Using these features are completely independent of having a local domain or not. A local domain will give you for example the possibility to apply different security-settings to different user-groups. ... View more

I just wanted to mention that I also have a Meraki-Gnome ...     ... View more

Make also sure that the VPN-client *and* the gateway have NAT-Traversal (NAT-T) enabled. ... View more

Can you do a packet-capture on the LAN and on the WAN-side of the MX450 with a filter of the IP of the other sides VPN-gateway? Perhaps that gives a hint of the problem. ... View more

I prefer to monitor my WAN-links with an SNMP-application. For monitoring of Meraki devices I prefer CheckMK which runs out of the Box with Meraki. There is also a free virtual appliance if you don't have that much to monitor. ... View more

7th to 10th of February 2022 ... The date conference live comes back to (more or less) normal, hopefully ...   ... View more

I do not think that it will work. PDL or not, the licenses have to be added before they can be assigned to the individual devices. And I would expect that when the license is re-added, it will again have the old starting-point. ... View more

To further investigate if the problem is related to any IPsec-VPN on the MX, I would add a 1:1 NAT with it's own IP for this particular PC and see if that works. If yes, it's likely that it is somehow related to the actual VPN-Config. ... View more

I do not think that anything can be done here for now. But for future installations new devices with licenses could be bought "just in time" to avoid "lost time". The question is if "just in time" works in a time where delivery-times are always changing. ... View more

An AD is no requirement, it in general just makes things easier. Where are your credentials stored? If you can make them accessible through a RADIUS-server you are good to go. ... View more

Also make sure that the AP is connected with a high quality cable. Especially with Cat5e I have some cables that only negotiate 100MBit and others go to 1Gig. And one AP changed from 1Gig to 100M after a couple of years and needed a factory reset. ... View more

The forth option that @cmr mentioned would work well, this feature is named "DNS views" and is supported in BIND, but sadly not on Windows Server DNS. So the best long-term solution would be not to use the same domain for internal and external resources. The internal resources should be better migrated to a different domain or a subdomain of company.com.   EDIT: Wait ... just the moment I pressed "Post" I remembered there was a new feature that does exactly what DNS views in BIND are doing, the DNS policies: https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/dns-policies-overview These can be used for this, but are not that easy to configure. ... View more

All you need is UDP/500 and UDP/4500, and yes, your "permit any" will handle that unless the traffic is denied in rules above that permit. Do you perhaps have a site-2-site VPN between your MX and that Fortinet? That would be a reason that the client VPN will fail. ... View more