Another interesting thing to know is which region this is happening in (you can see it in the bottom-left corner of the Meraki Dashboard).     ... View more

  The ISP should not have a working DNS resolver accessible from the Internet (one that responds to DNS queries from anywhere).  These are commonly used for DDoS attacks.  I hope the DNS resolver responds only to DNS requests from the customer.   See what Shodan reports: https://www.shodan.io/   ... View more

Note that Meraki Systems Manager is being turned off.  You should not do new deployments using this product. https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Product_Information/Meraki_Systems_Manager_EOL_Migration   ... View more

Next time this happens, can you report what shard you are on?   I wonder if Meraki is doing a rolling upgrade (since it has happened two days in a row). ... View more

In that case, you'll need to open a support ticket and request that they enable "SAML Group Policy for AnyConnect".  If they get stuck, point them to this thread. ... View more

I was one of those people in the early days who joined what @CarolineS started.  Those are happy memories. I got to visit Caroline, and even though she was very sick, she still came into the office the day I was there to say hello.  It's so long ago, I don't think she even had children back then (or maybe she was just getting started, it is a bit grey - Meraki community staff keep having babies).   While Caroline has since stepped back, @AmyReyes has done an incredible job taking up the reins. As the 'face' of the community, Amy has driven so many great initiatives that kept us moving forward. To the entire team—including those working tirelessly behind the scenes—you should be immensely proud of what you’ve built here. You didn't just run a platform; you built a legacy. ... View more

@DrDray , I appreciate that this is a "volunteer" effort on your behalf.  I wonder if it might be worth putting these on GitHub, so people can submit pull requests for updates (or maybe that is too dificult for the average punter, not sure). ... View more

Legend. ... View more

I believe it is GA now.  ... View more

I just learnt something new. ... View more

>AGREED! MILES 4EVA (I am not really cool enough to say "4EVA".... is that even the right way? Or is it "4-eva"? something else?   67 ... View more

I like the level of detail in the release notes. ... View more

You can often block an app by creating Layer 3 firewall rules that block all access to the DNS domains it uses.   I asked Gemini: What DNS domains does zalo web, zalo app and viber app use? I want to block them on a firewall. Here is the answer: https://share.google/aimode/drsf0hGROflLdqMT5   Note the "Firewall Blocking Tips" section at the bottom.  Except I would just block all IP traffic. ... View more

I don't know if it is documented anywhere, but I explain how to apply per group policies here. https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245513/highlight/true#M54881   ... View more

I only saw these options when I selected "Open".  I did not see them when I selected any other option. ... View more

Well done team.  I see there are three blank spots for more people in the future ... ... View more

No.  Once the WAN port is marked as down, no user traffic will go over it. ... View more

Also note that typically, you can only authenticate "member" users in your Entra ID.   You can authenticate Secure Client users directly against Entra ID (Access Manager is not required). https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration   ... View more

I tend to use fisheye cameras in the middle of the area to be monitored when it is too expensive or too difficult to use multiple directional cameras.   Sometimes I use fisheye cameras to show overall movement in an area and combine them with directional cameras pointing at the entrance/exits (you use these cameras to capture high-quality images of people's faces).   ... View more

Keep it in the family.  🙂   Cisco Umbrella could do it. ... View more

https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_with_Splash_page ... View more

The next thing I would try is to do a packet capture of port 53 and then start it up, and see if it touches any other DNS entries.   Also, watch out for it using hard-coded DNS servers.  I think it can use 1.1.1.1 and 8.8.8.8 if the normal DNS resolver does not work.  Access for clients to external DNS servers might need to be blocked. ... View more

If I set the authentication mode to "open" I see GPACL options.     ... View more

There is a guide for those who have lost the ability to login. https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Troubleshooting_and_Support/Support/Ways_to_Contact_Meraki_Support#Open_a_Case_Using_Webform   ... View more