Hello!
I have this strange problem I would like to see if anyone has an explanation about it.
When they try to open app.powerbi.com it is not loaded in the browser. DNS problem it says.
If you reveiw the logs in Umbrella, that request has an allowed statment. When I capture traffic in the clients port (from Meraki), I can see DNS request is done (UDP) but the reply from OpenDNS servers doesn´t come with an IP, then it retries using TCP and a RST is returned. I know that happened because they weren´t allowing TCP 53 in the firewall policy rules from Meraki. After allowing TCP 53 it works just fine.
What I don´t understand is why it is not working when you have Umbrella protection on with UDP and it does if you dont have Umbrella protection activated.
As far as I know, TCP only be used if the packet exceed 512 bytes, and the capture packet length says it was 508. I don´t know if Umbrella adds something to the packet so it could exceed that to use TCP instead.
UDP without Umbrella protection:
UDP with Umbrella protection (then you can see it tries with TCP-3wHS):
TCP with Umbrella protection:
Regards and nice forum,
