Hola Andres, El primer paso a verificar es que el DDNS este funcionando bien. Si desde el cliente mandas un ping al dominio, te responde con la IP de la WAN2? Podrias verificar que en los clientes se tienen configurada la URL y no la IP publica de la WAN1? Si cambias la configuracion en el cliente cuando la WAN2 esta activa, te manda un mensaje de error o un timeout? ... View more

Hi Lorna,    A local status page shouldn't pop up for a user out of nowhere unless they are browsing to the URL/IP or there's some setting on their device.  Do you have any splash pages? Or port authentication configured that could be directing to the local status page? ... View more

The error indicates the source IP you are running the call from is blocked on the destination organization. Unfortunately the API call is terminated by 403 from that organization preventing the other organizations from populating.  The IP restriction needs to be lifted.    However, if it is intermittent as you suggested then more investigation needs to be done to determine while IP the API call is coming from when it succeeds and fails.  ... View more

Hi,   From Cisco Meraki Events via REST API:    The Cisco Meraki Events via REST API solution for Microsoft Sentinel enables you to easily ingest the following events from Cisco Meraki MX security appliance to Microsoft Sentinel using Cisco Meraki API: 1. Organization Appliance Security Events 2. Organization Api Requests 3. Organization Configuration Changes   1. Based on the information above I would expect this to use most GET organization level API calls.  - when clicking this link type "/organization" into the first search box.    2. It also specifically calls out the Organization Appliance Security Events which is probably this call: getOrganizationApplianceSecurityEvents.   3. Refers to the changelog found under Organization > Changelog. This seems to refer to this API endpoint: getOrganizationConfigurationChanges.    But as you stated, it's always good to get confirmation from Microsoft.    Feel free to reach back out should you need anything else.  ... View more

Hi Kavy,    @Arthamon is correct regarding the Dashboard uptime visibility and the API. Uptime statistics from the dashboard at this point in time are relatively limited.  For statistics on uptime you can use the Organization > Overview page. This won't provide you with the specific uptime of the device unfortunately.    The other option is to manually view each MR and MS to check the uptime (MS needs to be on firmware 15.21.1+ and MR on 30.x+).  Options: 1. Go to Organization > Overview. Then select the tab that says "Devices". You can see each of the connectivity bars there. Unfortunately it does not give you an uptime metric, but it does give you the dates of when the device was connected to the Cloud or not.  2. Go to Organization > Overview. Select the "Networks tab". Click on the "+" sign next to the CSV button. Select "network health" and "% offline" from the "+" dropdown.      3. Go to Switching > Switches and select your switch and view the uptime there.   4. Go to Wireless > Access points and select your AP and view the uptime there.    ... View more

To advertise a subnet over IPsec VPN go to Security & SD-WAN > Site to site VPN.  A "VPN settings" section will be there, then you will see the "local networks". This section permits/restricts subnets to be advertised over AutoVPN and IPsec VPN. If the subnet is "disabled" it will not be able to access or use the VPN as it will not be advertised over VPN. If "enabled" that subnet will be advertised to AutoVPN and IPsec VPN peers.   If you want all your local subnets to be able to pass traffic through the IPsec tunnel, then enable all of them.   Local networks example:  Only the default VLAN subnet of 192.168.128.1/24 is advertised over the IPsec tunnel since it's the only one that is "enabled". If I want 10.10.1.0/24 to be advertised to my IPsec VPN peer, then I will "enable" it.    Do you need all of your traffic to go across the IPsec tunnel? That's what adding a 0.0.0.0/0 in the private subnets of the Non-Meraki VPN peer configuration on the dashboard will do. It overrides the default route out the WAN interface.  Will internet be possible with 0.0.0.0/0 with an IPsec peer? Sure, if the tunnel establishes properly as the MX will be using your peer for internet connectivity.    I am still a little lost on what you are trying to configure.  ... View more

OWE gives you wireless encryption without authentication, and the Splash page gives you authentication without wireless encryption. Combining both leaves you individually vulnerable to attacks on the other. An attacker on the wireless side can still make himself a MitM to interact with the wireless data in cleartext form.   If it is for internal users (as you are talking about AD login), implementing 802.1X is the only secure way to combine both. ... View more

Hi Paul,    Troubleshooting slow VPN connections can be tricky and usually requires a lot of information gathering.    What applications experience slowness? Is it all applications? Are these TCP or UDP based applications? Or Both?  i.e Are file transfers slow but streaming is ok? Are VoIP applications have issues but loading webpages are unaffected?  How many users are typically in during those slow days? Does that number decrease a lot during days where the connection is fine? What times of the day is the connection usually slow?    What bandwidth is the router in India providing and the MX75 in the UK? This way we can determine if one of them is a bottleneck.  Are specific users affected? Are all users affected? What is the speed when running a speedtest?  The last tip is to run speedtests when the network has less users to see if the issue persists. If it does not persist it may be related to congestion/link saturation. Regards, Maria   ... View more