Is there anyone with experience setting up site to site VPN links between an MX and a Fortigate? I am familiar with and have used the guidelines in Meraki's KB dealing with 3rd party VPNs. I am having no luck at all still. Any insight would be much appreciated. Thanks. ... View more

Hi all, We recently replaced and MX60 with an MX67 for a client or ours. Ever since then the client VPN will no longer authenticate via AD authentication. I can flip it to Meraki authentication and it works fine though.   I re-verified my client VPN settings are correct. I even check the DC certificate in case it was some sort of TLS issue, but the certificate is fine. I setup the DC on the Active Directory Authentication page to see if that would produce an error but it connects fine with the green checkmark status.   The issue was even escalated to the meraki development team to look into. They states they are able to see is that the AD server is attempting to create a TLS session with the Meraki device in a way which is not compatible, however, we are unable to do further troubleshooting from their end. Next troubleshooting steps would need to be done on the AD server itself.   If this is an issue with the AD server, why would it crop up out of the blue when the firewall was replaced? Makes no sense to me yet. ... View more

Does anyone know if there is a way to restrict client VPN connectivity to allow only specific computers, when it comes to Meraki? Is it possible to do this with RADIUS perhaps?   I have a client that has a policy to only allow AD domain joined computers to connect to the VPN, and if Meraki/RADIUS/?, can do this I would like to sell them on Meraki. They are currently using a Sonicwall TZ400 for their firewall and an SRA1600 vpn appliance of which handles the required setup currently itself.   Thanks,   Ryan ... View more

Had anyone ever done this before? I cannot find any info on this at all. ... View more

Has anyone heard whether Meraki is going to update their client VPN capabilities so that they are able to meet compliance standards. I have a client that just had one of their audit completed, and of course it failed due to their MX only being able to support IKEv1 aggressive mode. They are looking to replace the MX now with a brand that can meet  compliance. Would have thought Meraki would of had client VPN that would pass an audit taken care of by now. Pretty disappointing. ... View more

Is it me or does it seem unusual that the bandwidth limit is only 250Mbps for MX64/65 security appliances? It just seems artificially low. I have some smaller clients that have 1Gbps fiber now, that only have between 10-20 devices, and they cannot even use their bandwidth fully, unless they were to get an MX250....again for less that 20 client devices.  Seems a bit ludicrous. I should be able to set the bandwidth to a full 1Gbps, since the WAN port is a gig ethernet port. I can do this on z1's. Why not MX64's? ... View more

- Multi factor / one-time password authentication capability. - Stronger everything security-wise: AES encryption, anything better than SHA1 IKEv2, etc...AND configurable with however I would like based on my needs, not stuck with just one way of doing it ike we currently have.   These really have to be huge requests I imagine, especially for compliance needs. I really do hope this is already on the Meraki roadmap for their MX firmware. ... View more