This would be painfull.   Have a look at ipsec tag-based failover and see if that suits your needs. https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover    Personally, I would avoid this configuration.  I would try and resolve this by putting in more MXs and using AutoVPN.  Even if you need to put an MX in at a partner site (in VPN concentrator mode - like a WAN router), because at least then you can use simple static routes between it and the partner. ... View more

You could try opening a ticket with Meraki to join the IPv6 beta, and then submit the feedback directly to the beta team. ... View more

Choose a transit site (data centre, head office, etc).   Put an MX from one org there, and a second MX in VPN concentrator mode from the other org.  Configure static routes between them for the other orgs sites and redistribute these into AutoVPN (for both orgs).   Voila.  Both orgs can now talk to all sites. ... View more

It's probably easiest to turn off AutoReconnect with the profile editor.       ... View more

From my experience, Meraki devices generate about 100MB of telemetry data per month.   So if you had an MG21E with an MX plugged into it for backup, I would expect to see 200MB of usage per month if the link is never used for actual data. ... View more

Yes we are using it.   Are the clients you are trying to track visible from 3 or 4 APs at the same time? Have you loaded a floor plan and put it on the map and the APs on the floor plan? ... View more

You could configure Windows 10 NRPT - DNS resolution policy.   Configure the policy to send voipserver.company.com to public DNS servers (like 8.8.8.8) and let everything use the default configured DNS servers. ... View more

Gave you got the IDS set to prefer security?  I would have expected that to block it? https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrusion_Detection_and_Prevention  ... View more

I think this might be the critical bit.   " Please choose the desired concentrator mode before the vMX deployment." ... View more

It'll have complications if Client VPN is enabled on the MX as well, as that uses the same initial ports. ... View more

It will be difficult to do active/active in Azure.   The easiest way would be to create two supernets for your spokes.  Put all the spokes in one Supernet on HubA as their primary, and all the spokes in the second supernet on HubB.  Then you'll be able to use an initial static route in Azure for each supernet.   This article is a close match. https://www.willette.works/active-active-meraki-sd-wan-headends/  ... View more

Done. ... View more

I don't know what to say - but the Azure reporting tool is wrong.  I wouldn't trust any data out of it. ... View more

Great effort team! ... View more

This feature is available in the new AnyConnect client support (you can specify both a default group policy for all AnyConnect users and do per-user overrides with RADIUS).  With AnyConnect being so much better - I can't see any work being done on the old client VPN anymore.  Also, AnyConnect is not very expensive.   https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance#Group_Policies  ... View more

I've tried attending virtual events.  I don't bother anymore.  It's too easy to go off task.  The phone rings.  A collaboration message pops up.  The events are often centred around a single timezone so you have to attend at horrible times of the day.  Events often place everyone on mute.  Limited chance to interact, ask questions and get feedback.  Getting a response to questions is often a lottery if the presenter decides to respond.   What to I miss - being trapped at the physical event so you can devote all of your attention to it.  Building personal relationships.  Drinks and food at the after event functions.  Stands, stores, and seeing and touching things. ... View more

Each Meraki device generates around 1Kb/s of traffic.  It would certainly not generate a TB of data.   What makes you think it has generated 1TB of traffic?   You'll need to do a packet capture to get a better understanding on what that traffic really is. ... View more

The branch sites - they have no direct Internet connection?  The "private fibre" is back to the DC only?   You are planning on using AutoVPN over these private links?   If the above is correct, then you'll be using this configuration: https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS    The MX100 in the DC would normally be used in VPN concentrator mode.  It's default route would point to the existing firewalls (or it could point at a core L3 switch) and that device would be responsible for the routing. ... View more