Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 6907 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow access for Meraki MDM solution, *.meraki.com?

cramey925
I'm obviously not that versed in firewalls and especially Sophos products.  I am the admin for a small school district and I am trying to implement a iPad MDM solution, but part of that is allowing them to access a certain website.  I tried adding *.meraki.com to the firewall rules, but that's not enough apparently because it's still not working.

We use the Sophos UTM 9 appliance running version 9.107-33.

Thanks in advance for the help!


This thread was automatically locked due to age.
  • 0
    Try adding in the exception list

    ^https?://([A-Za-z0-9.-]*\.)?meraki\.com/
  • 0 in reply to dknyinva
    Try adding in the exception list

    ^https?://([A-Za-z0-9.-]*\.)?meraki\.com/


    Thanks for the replay, but that not working.  Searching online, it seems there are some unusual ports that it might be using, but I can't get a good listing of those.  Is there a way to open up all ports to meraki as well?  Or is there anything else to do here?
  • 0
    Hi,

    What do the logs (firewall, Intrusion Protection, Web Protection, Application Control) show?

    Barry
  • 0 in reply to BarryG
    Hi,

    What do the logs (firewall, Intrusion Protection, Web Protection, Application Control) show?

    Barry


    The firewall log does show:
    13:12:19 Default DROP TCP
    10.60.8.91 : 50363

    17.149.36.148 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:19 Default DROP TCP
    10.60.8.91 : 50364

    17.149.36.73 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:19 Default DROP TCP
    10.60.8.91 : 50365

    17.149.32.40 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:19 Default DROP TCP
    10.60.8.91 : 50366

    17.149.32.43 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50367

    17.149.32.21 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50363

    17.149.36.148 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50368

    17.149.32.62 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50364

    17.149.36.73 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50369

    17.149.36.211 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50365

    17.149.32.40 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50370

    17.149.36.172 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:20 Default DROP TCP
    10.60.8.91 : 50366

    17.149.32.43 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    13:12:21 Default DROP TCP
    10.60.8.91 : 50367

    17.149.32.21 : 5223
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2

    The rest don't show much of anything at all related to this device.  I did open up port 5223 under Service Definitions however.  Unless I did it wrong, it should be open.
  • 0
    Hi, did you create a firewall rule with the service definition?


    Barry
  • 0 in reply to BarryG
    Hi, did you create a firewall rule with the service definition?


    Barry


    Oh geez, nope!  That did it.  Thanks a ton!
  • 0
    Ug, this is such a headache!

    So I realized that I was having this testing ipad go through our open wireless.  So I changed it to where it was supposed to be and now it's not working again.

    Looking at the logs, I do see it blocking what appears to be Apple IPs.  I have a rule that allows all traffic going to apple.com, but that's not enough apparently.  This what my logs show, any ideas on this one??

    09:46:55 Default DROP TCP
    10.60.8.32 : 49166

    17.174.14.5 : 443
    [SYN] len=64 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:46:59 Default DROP TCP
    10.60.8.32 : 49166

    17.174.14.5 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49155

    17.172.232.149 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49159

    17.172.232.109 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49158

    17.172.232.99 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49157

    17.172.232.203 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49161

    17.172.232.208 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49160

    17.172.232.126 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49163

    17.172.232.212 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
    09:47:03 Default DROP TCP
    10.60.8.32 : 49162

    17.172.232.210 : 443
    [SYN] len=48 ttl=61 tos=0x00 srcmac=a4:4c:11:66:3b:c0 dstmac=0:1a:8c:18:53:2
  • 0
    I have a rule that allows all traffic going to apple.com

    Please [Go Advanced] below and attach a screencap of that.

    Cheers - Bob