The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About NSGuru
NSGuru

NSGuru

Getting noticed

Member since Apr 5, 2018

‎06-02-2021

Phoenix, AZ

https://www.linkedin.com/in/nsedustinf/

Kudos from
User Count
ARaoufi
ARaoufi
1
mel-astrosat
mel-astrosat
1
silent
silent
1
Happiman
Happiman
1
RH6379
RH6379
1
View All
Kudos given to
User Count
misdial
misdial
1
CarolineS
Community Manager CarolineS
4
MerakiDave
Meraki Employee MerakiDave
1
Adam
Adam
1
chrismoses
chrismoses
1
View All

Community Record

46
Posts
18
Kudos
0
Solutions

Badges

CMNA
1st Birthday
First 5 Posts
First 10 Kudos
Lift-Off View All
Latest Contributions by NSGuru
  • Topics NSGuru has Participated In
  • Latest Contributions by NSGuru

Re: Layer 7 Allows rules Meraki MX appliances

by NSGuru in Security / SD-WAN
‎01-07-2020 08:07 AM
‎01-07-2020 08:07 AM
Nash,   What preemptive measures are you taking to secure your network? Maybe I am thinking this through the wrong way.One of my core reasons for utilizing Geo Filtering is because the amount of 1:1 and many:1 we are doing from our firewall. Unfortunately having these devices open has left them exposed to the world and leaves them open to a constant hammering. My security center reports show hits on a continuous basis and because of this it has brought me to Geo-filtering specific regions of the world which are utilizing systems to consistently hammer our environment.    I haven't found the U.S. to be a problem yet but when we do we will be sure to handle that as it comes.   Turning on Geo Filtering to protect our NAT statements is a way to increase their security from being hit from regions or countries where they are being hammered but that doesn't mean the firewall shouldn't be flexible to allow a few remote IP ranges from that country as long as you know and trust the IPs from that provider/vendor.  ... View more

Re: Layer 7 Allows rules Meraki MX appliances

by NSGuru in Security / SD-WAN
‎01-06-2020 04:11 PM
‎01-06-2020 04:11 PM
if this is the answer should it be acceptable? Theoretically we should be able to put remote IP range rules above the hierarchy of geo filtering Layer 7 rules  and the would take precedence over remainder of policies because it would see an allow and then let the traffic pass-through without it ever reaching the geo filter rule.    There are other firewalls with this capability today. I began to dig through the forums here as well and it appears this has been a requested feature for at least 2 years now.  ... View more

Re: Security Appliance Layer 7 Firewall Rules

by NSGuru in Security / SD-WAN
‎01-06-2020 02:04 PM
‎01-06-2020 02:04 PM
I second this motion is Meraki doing any dev work on getting a permit setup for Layer 7 rules?  ... View more

Layer 7 Allows rules Meraki MX appliances

by NSGuru in Security / SD-WAN
‎01-06-2020 01:49 PM
‎01-06-2020 01:49 PM
All,   I was wanting to inquire and see if anyone else has had this problem and looked for or found a work around or solution with Meraki. My problem is the following.    We are wanting to implement Geo IP filtering due to the continuous growth of cyber threats on our networks that we are facing. In doing so we would also like to allow specific remote IP ranges and/if necessary ports as well. The vendors we work with have publicly slated their IP ranges so that we can white list them unfortunately it seems like Meraki is limited in this endeavor as it does not have any L7 allow rules that can be built above the Deny rules to date.    If you have a work around to this problem could you please explain how you setup your environment to work around the problem I am facing    Any thoughts on this problem are much appreciated. I am trying to find the best way to tighten the security on my networks while also keeping flexibility with the vendors I have today.  ... View more

Re: Non-Meraki / Client VPN entries in event log

by NSGuru in Security / SD-WAN
‎10-18-2018 01:19 PM
1 Kudo
‎10-18-2018 01:19 PM
1 Kudo
Do you utilize Meraki to Meraki VPNs as well? Just curious. It does appear to be what @PhilipDAth stated. But another issue ive had is you must limit the non meraki VPN to the specific network you want and you also cannot have subnets set to yes on your VPN settings to share if the non meraki end is not setup with them on their phase 2 selectors as well. If you do have this the meraki will constantly have issues with Phase 2 due to the Meraki trying to share subnets with the non meraki peer that it doesn't know about.  ... View more

Re: AMP causes strange issues

by NSGuru in Security / SD-WAN
‎10-18-2018 01:15 PM
‎10-18-2018 01:15 PM
Older firmware i have had buggy AMP. I actually spoke with a representative at one time who told me they were making big changes to AMP because at one point in time the Whitelisted URLs did not actually work when and if in their and listed. One of the newer updates was supposed to help resolve those issues.  ... View more

