@NolanHerring wrote: Do you have IPS/IDS/AMP features enabled? Or content filtering, any L7 rules etc.   Whitelist your client that is being blocked on WhatsAPP, to bypass all of those, and see what you get. Might be one of them is bugging out (reboot usually resolves). Could not tell you the number of times I've had to just bounce an MX to resolve inappropriate blocking of websites, after checking all the things Nolan listed.   I've trained my entire office on the concept of MX "indigestion" at this point. ... View more

@Mick_R wrote: Thank you for answering, do you mean no Meraki will do what I need? That is correct. No Meraki firewall will do VPN NAT on a standard IPSEC tunnel. ('Third party tunnels' in Meraki slang.) ... View more

@Edgar-VO wrote: Gents,   Be carefull using the template option.... It looks good at the beginning, however iw you want to change specific items, you can not change it.... Then you have to unbind, and create new one   I have a script which create projects sites....Also includes claiming devices etc etc.... Written in python If you are interested... contact me .. (bit to big to post here 😉 )   Best regards Ed   Just saying, if you've got public code that you'd like to share, there are a few ways to do that easily. Github, Gitlab, hosted on a page of your own. Then once you've got it hosted, you can add it to the Devnet Code Exchange.  ... View more

Just adding another voice agreeing that what you actually want is the scanning API. "Where are the people and when" is a really common question to ask, which is why Meraki made the scanning API. ... View more

@DPJW wrote: Could you explain in details what method is this comparing to integrating with AD? If you look at the document linked, you'll see that you can setup SAML using a couple different identity providers. Including AD Federated Services and Azure AD. You can also do a bit of basic digging on SAML, since it's a standard SSO method. ... View more

Heavy blankets are the only thing more soothing than sound-blocking headphones.   Props to that orange too! Orange is clearly the best possible clothing color.  ... View more

@dromios wrote: If you right click on nps you can export the config and import it quickly.  Should work from 2019 to any other 2019/2016 server, not sure about 2012 or 2012 r2. My systems people have recently successfully ported from 2012 r2 to 2016 and 2019, using this method. You're talking about the one that creates a big ol XML dump, right? ... View more

@PhilipDAth wrote: ARIN ran out of IPv4 address space a good year ago.  Maybe longer.   hehehe. "ran out"... except... if you can prove you're working on IPv6 transition.   Although proving that is challenging if half your sites have no physical addresses and don't show up on satellite photos b/c they're underground, I am told! ... View more

@Richard_Velox wrote: We're a small WISP that's been allocated a small sliver of IPv4 addresses and we're a little stingy about needlessly allocating them; Also the scheme is incredibly flexible. Most vendor's routers work with this allocation scheme like Sonicwall, Unifi, Cisco-Linksys, AirCube, some Edgerouter, Watchguard, some? Asus, Fortigate) and others need 1:1 NAT like PFSENSE, Meraki, Luxul. Routing between towers is accomplished using OSPF. An event triggered script can add the route or it can be added to the configuration. Gateways have IPs in the 100.64.0.0/10 range. Have you tried the "asking ARIN for an IPv6 allocation and a wee bit of IPv4 to help with your transition" trick? 😉 Assuming ARIN is your people!   @MerakiDave and his friends might be able to give us a conclusive answer. But I suspect that if it hasn't worked before, you're going to have to stick with providing NAT to your customers.   How's using that space been working for your customers? Have you got yourself setup so they can use VPNs, or nah? I'm eternally curious about WISPs! ... View more

I'm excited to see who the new folks are! So many people are making great contributions. ... View more

@CptnCrnch wrote: Should be getting better with the upcoming NBAR integration. I really hope it‘ll lose the restrictions it currently has. 🙄   https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Network-Based_Application_Recognition_(NBAR)_on_MR Those restrictions would keep me from being able to use that in every single client network I have. I could do it at home, if I split my wireless network off... ... View more

@Network-dad is correct if you're using AutoVPN.   If you're using third-party tunnels, between devices that aren't in the same organization, you can set the tunnels using the dynamic IP... but you're going to have to update that config as the IP changes over time. ... View more

