Content found in this wiki may not reflect official Church information. See Terms of Use for more information.

Troubleshooting Firewalls

From TechWiki
Jump to navigationJump to search

Firewall Status - Cisco/Meraki MX64, MX65, MX67, MX68 or MX68W

Church Network Manager (CNM) gets the firewall status from the Cisco/Meraki website. The firewall status will be one of the following:

  1. ONLINE - the Firewall is able to communicate with the internet and with the Meraki website.
  2. OFFLINE - the firewall is not able to communicate with the Meraki website. This could be for the following reasons:
    1. The Internet Service Provider's (ISP) connection to the property is down.
    2. The ISP's modem (normally a black box) is not functioning properly (reboot the modem by disconnecting power for 30 seconds)
    3. If the ISP connection and modem are functioning then disconnect the power to the Cisco/Meraki Firewall for 30 seconds.
    4. The Firewall indicator light will be orange, then rainbow colors and then eventually blinking or solid white which is the operational state. See more details about light colors below.
    5. If the Firewall does not eventually get back to a solid White light then call the GSD.
  3. WARNING/VPN DOWN - The firewall is able to communicate with the Cisco/Meraki website but the Virtual Private Network (VPN) is down or the Meraki website is not able to connect to the Facility zone if one is present.
    1. Follow the same steps in the OFFLINE status above.
  4. UNKNOWN - the firewall is not able to communicate to the Cisco/Meraki website to get a status
    1. Follow the same steps in the OFFLINE status above.


Meraki Firewall Troubleshooting Guide:

After the Meraki switch(es) have been installed the Firewall ports will be configured to the following:

Meraki MX64 Ports:

Port 1 - Connected to an SFP Port on the Meraki Switch

Port 2 - Disabled and no longer used

Port 3 - Disabled and no longer used

Port 4-  Disabled and no longer used

Meraki MX67 Ports:

Port 1 - Connected to the Internet or ISP Modem

Port 2 - Connected to an SFP Port on the Meraki Switch

Port 3 - Disabled and no longer used

Port 4-  Disabled and no longer used

Port 5-  Disabled and no longer used

Meraki MX68 and MX68W Ports:

Port 1 or Port 2 - Connected to the Internet or ISP Modem

Port 3 - Connected to an SFP Port on the Meraki Switch

Port 4 to Port 10 - Disabled and no longer used


Status light is solid White but still no internet connectivity

  1. Solid white indicates that the firewall has internet connectivity
    1. Verify the serial number of the Meraki firewall in your meetinghouse matches the serial number indicated in CNM.
    2. If they do not match you will need to replace the firewall in CNM with the one that is in the building (Contact the Global Service Desk for assistance if needed)
  2. If the serial number does match the one registered to your building in CNM then the Meraki firewall is likely functioning properly
  3. Connect a laptop or workstation directly to port 2 on an MX64 firewall or Port 3 on a MX67 firewall and verify internet connectivity
  4. If you can access the internet when connected directly to port 2 one the MX64 or Port 3 on the MX67 you will need to troubleshoot connectivity to the switch
  5. If you are unable to access the internet when connected directly to port 2 on the MX64 or Port 3 on the MX67 firewall, contact the Global Service Desk

Status light is blinking white

  1. This indicates that the Meraki firewall is updating to the latest internal firmware
    1. Generally, this is completed within a few minutes but may take 30 minutes or longer for a new firewall to update
    2. Firewalls typically reboot at the end of an update
    3. It is generally best to wait for the device to finish updating and transition to a solid white indicator
  2. The Meraki firewall will function normally during the update process

Status light is Orange

  1. Indicates that the device is booting up
  2. This is normal for one to two minutes after the device is powered up or rebooted
    1. A persistent Orange indicator, for more than five minutes indicates that the device is not functioning properly and should be rebooted (Disconnect the power for 30 seconds)
    2. If the device continues in this state after rebooting, contact the Global Service Desk

Status light is cycling through colors (Referred to hereafter as the “Rainbow State”)

  1. Indicates that the device is fully booted and attempting to communicate with the Meraki cloud management application
  2. Once the device is in contact with the Meraki cloud management application, and has downloaded its current configuration file, the indicator will transition to white
  3. Occasionally the device will require a reboot and transition back to Orange
  4. If the indicator continues to alternate between the Rainbow cycle and solid orange every few minutes, it is unable to reach the Meraki cloud management application
    1. Verify the connection requirements with your Internet Service Provider
    2. Please contact them to determine if there is a static IP address, or “PPPoE” that needs to be configured (this information may also be recorded in CNM)
    3. Your ISP may ask you for a “MAC” address, you will find it printed on the label on the bottom side of your Meraki firewall
    4. If a static IP address or “PPPoE” information is provided by your Internet Service Provider, contact the Global Service Desk for help configuring the firewall with these settings
    5. If the Internet Service Provider does not provide PPPoE or a static IP address, reboot the Modem or router provided by the Internet Service Provider
  5. If you are unable to resolve the problem after contacting your internet service provider, contact the Global Service Desk to receive help resetting the Meraki Firewall