So I have started testing this feature by only adding Meraki switches and access points under this kind of policy.

So when I deployed this for the moment everything is working. But I started digging into the configurations and found that it is literally what it says it is. A group policy. So you can find the group policy added into the networks where you have targeted scopes.

The two major concerns I have with this is that:
1) Regular group policies are stateless by nature. So this means if you have scoped VLANs that need interVLAN communication then you have to add a policy to the other VLANs too that allow the return traffic... defeats the purpose of stateful firewalling of course.
2) I noticed that while my destination object group contains all the necessary Meraki public IP ranges, the group policy only added the first one in there...
Can someone with internal knowledge explain this further?
- Will in the future group policies be stateful? I hope so!
- I guess hitcounters will be out of the question?
- Group policies have content filter override and append and URL black/whitelist, so I guess these features will be added in the future?