Meraki MX Firewall – Proxy Issue?

I have a fairly large network with multiple locations that include a large amount of Cisco Meraki networking equipment. I have been struggling with some odd behavior at one of the locations. When Querying the IP address from within a web browser using the “$_SERVER[‘REMOTE_ADDR’]” at only one of the many locations, it always returns the same IP address that is assigned to one of the VLANs on the MX firewall. It’s not even on the same subnet. It just always shows that same IP. After doing some troubleshooting, everything was indicating that this was usually because of a proxy. But, we have no proxies in the network. I suspected it was related to the MX, but at first glance there was nothing that looked like a setting for a proxy.

It was not affecting any other systems, so I moved on to bigger issues.

Now, we needed to setup the Meraki MX to connect to a 3rd party VPN peer. Again, only at this location did I have trouble. All users that were going to specific websites over this VPN tunnel were getting the error of “Internal Error: Missing Template ERR_CONNECT_FAIL“. More research on this error also mentioned a proxy as a possible culprit.

So, this time I dug through every setting and found something that isn’t documented as a proxy, but it seems this is what the Meraki may be doing.

Under Security Appliance –> Configure –> Content Filtering, there is an option for Web search filtering. This was set to enabled. Apparently when this is turned on, it puts the web traffic into proxy mode. Turning it off solved my VPN trouble and the IP address identification from within the browser.

Meraki Web Search Filtering

 

 

 

I figured I would share this in case someone else comes up against the same trouble.

16 thoughts on “Meraki MX Firewall – Proxy Issue?”

  1. Thanks, we have an MX80 as well and experienced this very same issue, I had to remove all our blocked website categoried and filtering settings on that page for it to work. Naturally this isnt a good thing so will have to raise the issue with Meraki.

  2. So this was helpful, we had the same error intermittently with port 80 traffic and turning this off seems to helped us ,

    where did you gert the info about the MX acting as a proxy when you turned on the WEB SEARCH FILTERING?

    thanks a ton BTW

    Anto

  3. I have had this same issue. It started with one of the most recent firmware updates. At first I thought it had something to do with AMP. Even when I would call Meraki support, and it was happening to Meraki support at the same time on the same firewall on the same firmware using a different ISP on the other side of the country, they blamed it on the website. Also at the same time on a connection that was NOT behind the firewall it worked perfectly….I had support roll back my firmware to April’s version and it seemed to fix the issue.

  4. Thanks for posting this! I was having the same issue with a Meraki and couldn’t figure out what was going on. Would have taken me a lot longer if it weren’t for your post!

  5. I just recently updated to the latest firmware that was released this week. So far so good. Everything seems to be working just fine now. A buddy of mine that also has a MX said that the new firmware did break the backup cell modem connection though.

  6. We’ve also encountered this issue recently. Mostly trying to connect with GAFE sites. HTTP throws the error whilst HTTPS doesn’t.

    Turning off Web search filtering works, but reluctant to do it in our educational environment.

    Hopefully Meraki support is looking into this.

  7. I had this same issue where “www.google.com” would not come up in IE and disabling the Web search filtering also resolved the issue. Did not appear to effect Chrome. Do you know if there is a resolution to this issue from Meraki?

  8. Great Post. Also wanted to let you know there is another location where the Web Search Filtering may be applied even if it is disabled under the Security Appliance itself.

    Network-wide–> Group Policies –>Web search filtering

  9. Thanks, Mate
    Was pulling my hair out trying to figure out what was causing this!
    now works great on MX64!!

Comments are closed.