Page 1 of 1

TM Questions Since the Upgrade to Meraki Firewalls

Posted: Wed Nov 29, 2017 1:56 pm
by clrohm
I have 2 questions about TM since the upgrade.
1. When I look at the dashboard, the filter (lock icon) is open on all my routers for the stake. Since this is an audit item I would like to know when these will indicate that the internet is filtered (or not).
2. When will the usage statistics be displayed again? In the past, it has helped me troubleshoot issues.

Thanks!

Chuck Rohm

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Wed Nov 29, 2017 2:57 pm
by russellhltn
clrohm wrote:When I look at the dashboard, the filter (lock icon) is open on all my routers for the stake. Since this is an audit item I would like to know when these will indicate that the internet is filtered (or not).
This appears to be normal. If you dig in, that's the "standard" filtering. There are two other more restrictive settings, but they're not available to us. Presumably this is a hint at future direction.

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Wed Nov 29, 2017 3:32 pm
by Biggles
The audit question asks if you can see the white tick, or not when using filter.lds.org. If you see the tick then that signifies an audit pass for that question. The filter (lock icon) seen in TM probably has some significance to the Church Tech personnel, but not to us mere mortals. :)

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Tue Dec 05, 2017 6:04 pm
by weible
My filter is not showing a check at filter.lds.org. I plan to call the global support center to get an immediate fix. Any plans to make the filter lock icon a meaningful indicator of the filter status.

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Thu Mar 01, 2018 5:59 pm
by yarrgh
It's not very intuitive because the original intent was for internal testing, but when you go to your firewall on the network tab, there's a link before "Get Connected Devices", that name refers to your filter type. It most likely says "Managed". If you click the link TM will attempt to verify that the filter is configured correctly. This checks to make sure that the firewall is configured with the correct DNS servers and that our 3rd party vendor has the firewall's public IP registered with them. If everything checks out, you'll see a green success message. If not, I'd suggest contacting the GSC for further troubleshooting.

While this doesn't exactly confirm whether the filter is completely working on end user devices (possibly because of other network issues/configurations), it is a major factor in filtering not working.

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Thu Mar 01, 2018 8:16 pm
by lajackson
yarrgh wrote:If everything checks out, you'll see a green success message.
I can't ping one server and it says it is offline, but I do get the green success message when I click on Managed.

Re: TM Questions Since the Upgrade to Meraki Firewalls

Posted: Thu Mar 01, 2018 8:53 pm
by yarrgh
lajackson wrote:I can't ping one server and it says it is offline, but I do get the green success message when I click on Managed.
The check doesn't require that the firewall be online. TM will talk to Meraki's cloud service and make sure that it is configured correctly. TM never talks to the Meraki firewall/device directly.

Because of this, even if the firewall is completely offline, TM can still update the configuration. This allows all device configurations worldwide to be kept up to date. The updated configuration will be pushed to the device when it comes online. What's cool about this behavior is that you can activate a firewall while it is still in the box and then when it is connected to the Internet it'll download its activated configuration. Not really practical in most real world scenarios and won't ever be officially documented anywhere.

Currently, there's no way for TM to know if the latest config has been pushed to the firewall/device. There's no API for it yet. GSC and other support roles do have the ability to check, if needed.