I have a job at the moment, and it looks like I will need close to 2,000 group policies in a network (the maximum supported is 3,000). I'm going to be creating them via API.
The bit I am interested in is how the dashboard handles thousands of group policies in a network (Network-wide/Group policies). Does it grind to a stand still, or does it still work ok?
Has anyone had a large number of group policies in a network, and how was the dashboard?
Ouch please let us know your experience with that job ! Sounds like a hard job to maintain after your migration.
Not in particular for group policies on MXs appliances but have implemented similar number L3 rules for two different model of MRs APs. I was told dashboard has a limit of 5000 entries in the GUI for html parsing reasons, so shouldn't be an issue viewing via Dashboard.
I'd be more concerned about the possibility of device hitting a wall depending on what you're configuring in each group policy and beefiness of MX model being used, especially if you have AMP and IDP turned on as well.
I'm curious, why are you going to need 2,000 group policies?
For this job, the customer wants to use WPN [Wi-Fi Personal Network] (with iPSK) for about 2,000 users. The user will be issued their iPSK, and they can then use that on whatever devices they have.
However, the customer wants to be able to see all the devices being used by a specific user in the dashboard. When using iPSK, you can't see (in the dashboard) which iPSK is in use.
Considering what you can see in the dashboard about a client (and what you can filter on) - group policy stands out. When you create an iPSK you must associate it with a group policy.
So I'm thinking of having my script create a unique group policy for every user (which does absolutely nothing) and bind the IPSK to that.
If the Dashboard and equipment doesn't get killed - tada - the customer will now be able to search on individual users to see their devices.
So it's not like you'll actually be using the Group Policy with rules and such, but rather use it to filter on WPN id, to see which devices are in which WPN "group"?
Well, sure I suppose that would work. But I think I'd perhaps try and work with Meraki Support and my local TSE, to see if we could work out an improvement to the dashboard to bring that sort of visibilty on the Clients page.
I suspect you/your customer might not be the only ones who'd find that useful. 😉
>But I think I'd perhaps try and work with Meraki Support and my local TSE,
That process takes years ... I'm trying to roll this out by year end. 🙂
It is not Group Policy, but when 10,000 Organizations were created, the Web UI response was slow, as it should be.
In the case of Group Policy, I am also concerned about the impact on Meraki devices.
I created 2,000 group policies via a script. The script runs fine, but you can no longer go Network-Wide/Group policies in the dashboard ...