Re: Inbound Firewall Rules please

by NSGuru in Security / SD-WAN
‎09-24-2018 03:27 PM
1 Kudo
‎09-24-2018 03:27 PM
1 Kudo
@jdsilva I do want to redact my previous statement. I had forgotten that i built a group policy specifically for this clien(Spam Filter) I created the rule in the group policy it stopped sending or receiving from the blacklisted public IP.... and began sending through as another public IP. So now im working through stopping the malicious attacks in general.    Its hard to lock down SMTP when you are an MSP and your clients are utilizing it as a relay.   ... View more

Re: Inbound Firewall Rules please

by NSGuru in Security / SD-WAN
‎09-24-2018 03:04 PM
‎09-24-2018 03:04 PM
@jdsilva earlier after setting the rule on L7 and outbound i believe that it was blocking the traffic after i built the rule.  Im watching it again now though and i see no packets hitting that rule now.... Luckily i have IP reputation turned on for my Spam Filter so it knows the IP is malicious and blacklisted. But the logs are piling up because i cant get my meraki firewall to block this on the front end.  ... View more

Re: Inbound Firewall Rules please

by NSGuru in Security / SD-WAN
‎09-24-2018 02:54 PM
‎09-24-2018 02:54 PM
exactly my concern!  ... View more

Re: Inbound Firewall Rules please

by NSGuru in Security / SD-WAN
‎09-24-2018 02:51 PM
‎09-24-2018 02:51 PM
already had this as well. Sorry forgot to mention it.  and i actually believe the layer 7 is still for outbound only as i can see the rogue device still hitting my spam filter. But i can see responses from my spam filter being blocked.  ... View more

Inbound Firewall Rules please

by NSGuru in Security / SD-WAN
‎09-24-2018 02:36 PM
‎09-24-2018 02:36 PM
Has anyone had any grief with not being able to create inbound firewall rules.    I personally have found this difficult especially coming from more traditional firewalls. It is especially frustrating today as i have clients utilizing our spam filter. and I've noticed a rogue "trying" to utilize it as a SMTP relay. (Immediately my first reaction is to block that specific IP on the firewall coming inbound to stop anymore packets from reaching the Spam filter. However Meraki does not permit this...) Or does it?    Ive created an outbound rule and regardless of whether its hitting or not my spam filter wont respond back but it doesn't stop the logs from appearing of the device trying to connect..    Has anyone heard if Meraki will be allowing the use of inbound rules now in or in future. What is stopping them today is it just due to all the potential extra management work it could cause ... View more

Re: Broadcast Storm Brought Down Entire MS120 Network

by NSGuru in Switching
‎09-24-2018 11:30 AM
1 Kudo
‎09-24-2018 11:30 AM
1 Kudo
The MX/s do not participate in spanning tree so it may be possible it was the cause of your issue. Just an idea as ive had issues with multiple uplinks going from MX to LAN if spanning tree isnt working properly.  ... View more

Re: Data center Fail over

by NSGuru in Security / SD-WAN
‎09-17-2018 01:59 PM
‎09-17-2018 01:59 PM
Can you explain a bit further?    If I am understanding your right you have 2 remote sites and 2 Main sites.   You want to have it setup so that if Site 1 goes down the remote sites will all begin pointing to site 2 for all adfs? and what part of site 1 goes down all of it or just internet?      ... View more

Re: Content Filtering

by NSGuru in Security / SD-WAN
‎09-12-2018 03:55 PM
1 Kudo
‎09-12-2018 03:55 PM
1 Kudo
Have you talked to Meraki support? This may be a known bug. I've run into this issue a few times where bright cloud and meraki are not syncing properly causing web filter issues. There fix was usualy a firmware update or to whitelist with a wildcard.  ... View more

Re: Z3 throughput / disable FW

by NSGuru in Security / SD-WAN
‎09-12-2018 02:27 PM
1 Kudo
‎09-12-2018 02:27 PM
1 Kudo
It appears with Passthrough mode the same manner of what i mentioned before applies.    You will build a route on the edge router to point back to the IP address of the Z and it will send the traffic over the remote site afterwards. Difference is that you will not be doing any NAT from the Z.    Meraki documentation link for passthrough: https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z1_Teleworker_Gateway  ... View more

