If a Meraki gateway AP is having problems contacting the Meraki Cloud through your firewall, content filter, or proxy server, you will experience the following issues and alerts on your Meraki network and Dashboard:
This is caused by an upstream firewall not using stateful packet inspection. In this instance, the AP's TCP SYN packet is reaching the Cloud. When the Cloud responds to the AP with a TCP SYN/ACK, it is dropped by the firewall. The AP waiting on the TCP SYN/ACK never receives it. Therefore an acknowledgement TCP ACK from the AP is never sent back to the controller to establish the TCP connection. This is called one-way traffic.
This issue can also be caused when you have two different routers connected to your LAN segment to route traffic to different networks. In this instance traffic from remote network enters the LAN from one router's interface and is sent to a LAN device. When the LAN device replies, it sends the reply to the other router's interface. The router receiving the frame discards the packet because it only sees half of the connection.
To isolate and potentially remedy these issues and alerts please try the following:
For more information on configuring your firewall to support the Meraki Cloud, please review this KB:
Firewall Rules for Cloud Connectivity