Meraki and Firewall rules
-
To summarize we manage a wide variety of devices from Windows, iOS and Android using Cisco Meraki. Recently many of the Windows Devices have stopped reporting to Meraki, so we can no longer check on the status of these devices.
The services are in-fact running without issue as far as I can tell.
I've completely disabled the File System Shield, Mail Sheild (worthless for this) and Web Shield for testing just now to confirm. I've also added exclusions into the software for everything that I can find that Meraki uses.
Does anyone have any other input on what might be stopping Meraki from communicating to the "Dashboard" (their web console)?
Thanks
-
Disabling all 3 "Active Filters" did address the problem, now to figure out which one is the culprit...
-
For UltraVNC to work, you must disable under Settings > Active Protection > Mail Shield > "Scan inbound mail (POP3, IMAP4) if you want to be able to remote into these devices.
Still investigating the other items.
-
@DustinB3403 WTF.... UltraVNC doesn't even run on anything close to SMTP / IMAP, does it?
-
@dafyre Apparently it does, as disabling the Scanning of inbound POP3, IMAP4 connections allows UltraVNC to connect from within Meraki.
-
How do you like the Meraki devices?
I have a free one from them I've been wanting to install at home to play with, but have not done so yet.
-
I helped a client setup a Meraki Firewall. Once you get used to the way they do a couple of things, they're actually pretty good.
-
@dafyre said:
I helped a client setup a Meraki Firewall. Once you get used to the way they do a couple of things, they're actually pretty good.
It seemed like a great idea.
-
We don't actually use their AP, we did for testing for a long time, and it is a good unit.
Just not good enough to pay for it forever.
-
@dafyre said:
@DustinB3403 WTF.... UltraVNC doesn't even run on anything close to SMTP / IMAP, does it?
Meraki fail.
-
@DustinB3403 said:
@dafyre Apparently it does, as disabling the Scanning of inbound POP3, IMAP4 connections allows UltraVNC to connect from within Meraki.
It definitely does not. That's a broken Meraki issue.
-
@BRRABill said:
How do you like the Meraki devices?
I have a free one from them I've been wanting to install at home to play with, but have not done so yet.
They were nice before Ubiquiti came along. And before Cisco bought them.
-
@dafyre said:
I helped a client setup a Meraki Firewall. Once you get used to the way they do a couple of things, they're actually pretty good.
Once you get used to the ways that they don't work like breaking VNC thinking that it is email.
-
@scottalanmiller Ha ha ha. We didn't have that problem. This was only for their firewall. They've got APs on the way.
-
So the exclusions I've had to add to get everything "functional" are listed below.
File System Shield
-
C:\Program Files (x86)\Meraki\m_agent_upgrade.exe
-
C:\Program Files (x86)\Meraki\meraki-ca-bundle.crt
-
C:\Program Files (x86)\Meraki\ndisscan.exe
-
C:\Program Files (x86)\Meraki\README-winvnc.txt
-
C:\Program Files (x86)\Meraki\screenshot-cmd.exe
-
C:\Program Files (x86)\Meraki\windows-wlan.exe
-
C:\Program Files (x86)\Meraki\winvnc.exe
Mail Shield
- Inbound Mail - Un-check 'Scan inbound mail (POP3, IMAP4)' (UltraVNC)
Web Shield Process Exclusions
The same processes as in File System Shield -