Thanks for reaching out.  I'll do my best to organize my response here:   1. No we do not have port forwarding setup for port 80 at any location. 2. You can view the MX's Remotely.  We'll need to get that restricted here as we do view remote when we have service issues at those locations.  Good news is sensitive info is password protected.  And aside from MAC info there isn't anything else to gain since you have to know the IP address to get to the portal anyway. 3. I discovered one of the hits was to an old decommissioned server NAT address.  The address is no longer in use and all of the config was removed from Meraki.  So it "Allowed" a connection to something that isn't there anymore... which is odd.    If they all hit at the same time I would be less worried, but it happened over the course of 5 days 1-3 sites each, all at different times.  Then went quiet and a week later saw it at a new site.  I thought about it being a traveling employee, but that much ground (multiple states) couldn't have been covered, nor the times of the alerts. ... View more