Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About tantony
Community Record
305
Posts
59
Kudos
4
Solutions
Badges
06-02-2022
06:47 AM
But it says below the MX68 stateful firewall throughput is 600 mbps. That means that's the maximum WAN speed it can handle right?
... View more
06-01-2022
05:40 PM
Thank you. I only have the AMP feature on the MX68. So if I enable it on the MX75 I might not get the full 1Gb? Is it possible to copy the configs from MX68 to 75? Configs such as VLANs, port forwarding, blocked sites etc?
... View more
06-01-2022
04:58 PM
I’m using MX68 now. I’ll be upgrading our internet to be 1Gb but MX68 WAN won’t do 1Gb. MX68 does 600 Mbps. Is MX75 the “cheapest” MX that can handle 1Gb? Also, I have about 250 some days left on the current MX68 license, so if I get the next MX, can I just carry over the license? https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file
... View more
04-06-2022
06:17 PM
It turned out the reason I couldn't login, and I wasn't getting anything on Duo mobile app was because the AD user account I created didn't have the necessary permissions. I have the Duo MFA working now. But I'm kind of confused. Because, I didn't ask Meraki to adjust the time out, but I was still able to get the Duo push notification and login. So may be the timeout adjustment is not necessary?
... View more
04-05-2022
05:10 PM
I'm trying the DUO MFA, but after I enter my username and password, I'm not getting any notifications / push on my iPhone, and eventually I got a time out error on the VPN client. Is this because I did not call Meraki to adjust the time out? https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/m-p/38442
... View more
03-21-2022
12:41 PM
Thanks, I do prefer a physical MX like I have now, but just wanted to know the virtual MX instance works.
... View more
03-21-2022
12:20 PM
My company is expanding, and we might be moving to a second building. This means I need another MX for site-to-site VPN. I'm also looking into the possibility of a virtual MX appliance, but I know anything about this. From what I know, this can be hosted in AWS, Azure, etc. But how does the physical connection happen?
... View more
02-23-2022
06:56 AM
Thanks, that's what I thought, but I guess better safe than sorry.
... View more
02-22-2022
06:40 PM
Anyone here blocking traffic to / from Russia on their Meraki especially with high risk of cyber attack from Russia? Even if I block traffic from Russia with MX layer 7, what would happen if an actual hacker from Russia uses VPN to be in 'US'? Is Meraki smart enough to 'unmask' the VPN from Russia pretending to be from US?
... View more
12-16-2021
02:59 PM
Any security issues with leaving the status page open for all users?
... View more
12-16-2021
02:52 PM
@cmr Thanks, so I can only temporarily disable it? How do I do that on the MX dashboard? Is there any security issues with leaving it open?
... View more
12-16-2021
02:39 PM
By default does any user on the network have access to the MX device local status page (the default gateway IP) also known as the http://wired.meraki.com page? Because a user could see what the default gateway is by doing an ipconfig and go to the ip to see the local status page right? Is there a way to restrict access to the local status page or wired.meraki.com page only to the admin users?
... View more
12-06-2021
05:57 AM
I would like to enable 2fa for client VPN. Currently the users enter their AD credentials for VPN. I've setup NPS in my AD servers, and made them the RADIUS in Meraki dashboard for VPN. I'm deciding between Duo and Azure MFA. How's azure MFA extension for NPS? How does this work? After the user enter their AD credentials in the VPN client, they get a phone alert? Is MFA extension free? https://community.meraki.com/t5/Security-SD-WAN/Meraki-VPN-Client-Azure-MFA/td-p/48322 https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
... View more
10-29-2021
05:13 PM
@PhilipDAth Thanks, I'll use port 1912 for Duo Auth Proxy. Yes, I'm already using both of my DCs as RADIUS for redundancy .
... View more
10-29-2021
06:38 AM
Am I thinking this correct? It sounds like I need to contact Meraki directly to enable the timeouts and may be the settings for AnyConnect.
... View more
10-28-2021
11:39 AM
Yes, Duo looks easier. There was a Meraki documentation on setting up 2FA which featured RSA, Microsoft Azure, but I can't find that link. On my RADIUS server, I'm running NPS on port 1812. For VPN authentication on AD. So I should run the Duo Auth Proxy on port 1912 on the same RADIUS server? I'm actually using 2 RADIUS servers, both also Domain Controllers. Do I need to contact Meraki to do this? Because I saw something about Meraki need to change the timeout to wait for proxy? Like I said, I'm using the native Windows VPN client, should I be using AnyConnect if I want to use 2FA? Is there any documentation that shows me the exact steps?
... View more
10-28-2021
07:52 AM
Currently, I'm using RADIUS authentication for VPN. I'm using Active Directory servers as the RADIUS. I'm using Windows 10 native VPN client also. So when a user logs in, they open their Windows 10 VPN client, then enter their Active Directory username and password, and if everything is correct, they're connected to VPN. I would like to enable 2FA on the VPN. If I understand correctly, I cannot do this from the native Windows 10 VPN, but I can do this from AnyConnect? How exactly would I do this? So when I user types in their AD credentials, I would like them to enter the correct PIN or something like that as a secondary authentication method. I know I have to use third party vendors such as Duo, RSA, Azure etc. for the 2nd part of the authentication From my research, Duo is the easiest to setup. Anyone else using RSA or Azure? The below post says I need to contact Meraki to adjust the timeout settings. https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/td-p/38442.
... View more
08-30-2021
10:33 AM
Ah right, I forgot about that part. I already have the trunk and lags as trusted, and rest untrusted. So far, I've only enabled DAI on one of the switch, and everything is working.
... View more
08-30-2021
10:19 AM
Wouldn't the client's MAC already have to be in the DHCP Snooping table even to get DHCP? I'm talking about a new device that never connected before.
... View more
08-30-2021
08:17 AM
Sorry if this is the wrong place, I couldn't find a general network section. My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI). Do you guys have DHCP Snooping and DAI enabled at your production network? I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database. I know you can manually add them but that's a lot of work. Also, what about 802.1X authentication, anyone using them on their production network? I'm trying to make my production network more secure.
... View more
08-30-2021
08:12 AM
2 Kudos
Happy Birthday Meraki
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1815 | 05-17-2019 12:25 PM | |
| 14759 | 05-10-2019 07:18 AM | |
| 8849 | 04-15-2019 06:02 AM | |
| 38995 | 01-29-2019 09:26 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 6 | 20227 | |
| 4 | 1794 | |
| 4 | 53022 | |
| 3 | 2570 | |
| 2 | 1219 |
