDIT* In the end Meraki told me part of the issue was that some of the ISP's (Comcast) are using a 10.0.0.* subnet, which created a conflict with one of our VLan.  Switching the IDS to balanced mode got IA to work, and the switchover software, but interactive faxes that were coming in, were showing received, but the data was either not saved, or corrupted.

    I ended up rolling back the firmware update back to a 15.X version.

    It doesn't apply to this, but if the VPN boxes were updated to 16.16, and a file share server was on the same subnet, remote people couldn't access that server.
    #SystemAdministration

    ------------------------------
    Jon Mercer
    ------------------------------