Hello, i have a combined network in my organization with a MX84 as firewall.
The problem is when i try to apply a group policy to a client and i enter to network.wide menu, client tab and i select my client. When i go i dont see the policy section to apply the group policy or block the client.
So the issue is going to be that combine networks track clients by MAC address and your L3 switch is creating a L3 boundary between the client and the MX.
THIS KB has more info as to why the problem is occurring as well as instructions on how to fix it. To summarize, having a L3 switch between your clients and MX means that all traffic sent through that L3 switch will show with the switch's MAC address as the source (Normal L3 boundary behavior) on the MX's side. Since the network is tracking clients based on their MAC address, this means that the MX thinks all traffic coming through the switch belongs to the switch and not individual clients.
To fix this issue, all that needs to happen is the following:
1 ) Split the MX into its own network [Relevant KB] (Switch, APs, etc. can remain combined)
I have that configuration at first but we are trying to config AD integration for group policy assignment at MX84 and not working.
I open a case with support and tell me to combine the network because if you do a mac tracking you get the name of PC.
Principal problem is that firewall must be the perimeter firewall of my organization and all branch office go to internet behind this firewall (branch are connected by MPLS network) so make all computer static ip (we have lots of employee with mobility) is not a valid option this time sorry.