Hey Adam, thanks for the reply --   Its the IP for our load balancer and will direct traffic to one of two mail servers so you're correct. I'd run packet captures but I'm not 100% sure what I would be looking for. ... View more

@Adam Yeah, returning the MX64W and getting the MX64, according to my Korean counterparts (site is in Korea) would take around 2 months. Yep I considered too making a new template to cover the mx64W case. I may not even use a template since the MX64W will be the only one in the organization. given the input from @Mr_IT_Guy, I'll try to use the mx64 template I already have.   Cheers lads ... View more

That's correct, but it's the best solution you can do for the moment I think. You can restrict the default vpn profile and run the script every minute.   It would be better that Meraki let to define a group policy when you create the vpn user. I'm pretty new to Meraki and I love it. But I was really disappointed when I found out this wasn't an option. Here are the steps of my api script: Get all clients that connected last hour (api/v0/devices/) If client has an ip-address in the vpn subnet, I ask more information (for example emailaddress) with the api api/v0/networks/$network_id/clients/$mac Check if the vpn has the default group policy (normal), if so I want to change this. (api/v0/networks/$network_id/clients/$mac/policy) Then I assign an other group policy based on the domain name of their emailadress.(api/v0/networks/$network_id/clients/$mac/policy) In the dashboard you can assign new firewall rules to the vpn group policy you assigned. You can allow traffic from the vpn subnet to the subnet of the company ... View more

Correct, obviously doesn't need to be those ports.  Could just as easily be 47/48 or whatever.   ... View more

Adam, Thanks for your help. ... View more

Happening on multiple computers and multiple APs?  Any changes in your config or firmware recently? ... View more

Hey Bradley, what are you ultimately trying to accomplish?  I have set up full stack Meraki for a number of law enforcement agencies (one in Florida so I know FDLE/CJIS requirements) and there are multiple ways to accomplish stuff.  Private message me if you'd rather discuss via phone.   ... View more

The only other option guaranteed to work is to create an SSID only on your MR42 dedicated for the TV and have the TV use that. ... View more

I have seen some "digital senders" break this year because they only support TLSv1.0 and Microsoft have dropped support for this old weak version of TLS.   You should see if there is a firmware update available for your unit, and make sure it supports modern strong protocols like TLSv1.2. ... View more

This blog article is a nice simple guide to getting the VPN going. https://meraki.cisco.com/blog/2013/03/meraki-auto-vpn-is-just-a-click-away/ ... View more

We have dual internet connections with failover, traffic shaping etc on MX64, MX84 and MX100's.    ... View more

Not easy to switch but you'll want to work with your sales rep to get that figured out.  To see if the existing license can possibly be returned to purchase the desired license.  ... View more

We use a Lifesize system just fine.  Does your Cisco system need any routes to get out the MX?  You may want to double check the config from whatever device you replaced.  ... View more

You can always request an RMA from Support and see if they go for it.  ... View more

From my calculations, if you added 141W of solar capacity and it was 100% efficient (hahaha) then you could keep running during the day.   You could consider a 200W solar panel.  They are about 1.5m high and a 1m wide - so a tad tricky to carry - but would give you the ability to operate for quite some time - if the sun remains shining - leaving the batteries for when it was not shining.   A deep cycle "gel" battery is only about 20kg.  So not too heavy.  The bonus with this is if after 24 hours or so you start to run low just take it out to a vehicle, start it up, put the jumper leads on - and charge it up on the spot.  Handy huh?   You could also use a much smaller solar panel (say 100W) with a deep cycle battery and leave it trickle charging all the time.  The battery would eventually go flat still (because it sounds like you are using 141W of power) - but it would give you considerable running time. ... View more

I know for sure support has that visibility on switches but not sure on the MX.  I still think it would be nice to expose that kind of device health info in the dashboard. ... View more

I'm sorry they would have been very helpful. Thanks ... View more

@PhilipDAth wrote: That sounds just like me!  The majority of the tools I used are cloud centric as well.   It makes the OS less important, and at the same time, harder to choose. That was the same situation I was in.  I try to make sure my tools/environment isn't dependent on a machine so I could conceptually work from anywhere on any machine.  So the reason I chose a Mac was mostly just to learn it.  I can still boot Windows if I wanted to but I work on tons of windows computers regularly so I'm not really missing anything.  And I boot from Kali linux via USB for security related work.  Good luck with your purchase.  Hardest decision an IT guys has to make lol.  ... View more

Thanks @Adam and @PhilipDAth   @MRCUR, I appreciate the caution but I'm not concerned about pushing the envelope. I was concerned that the MX would not throttle a 1G connection appropriately and we'd end up signing a new contract for 36 months, that would require purchasing replacement equipment when the pair of 84's I have are still more than enough for the office behind them. ... View more

I think you are mostly referring to content filtering, rather than AMP.  And no it wont matter what DNS servers they are using. ... View more

Try turning IGMP snooping off and then back on again - to give it a reset on the switch. ... View more

You'll want to double check your VPN settings on both sides.  There should be some clues in the event log that will point you in the right direction.  https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_Non-Meraki_Site-to-site_VPN_Peers   Here are some things you'll want to double check.  If you are connecting to a non Meraki site then setup your MX as a Hub and configure the remote site down in the Non-Meraki VPN peers section.    Double check these things to make sure they match the far side 1. 'Private subnets' should be the same or in some case supernets of remote site 2. IPsec policies should match exactly 3. Preshared secret 4. All networks or apply to your internal networks ... View more

If you have redundant uplinks you'd just want to setup Load Balancing at Security Appliance>Traffic Shaping.    Flow preference are only really designed to be used if you want traffic to use one of the WAN connections over the other.  A typical example of this may be your VOIP traffic.  Maybe WAN1 is an ultrafast low latency pipe and WAN2 is a slower high latency pipe.  Load balancing internet over both of those is fine but you may want your phone traffic to prefer WAN1.  In that case you'd setup a flow preference for your VOIP traffic with destination and WAN1.   ... View more

I thought they activated my beta but this makes more sense.  ... View more