I believe you installed version 19.1.11, which allows legacy MX systems to run version 18.107.13, correct? There are some known bugs in this version. Please check this.   Known issues During the upgrade process, MX appliances upgrading from version prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36307) Due to an issue under investigation, MX appliances may incorrectly route traffic destined to subnets learned through eBGP over a Non-Meraki VPN connection. (MX-34803) When failover is configured between non-Meraki VPN tunnels, the Route Table page on Dashboard may incorrectly show the route for the primary VPN tunnel is inactive. (MX-36316) During the upgrade process, MX appliances upgrading from versions prior to MX 19 will experience a failure to connect to non-Meraki VPN peers if any VPN peer names contain a space. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36312)   I suggest you open a support case. ... View more

I believe this video can help you.    https://www.youtube.com/watch?v=L_RSx9rKNx0 ... View more

O link está funcionando perfeitamente. Você consegue fazer uma simples pesquisa no Google também. Tente pesquisar por "meraki google authentication". ... View more

I believe that this will help you.     https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/215884-configure-a-site-to-site-vpn-tunnel-with.html ... View more

@Juluca10  você já olhou esse documento?   https://documentation.meraki.com/Wireless/Operate_and_Maintain/User_Guides/MR_Splash_Page/Google_Sign-In   Due to the OAuth policy changes from Google in 2023 , some devices may also not redirect to the splash page automatically. The user will receive an Error 400/403 notification in their embedded browser. For this reason, we have added a pre-splash info page for users of splash that have Google Auth enabled. This new pre-splash info page is only active on SSIDs where Google auth is configured for splash. Google's requirement is to now open a full browser to authenticate -and not the webview/websheet/embedded browser that most operating systems launch when presented with a captive portal.  ... View more

You can have a Linux system with StrongSwan and establish a tunnel with those servers. With Meraki, you don't have many options when it comes to non-Meraki VPNs. ... View more

What @Mloraditch  means is that your Radius server must respond to the internet, meaning you need to create an inbound NAT for your server. ... View more

As far as I know, the PWR-C1-715WDC is for the C9300.     https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Product_Information/Overviews_and_Datasheets/Catalyst_9200L-M_Datasheet#Power_Supply_and_Specifications   https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Product_Information/Overviews_and_Datasheets/Catalyst_9300-M_Datasheet#Power_Supply_and_Specifications   Based on the documentation, it's safe to say that you cannot use the PWR-C1-715WDC on the C9200.     ... View more

On passthrough mode the MX acts as a VPN concentrator without performing NAT or routing for the VPN traffic. It simply passes traffic through to the upstream device. This means the MX does not advertise routes to other sites, so your PC can connect but cannot reach internal subnets because the MX is not doing any routing for that traffic.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway ... View more

Requirements and Best Practices  When configuring routed HA, it is critical that both MXs have a reliable connection to each other on the LAN, so the heartbeats of the primary MX can be seen reliably by the spare. To ensure this connection is reliable: The two MXs should be connected to each other through a downstream switch (or ideally, multiple switches) on the LAN to allow for passing VRRP heartbeats. There should be no more than one additional hop between them, and they must be able to communicate on all VLANs. Make sure Spanning-Tree Protocol (STP) is enabled on the downstream switching infrastructure, as a properly-configured HA topology will introduce a loop on the network. When first configuring routed HA, the spare should be added and configured in the dashboard before the device is physically deployed, so it will immediately fetch its configuration and behave appropriately. Ensure that both MXs have their own uplink IP address for dashboard connectivity as mentioned here. If a virtual IP is being used, an additional IP address is needed, and all three IPs must be in the same subnet. ... View more

Yes, all catalyst 9500 are eligible. ... View more

My understanding, based on the documentation mentioned, is that this does not extend to Catalyst, but I could be mistaken. ... View more

Well, in addition to analyzing the firewall logs, I would also capture packets from the firewall using the cameras as the source IPs to see if anything might be being dropped. ... View more

Hi, actually you can do that today, and even perform a health check. Take a look at the documentation.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-to-site_VPN/Primary_and_Secondary_IPsec_VPN_Tunnels ... View more

Do you perform SSL inspection on your firewall? If so, try disabling it for Meraki's domains. ... View more

From what I remember, the supports aren't standardized across MG models. You could try contacting companies that work with 3D printing and providing the measurements and specifications; they will certainly be able to create a model for you. ... View more

Who hasn't made a mistake in their life, right? 😅 ... View more

When a network is bound to a template, most configuration setting, including alert email recipients, are inherited from that template. These template-level alert settings typically take precedence over network-level settings unless explicitly overridden. ... View more

I don't think so. As far as I remember, when you schedule a firmware update at the template level, all networks linked to that template will attempt to be updated at the same time. ... View more

This approach of assigning a group policy by device type, in 98% of cases, doesn't work well if you're only using Meraki; ideally, you should have Cisco ISE. ... View more

I don't see the logic in this scenario. If it were a division of VLANs by floors or buildings on a corporate SSID, it would make sense, but for IoT and Guest networks, the ideal is to keep them on separate SSIDs. ... View more

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Virtual_MX_Appliances/vMX_NAT_Mode_Use_Cases_and_FAQ ... View more