This document explains this well: https://documentation.meraki.com/MX-Z/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_Appliances ... View more

I hope your DSL Modem can do the PPPoE job and provide DHCP IP on its LAN. Use a small switch, as known as 'WAN Switch' or 'Perimeter Switch' and terminate your DSL Modem there. Many DSL Modem have built-in switchports on its LAN. Connect both MX 'INTERNET' ports on the switch. If DHCP is Enabled, both will get IP and connect to cloud. If DHCP service is not available, you should configure manual IP as a destination to internet towards your GSM Modem. Configure first MX as you need, then add second MX as 'Warm Spare' from 'Appliance status' page. ... View more

But I have one client who has done similar setup where directional antenna is connected with low -loss extension cables on roof top and WiFi coverage below with omni antenna. Reason was unavailability of data points. ... View more

Yes, you can. Setting from 'Radio Setting' doesn't affect the performance I believe, though Meraki can confirm on that. One AP can get receive signal from base through sector antenna and emit through omni antenna. ... View more

Did you check from 'Security Appliance > Addressing & VLANs' if you have below configs: - route created from MX64 (Meraki Spoke) towards ASA/FG (non-Meraki Spoke). It should be dest: 172.16.0.1/16, gw: MX100 IP from 192.168.0.1 subnet - if the route is advertised by selecting 'Yes' for 'In VPN'.   Screenshot added FYR.   HTH. ... View more

Kudos for your post @PhilipDAth ! ... View more

Did you try with OPENVPN client? It's an open-source & community driven client supports L2TP/IPSec. It also have VPN server capability but you can shutdown the service. ... View more

Hi, you should modify it from 'Splash Behavior' under 'Wireless > Splash Page'. Is it a RADIUS server you are redirecting to? Then the RADIUS server should define this URL, please check in their documentations.     ... View more

Usually I don't recommend to upgrade the switch from a stable firmware unless to adopt new features or to fix any potential bug. I have experienced this issue and called Meraki support team to downgrade to old stable firmware. Same goes for MR AP. ... View more

So you are looking for client-to-site/remote access VPN connection using MX. No you can't do it, it supports site-to-site VPN only.   You don't need UserID or Username for a site-to-site VPN scenario. Preshared key with encryption methods in phases should suffice. You can ask your VPN provider to provide required site-to-site VPN parameters, if they allow.   I dont see any standard firewall also supports it. Only option left is using DD-WRT, Tomatoe firmware, etc. Cisco ISR can be used as well. ... View more

It should be simple: 1. Add a local VLAN from 'Addressing & VLANS', you already know how to do it 2. Create a non-Meraki VPN Peer from 'Site to Site VPN' 3. Permit the new VLAN to communicate over the non-Meraki VPN, under 'VPN Settings' on previous page. HTH. ... View more

In high density area sometime I suggest to increase the bitrate to more than 12Mbps for faster & effective roaming. Also leave the Radio Power to automatic. Encourage everyone to use 5GHz radio instead of 2.4Ghz if configurable from endpoints. 2.4Ghz imposes noise on wireless networks. ... View more

I have similar issue and couldn't find fix yet. I have first gen. of Chromecast. ... View more