The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About tantony
tantony

tantony

Head in the Cloud

Member since Dec 19, 2018

‎06-06-2022
Kudos from
User Count
cmr
Kind of a big deal cmr
2
CarolineS
Community Manager CarolineS
4
MeredithW
Community Manager MeredithW
5
Inderdeep
Kind of a big deal Inderdeep
2
UCcert
UCcert
1
View All
Kudos given to
User Count
Brash
Head in the Cloud Brash
1
cmr
Kind of a big deal cmr
2
KarstenI
Kind of a big deal KarstenI
2
Ryan_Miles
Meraki Employee Ryan_Miles
1
PhilipDAth
Kind of a big deal PhilipDAth
3
View All

Community Record

305
Posts
59
Kudos
4
Solutions

Badges

Year 5 - Regular Award
100 Posts
50 Posts
First 5 Posts
50 Kudos
25 Kudos View All
Latest Contributions by tantony
  • Topics tantony has Participated In
  • Latest Contributions by tantony
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 12
  • Next »

Re: MX68 to 1Gb WAN

by tantony in Security / SD-WAN
‎06-02-2022 06:47 AM
‎06-02-2022 06:47 AM
But it says below the MX68 stateful firewall throughput is 600 mbps.  That means that's the maximum WAN speed it can handle right?     ... View more

Re: MX68 to 1Gb WAN

by tantony in Security / SD-WAN
‎06-02-2022 06:11 AM
‎06-02-2022 06:11 AM
Thank you for everyone's input.   ... View more

Re: MX68 to 1Gb WAN

by tantony in Security / SD-WAN
‎06-01-2022 05:42 PM
‎06-01-2022 05:42 PM
May be I need MX95 since I’ll have AMP turned on? ... View more

Re: MX68 to 1Gb WAN

by tantony in Security / SD-WAN
‎06-01-2022 05:40 PM
‎06-01-2022 05:40 PM
Thank you. I only have the AMP feature on the MX68. So if I enable it on the MX75 I might not get the full 1Gb?   Is it possible to copy the configs from MX68 to 75?  Configs such as VLANs, port forwarding, blocked sites etc? ... View more

MX68 to 1Gb WAN

by tantony in Security / SD-WAN
‎06-01-2022 04:58 PM
‎06-01-2022 04:58 PM
I’m using MX68 now. I’ll be upgrading our internet to be 1Gb but MX68 WAN won’t do 1Gb.  MX68 does 600 Mbps.  Is MX75 the “cheapest” MX that can handle 1Gb?   Also, I have about 250 some days left on the current MX68 license, so if I get the next MX, can I just carry over the license?   https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file ... View more

Re: DUO for Clien VPN MFA

by tantony in Security / SD-WAN
‎04-06-2022 06:17 PM
‎04-06-2022 06:17 PM
It turned out the reason I couldn't login, and I wasn't getting anything on Duo mobile app was because the AD user account I created didn't have the necessary permissions.  I have the Duo MFA working now.  But I'm kind of confused.   Because, I didn't ask Meraki to adjust the time out, but I was still able to get the Duo push notification and login.  So may be the timeout adjustment is not necessary? ... View more

DUO for Clien VPN MFA

by tantony in Security / SD-WAN
‎04-05-2022 05:10 PM
‎04-05-2022 05:10 PM
I'm trying the DUO MFA, but after I enter my username and password, I'm not getting any notifications / push on my iPhone, and eventually I got a time out error on the VPN client.  Is this because I did not call Meraki to adjust the time out?   https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/m-p/38442  ... View more

Re: Virtual MX

by tantony in Security / SD-WAN
‎03-21-2022 12:41 PM
‎03-21-2022 12:41 PM
Thanks, I do prefer a physical MX like I have now, but just wanted to know the virtual MX instance works. ... View more

Virtual MX

by tantony in Security / SD-WAN
‎03-21-2022 12:20 PM
‎03-21-2022 12:20 PM
My company is expanding, and we might be moving to a second building.  This means I need another MX for site-to-site VPN.  I'm also looking into the possibility of a virtual MX appliance, but I know anything about this.  From what I know, this can be hosted in AWS, Azure, etc.  But how does the physical connection happen? ... View more

Re: Blocking traffic to / from Russia?

by tantony in Security / SD-WAN
‎02-23-2022 06:56 AM
‎02-23-2022 06:56 AM
Thanks, that's what I thought, but I guess better safe than sorry. ... View more

Blocking traffic to / from Russia?

by tantony in Security / SD-WAN
‎02-22-2022 06:40 PM
‎02-22-2022 06:40 PM
Anyone here blocking traffic to / from Russia on their Meraki especially with high risk of cyber attack from Russia?   Even if I block traffic from Russia with MX layer 7, what would happen if an actual hacker from Russia uses VPN to be in 'US'?   Is Meraki smart enough to 'unmask' the VPN from Russia pretending to be from US? ... View more

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:59 PM
‎12-16-2021 02:59 PM
Any security issues with leaving the status page open for all users? ... View more

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:58 PM
2 Kudos
‎12-16-2021 02:58 PM
2 Kudos
 ok thank you @cmr  ... View more

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:52 PM
‎12-16-2021 02:52 PM
@cmr  Thanks, so I can only temporarily disable it?  How do I do that on the MX dashboard? Is there any security issues with leaving it open? ... View more

MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:39 PM
‎12-16-2021 02:39 PM
By default does any user on the network have access to the MX device local status page (the default gateway IP) also known as the http://wired.meraki.com page?   Because a user could see what the default gateway is by doing an ipconfig and go to the ip to see the local status page right?     Is there a way to restrict access to the local status page or wired.meraki.com page only to the admin users? ... View more

