Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Ryan-Zimmerle
Ryan-Zimmerle
Getting noticed
Member since Oct 12, 2017
Nov 17 2017
Sandpoint, Idaho
Community Record
35
Posts
27
Kudos
2
Solutions
Badges
Nov 15 2017
12:06 PM
3 Kudos
The Challenge Question: Globally malicious web activity has morphed into a multi-billion dollar industry, threatening organizations large and small. How have you seen organizations leverage Meraki’s advanced security tools to combat emerging threats? The Challenge Response: Advanced Malware Protection (read more) and IPS/IDS (read more) are the features that immediately come to mind when thinking about combating malicious web activity. Furthermore, Meraki in June of 2017 released support for Threat Grid (read more), this add-on strengthens the advanced security tools portfolio. Lastly, Meraki has other features such as content filtering, identity based firewall, layer 3 rules, layer 7 rules, ACLs, and others that help organizations in this capacity that may not be "advanced security tools" but are still helpful in the fight. What I love about these three advanced offerings (AMP, IDS/IPS, and Threat Grid) is that Meraki allows organizations to deliver ubiquitous protection to combat emerging threats, and best of all, sticking to the mission statement, we now have cloud managed security tools that simply work! This simplification of powerful security tools has allowed organizations to deploy protections where the users may have previously been left in the dark due to various barriers such as, technical know-how, budget constraints, and systems management overhead. Organizations now have the freedom to focus their passions rather than spending time worrying about these threats and tools, Merakified* security! *(v. past part. merakified) to add soul, creativity or love to something, improving its performance through innovation, simplicity and flair!
... View more
Oct 20 2017
1:05 PM
I agree with @Dashboard_DJ that does not appear to be expected behavior. I do not see this when making firewall changes to MR devices I would expect the same for the MX.
... View more
Oct 20 2017
12:22 PM
1 Kudo
Hello @ADeclue I created a dummy Yahoo account and set this account up on my mac using Mail connected to Yahoo IMAP servers. We are running MR42s with MS switching along with an MX security appliance. We are running all the latest stable firmware with the exception of the MX, its on MX 14.15. Our WLAN clients are part of the network (bridge mode) and we do not use Meraki DHCP. We are blocking L7 P2P, we have AMP turned on and we are also running IDS. All in all, given all of the above I was not able to replicate the issue. Is there something upstream if the MRs that could be responsible? Ryan
... View more
Oct 20 2017
12:14 PM
@PhilipDAth I think you are correct on the specs. I would also add the MR42 supports AC Wave 2, had a dedicated scanning radio, just to name a few more. I agree with you here, where possible I try to deploy an MX as a dedicated security appliance and use MRs for the wifi needs.
... View more
Oct 20 2017
12:03 PM
@MAG Those are the correct stable firmware versions at this time. On the firmware upgrades page, select the wrench and you can add additional columns that are helpful for our ORG, maybe yours too. We are running the current stable MR and MS versions, however we are running MX 14.15. We have not experienced any of the issues your mentioned to date. Perhaps roll back to latest stable? Ryan
... View more
Oct 20 2017
11:49 AM
I would just echo the comments of @Chris1775, getting the MX out into a DMZ area will resolve the issues you are having.
... View more
Oct 20 2017
11:44 AM
We have a couple of the MX65w's running at a few remote locations. Unfortunately I cannot speak to the issue at hand. For me I was left feeling that the build in wifi on the MX65 was no where near what the MR42 could offer. Having said that we hung an MR42 off the MX with a PoE injector, that configuration works really great for us.
... View more
Oct 20 2017
11:41 AM
Perhaps this is Meraki doing your users a favor, every single Yahoo email account / user has been compromised. 🙂 http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html In all seriousness, there may be something in your Firewall and Traffic Shaping rules if not I would look towards the logs. We have a deployment for 20 or so MR42s covering about 800 users, I have not received a complaint regarding Yahoo mail and I assume there are users still using it on our campus.
... View more
Oct 20 2017
11:34 AM
1 Kudo
Is this AP using a power adapter or getting power via PoE? Ryan
... View more
Oct 13 2017
2:49 PM
1 Kudo
Adding on to what @WadeAlsup and @PhilipDAth mentioned, you may look into solutions that are designed for a VDI environment.
... View more
Oct 13 2017
2:32 PM
1 Kudo
Hello @CarolineS, Thank you for jumping in here and letting us know, so nice to have some Cisco Meraki presence here.
... View more
Oct 13 2017
1:41 PM
3 Kudos
@Jack I am not sure what it was removed, there was nothing in there that was a privacy concern. Anyway, earlier I was testing with a Win 7 box, when I tested with a Win 10 box, bam right away Windows Update broke. I am running MX 12.24 on this MX 100, I moved the client over to my MX 250 running MX 14.XX and right away the updates started working. I can confirm there is an issue here and I was able to replicate it exactly as you described. Ryan
... View more
Oct 13 2017
1:23 PM
@Jack I wrote out a really lengthy reply and added screenshots, it now disappeared or was removed, did you get a chance to see that reply?
