It seems Catalina prevents VPN over non-encrypted networks.   I'm find out the hard way and am now trying to regain connectivity. ... View more

I prefer to keep DHCP on an AD server when I can, for production vlans. An MX won't let you cancel an existing lease one by one, and that's something I have to do semi-regularly for my clients.    If I've got a separately configured vlan for a guest network, then DHCP goes on the MX and I make sure the firewall rules block access between my production vlan(s) and my guest vlan.  ... View more