MX devices have two types of licensing, Enterprise or Advanced security.   MS Switches on require a dashboard license   Licensing comes in 1, 3 or 5 year options. Sometimes Meraki do have specials where they will give you an extra year for free and it usually works out cheaper if you be a longer license as well.  ... View more

Have you thought about Umbrella integration? Instead of having to update a rather static feed (not even in real time) this would be a big leap forward from a security perspective. ... View more

On the videos I checked they are all using the same CDN. So I would block that. Not sure if that will also change every day, but it is worth a shot. Also it seems like the service won't work without authenticating, when doing that it is doing it via the same primary domain (4kmovies.online) I would assume changing domains daily with DNS propagation and changing the location of the authentication service everyday has to be time consuming. Also IP range they are currently using is 104.31.77.0-104.31.77.255 and located in Chicago behind Cloudflare. I thought maybe you could try a block from a country outside if yours, but looks like that won't work.   cdn.4kmovies.online ... View more

that depends if you want the MR to be in the same subnet as the MS. Secondly if you want to configure the multiple subnet then you need to configure MS port as trunk or if you want to advertise only single subnet then it would be access port. ... View more

Agreed, you'll normally need approval through the AM at Cisco/Meraki for this as well, so all needs to be done step by step back through the channel so the AM can approve the RMA for you.     ... View more

Thanks for the quick responses everyone! ... View more

To be fair, power settings are not really a SSID-level setting, but rather something that is applied down at the physical WAP device.  You can't very well have a WAP advertising two different SSIDs, each at different power levels on the same WAP.  However, you are correct that TX power is one of several parameters not yet exposed via the API. ... View more

@GOwens I suggest taking a look at some of the great documentation to help you troubleshoot and isolate your particular setup. Some suggested docs:   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances   https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview ... View more

>Since that traffic from the trusted IPs can be sniffed easily, then the attacker can spoof the IP easily and get around it.    RDP traffic is encryted, so sniffing is not really an issue in this case.   Spoofing the IP address and maintaining a TCP stream is non-trivial for a connection that runs over the Internet when you don't hace access to the source (aka you are a remote man in the middle).  For a start you don't get any of the return traffic.  Just forming the TCP session is a mission. ... View more

While I wish that Meraki offers an option for this, I like the fact that it doesn't now in order to maintain security / data integrity. The way I see it, surveillance cameras with Meraki are not meant for web streaming. For that need, buy any of the cheaper web cams out there (Nest, Arlo, Amazon, etc)   Having said this, I would log a feature request where you can select a camera (or more), put it on a separate network, and configure this network with web stream access separate from your surveillance network. ... View more

I was right about me going through 2 faulty POE injectors. The first was a total dud and the second was an older 100 Mbps model. Bought a couple of these BV Tecg Single Gigabit Ethernet Injectors on Amazon for £19 and they work fine. https://www.amazon.co.uk/BV-Tech-Single-Gigabit-Ethernet-Injector/dp/B00B4H00EO/ ... View more

@Phil_SCDS(Edit: If your user is Win10) Is there any chance your user is able to run a PowerShell script? I realize that may be disabled for security purposes, but I live in a world where lol security so.   I've got one that's fairly simple and can be changed to not require administrator permissions. There's comments in it that tell you exactly what to change, although please do test on your PC.    To run:   1. Open PowerShell 2. Allow PowerShell to run the script with this command: set-executionpolicy -scope process unrestricted 3. Run the script. 4. Answer the prompts. 5. Close PowerShell   If you walk through it, you can probably write better instructions. My help desk has significantly longer ones but they're not easy to share. ... View more

Gratz Matt! ... View more

Also to note it works on iOS/Chrome OS/tvOS   Although independent of the other Meraki solutions it can integrate with them well.     ... View more

Thank you so much for testing this! ... View more

Ah, thanks!  That's exactly what I needed!  🙂 ... View more

I was able to get ahold of a xbox one. I was able to determine that it does see it as if it was a windows 10 Computer. So I had to unblock it and apply a group policy.  ... View more

Thanks for your reply. We fixed the issue by whitelisting tis snort rule over rdp over non standard ports. WRA uses dynamic ports 49000 to 49999. IDs kept onblocking the packets. ... View more

In my experience whitelisting these ID events doesn't work very well or quickly.   Your best bet is start by changing the ruleset to balanced instead of security. The next option is change the mode to detection. Then it pinpoints which part of ID is detecting/causing it.   The other thing you might check is AMP settings.   Also if you can provide the SNORT link to the vulnerability it is detecting     ... View more

@SoCalRacer  Thank you. I tried publicIp as listed in that doc, but it won't give it, so I assume it won't work because Meraki's API does not function as documented. I'm amending the previous statement, because today it is giving me the public IPs. I'm pretty sure nothing is different from yesterday (I don't believe I changed anything about the query), but it's working now so... I'm not complaining too much, we don't pay for it, but this is one of the reasons why we've stuck with the free licences.    Regarding your other comment, we need them so we can exclude "internal" traffic from our CMS's analytics. There are only a couple ways to exclude traffic with this particular CMS, browser agent and IP. Obviously, we can't use browser agent... All employees are remote, hence the need to collect the IPs of everyone in the company.   @PhilipDAth  Actually it is in the list, you must have overlooked it?  ... View more

I didn't think Umbrella supported Android devices with a client. I believe you could point the DNS to umbrellas servers with a policy.   Also no mention here. https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-update   Windows and Mac devices you should be able to download the installers and follow below for help pushing.   https://documentation.meraki.com/SM/Apps_and_Software/Installing_Custom_Apps_on_Windows_and_Mac_Devices ... View more