Aww thanks @PhilipDAth!!!! You're going to make me cry 😊 @TyShawn thanks for checking back in!! No need to be sorry, life happens and we get busy. I'm glad to see you back! Totally understand the mixed feelings - change is hard. We definitely aim to keep the positive vibes and warm feelings going in our new home 💙 ... View more

That is how I do it now, but would rather perform NAC and its management via the Meraki portal. It just seems more efficient and logical to be managed in a "networking portal", and I honestly loathe Microsoft NPS.    Cisco charging an arm and a leg for a glorified radius server that just checks the validity of a certificate and group membership to grant access is ridiculous.  ... View more

The prices are a bit lower than ISE session licenses.  And I do believe an ISE like environment is running the radius services. They could of course do a little extra effort and provide full blown profiling and perhaps an optional native cloud PKI so you don't need to rely on MS Cloud PKI or SCEPman. ... View more

Questo di solito indica una mancata corrispondenza della durata di vita della fase 1 o della fase 2. Se i timer di rekey non sono allineati, il tunnel potrebbe interrompersi e non riuscire a rinegoziare. Inizierei controllando la durata di vita di IKE e IPsec su entrambi i lati. Controlla anche le impostazioni DPD e keepalive. A volte, timeout aggressivi causano la disattivazione del tunnel. Caspero Casino ti Casino Caspero offre un’esperienza di gioco completa e coinvolgente. I log su entrambi i dispositivi dovrebbero mostrare cosa succede subito prima dell'interruzione. Se tutto corrisponde, anche le versioni del firmware possono avere un ruolo. ... View more

The endpoint does not trust the Access Manager certificate which comes from IdenTrust. Read the ReadMe file in the cert download for CN matching restrictions. ... View more

Issue is resolved for me with MR 31.1.8 ... View more

!00% had the same issue  today on chrome and edge and even tried an incognito session. Clicking either link did nothing in any browser.       ... View more

Thanks everyone some good suggestions here. I wasnt aware of the DORI section. Cameras and their placement is a new area for me.  I am aware its an outdfoor camera for now due to the cold we are demoing the camera indoors. Im going to try and place it in a school lunchroom area in the middle to see how it works out.   ... View more

  The ISP should not have a working DNS resolver accessible from the Internet (one that responds to DNS queries from anywhere).  These are commonly used for DDoS attacks.  I hope the DNS resolver responds only to DNS requests from the customer.   See what Shodan reports: https://www.shodan.io/   ... View more

Note that Meraki Systems Manager is being turned off.  You should not do new deployments using this product. https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Product_Information/Meraki_Systems_Manager_EOL_Migration   ... View more

In that case, you'll need to open a support ticket and request that they enable "SAML Group Policy for AnyConnect".  If they get stuck, point them to this thread. ... View more

@DrDray , I appreciate that this is a "volunteer" effort on your behalf.  I wonder if it might be worth putting these on GitHub, so people can submit pull requests for updates (or maybe that is too dificult for the average punter, not sure). ... View more

When I say replicate, I really mean manually configuring it. Meraki isn't that complicated and doesn't have many settings. ... View more

I feared as much, I have a lot of device configured 9300s on 17.15.4 and thought perhaps I'd missed an in place upgrade somehow.   Hopefully it's coming soon! ... View more

Thanks you so much, I have done to block Zalo and Viber ... View more

>AGREED! MILES 4EVA (I am not really cool enough to say "4EVA".... is that even the right way? Or is it "4-eva"? something else?   67 ... View more

I like the level of detail in the release notes. ... View more

I don't know if it is documented anywhere, but I explain how to apply per group policies here. https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245513/highlight/true#M54881   ... View more

I only saw these options when I selected "Open".  I did not see them when I selected any other option. ... View more

For fun I have now played around with the "Microsoft Entra ID Integration with Splash Page" https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_with_Splash_page   - I know, not really Access-manager related, but still, people might want to know. You can authenticate using this method, using Entra External ID, but ONLY if you use the UID "email" as the username it seems ....  And those are usually ..... "smashhandontokeyboard-smashhandontokeyboard-smashhandontokeyboard-smashhandontokeyboard@external.onmicrosoft.com"  PS: The UID does not work with Access-Manager and EAP-TTLS ( I already tested 🙂 ). ... View more

Thanks, that was super helpful, and just the info I needed 🙂 Do you know if it will "allow" a smaller subnet to be recieved then the actual subnet permitted ? So, for example, I permit 10.10.0.0/16, but the router on the other end advertises 10.10.0.0/24, would 10.10.0.0/24 be accepted ? ... View more

Use Cloudflare Zero Trust.  It reliably breaks AnyDesk regardless of configuration 😉 ... View more

No.  Once the WAN port is marked as down, no user traffic will go over it. ... View more

There is also a book on Cisco Press called Cisco Meraki Fundamentals ... View more

This usually points to the same device presenting itself twice on the network, not two different devices. It can happen if a machine has both wired and wireless interfaces active at the same time with the same IP. Virtual machines or containers can also cause this if they bridge through the same MAC. Another possibility is a DHCP issue where the device briefly re-registers and the appliance thinks it is a conflict. Since the MAC is identical, it is likely a logging or detection glitch rather than a true conflict. I would check for dual network connections on that device and reboot it first. If it keeps happening, review your DHCP leases and see if that IP is being renewed repeatedly. ... View more