Hello Guys,   I want to get your opinion on a case I have it below and want to know the best scenario/Practice for the design.   Problem description:- What is the Best Mechanism to trigger the failover between Palo alto and Meraki MX. What i meant, when Palo alto 1` is down, how the MX1 will know that Palo alto 1 is down and he needs to communicate with palo alto alto #2.   Any Suggestion?     ... View more

Hello Team,   I have two sites, HQ  and Branch... In HQ  we are using MR33  and in the Branches, we are using MX64W.   I have setup  Same SSID name and Preshared Key password in both locations (HQ, Branch).   the Scenario / Question:-  If the Corporate Users in HQ will be connected to that SSID then the same user move to the Branch location and try to connect to the SSID in the branch which should have the same name and same Preshared key as the HQ SSID , will that user be able to connect automatically without doing any authentication ?   It should be working, but i am a little concern about the way of the authentication as we have AP in HQ  and MX64W  in Branch could be an issue.    can you please advice?    Thank you  ... View more

Hello Gents,    I have a VPN between two Meraki MX,  which they have Enterprise licenses not  Advance License So the content filter is not available.   I am trying to apply a rule to block a domain name like "meraki.com "  in the Site-to-site outbound firewall under Organization-wide settings, but it seems Meraki is not supporting domain name in the Site-to-site outbound firewall but it is supported in the layer 3 Firewall.   for example     any advice?   ... View more

Hello Team,   + I have an HQ ( Hub ) MX 84  which is using WAN1 as a Public IP in WAN1 . + I have 5 sites  MX65 ( Spokes) have WAN1 (Public IP) connected to ISP1 ( cable connection 100Mbps)  and WAN2  connected to ISP2 as a Backup, those sites are all connected as auto VPN with the Hub.   + Those Spokes will be using WAN2 as LTE connection with a private dynamic IP as a Backup/failover when the Primary WAN1 will be down.   My Questions:-    1) Meraki can or cannot support double NAT if we use an LTE connection with a private dynamic IP?  2) any issues with the auto vpn when it will failover to wan2 which is using LTE connection with Private dynamic IP ?   Any Advice?    Thank you      ... View more

Hello, Gents, I am using a cellular (USB Modem)  as a backup connection and I have my Primary connection is a cable connection in WAN1.  I have a VPN connection with a Hub  Meraki  ( I am using the auto VPN ) .   If we have the active WAN interfaces went down, the 3G / 4G ( Cellular USB)  failover will kick in when  WAN connections fail, So my Question will be concerning the VPN,  Will the VPN will switch automatically to the Cellular  USB  if WAN  is down? I know they will be a 5-15 second as a down time But my Question will the VPN connection will be transfered automaticaly to the Cellular USB  if the WAN  goes down or there is a manuel action I need to do it or it will not be switch automaticaly.     Thank you      ... View more

Hello Gents,    I have an MX  and i am looking to find a way on  How we route internet and MPLS on the same port?    I think by using port 4 on Mx or adding a default route on Mx.    Port 4  is a Lan port. I meant any port in the MX  which is not WAN 1 or wan2.   Is this possible? any idea, please. ... View more

Hello, Team,   I need an advice about  Guest Ambassadors,  I give to one of my client Guest Ambassadors accounts but then it seems that type of privilege will only control users which have been created by guest Ambassadors only.    What I mean, when I log into the dashboard in Meraki, I not able to control /Revoke/block/whitelisted any Guest user who connects to my Corporate SSID or Guest SSID  OR any SSID   and was not created my Guest Ambassadors.   I am able only to control users which have been created by Guest Ambassadors,   Guest Ambassador is a limited Privilege user, which is able to control only users who were created by that guest ambassador. CANNOT revoke users in the SSID  which has not been created by Guest Ambassador, like If my guest connects to Guest SSID, then  Guest Ambassador cannot block/revoke him because  Guest Ambassador cannot control it only FULL ACCESS  do that.  CANNOT  block/deny  users in SSID  that was not created by Guest Ambassador, (only Full access do this )  do not have access to see / read  / watch anything in the Network  only one specific page  ( only Read only / Monitor only / full access  can do see details)  Cannot reboot/change any configuration,( ONLY FULL ACCESS  CAN DO THAT )   My Question  am I missing something or this is a limitation on that  account  ( i means this is how it work )    Thank you      ... View more

Did Someone had this issues? how to solve it? andy advise, thanks    I was doing some test using auto vpn  in Meraki  in a small topology  { Meraki 64 ( Branch )  -----MX 100 ( Hub ) ----- Non Meraki ( ASA /Fortigate ) }   Local network in  MX 64 (192.168.0.1/24) ( BRANCH) -----> (vpn) ------> MX 100 ( HUB) -----> non-Meraki (ASA/Fortifate) Network 172.16.0. 1/16)    + VPN work with no problem between Meraki Branch and Meraki Hub. + as well VPN was up and working between Meraki Hub and Non-Meraki device ( ASA/ Fortigate).   The problem was between the Branch Meraki and Non-Meraki,  I was NOT able to reach the network behind Non-Meraki in both directions from/ to the Branch MX64 , I mean from 192.168.0.1/24 in the MX 64  i cannot ping/reach  172.16.0.1/16  in the Non-Meraki device. & VPN is up and running ( ph1 and ph2 ).      I have been advised that We need to have a Meraki in the Far end before the None Meraki so it will be able to reach that Network.   Is this a limitation in the VPN?  do we have an alternative solution for this issues  ( I want to reach the far end remote end Network in  Is this a limitation in the VPN?  do we have an alternative solution for this issues  ( I want to reach the far end remote end Network in non Meraki device ( ASA/Fortigate)  from the Branch MX64   which is connected to the MX100 using VPN and the MX100 is connected to the None Meraki through a VPN also?. ... View more