@Kamome wrote: I heard that Mikrotik router can handle heavy traffic quite well because processor is more powerful than usual routers. (hEX can handle about 900Mbps NAT traffic) I think you can try one. Mikrotik has some very nice toys. ... View more

You can find out if a specific org's admins have 2FA enabled, but I don't know of an endpoint to check if the org requires 2FA. I went looking recently. ... View more

When the Nest devices go offline, do other wireless devices go as well? Does the MR42 show as offline in the dashboard? Have you tried factory resetting the MR42 and letting it pull its config back down? You've done new cable to the MR42, right? Different sw port on the router?   Trying to think of steps you can try before you have to buy new equip. ... View more

@webfrank wrote: Hi, you can use a third party application to perform a full organization/network backup/restore.   Disclaimer, I work for V-App.io which has a Cloud Network Backup application specific for this task   It's not correct to state that you can perform a "full" restore, based on the limited endpoints we've got. (Not a criticism of the API team - they add stuff constantly, and it takes time to build/test!)   If you've got L3 routing going on via Meraki switches, you've got to recreate that manually. OSPF? Manual.   Client VPN on the MX? Manual.   Users on your MX? Manual recreation. ... View more

I mean, for home use, Netgear has some good stuff.   I wouldn't use an MX at home unless you're rolling in money or it's free.   When you say losing connectivity, what does that mean? Your internet goes down, or some devices on the wireless network lose connection? ... View more

@PhilipDAth wrote: If you have a small number of sites, you could also put all the APs in a single WiFi network.   I have one customer with around 400 APs spread over 200 sites that use a single network for all of them.  In this case, they did this because of the way they wanted to use location analytics. That's true, but I admit to really hating this solution. This is partly because my clients always creep into wanting exceptions for this place but not that one, and I have to implement them. That's a my-customers problem tho. ... View more

If I knew for sure that I did not want templated changes on my switches/firewalls, regardless of whether or not I could use a wifi template on a combined network... I wouldn't. I don't like the risk of changes rolling out on equipment that needs to remain unique.   So what can you do?   I see two options: Split each location's wireless network off into an individual network, leaving your other Meraki equipment in a combined network. Apply template to these individual wireless networks. Problem: You lose easy visibility through the stack. Problem: That's potentially double your networks, which is a mess. Use the API to copy-paste SSID changes across your networks every time you need to make a change. This also allows you to exclude networks if you run into a case where Networks A - F need a change, but Network G doesn't.   I'd go the API route, because I prefer to do things with code. I have in fact gone the API route. It's pretty easy.  ... View more

You shouldn't need to disable/re-enable Umbrella roaming client when end users are on VPN. I regularly use a full tunnel VPN back to my office, which assigns me DNS, and my Umbrella roaming client hasn't had trouble recovering afterwards.   Now, when I manually assign some other DNS on the NIC when troubleshooting? Yeahhhhh, Umbrella has trouble. But not over VPN.   If you're not specifically creating your VPN connections as split tunnel, then they are full. ... View more

Are you using a full tunnel?   Split tunnel might help. You can set that up with a script. I've got examples in my sig, @PhilipDAth has a generator and I can't find the link... (Help?)   If you've got to keep a full tunnel, you don't have a lot of choices. If you have on-premises hosts, you could stand up the Umbrella virtual appliances and use them as your AD DNS' forwarders. Then boom, Umbrella action. ... View more

It's a bit of a strange implementation. I once saw it completely baffle a room full of folks who'd been doing OSPF for years, so please don't feel bad for not catching it. ... View more

@Edgar-VO wrote: Just wondering,....   What device are you configuring this on... MX84 or Z3 or.....   Some devices can not be configured using the API... depends on the chipset of the devices This is not correct.   What you can configure depends on functionality of the device and the network. I.E. If I try to getMalwareSettings on an appliance without an advanced security license, I get an error 400 Bad Request, "Advanced Malware Protection (AMP) is not supported by this network"   If I have both an MX64W and actual APs in a network, I can't reach the MX64W's SSIDs via API once the APs are setup.    The whole point of the API is to work across the entire range of a given device type, within licensing parameters or potentially specifically noted exceptions. ... View more