Could we take a step back - what is the actual problem with Hatch.  A user goes to use it and "what" happens? ... View more

It sounds like pycharm in your environment doesn't have the typical set of trusted root certificates loaded.  I would Google in that area. ... View more

It might be worth checking out a commercial solution like Splash Access.  Their system is *very* nice. https://www.splashaccess.com/  ... View more

Try using my VPN Wizard to create a powershell script to create the VPN on Windows 10.  It sets several registry entries and might fix the underlying issue for you.   https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html  ... View more

The APs have been added to a network in the dashboard - correct? ... View more

The Microsoft VPN client is too much work to maintain and keep going.  I'd cut your loses and buy some Cisco AnyConnect licences.  It's rock solid. https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance  ... View more

Any chance you are using the MR46E instead of an MR46, and forgot to attach the external antennas? ... View more

Mgig would be nice, but you are going to have a total of 2Gb/s of Internet connectivity.   If each AP had a 1Gb/s connection, that is 40Gb/s of raw bandwidth - so there is already plenty of connectivity in the access layer to saturate the Internet bandwidth available.   I'm going to guess you'll have 250 or so users (assuming each user has up to 3 devices).  That is a ratio of about 6 or 7 users per AP - so you have plenty of APs.   I guess if you moved to 10Gb/s Internet in the future your peak throughput per AP could be limited.  Could you see that happening in the future? ... View more

I think (not sure) that this uses the default block message. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_the_Default_Block_Message  ... View more

Yes.  As soon as one side is asymmetric in response time, the whole TCP connection is asymmetric.   This may not be the problem - but back when my country use to still have DSL it was a common issue often helped a lot by enabling TCP timestamping. ... View more

Yes it does.  The Meraki management layer is not "baked in" to IOS-XE, but runs as a container on top of it.   Under the hood it uses KVM from Linux.  You (or anyone else) can use the same system to run code on top of IOS-XE.  It's the official way to extend functionality.   https://developer.cisco.com/docs/ios-xe/#!application-hosting-quick-start-guide ... View more

I don't know the answer.   I'm going to guess it is a restriction in IOS-XE when running containers. ... View more

Asymmetric circuits (like DSL) can cause issues with the default symmetric time calculation system that Windows uses.   For an experiment, try enabling timestamps on both a users machine and a server they are accessing: netsh int tcp set global timestamps=enable ... View more

That is very unfortunate.   Cisco TAC are better in this regard.   It might be worthwhile contracting a Cisco Partner to provide the enhanced support you are needing. ... View more

This is in the "Mobile Device Management" forum ... so I think it is talking about Systems Manager AD Configuration.   https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication#Active_Directory_via_SM_Agent  ... View more

I don't know for sure - but it should. ... View more

It is still a work in progress. ... View more

Are you using WPA2-Enterprise mode?  Can the AP talk to your RADIUS server?  Is the AP authorised in the RADIUS server? ... View more

Why would "Google" for users to install Systems Manager onto their personal devices?  What configuration or policy have you go forcing it? ... View more

If you have users "inside/outside" with performance issues - then it is probably the cloud service itself is having the issue.  If this is the case, then nothing you do on the client side will solve the performance issue.   If it is a web app, you could use Meraki Insight to monitor it - but that is all you can do. https://meraki.cisco.com/products/meraki-insight/  ... View more

I think you are asking if it is possible to create a static route where the next hop is a DNS name, rather than an IP address.   If this is the case, then the answer is no. ... View more

This document lists the requirements for the certificate: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances#Install_a_Digital_Certificate_on_Each_Domain_Controller  ... View more

You could create a startup task that deletes the global_preferences.xml file to stop the caching. ... View more