KB ID 0001365
If you have a Meraki Security device and have enabled ‘Content Filtering’, instead of a nice ‘block-page’ informing you why you are being blocked you may see this;
This is happening because your Corporate DNS is resolving ‘wired.meraki.com’ to 220.127.116.11, which you can also see if you look at the URL you are trying to connect to it on port 8090. A quick nmap of that IP will tell you port 8090 is not open, (only port 80 and port 443 are).
This is happening because if you were to use your Meraki Device for DNS forward lookups, it would ‘DNS Doctor’ the return DSN packet and insert its own IP address in there instead. That’s fine but most corporate networks don’t want to use their Meraki devices for DNS forward lookups.
The easiest way to resolve the problem, is with your own corporate DNS servers.
First you need the inside IP of your Meraki device(s). You can get these from the Meraki Dashboard (Security Devices > Addressing and VLANS). If you browse to that IP, you should se something similar to below;
Armed with that information, go to one of your DNS Servers, and create a new forward lookup zone.
Next > Primary zone > Next > To all DNS Servers… > Next.
Zone Name = wired.meraki.com > Next > Allow only Secure… > Next > Finish.
In the newly created zone, create a ‘New Host (A or AAAA) record.
Enter the Inside IP or your MX device (only) > Add Host > Repeat for each Meraki device, if you have more than one.
Now you will receive a slightly more friendly blocked page.
Related Articles, References, Credits, or External Links