cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About writ_er_relo

Re: Inbound Rule to entire inside subnet

by in Security / SD-WAN
‎08-31-2020 07:23 PM
1 Kudo
‎08-31-2020 07:23 PM
1 Kudo
"The inbound firewall will deny any traffic that does not have a session initiated by a client behind the MX. This allows internal client machines to connect with any resources they need, but does not let outside devices initiate connections with inside client machines. The exception to this is if a  Port Forward  or  1:1 NAT  is created. "   Source: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_Appliances   But, I can't think of a design where the original request would be fulfilled. You'd need to NAT, or port forward every client.   In your original question: how would the outside IP know how to differentiate between internal clients from the outside?    ... View more

Wide Scale Content Filtering tied to Active Directory

by in Security / SD-WAN
‎08-31-2020 07:03 PM
‎08-31-2020 07:03 PM
Good evening all,   I'm looking to see if anyone has had any recent experience or insights on rolling out Active-Directory integrated, Group Policy (meraki) based content filtering on a "large" scale. (20+ sites)   I know how to tie in Active Directory and apply group policies to implement content filtering    I tried something like this back in 2017, I was working with 39 sites throughout the US, 2 locations had Domain Controllers (for AD integration), and we had 200+ users.    We ran into issues as we continued to add 10+ sites. We began to see that the AD integration wouldn't work, or would work sporadically. That meant the content filtering would work... sometimes.   We opened up a case with Meraki and they said it was "working as designed" and we needed to have more domain controllers, or we couldn't use AD-Integration. They recommended, one DC-per-site because of how the MX constantly polls the DCs for related logon events. We were told the DCs weren't responding in time to the requests from 39 sites. The whole design was overloading the domain controllers, which would break the AD-integration and content filtering.   Anyone know if the technology has improved?   I just re-read through the related articles, and they don't seem to have changed.   Bonus: We were coming from a SONICWALL deployment that was able to perform the task above without issue because of their hub-spoke design.      ... View more

Re: Clear DHCP leases - MX84

by in Security / SD-WAN
‎07-24-2019 11:00 AM
3 Kudos
‎07-24-2019 11:00 AM
3 Kudos
zcsdfsfsdf @AlexC wrote: @jvelasco wrote: Hi,  May I know if there is a way to clear out the DHCP Leases in a certain VLAN? I configured static IP addresses but their previous addresses are still there in the dashboard.  Thanks! Hi @jvelasco,   A 'button' to clear DHCP Leases from dashboard is certainly a feature request at this time point in time as others have commented.   However, there is a way to clear the DHCP Leases on a VLAN without having to reboot the appliance by following these steps: - Create a DHCP Reservation on the VLAN that blocks out the entire DHCP range - Save the configuration and let MX downloads it (might take a minute or two) - Clear the DHCP Reservation and save the configuration again   Hope this helps, if you are still having trouble, I would recommend reach out to support (that's whom I got this info from). You can find support information from dashboard under Help > Get Help.   Cheers,   -Alex UPDATE FOR ANYONE THAT MIGHT RUN INTO THIS   I found this thread because I had to do this for a VOIP rollout.   I repeated these steps -  Decreased the DHCP Lease Time to 30 minutes  Create a DHCP Reservation on the VLAN that blocks out the entire DHCP range Save the configuration and let MX downloads it (might take a minute or two) Clear the DHCP Reservation that blocks out the entire DHCP range Save the configuration again It seemed to work at first. All client DHCP leases were removed from the dash... except they some came back with the original entries. All of the phones are still advertising that their lease time will expire in 20+ hours. Effectively maintaining the lease time they originally had.    Not sure if this is because they're VOIP endpoints, but it only half worked.   The machines on the same VLAN cleared out their DHCP leases and were on the new 30 minute lease time, the phones were not.  ... View more

Re: Clear DHCP leases - MX84

by in Security / SD-WAN
‎07-24-2019 09:53 AM
‎07-24-2019 09:53 AM
@AlexC    This seems like a work-around at best. I hope this "feature" makes it to Meraki.    I try to talk up Meraki when I can, but things like this makes it really difficult. ... View more

Re: Meraki API and Postman - large integer issue

by in Developers & APIs
‎04-11-2019 10:08 AM
‎04-11-2019 10:08 AM
@BrechtSchamp wrote:   I think it's meant as a message to  @DexterLaBora  , a suggestion on how to avoid having to change the API in a way that breaks existing applications.   Right, sorry. I meant, do you or anyone else know how to:   "Add a second field id_str"   or "Pull the id out with a regex"   I asked in that separate thread, so I'll see what they say. Thanks! ... View more

Re: API: Organization IDs are larger than MAX_SAFE_INTEGER

by in Developers & APIs
‎04-11-2019 10:08 AM
‎04-11-2019 10:08 AM
@BrianC    Apologies for the dumb question, but how would I be able to implement the second field "id_str" ?  Should I add it as a variable? Should I add it somewhere else?   total new guy at Postman and running into this rounding issue. ... View more

Re: Meraki API and Postman - large integer issue

by in Developers & APIs
‎04-11-2019 09:32 AM
‎04-11-2019 09:32 AM
Yep! It's totally related to that.    Do you know what the other poster means by:   You could add a second field id_str, which would avoid a breaking change.   At the moment I'm pulling the id out with a regex, which has got me going for now.     ?? I'm pretty new to this whole Postman thing, but Meraki seems to have some agreement with them so their documentation is some of the best. ... View more

Re: Meraki API and Postman - large integer issue

by in Developers & APIs
‎04-11-2019 09:15 AM
‎04-11-2019 09:15 AM
That's the thing, I'm not doing any fancy stuff either, just using Postman and Runner then trying to insert variables from a csv. One of those variables being the OrgID   😞   I also found that post too, but it requires posting 3rd party code into Postman as a global variable. I did it on a test machine, and still couldn't get it to work. I'm sure the translation doesn't help.   Thanks for the reply.     ... View more

Meraki API and Postman - large integer issue

by in Developers & APIs
‎04-11-2019 09:04 AM
‎04-11-2019 09:04 AM
I started learning Postman to try and automate tasks through the Meraki API. I kept running into an issue where postman would round my large numbers. Unfortunately, the ORG IDs were large numbers so all of my commands would fail. Some google-fu showed me that PostMan calls this a limitation of JS and don't plan on implementing a fix.   Has anyone else found a workaround or fix for this?   I moved to automating via powershell, but I loved the GUI of Postman coming from a complete newbie.    Thanks for your input.  ... View more
Labels:
© 2022 Meraki