... View more
Oct 13 2017
12:56 PM
Hello Again @Jack I have a spare MX100 running 12.24 that I reset back to factory and I enabled AMP and IDS like you have, see screenshots. I also added the L7 rules you mentioned above. I happen to have an extra connection to the outside world with a public IP, so there is not a double NAT taking place here. I had no problem fetching updates from windows update servers or adobe updates. if this traffic was getting grabbed by IDS or by AMP, there would be a log of that event that is easy to find the in security center. This very much sound like an issue with Content Filtering, more specifically IP/URL reputation as @PhilipDAth mentioned. "In firmware version 13.3, URL reputation was prioritized over IP reputation, as opposed to IP reputation being the deciding factor on previous firmware versions. If, for some reason, the IP has a different categorization then the URL, the client could be allowed through." I can tell you that I am running MX 14.15 on an MX250 and I have not been adversely affected by this beta firmware in a production environment with 1000+ daily clients. "If a client is being blocked from accessing a page, the easiest way to tell whether content filtering is blocking the traffic is to check your Event Log. When looking at the Security Appliance's network in the dashboard, navigate to Network-wide > Monitor > Event log. To help narrow down the scope, the event type 'Content filtering blocked URL' can be included in the 'Event type include' field." I hope this helps. Ryan
... View more
Oct 13 2017
12:31 PM
@Jack May I get a screen capture of your content filtering and layer 3 / 7 rules? You are running MX 12.24 correct? Ryan
... View more
Oct 13 2017
12:06 PM
Hello @Jack I have an MX100 sitting as a cold spare to our MX250. I will fire this up and create a test network and try to duplicate the issue. When we had the MX100 in operation AMP was grabbing Console8 updates as malicious. I am assuming AMP is enabled and what are you IDS settings? Prevention and Balanced? Just want to duplicate your settings here.
... View more
Oct 13 2017
11:55 AM
This sounds like you may beed to look at the option of an external captive portal. Perhaps these links are helpful. https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Overview Ryan
... View more
Oct 13 2017
11:23 AM
Thank you for the additional detail, that is very helpful. What I gather is you are attempting to archive the statistical data for clients for a period of 1 year. This likely includes the detail data for the client in terms of what resources they were accessing. This is a good question, I don't know if I have a solution off the top of my head. I am betting this will end up being something that can be solved using the API. I know that Cisco Meraki is investing in the developer community and the API.
... View more
Oct 13 2017
11:02 AM
2 Kudos
My personal knee jerk reaction here is that you will spend more time managing a non-standard implementation than anything. If you put a dollar figure on the time it takes to manage this solution, Im betting in the long run going VPP will save you time and as a result money. The other thing I might mention, VPP with SM scales, where as if you try to scale 20, this solution does not scale. I don't have all of the details here honestly and I could be totally off base. I just know from experience at my organizations, I take the Meraki approach, Simplify IT. I hope this is somehow helpful. Ryan
... View more
Oct 13 2017
10:55 AM
A description of the use case and the problem you are attempting to solve would be helpful here.
... View more
Oct 13 2017
10:43 AM
1 Kudo
Perhaps you are attempting to push an outdated version of the app to the devices in MDM. When you open up the app details, by clicking, Systems Manager > Apps (Under MDM) > click on your app. Does the app version on this page match what is in the iTunes store, see screenshot. Regardless I would click the refresh details button, see screenshot. Let me know if this helps. Ryan
... View more
Oct 12 2017
10:50 PM
In an environment where I have many APs where I have planned for density, many times I will only broadcast 2.4 on a handful of the radios to make use of the limited channel availability and RF considerations. It sounds like you need to leave 2.4 enabled, in that case do you need 2.4 enabled on every AP? Also, are you band steering clients over the 5 GHz, I would enable that if you have not already.
... View more
Oct 12 2017
10:46 PM
3 Kudos
Hello @GoMurica When thinking about density, I always try to think about having more smaller cells rather then 1, 2, or 3 large cells. It may sound counter intuitive but turning the signal strength down may help. Think of it this way, imagine in that same space each AP that is mounted is a loud speaker. If each and every loud speaker is running at max volume, you will have a hard time making out any one message from the speakers. If you turn all of the loud speakers down, as you walk through the room the speaker closest to you becomes more clear and you can make out the message. The above analogy should not be confused with interference, RF utilization, just encouraging roaming if you will, the client has to have a reason to roam and that comes down to signal strength. A few other questions I might ask are: 1. The APs are using different channels correct? 2. Are you using both bands and are you using band steering? 3. Is 2.4 needed on every radio if used at all? Are you only using 1,6,and 11 for 2.4? 4. How large is the space? 5. Are the APs mounted 25ft or higher in the air? 6. What kind of client density are you noticing per AP on average? 7. How many APs do you have in the space? To answer your question you cannot put a cap on the amount of clients. Ryan
... View more
Oct 12 2017
10:26 PM
4 Kudos
Here is my take on the MV and PTZ, take this with a grain of salt, my logic here could be totally flawed. I do not see Meraki releasing a traditional PTZ option, here is why. Merkai has consistently been the type of company to not do what everyone else is doing, but to disrupt the market with products and technologies that are superior in addressing specific needs. I imagine the Meraki team is looking at this more from 30,000 ft and trying to understand what specific needs are driving the demand for PTZ, multi lens, 360, fish eye, etc, and then they will Merakify it. I would imagine there will be an awesome single sensor product kicking around R&D at Meraki HQ that will help address the demand for PTZ, 360, and multi-lens. Ryan
... View more
Oct 12 2017
10:15 PM
1 Kudo
I was told day before last at a Meraki event in Spokane the following is required for Direct Streaming. 1. Endpoint and MV are behind the same NAT device. 2. The endpoint has an IP route to the private IP of the MV. 3. There must not be any layer 3 firewall rules that block interVLAN routing between the endpoint subnet and the MV subnet. Direct Streaming can also happen when the endpoint is either on the LAN or connected via VPN. If the stream is taking place via the Cloud proxy, you will see a cloud symbol in the bottom left hand corner of the video feed window.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 34284 | Oct 13 2017 1:41 PM | |
| 9098 | Oct 12 2017 10:15 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 4 | 14578 | |
| 3 | 35293 | |
| 3 | 34284 | |
| 3 | 7472 | |
| 2 | 10680 |
© 2024 Cisco Systems, Inc.
