Finally MX16 code is available in public beta, here are the firmware release notes.
MX64/65 is listed for "Future Support" regarding AnyConnect:
I really love the NBAR-integration. Does anybody know if this will work in a combined network? Until now, this is / was only supported on networks including MS and MR (https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Network-Based_Application_Recogniti...)
EDIT: as always, Meraki docs are a great ressource. Found out myself that is actually IS supported within a combined network:https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Network-Based_Applica...
Upgrade is currently scheduled, eager to test this out!
2nd EDIT: I can see NBAR information from the MRs in that network, not from MX though...
@CptnCrnch - thats the gotcha right there for NBAR - MS390 switches......anyone touching them?
@UCcert Definitely working with the MS390s and seeing the customer base growing!!! ... BUT not with anything older than MS14.16 firmware O:)
Wifi6 AP --> MS390 --> MX ... FULL STACK NBAR!!! 🤯 🤓
Thanks for the announcement!!!
Here are some reminders to make sure your dashboard is READY to go!
How do I enable this feature? Prerequisites?
Navigate to Network-wide > General and set "Traffic analysis" to "Detailed: collect destination hostnames." This will add Traffic analytics to your Monitor tab the next time you refresh (Network-wide > Traffic analytics).
To enable the Hostname visibility feature:
Enabling hostname visibility will allow you to view statistics about specific hostnames and IP addresses that are visited by clients on your network.
What are the feature integrations? Where do I see this?
Network-wide > Traffic analytics
Network-wide > Clients > Application details
Security & SD-WAN > Firewall > Enforce Layer 7 deny rules
Wireless > Firewall and traffic shaping > Enforce Layer 7 deny rules
Traffic shaping rules
Security & SD-WAN > SD-WAN & traffic shaping > Traffic shaping rules > Enforce L7 traffic shaping policy
Wireless > Firewall and traffic shaping > Enforce L7 traffic shaping policy
Security & SD-WAN > SD-WAN & traffic shaping > SD-WAN policies > VPN traffic > Enforce L7 SD-WAN policy
Group policy rules
Network-wide > Group policies > Layer 7 firewall > Enforce Layer 7 deny rules
How do I verify whether an app classification is supported? Protocol Pack details?
The signatures supported by NBAR2 on devices are delivered via Protocol Packs. Refer to the NBAR2 Protocol Pack library for more details on the app support - link
For more information regarding the NBAR integration, please refer to the following cross-product documentation:
I upgraded a Z3C to 16.4 and enabled Anyconnect VPN support.
I connected to it from a Windows 10 machine and it has been rock solid for the last hour.
I also tested the Anyconnect VPN client on Android 11 and it works too.
I have tested both Meraki and AD authentication and both work as expected.
Good job Meraki!