Direct Internet Breakout for specific applications like M365 can be performed automatically by using the SD-WAN Plus License. ... View more

So you're receiving these queries from the outside? Sorry, I'm not fully getting your point here. What are you trying to block here? Are you using Umbrella? ... View more

@cmr there was a Partner Download mailing on Wednesday where it was mentioned. ... View more

The end of sale notice for MX84 and MX100 went out today. That was really quick! 😉 ... View more

I'm pretty sure you can't do that but I never tried it either. ... View more

https://documentation.meraki.com/MX/Cellular/3G//4G_Cellular_Failover_with_USB_Modems lists all compatible USB modems. 5G is not supported from my point of view. ... View more

As far as I know, Umbrella Cloud OnRamp is possible with each license type.   Apart from that, your plan is well thought. Umbrella does a really great job to increase your security especially regarding TLS Interception. ... View more

It really had to be you too. Welcome, gentlemen!  👍 ... View more

AMP and Threat Grid @UCcert  ... View more

@UCcert I've received an email regarding that one a few days ago because my Org is actively using this feature. ... View more

The world wouldn't be the same without you guys. Shout-outs to you!  😎 ... View more

I'd say this is more of a "depends on what you want to achieve" than a best practice thing.   First and foremost, there must alsways be a single (with its warm spare) MX within a given network. Guess I'd create a seperate network for each vMX. ... View more

Well, I'd guess there could be an issue with your DHCP server. The IP address from your screenshot is a so-called "APIPA" address that's being used when a client doesn't have other ways to obtain a "real" IP address.   As soon as this IP hits your MX, it will take a look at its routing table and doesn't find that IP address range (or "thinks" this is located within your default route. Because of https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/IP_Source_Address_Spoofing_Protection it will prevent communication. ... View more

Great catch @Inderdeep! ... View more

No, you don't need a static IP address. AutoVPN is able to handle NAT perfectly...at least in >99% of all cases. 😉   Take a look at Automatic NAT Traversal for Auto VPN Tunneling between Cisco Meraki Peers - Cisco Meraki ... View more

I really hope to be corrected, but I don't think there's even an API endpoint for creating endpoints.   Perhaps the easiest thing would be connecting those clients to your network and change what's needed afterwards. ... View more

Even Microsoft itself has gotten to the point that expired passwords decrease security, therefore I'd leave that off. Used passwords is a two fledged sword, possibly I'd enforce those. Strong passwords are always a good idea. Account lockout should be set to prevent users from being brute forced Idle timeouts are a good things until they're set too low. I'd go with 2-4 hours Two-factor authentication is a must nowadays If you have the chance to provide fixed login IP ranges, these are also a good idea. ... View more

Whoa, you're really darn quick @cmr! I'm not even seing the new version on my Dashboard  🤔 ... View more

Internet -> MS120 -> MX250 -> Core                               ---------------->   Is that your setup? Sounds to me like you're building yourself a firewall bypass. From my point of view, MS120 should perfectly be able to contact the Meraki cloud without that one. ... View more

Most likely: yes ... View more

From my point of view, this wouldn't work with some kind of 3rd party setup. Guess I'd tackle this by using either an internal RADIUS server pointing its authentication twaords Google or something external like JumpCloud. ... View more