meraki-cloud-controller traffic being identified as unknown-udp for port 9351.

meraki-cloud-controller traffic being identified as unknown-udp for port 9351.

1892
Created On 03/30/23 06:19 AM - Last Modified 06/16/25 10:05 AM


Symptom


  • Session details (show session all) showing unknown-udp for meraki-cloud-controller on port 9351.
admin@FW> show session all

--------------------------------------------------------------------------------
ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
Vsys                                          Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
67           unknown-udp    ACTIVE  FLOW       10.11.239.250[51625]/VW-Trust/17  (10.11.239.250[51625])
vsys1                                          a.b.c.d[9351]/VM-Untrust  (a.b.c.d[9351])
  • Traffic logs (GUI: Monitor > Logs > Traffic) also display the application as unknown-udp.

image.png

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 and above
  • meraki cloud controller Application

Cause


The connection on port udp 9351 will get identified as unknown-udp application because the port 9351 was not added in the application signature.

Resolution


  1. The issue is fixed in content version: 8711-8058
  2. Update the content version to fix the issue.
  3. As a workaround before content update, one can create a port based security rule to allow destination port 9351.
image.png

Additional Information


  • meraki-cloud-controller is used for management, optimization, and monitoring Meraki wireless LAN, which can be an infrastructure AppID.
  • meraki-cloud-controller uses these standard ports -->  30001,32768-61000,443,7351,7734,7752,80,9350,9351,993,tcp,udp.

Refer:
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHZLCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail