Do this test for me please. Blacklist a VPN client, and then make sure they are blocked from everything. ... View more

NetFlow and SNMP are two completely different things.  Netflow does not use a MIB.   Meraki sends V9 NetFlow data via UDP.     I found these instructions for configuring SolarWinds for Meraki SNMP if you need to got that way. https://thwack.solarwinds.com/thread/69928 ... View more

@MRCUR are you sure you can apply group policies to client VPN users?  I don't think this works ... ... View more

I can't find of any easy way to temporarily disable a single rule. You could use group policy to override all rules (such as using the built in white list policy). ... View more

That doesn't let you copy between organisations, or perhaps I has mis-understood the original issue. ... View more

I have opened up a case with support (#02498814) as well now to allow it to be explored more easily. ... View more

If you go Network-Wide/Clients and click on the client, and under Policy in the bottom left you click "Show Details" - is it showing the group policy to be applied as expected?   Failing that; make sure you have quit the web browser and restarted. Failing that; reboot the MX.  Note the content filtering wont kick in straight away. ... View more

What firmware version are you using? ... View more

First to use 802.1x you must use RADIUS.  If you are using certificates then RADIUS must authenticate those certificates.   Personally I would authenticate using PEAP/MSCHAPv2.  Machines that are members of the domain can authenticate using their already logged in credentials.  Non-domain members will have to manually enter their AD username/password.  Mobile devices will prompt for the AD username/password automatically. ... View more

I don't know of anyway to do this.   I would try opening a support ticket in case they have a tool to do it, but I wouldn't get your hopes up. ... View more

It is best to use content filtering.   Block everything with a * and then add in what is allowed.  Here is a screenshot only allowing access to *.google.com domains.   Note after making a change allow a good 5 minutes for it to take effect.   ... View more

I have looked into this further.  L3 and L7 firewall rules for group policy can only be applied to MX and MR, and not MS.  So it can not be done at the switch port level. https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Policies   You should be able to do this using 802.1x and Cisco ISE, but that is a very complex setup. You should be able to do this using 802.1x and Microsoft NPS using a health policy, but that is a fairly complex setup. ... View more

No.  You you can have it apply a firewall rule blocking all the traffic. ... View more

I thought I would start testing this out by trying to detect if Windows 10 firewall was running. I setup three Windows 10 machines (screenshot attached). All running the latest Windows Update. All have been rebooted numerous times. I have also used the option to reset the firewall back to its default settings.  They are all running Meraki Systems Agent 1.0.95. Two of the machines (MONITOR and ROBERT-PC) report "FW not installed, FW not enabled". The Windows Security Centre does show that the built in Windows firewall is enabled and running. The third machine (RECEPTION02) always shows that Windows Firewall is running, even when I disable it (have tried rebooting numerous times as well).  Frequently on this machine the Meraki Systems Agent stops checking in till I enable the firewall again.   Any thoughts? ... View more

Yes the MS350-24X will work with 10GBaseT NICs (on the MGig ports). ... View more

Gigabit ports usually come built in - so couldn't you use those until you get an SFP+ capable switch? ... View more

Is there much of a price difference between an SFP+ NIC and a 10GBaseT NIC?  If the price difference is small and you only have 5 servers wouldn't it make sense to go with the significantly lower latency technology? ... View more

With the VMX, it will route all subnets listed under: Security Appliance/Site-to-site-VPN/VPN Settings/Local Networks   Here is a screen shot of one I do serving multiple availability zones.   If you have two VPC's peering with each other you should be able to get to the remote VPC.  You will need the remote VPN routes listed here, and on the remote VPC you will need routes to get back to your remote VPN subnets.   You can not connect a vMX across multiple VPCs across multiple accounts.  You need multiple vMXs. ... View more

Well done @CarolineS.  Maybe an extra round of coffee's at the office today to celebrate?   You have put in so much effort and it is great to see the rewards and recognition for your work. ... View more

You've inspired me to have another go @Adam.  Perhaps todays project. ... View more