cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

144
Views
5
Helpful
0
Replies
pzkqx6000
Beginner

Problem with DNS (TCP-UDP) requests Meraki + Umbrella

Hello!

I have this strange problem I would like to see if anyone has an explanation  about it.

When they try to open app.powerbi.com it is not loaded in the browser. DNS problem it says.

If you reveiw the logs in Umbrella, that request has an allowed statment. When I capture traffic in the clients port (from Meraki), I can see DNS request is done (UDP) but the reply from OpenDNS servers doesn´t come with an IP, then it retries using TCP and a RST is returned. I know that happened because they weren´t allowing TCP 53 in the firewall policy rules from Meraki. After allowing TCP 53 it works just fine.

What I don´t understand is why it is not working when you have Umbrella protection on with UDP and it does if you dont have Umbrella protection activated.

As far as I know, TCP only be used if the packet exceed 512 bytes, and the capture packet length says it was 508. I don´t know if Umbrella adds something to the packet so it could exceed that to use TCP instead.

 

UDP without Umbrella protection:

image.png

image.png

UDP with Umbrella protection (then you can see it tries with TCP-3wHS):

image.png

image.png

TCP with Umbrella protection:

image.pngimage.png

Regards and nice forum,

0 REPLIES 0
Content for Community-Ad

This widget could not be displayed.