+ Post New Thread
Results 1 to 10 of 10
Cloud Services Thread, Trying out Meraki in Technical; I'm testing Meraki with a new ipad (ios7) to see how it would work in our school - the potential ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28

    Trying out Meraki

    I'm testing Meraki with a new ipad (ios7) to see how it would work in our school - the potential looks good.

    I've configured Meraki and done the registration on the ipad (using the network number) and it now appears in my console. I seem to be stuck where everyone else gets stuck i.e "Client synchronization is not yet complete"

    I've set the ipad to use our wireless and smoothwall proxy, and whitelisted meraki.com. Our smoothwall goes out of the firewall so http/https is allowed straight from there.

    We don't have an LEA firewall to worry about so this should be simple, but I'm stuck as to what else could be wrong with this?

  2. #2
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Well checked the firewall - nothing blocked , checked smoothwall and access to ?.meraki.com going through fine.

    I guess its a non starter for meraki on our network, back to the drawing board!

  3. #3
    jbailey's Avatar
    Join Date
    Jan 2011
    Posts
    64
    Thank Post
    21
    Thanked 23 Times in 13 Posts
    Rep Power
    32
    I'm not actively using it, but I did get it running to test through the LEA here, I seem to remember that I needed to also allow some service addresses not based on "whatever.meraki.com"

    They used to have a big list of ranges\addresses on their website that needed to be allowed but I cannot find it in the help, looks like it has changed since I was last there - pre Cisco.

    Looking for my notes on the firewalls settings...

  4. #4
    jbailey's Avatar
    Join Date
    Jan 2011
    Posts
    64
    Thank Post
    21
    Thanked 23 Times in 13 Posts
    Rep Power
    32
    This is what I have from my notes, hope this helps - but it may be woefully out of date...
    Protocol(s)
    Port e.g. 80
    80
    443
    993
    2195
    2196
    5223
    5228
    60000 TO 61000
    Protocol e.g.
    TCP
    TCP
    TCP
    TCP
    TCP
    TCP
    TCP
    TCP
    TCP
    IP Addresses From
    INTERNAL
    IP Addresses to
    64.156.192.82
    64.156.192.83
    72.249.183.162
    72.249.183.163
    50.18.152.159
    *.amazon.com

  5. #5
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Cheers for the info -I've set up our firewall to allow what they say for IOS, but it makes no difference. Obviously meraki is no use if you're using a web proxy.

    Their list is much smaller:

    Systems Manager

    Clients using Meraki Systems Manager initiate outbound management connections to the Meraki cloud using the following addresses and ports:

    Mac/Windows

    46.165.249.7, 74.50.56.233, *.amazon.com - TCP ports 80, 443, 993, 60000-61000


    iOS

    46.165.249.7, 74.50.56.233, 50.18.152.159 - TCP port 443
    * - TCP ports 2195, 2196, 5223

    Android

    46.165.249.7, 74.50.56.233 - TCP port 443
    * - TCP port 5228

  6. #6
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,723
    Thank Post
    206
    Thanked 254 Times in 206 Posts
    Rep Power
    65
    yes, this was / is an issue for me. I tried to make bypasses but it wouldn't work. I don't see how it could (as proxy is set by user, and Meraki client needs to work as a service)

  7. #7
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    I think the only way to allow it to work is to allow unproxied access to everything, not a very good option for a school.

    Just frustrating as it had so much potential, I'll have to use the Apple configuration manager instead.

  8. #8
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Posts
    552
    Thank Post
    55
    Thanked 111 Times in 88 Posts
    Rep Power
    39
    You also, need to allow through Apple APNS Servers, which do the pushing and syncing:

    The entire 17.0.0.0/16 range is owned by apple, whitelist that

    Also whitelist: gateway.push.apple.com and feedback.push.apple.com also ports 2195 and 2196 for Push and Feedback APNS.

  9. #9
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Hmm, I deleted all of rules I initially put into our firewall and then simply allowed Port 5223 outbound - after an initial delay my dashboard now shows the ipad and installed the App I selected!

    Hurray! And that's literally only allowing Port 5223, with the web proxy set manually on the ipad.

  10. #10
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,161
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Actually, scratch that! After the initial connection and subsequent software download it doesn't connect anymore

    Given up with this now, apple configurator is the better solution.

SHARE:
+ Post New Thread

Similar Threads

  1. Trying out Google Apps
    By Danp in forum Cloud Services
    Replies: 2
    Last Post: 11th October 2012, 02:11 PM
  2. Replies: 4
    Last Post: 13th October 2008, 11:36 AM
  3. Replies: 19
    Last Post: 14th July 2008, 03:20 PM
  4. sims times out when trying to run various reports
    By projector1 in forum MIS Systems
    Replies: 2
    Last Post: 5th July 2006, 12:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •