hi mate,

We are simulating a user access. Their computer will only have access to windows update or withsecure antivir updates. Computers can update on the meraki mx85 but not on the mx67. So we try to access teamviewer by url and ip. Because when we do a tracert command we can't go further than the mx67 (its local ip), it s like the mx67 can't resolve the url of teamviewer (an example for us to understand what's going on) BUT if in the firewall rule we put the ip , no problem anymore.
Only difference is in content filtering cause we got some ad, exchange etc behind the mx 85 
Layer 7 are the same , only few layer 3 rules are different but we don's figure out which one can occur the problem

So you are trying to allow access to teamviewer? If so you want to review the documentation on FQDN rules: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support

I suspect teamviewer may use a bunch of different hosts and servers and the way the MX does DNS snooping it may not be catching everything needed.

Have you tried calling support? Since they can see your config, it should be fairly simple to troubleshoot with them and narrow down what the issue is.

Our first issue the initial one was to update withsecure signatures...It doesn't work....so we try with teamviewer but the issue is systemic ....I have to wait till next monday to have the approval to call directly cisco .

We try and we see nothing in the log....really nothing

We put both to be sure...nothing change. We did a hard reboot last night, same problem this morning.