FYI, just had another one and support officially has notes of this now and they are converting any VMX licenses to the SEC level as the fix. Can't wait until the next renewal and having to fix it back 🙃 ... View more

My Meraki IDPS/IPS (ruleset: security) mistakenly blocked my internal DICOM traffics over VPN as a threat. I didn't notice them in the MX Events because the table is showing mismatched hostnames and IP addresses. I have to go into details under the hostname to identify the actual device which is being blocked. ... View more

Gotcha. I missed that part. That part is controlled by Cisco/Merkai for the version and download links. If its not the right one that you are looking for then, you dont have a choice but to get the contract issue fixed so you can get the latest version. You could also open a case with Meraki and see if they can update the links, or manually provide you with the fixed version that you require.   WIthout having all of the info for your SMB problem, since you know the LAN speed is good, I would get a case open with Meraki as well with the VPN speeds. It seems like the firewall is the bottleneck again since the LAN speeds are good. 5MB/s is very slow. It could be TLS vs DTLS, or a border device is blocking udp/443 for DTLS etc. Support would be the best recourse here since they have way more insight to the settings etc than I would. Its likely going to require packet captures on both ends (MX and end user) to see what is happening in the PCAP to determine where the issue lies. It could be asymmetric routing and so on. I'm just speculating, but you said other protocols are fine so I doubt it would be that. 100% guessing on the MSS, UDP vs TCP etc. I have seen this slowness before just on SMB because it was not using DTLS (udp/443) and using TCP/443, but I would still expect better than 5mbps. ... View more

As an update, downgrading did not fix the issue. I had a spare MX250 just to test on a different platform, and it does not work either with both 18.x code .2 and .4 patches, as well as 19.x firmware. I cannot go back further than 18.211.2. The MX250 was on 16.x code from 2020-2021, so it upgraded to org code, and I cloned my prod network to this one to retain all settings. I thought maybe something was off, so I factory reset it to make sure there was nothing lingering. I also turned off AMP/IPS/URL/GEO just to make sure nothing was interfering with the connection.   Maybe someone else can test this and its just a mistake on my side. WAN1 port forwarding works fine (WAN1 is my primary uplink). WAN2 port forwarding will not work. It gets a random port and not the port that its supposed to use. I have the ports I want forwarded setup, and I have the SD-WAN polices set to route all traffic (outbound) from WAN2 from that device, so inbound and outbound should be going over WAN2. All traffic is allowed, and the device is listening on that port.   I can see from the application that it is in fact using WAN 2 outbound so I know that works. However its getting a random port on the WAN2 (for example its supposed to use 3000, but gets 28437 from WAN2 public), but the device is using port 3000 inbound/oubound.   For example with the configured settings: Expected flow WAN2 public IP 1.1.1.1:3000-->172.16.1.1:3000   Actual flow WAN2 public IP 1.1.1.1:28473-->172.16.1.1:3000   WAN1 is correctly forwarding the port with this same configuration. I should also mention that I also setup 1:many NAT with the same results. I cannot do 1:1 NAT because WAN2 is a DHCP single /32 address and it will not let me do that. ... View more

I just found out the hard way that there is a bug in the licensing where the Z4 are not supposed to follow the org highest licensing level. I.e. Your MXs are SD-WAN but your Z4 is ENT. Its supposed to work that way where you can mix and match. However due to this bug, you cant add it with a lower license level and you need to call licensing. They will convert whatever you bought for the Z4 ONLY to whatever your org licensing is until they fix this issue. ... View more

Hi ,   This was also reported. Meraki is aware of that , they are going to fix the documentation. ... View more

Wanted to follow up here. We received the below message from Meraki today. I verified that the search was working. With the working search, we could see that one of our internal domains is being flagged as "Advertisements", which we block. Yesterday, it wasn't showing a category in the Meraki "event log". It is now showing the "Advertisements" category on any domain or subdomain using that internal root domain. We do own the domain, so we are not sure how it was flagged as "Advertisement" as it's not used externally. Response from Meraki: Thank you for your patience as the engineering team has been able to work on providing a solution. I received word from the Engineering team that this issue has been resolved. ... View more

My understanding is that the Meraki device is listening for that DNS request. If you have a DNS server running like AD DNS on your network, you could create a forward lookup zone for my.meraki.com, or mx.meraki.com etc. and point to the clients to that DNS server which will fail to load anything. Thinking outside of the box, but have done this in the past as a quick way (without web filtering) to block entire domains. This obviously only works if you restrict the clients DNS to your DNS server. Otherwise they can just change it to something else and would work globally. ... View more

Hi @JuanBn2n - you can see updates for the current outage here: https://community.meraki.com/t5/Dashboard-Administration/Hosted-Services-Issues/td-p/125510   Cheers! ... View more