I was working on a project for a customer. We used a Meraki Mx for multiple companies in this project. The big problem was that all vpn clients came in the same subnet. And if all the vpn clients (from different companies) wanted to get to their recourses I needed to open all subnets. Of course this is a very big security problem.
I have solved this with the Meraki api's. I look to the domain name of the email address and assign the right Group policy with only rights to the subnet of his company. Maybe this is helpful for other companies.
If you want more details you can contact me on firstname.lastname@example.org
Thanks, sounds like a unique approach. I don't currently have a need for this but I'll keep this in mind for sure.
That is a good solution for the moment.
One of the issues is you have to wait for them to login once via VPN before you can assign that group policy.
That's correct, but it's the best solution you can do for the moment I think. You can restrict the default vpn profile and run the script every minute.
It would be better that Meraki let to define a group policy when you create the vpn user. I'm pretty new to Meraki and I love it. But I was really disappointed when I found out this wasn't an option.
Here are the steps of my api script: