Has anyone had success onboarding a Catalyst switch behind a Palo Alto firewall?
 
We do have TLS Inspection but added the appropriate domains to our exclusion list without success.
 
The app fails to open and throws an error during 'Checking for updates...' about a self-signed cert in certificate chain.
 
We've tried adding all sorts of additional exclusions, including some temporary *.amazonaws.com and *.*.amazonaws.com (due to the hostname resolution we saw in the Monitor logs)
 
I do have a support ticket open with Meraki, but unsure if they'll be able to help much in regards to the Palo's.
 
Thanks,
Tom