Hi @PhilipDAth I been working with Meraki Support and We can confirm tht there`s two-way traffic and that we have all the Firewall Rules in my upstream firewall. But when we started to deploy meraki branches (1 year ago till now) I have been registering MR,MX and MX in each brach without problems. But we are a Financial Institution and we have to be aware about our firewall rules. And we deployed more than 100 branches with the NTP bloking in our Upstream Firewall. But now this is the issue bc MS cannot connect to the principal cluster in USA. So it tries to establish the M-Tunnel against the secondary cluster and to acompplish this M-tunnel needs NTP and It`s the port that we have deny in our firewall.... The issue now is that we cannot perform a rule to permit NTP with any any entries bc We are a bank. So we will try to modify our DNS entries to simulate a DNS Poisoning to resolve an internal NTP to the domain that MS tries to resolve the URL that uses to get NTP services....
... View more