Just to put things in perspective when using MX and Umbrella without the roaming client; if you take the Meraki security solution and remove 3/4 of the monitoring and capabilities - you get what you have in Umbrella.     In your Meraki Dashboard: Network Wide/General - Set Traffic analysis to "Detailed" Security & SD-WAN/Threat Protection - Set AMP to enabled - Set "Intrusion detection and prevention" to Prevention and Security Security & SD-WAN/Content Filtering - Enable at least --Bot Nets --Illegal --Malware Sites --Proxy Avoidance ++ Everything else you think is not appropriate   Consider enabling Safe Search.  Also consider enabling the similar option for You Tube on the same page. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Web_Search_Filtering_and_its_Effect_on_Google_Apps_and_Google_Search      Everything about Umbrella sounds fine. ... View more

We had a very detailed question around the position & location accuracy of the Meraki Location API.  The AP's have been positioned correctly but we are not picking up customers inside the stores.  Mist has offered to look at the floor plans and pull out Meraki and install Mist systems to rectify this. Gary ... View more

Phil, not an amateur at this we have walled garden set up and has been working for the last 6 months. It has just changed in the last week. Gary ... View more

Any chance you have "deny local LAN" configured on your WiFi network? https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_Meraki_MR_firewall  ... View more

> Now, all of a sudden, a few DNS entries are missing from fileshares   What do you mean DNS entries are missing from file shares?  DNS is used for establishing a name to IP mapping, and file shares are used for - well - file sharing.  I don't get how they are related. ... View more

> Things go south whenever I plug a switch into the repeater.   Anything acting as a DHCP server plugged into this switch (or the switch itself)?  If so, they'll make the repeater think it is another gateway. ... View more

> the Windows agent needs to be reworked ASAP.   100% agree. ... View more

A packet capture usually highlights the issue. https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Packet_Capture_Overview  ... View more

To be honest when I first saw MI my immediate reaction was “this is a waste of development”.    I was on a Meraki quarterly webinar and they presented the below slide for “VoIP health which I feel will add value to customers.   ... View more

If you do not have a Linux machine handy, you could simply run command "ping 1.1.1.1 -n 30" on a cmd or "ping 1.1.1.1 -c 30" on a terminal and follow the same steps mentioned above, but make sure the laptop is plugged directly into LAN port of the MX. You could still use filter "icmp.ident == ident_value" to display interesting packets only. ... View more

How did you do it Sir? Our current setup is using 1 SSID and have different vlans. depends on the AD configuration on NPS.   and here goes the ISE that we just purchased and my boss asked me to utilize the ISE and integrate meraki with ISE. same as your example. how can i configure ISE to do this kind of setting? my group policies in Meraki of course is already done.   thank you in advance ... View more

If you hit F12 in your browser, and select 'console' (Not source), It will show you any errors, Meraki Support used these errors to help with some issues I had. It can give you a clue as to why something is not loading correctly   Packet capture will also show where things are trying to get to, but maybe not getting a reply, showing where the issue is lying ... View more

Good day! Just want to share this method its applicable on W10 user's i just recently apply this to one of our client. On your VPN network settings check allow these protocols and check Unencrypted Password (PAP) On the Windows 10 machine, open the registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent, make a new DWORD 32 bit value, call it AssumeUDPEncapsulationContextOnSendRule, give it a value of 2, then reboot the Windows 10 machine.  It should connect just fine. This one works for me ... View more

We came across the same issue and found bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq00652/?rfs=iqvred which was affecting our test results. ... View more

A bit about yourself & your work Working at Fortune 500 VAR - selling to Western Canada   Your experience with Cisco Meraki I sell a lot of Meraki - it is my go to solution for SMB clients, and some Enterprise clients   A fun fact about yourself I make short films in my spare time     ... View more

Hi, I have managed to sort of fix this....   I think my problem was that I had disabled the option for the iPads to remove the Meraki Management profile. This appeared to have the side-effect of removing the ability to update it as well.   To get around this, First I went back to the old certificate - luckily I had saved it & the old hard drive it was stored on! I set up a new profile with the removable option set to Yes. In the dashboard for each device I chose to unenroll device for each iPad (glad I only had 43 to worry about) Then I pushed out the certificate again Finally I visited each iPad to enroll them again.   So a pain in the neck but not as bad as rebuilding each iPad.   If anyone has any simpler method for next year, I would be grateful. ... View more

...and by the way: this rule section would not accept a "FQDN support" type of firewall rule -- neither by GUI nor by API! ... View more

Try 15.19, we are using the 15.x range for a production SDWAN for a 9 site 1500+ employee company and it has worked well. ... View more

@cmr I'm at the low level design/ building instructions phase of the design. So it will be while before I get my hands on the hardware. ... View more

Thanks for the reply, Philip, much appreciated.   The ambition is to have no inside server presence, so StrongSwan probably not an option, but I'm toying with the idea of relocating our Juniper SRXs when they're no longer required in our DCs, they would offer similar functionality.   But VMX is my preferred approach, will have a read and see if I can get all the stakeholders on board, and hopefully get some endorsement from Meraki to scale up that far - thus far they've advised us to run multiple VMXs, but that sounds like a little too much engineering to me.   thanks again Andy       ... View more