Client VPN 2FA with MFA extension for NPS

by tantony in Security / SD-WAN
‎12-06-2021 05:57 AM
‎12-06-2021 05:57 AM
I would like to enable 2fa for client VPN.  Currently the users enter their AD credentials for VPN.  I've setup NPS in my AD servers, and made them the RADIUS in Meraki dashboard for VPN.   I'm deciding between Duo and Azure MFA.  How's azure MFA extension for NPS?  How does this work?  After the user enter their AD credentials in the VPN client, they get a phone alert?  Is MFA extension free?     https://community.meraki.com/t5/Security-SD-WAN/Meraki-VPN-Client-Azure-MFA/td-p/48322   https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension     ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-29-2021 05:13 PM
‎10-29-2021 05:13 PM
@PhilipDAth  Thanks, I'll use port 1912 for Duo Auth Proxy.  Yes, I'm already using both of my DCs as RADIUS for redundancy  .   ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-29-2021 06:38 AM
‎10-29-2021 06:38 AM
Am I thinking this correct?  It sounds like I need to contact Meraki directly to enable the timeouts and may be the settings for AnyConnect. ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-28-2021 11:39 AM
‎10-28-2021 11:39 AM
Yes, Duo looks easier.  There was a Meraki documentation on setting up 2FA which featured RSA, Microsoft Azure, but I can't find that link.     On my RADIUS server, I'm running NPS on port 1812.  For VPN authentication on AD.  So I should run the Duo Auth Proxy on port 1912 on the same RADIUS server?  I'm actually using 2 RADIUS servers, both also Domain Controllers.   Do I need to contact Meraki to do this?  Because I saw something about Meraki need to change the timeout to wait for proxy?  Like I said, I'm using the native Windows VPN client, should I be using AnyConnect if I want to use 2FA?   Is there any documentation that shows me the exact steps? ... View more

Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-28-2021 07:52 AM
‎10-28-2021 07:52 AM
Currently, I'm using RADIUS authentication for VPN.  I'm using Active Directory servers as the RADIUS.  I'm using Windows 10 native VPN client also.  So when a user logs in, they open their Windows 10 VPN client, then enter their Active Directory username and password, and if everything is correct, they're connected to VPN.   I would like to enable 2FA on the VPN.  If I understand correctly, I cannot do this from the native Windows 10 VPN, but I can do this from AnyConnect?  How exactly would I do this?  So when I user types in their AD credentials, I would like them to enter the correct PIN or something like that as a secondary authentication method.   I know I have to use third party vendors such as Duo, RSA, Azure etc. for the 2nd part of the authentication   From my research, Duo is the easiest to setup.  Anyone else using RSA or Azure?  The below post says I need to contact Meraki to adjust the timeout settings.   https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/td-p/38442.  ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:34 AM
‎08-30-2021 10:34 AM
Love to hear if anyone is using 802.1X on their network also. ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:33 AM
‎08-30-2021 10:33 AM
Ah right, I forgot about that part.  I already have the trunk and lags as trusted, and rest untrusted.   So far, I've only enabled DAI on one of the switch, and everything is working. ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:19 AM
‎08-30-2021 10:19 AM
Wouldn't the client's MAC already have to be in the DHCP Snooping table even to get DHCP?  I'm talking about a new device that never connected before. ... View more

Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 08:17 AM
‎08-30-2021 08:17 AM
Sorry if this is the wrong place, I couldn't find a general network section.  My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI).  Do you guys have DHCP Snooping and DAI enabled at your production network?   I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database.  I know you can manually add them but that's a lot of work.   Also, what about 802.1X authentication, anyone using them on their production network?   I'm trying to make my production network more secure. ... View more

Re: 🎁 🍰 🎈 Happy 4th Birthday, Meraki Community! 🎈 🍰 🎁

by tantony in Community Announcements
‎08-30-2021 08:12 AM
2 Kudos
‎08-30-2021 08:12 AM
2 Kudos
Happy Birthday Meraki  ... View more
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 12
  • Next »
Kudos from
User Count
cmr
Kind of a big deal cmr
2
CarolineS
Community Manager CarolineS
4
MeredithW
Community Manager MeredithW
5
Inderdeep
Kind of a big deal Inderdeep
2
UCcert
UCcert
1
View All
Kudos given to
User Count
Brash
Head in the Cloud Brash
1
cmr
Kind of a big deal cmr
2
KarstenI
Kind of a big deal KarstenI
2
Ryan_Miles
Meraki Employee Ryan_Miles
1
PhilipDAth
Kind of a big deal PhilipDAth
3
View All
My Accepted Solutions
Subject Views Posted

Re: Can't ping a subnet from VPN

Security / SD-WAN
1815 ‎05-17-2019 12:25 PM

Re: Meraki MX and UniFi AP

Security / SD-WAN
14759 ‎05-10-2019 07:18 AM

Re: Does Meraki MX need connection to the Meraki cloud / Internet?

Security / SD-WAN
8849 ‎04-15-2019 06:02 AM

Re: Can't ping a device on the network

Security / SD-WAN
38995 ‎01-29-2019 09:26 AM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Photo Contest: Be featured in the Cisco Meraki Quarterly!

Community Announcements
6 20227

Re: Odd WAN behavior

Security / SD-WAN
4 1794

Re: Welcome! Please introduce yourself.

Community Tips & Tricks
4 53022

Your hobbies

Off the Stack
3 2570

Re: MX device local status page

Security / SD-WAN
2 1219
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki