In that case I suggest you hire a Meraki partner company to help you. ... View more

Configuration Overview The following steps outline the required configuration (both in Dashboard and Active Directory) to allow for AD-based group policy application. Please be sure to follow each step as accurately as possible, errors can be difficult to diagnose and resolve. Create an Active Directory site for the MX so users authenticate against the correct Domain Controllers. Enable security auditing on Active Directory Domain Controllers so the MX can obtain all relevant logon events. Enable the Global Catalog role on each Domain Controller because the MX uses LDAP/TLS over TCP port 3268. Install a digital certificate on each Domain Controller for LDAP/TLS. Certificate Requirements for TLS Create groups in Active Directory which will be mapped to Group Policies in Dashboard. Add users to groups in Active Directory.  Configure Group Policies in Dashboard. Configure Active Directory Authentication in Dashboard. Create LDAP group to Group Policy mappings in Dashboard.   Multiple Language Server Support The support to query Microsoft Active Directory servers configured for non-English languages is presently not supported. This functionality is currently under consideration by the Product and Engineering teams. We do not have an ETA on implementation.   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances ... View more

You're right, I forgot about this part. ... View more

I use the ISE integrated with Okta and I never had problems, it works very well. ... View more

@PhilipDAth  But it will apply to all networks in the template, not just the specific one as requested. ... View more

It's not possible, but you can install a linux machine and set up the StrongSwan. ... View more

You can perform a LAB to confirm. 😉 ... View more

Take a look at the documentation.   https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roaming_-_VPN_Concentration_Configuration_Guide ... View more

I'm pretty sure this product was dis-continued. Have you talked with be Meraki sales representative? ... View more

Just to remind you that regardless of vendor, the AP looks for HTTP GET requests on TCP port 80 in order to redirect users to the Splash page. If Block all access until sign-on is complete is enabled for the Captive Portal Strength, and the user attempts to access a web page that uses HTTPS, the AP will be unable to redirect the browser to the Splash page because the web traffic is encrypted. Additionally, if the user attempts the access a web page that uses a different port other than TCP port 80 the connection will also be blocked. In either case, the user's browser will timeout. If this is occurring, verify users are accessing a web page using HTTP over TCP port 80.     I particularly don't like using Splash page because it is an open authentication without encryption (remembering that it is vendor independent).   So what can I say that this is not unique to Meraki, my suggestion is, if you want to raise the level of security use another wireless authentication method. ... View more

Everything that is applied to a template will be applied to the networks that are in that template.   So the answer is not, you need to create another template or remove the Network from the template. ... View more

I suggest you read this documentation.   https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN ... View more

Here https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Dashboard_Configuration ... View more

You can see all the steps on the link that I shared with you.   😉 ... View more

Only one license is required for an HA pair. The warm spare unit does not require a separate license. Alerts for warm spare failover can be configured on the Alerts and Administration page.     https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair   Didn't they talk about this at CMNA? ... View more

It will depend, I prefer to use rapid-pvst, but some guys in the community says that msi is better (I disagree).     ... View more

Yes and no, there are features that help the customer in deciding which AP to connect, but the decision is still up to the customer.   Unfortunately you can't confirm it. ... View more

In my opinion Cisco ISE is the best solution. ... View more

Are you sure that it's a Meraki splash page? ... View more

The datasheet has enough information about the products, you just need to be more patient and persistent.   I bet most people in the community learned it by reading the documentation. ... View more

I think you should have to perform a site survey first.   Or maybe you have to hire a specialist company or contact your Meraki sales representative. ... View more

It's no possible to configure NAT for non Meraki VPN. ... View more

Have you configured a public IP or private IP on MX Wan interface?   If it was configured with private IP you need to create a NAT policy,  if was configured with a public IP I suggest you to review the L2TP configuration.   Or Maybe you should have to open a support case. ... View more

You can check the APIs here.   https://developer.cisco.com/meraki/api-v1/#!get-organization-appliance-vpn-stats ... View more

It is recommended to configure only ports facing end-hosts as untrusted (Trusted: disabled). Ports connecting network devices such as switches should be configured as trusted to avoid connectivity issues. ... View more