There are firewall rules in the VPN as well.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior   Another point is, do you have active firewalls on the machines? It could be the system's own firewall blocking communication.   ... View more

How are you testing this? Do you have any firewall rules configured? ... View more

Disabling Two-Factor Authentication Log in to the dashboard with a valid username and password. Once logged in, locate the My Profile option on the dashboard. It is on the top right corner of the screen. Click My Profile. Scroll down to the Two-factor authentication section of the page. Click Turn off two-factor authentication.  You will be prompted to verify your password to finalize the process. Furthermore, you may select Remove next to your previously established phone number(s) so it will not be saved for future configuration.  The organization-wide security configuration "Force users to set up and use two-factor authentication" overrides the ability for individuals to disable TFA on their accounts. Disabling this organization-wide security configuration change will not disable TFA for any users. Likewise, re-enabling the organization-wide security configuration will force everybody in the organization to follow the policy (both new administrators and existing administrators who temporarily disabled their individual TFA).  If you are unable to disable TFA because you no longer have access to the original/current phone number, Meraki Support may assist after following the steps outlined here. ... View more

Take a look at this.   https://community.meraki.com/t5/Dashboard-Administration/Disable-2FA-for-Admins/m-p/250758#M9092 ... View more

Yes, absolutely. ... View more

The Meraki control panel API does not currently provide a PATCH method or any endpoint for handling individual Layer 3 or Layer 7 firewall rules. ... View more

Either way, you would have to configure port forwarding on your ISP's modem to point it to the MX IP address. ... View more

Are you sure this would be a good idea? And what about DNS and HTTPS? You'll probably need to study all the resources that the applications you'll be using utilize to make this network functional. I think first of all you should check if this is really feasible and worth the effort. ... View more

This document will help you better understand how to use the feature.   https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/How-Tos/Blocking_and_Allowing_Clients ... View more

isco Meraki’s Mobile Device Management product Meraki Systems Manager (SM) has reached End-of-Sale. For more information or timeline details for End-Of-Sales (EOS), End-Of-Support (EOST), and/or End-Of-Life (EOL) please see the End-Of-Life Policy, and/or the End-of-Life (EOL) Products and Dates knowledge base article.     https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Product_Information/Meraki_Systems_Manager_EOL_Migration ... View more

It's not an workaround, it's the design proposed by Meraki. ... View more

Yes, you need to ask a feature request. ... View more

Take a look at this discussion.   https://community.meraki.com/t5/Switching/Meraki-MS-with-ISE-and-DACLs/m-p/194496 ... View more

This is the document that contains the information described.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/MX_Layer_2_Functionality ... View more

You need to open a support ticket. Only Meraki support can handle this. ... View more

Blocking only via Zscaler DNS may reduce some QUIC‑related issues, but it will not reliably prevent QUIC. For consistent results, you need to block QUIC at the network/HTTP proxy level, not just DNS. ... View more

I suggest you add the printer IP to the allow list and open a support case. ... View more

Meraki provides an API endpoint to update a device's address or geographic coordinates, but to be honest, I don't think that will solve your problem because, if I'm not mistaken, the location is based on the device's IP address, and the ISP's IP address might be geographically in a different region. The MX does not have native GPS. ... View more

The best solution would be to move the SSID to Bridge mode. Can you test this to see if it resolves the problem?   Apple's CNA often fails because the AP performs local NAT/DHCP, and the L3 handshake takes long enough for iOS to distrust the network. ... View more

Are you using an external portal or the Meraki portal as your homepage? If it's external, is the URL or IP address allowed in Walled Garden?     Allow captive.apple.com and keep apple.com blocked. If possible move the SSID to Bridge Mode. ... View more

Don't trust that AI says. ... View more