I am using IPSK under our SSIDs. Each ISPK has a GPO assigned.
The GPOs seem to work ok for assigning the correct VLAN and the bandwidth limits, however we are still experiencing the following issues:
1) The settings under "Security appliance only" under the GPO does not seem to apply to the clients when they connect.
On the main Group Policies page, it shows the policy is affecting hundreds of clients, but the section under the "Security appliance only" shows only affecting 20+ clients.
Example: I tried to block a URL under this group policy, but the clients can still access. However, if I try to block the URL under Content Filtering under "Security & SD-WAN" it works (but is blocked for everyone).
2) Some clients (particularly MacBooks) seem to stick on the wrong VLAN (and gets the when switching between SSIDs. Doing an IP renew on the client does not help.
We have a single MX, MS core switch stack, and downstream MS switches, with MR access points.
We have the same issue whether or not the gateway for the VLAN is on the core switch or on the MX.