Ask support to enable the "Enhanced Failover" option.  Then configure the MX for "immediate" failback and your SIP issue will be resolved. https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failover#Enhanced_WAN_Failover_and_Failback    > Why would you want the flow to remain on the secondary WAN (in a non-load-balanced network), after switching back to primary   So that it does not break anything using TCP.  For example, we use MS Teams for our phone system (which is TCP based).  By not doing an immediate failback, anyone on a phone or video call can continue to complete that call without any interruption. ... View more

  Hi I've linked a GP to default VLAN that block some subnets used in auto-vpn. all seems configured in the right way but I'm still able to access to the resources I want to block ... any suggestions ?   Thanks   ... View more

Have you thought about Umbrella integration? Instead of having to update a rather static feed (not even in real time) this would be a big leap forward from a security perspective. ... View more