This article is intended for Meraki customers using GEO IP filtering rules who are also using Umbrella on their network.
Some Meraki firewalls offer the ability to block connections to servers in various countries. These blocks are country-based only, meaning that one could allow connections to servers with IP addresses based in the US, but block connections to servers with IP addresses based in Canada.
In order for core Umbrella services to work, such as roaming client and virtual appliance syncs and automatic upgrades, clients behind a Meraki firewall must have access to certain anycast IP addresses, many of which are found in the 220.127.116.11/16 network. Clients must also be able to reach their regional datacenters for DNS resolution, Intelligent Proxy, and block page functionality. Please see the list of regional Umbrella data center addresses here.
Currently, Meraki's GEO IP blocking feature does not allow for making exceptions for specific network blocks, such as the 18.104.22.168/16 network listed above. In order to make use of Meraki's GEO IP blocking feature while being able to access Umbrella core services, customers must allow access to all of the countries listed on our global data center list.
New data centers are announced in Service Updates.