Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About stockster

Re: Group Policies and Active Directory

by in Security & SD-WAN
‎Jul 7 2019 11:05 PM
‎Jul 7 2019 11:05 PM
Yes the Meraki is the default gateway in this case.    That was also my understanding and the FTP active directory group that I am trying to map is a user group only (for testing purposes I tried to add the computer object there as well), but the goal clearly is to manage a group policy ruleset for an active directory user group only (FTP users). I hope this clarifies the situation.   I am pretty sure the Active Directory integration works fine as far as I understand. Because when I go click on the Client machine I can see an Active Directory user:   Do I assume correctly that with this sitatution, the group policy's firewall rules should override the default L3 rules for any user in the Active Directory FTP group?    Concerning your comment about the AD auditing, I checked the domain controller's applied settings by running rsop:     Success is in place for both sections.    Am I missing something else?   Thanks a lot for your help. Regards,   stockster ... View more

Re: Group Policies and Active Directory

by in Security & SD-WAN
‎Jul 7 2019 10:17 AM
‎Jul 7 2019 10:17 AM
Hi Philip   Thanks for the feedback.The group policy will always show 0 associated clients no matter what.    I was able to reproduce the following behaviour though:   - If the mapped Active Directory group only contains the user - the default Layer 3 rulesets of the firewall apply - If the mapped Active Directory group contains the machine object as well - the group policy firewall ruleset gets applied stockster ... View more

Group Policies and Active Directory

by in Security & SD-WAN
‎Jul 5 2019 2:10 AM
‎Jul 5 2019 2:10 AM
Hello all,   I am currently struggeling with the Active Directory integrated Group Policy features and was hoping maybe you could provide me with some input.   The intention is to maintain a Group Policy for FTP users. The Active Directory integration is up and running and the Client - User mapping seems to work fine (according to the event logs).    Thus, the MX should be aware of which users is using which client. However, it does not seem that any of the specific group policy firewall rules are being applied on the machine that has a user associated, who is a member of the mapped active directory FTP security group.    Once I add the active directory PC object though, the rules start getting applied. One further disclaimer: the affecting clients counter will stay at 0 constantly, no matter what - I assume it just simply doesn't work with AD mapped group policies?   Therfore my question - is it even possible to manage a custom firewall ruleset under group policy for a AD security group that only contains the user and not the machine object?  ... View more

Re: Possibility for complementary firewall rulesets

by in Security & SD-WAN
‎Jun 10 2019 10:55 PM
1 Kudo
‎Jun 10 2019 10:55 PM
1 Kudo
Hi @AlexC Sorry for the belated reply and thank you very much for answering my question. I think the way Meraki has set this up is a quite unfortunate, but I will see how the API could potentially ease my pain.   May I add, I believe the wording you used with "to apply additional rules" is probably a bit unfortunate in this context, as it is in fact not additional but superseded rules for members of this particular group, right? Regards, Dario ... View more

Possibility for complementary firewall rulesets

by in Security & SD-WAN
‎Jun 3 2019 11:57 PM
‎Jun 3 2019 11:57 PM
Hello all,   Do you know if there is any possibility that a specific group policy can complement the configured "global" ruleset under "Security" -> "Firewall"?   I only see the possibility to either replace, ignore or inherit. This makes no sense to me as Meraki does not offer a possibility to use Active Directory Group Mappings any other way - so if I want to give a specific group additional outbound traffic permission (e.g. SSH or FTP), I would have to essentially configure the entire Firewall ruleset on the group policy again?    Thanks for your feedback guys.   Regards,   stockster     ... View more

Re: Enabling multi factor authentication after admins are created

by in Dashboard & Administration
‎Apr 17 2019 2:00 AM
‎Apr 17 2019 2:00 AM
I assume if the password currently set does not comply with the new rules, it would instruct the user to change it accordingly as well?   Regards,   stockster ... View more
© 2024 Cisco Systems, Inc.