Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join nowAbout jimmyt234
jimmyt234
A model citizen
Member since Mar 3, 2020
Community Record
201
Posts
285
Kudos
21
Solutions
Badges
2 weeks ago
3 Kudos
My understanding is that the L7 Geo only blocks outbound initiated sessions, so whilst it will block inbound attempts to your NAT rules from those countries, it is only doing it because the response from the server gets dropped. Solved: MX GEO IP filtering on Port Forward rules - The Meraki Community EDIT: The documentation also states: "The Layer 7 Firewall can be used to block traffic based on the destination country of outbound traffic and the source of return traffic." MX Firewall Settings - Cisco Meraki Documentation
... View more
3 weeks ago
1 Kudo
No sorry, it is shared with a confidentiality notice - you should raise a ticket with Meraki support and they will send it with you.
... View more
3 weeks ago
Thanks for the heads up - we have just received the RCA from support after asking.
... View more
4 weeks ago
3 Kudos
Which licensing model are you on? If it is co-term then there is no individual network license, it is shared across all devices. Meraki Licensing - Cisco Meraki Documentation
... View more
a month ago
@MiriamK love the new look but we are still lacking a column/filter for the Org name the case is raised against. As an MSP with access to over 100 Orgs this would be really useful.
... View more
a month ago
Either NMVPN from every network to the 3rd party, or install a second MX into HQ, have the NMVPN from there and then static route to it from the main HQ MX.
... View more
Now on the Meraki status page: Meraki Status - EMEA Cloud Monitored Catalyst Switches appearing offline in the Dashboard
... View more
Yes - we are experiencing the same this morning. Interestingly out of 8 switches, 1 has recovered and is displaying online again but the other 7 are not. No feedback yet on our Meraki support ticket.
... View more
Apr 17 2025
1:10 AM
Sounds like you need to be ringing Meraki support and having them assist in getting your network back online.
... View more
Apr 16 2025
7:38 AM
2 Kudos
Just under the regular Network-wide>Event Log page, you can event type include for: Intrusion detection rules update
... View more
Apr 16 2025
3:54 AM
3 Kudos
We are seeing this across multiple customers this morning - snort related perhaps? It would be great if you could get something up on the Meraki status page too.
... View more
Apr 8 2025
3:05 AM
We have a greenfield deployment for a customer: Secure Connect, Azure vMX, multiple spoke networks spread across the globe. My question is around the integration of the vMX's into the design. They will be deployed as Hubs because we require eBGP to Azure Route Servers, but from what I am reading this then means that from a spoke deployment perspective they must have the Azure vMX networks as Hub priority 1 and 2, with the Secure Connect Hubs as 3 and 4. Surely this then means all spoke <> spoke traffic now traverses the vMX rather than Secure Connect, rendering any rules on the CDFW redundant and instead we would have to replicate them on the Site-to-Site outbound firewall rules page in Meraki? Is there a way I can avoid this, perhaps by having the Azure Hubs as picks 3 and 4 on the spoked and keeping Secure Connect as 1 and 2 (or would this simply not work??) I have raised a support ticket, but thought the community may also have some knowledge on the subject. 😊
... View more
Sounds like you just need to make sure your device is kept online for >30 minutes after an upgrade for it to be "safe"? 😕
... View more
Mar 20 2025
1:59 AM
You would need another MX to point the static route at, and have the NMVPN configured on that MX, as @rwiesmann was describing. If you use Secure Connect you can have a NMVPN tunnel terminate there and be shared by all spokes, but unless you're already in that ecosystem it would probably just be easier to get the 3rd party to create VPNs to every spoke network.
... View more
Mar 20 2025
1:54 AM
VPN Full-Tunnel Exclusion (Application and IP/URL Based Local Internet Breakout) - Cisco Meraki Documentation You only need the SDWAN+ license to do major application VPN breakouts, you can still do custom expressions (IP/DNS) with the non-SDWAN+ license. The major applications list is fairly short anyway:
... View more
Mar 19 2025
3:34 AM
There is nothing on the linked status page .. ? "All Systems Operational"
... View more
Mar 17 2025
1:13 AM
We tend to use templates for LAN/WLAN but for SDWAN it just lacks the flexibility to be useful. If more overrides were available (load-balancing I am looking at you) and the full L7 NBAR list then we would be getting somewhere.
... View more
Mar 17 2025
1:09 AM
Thanks @RWelch it is available on our shard now too, have just opted us in! We did try to ask support about early enablement / being on a shard that has it but that didn't go anywhere.
... View more
Mar 14 2025
9:48 AM
2 Kudos
Yes, this is now possible. Documentation: vMX NAT Mode Use Cases and FAQ - Cisco Meraki Documentation 2 useful threads: Configuring the Meraki vMX in Azure for Routed Mode with LAN/WAN Separation... - The Meraki Community Proof of Concept: Routed Mode vMX in Azure on MX 19.1 with Advanced Securit... - The Meraki Community
... View more
Mar 13 2025
1:22 AM
3 Kudos
What we have learnt over time is that you cannot trust the Meraki auto-updates to keep you updated and not have networks in "critical" status. You have to take ownership of the process (whether this be via API or manual).
... View more
Mar 10 2025
4:17 AM
2 Kudos
No - each device in the HA pair needs its own dedicated WAN IP. You can then optionally set up a VIP if you wanted too, from within the same subnet. As @KarstenI says - standard setup would be a /29 with 2 uplink ports from the ISP, this allows you to plug both your WANs into their equipment.
... View more
Mar 7 2025
1:58 AM
4 Kudos
Just to add some more weight to this, we have dozens out there in the wild and as far as I am aware none have experienced the reboot 'panic' issues that the MX75 has.
... View more
Mar 3 2025
5:07 AM
2 Kudos
This will partly come down to whether you are using Template networks or not, as when you chose what to upgrade (and presumably downgrade), all networks bound to a template are upgraded at the same time.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 549 | 4 weeks ago | |
| 863 | Mar 10 2025 4:17 AM | |
| 1293 | Feb 27 2025 6:39 AM | |
| 997 | Feb 21 2025 1:27 AM | |
| 624 | Jan 14 2025 2:06 AM | |
| 1092 | Jan 6 2025 12:32 AM | |
| 704 | Nov 25 2024 7:00 AM | |
| 2486 | Nov 5 2024 8:25 AM | |
| 679 | Nov 5 2024 5:54 AM | |
| 1643 | Nov 5 2024 4:14 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 8 | 775 | |
| 8 | 2299 | |
| 7 | 1293 | |
| 7 | 1439 | |
| 6 | 900 |
© 2025 Cisco Systems, Inc.
