we are planing to use Meraki MX in China... had a chat to our Meraki SystemEngineer and he said no problem at all, just create an account in chinese dashboard and go on.
Sounds preety good to me, but I´m afraid thats not all, is it?
Are there some things I have to keep in mind?
In one meraki doc I found this: "All MXs within China Organizations MUST be licensed with Enterprise license." <-- correct? Source
Are there regulations of the state that have to be observed (I´m sure there are)?
AutoVPN will not be needed.
Regarding to Non-Meraki VPN I´ll set everything for internal use (i. e. 172..xx.xx.0/23) to go through the tunnel and all other will go out to the internet, so I should be OK regarding to http/s content (thats what the Meraki SE said) <-- correct? (At the moment we use 0.0.0.0/0 for the tunnel within our home country)
So far, I have only shipped MX's into China so they connect back to a Dashboard outside of China .... and they have worked so far. They may stop working in the future, who knows. This allows AutoVPN to work.
As I understand it, in the last 30 days the use of Advanced Security licences have been approved in China - but it has some feature limitations. You can read about them here:
If you don't need AutoVPN then registering the MX on the Chinese version of the Meraki dashboard will be safest. You can browse https sites in China. Obvisouly China does block a lots of sites outside of China.
I have 3 networks in China. Latency problems getting here obviously but other than that no issues. I recently converted my Enterprise license to a security license, only lacking feature so far is AMP. I've had no problems setting up a "non meraki peer" vpn to my US meraki org. I source my equipment from AFScott/Moo moo networks for 2 years now, they have a meraki china rep but you can pay in USD, etc.
As long as you don't route your default traffic through the tunnel to pop out in a different country you will be good in the eyes of China.