Re: Z3 throughput / disable FW

by NSGuru in Security / SD-WAN
‎09-12-2018 02:22 PM
1 Kudo
‎09-12-2018 02:22 PM
1 Kudo
Does their current firewall have the ability to do routing? If so why not set the device behind the network. LAN and WAN (do not prefer to double NAT but it works.)   After that give the Z3 a LAN IP address and setup a static route in current firewall for any traffic destined to the local LAN on remote office to the Z3 LAN IP address.    Make sure site to site VPN is on for the Z3 and the other site as well.    Voila you still are using your Verizon internet connection with the current firewall that is able to utilize the throughput verizon gives and if the client needs to reach their office they are able to as well as all traffic to the clients other office will be destined to the Z3.          ... View more

Re: Device Policy - Blocked on MX

by NSGuru in Security / SD-WAN
‎09-12-2018 10:59 AM
‎09-12-2018 10:59 AM
It sounds like your best option if your MX is also acting as your switch is to do the following.   Enable VLANs under routing of the addressing and vlans tab. (Make sure the current vlan is still setup properly afterwards, Check DHCP and make sure it is proper as it was before also.)   Create a new VLAN/Subnet for this specific device. Change the interface that the device is connected to and give it the native VLAN of the new VLAN you have just setup.    Setup DHCP also so the device grabs proper IP and DNS.    After this and the device is up and working properly...   You can then go into firewall rules and create rules to block the device/subnet from communicating to the other devices/subnet that you are trying to achieve.  ... View more

Beta version source IPsec tunneling question (Meraki support programming on...

by NSGuru in Security / SD-WAN
‎09-12-2018 10:51 AM
‎09-12-2018 10:51 AM
Hi All,   Not sure if this should go under Security or Network-Wide but im interested to see if anyone else has worked with Meraki on source based routing out through a VPN tunnel yet.    (send specific subnet through IPsec VPN and out the other sites internet)    Weve tried Spoke to Hub with default route to other network and it works great.   (This is being used so that our clients phones keep the same public address so once an WAN outage occurs the VPN tunnel comes back up immediately on secondary circuit and allows the phones to continue going out using the same public IP address stopping the phone from having to re-register after 5 minutes.)    Ive discussed with Meraki and it is possible to do source routing but they state it is in beta mode and we the administrators do not have the ability to program any of this as it is all done on the back end with a newer version firmware.    My point to this is... Has anyone else tried this yet? Did it go well were there any struggles?  ... View more

Re: Visio Shapes

by NSGuru in Off the Stack
‎07-20-2018 11:14 AM
5 Kudos
‎07-20-2018 11:14 AM
5 Kudos
Any update on Visio stencils. I dont see MX250 as a device in the stencils today.  ... View more

Re: If there was one thing you could change here on the Meraki Community, w...

by NSGuru in Community Tips & Tricks
‎04-18-2018 12:12 PM
‎04-18-2018 12:12 PM
Awesome! Thank you! ... View more

Re: If there was one thing you could change here on the Meraki Community, w...

by NSGuru in Community Tips & Tricks
‎04-18-2018 12:10 PM
1 Kudo
‎04-18-2018 12:10 PM
1 Kudo
If we want to talk about storage space for Meraki swag I have some at my office in Arizona haha  😀 ... View more

Re: restricting viewing privileges to a specific computer

by NSGuru in Dashboard & Administration
‎04-18-2018 12:06 PM
‎04-18-2018 12:06 PM
@dmac   What about setting up two factor authentication for that email to point to your cellphone and if a student needs access they must first request the two factor code from you? The code changes often.    You will also want to setup in organization settings that two-factor authentication be set for the organization. This will make sure that the user cant turn it off and try getting in from somewhere else.    For extra layer of security you can then add Login IP ranges so that the site you and the students work from is the only Public IP allowed to login to the dashboard. This is under Organization settings as well right under two-factor authentication.  ... View more

Re: If there was one thing you could change here on the Meraki Community, w...

by NSGuru in Community Tips & Tricks
‎04-18-2018 11:46 AM
‎04-18-2018 11:46 AM
Is there a way to had unanswered topics shown on the main page of the community when logged in?  ... View more

Re: Site to Site VPN (Meraki to ASA 5510)

by NSGuru in Security / SD-WAN
‎04-17-2018 12:41 PM
‎04-17-2018 12:41 PM
@Zach   Can you clarify what you mean by they are the same subnet on each side?   What are the subnets and networks for each side today?  ... View more

Re: Watch data From port 2 to port 1 Like normal Wan works.

by NSGuru in Security / SD-WAN
‎04-17-2018 12:17 PM
‎04-17-2018 12:17 PM
What type of MX are you using today? MX100?  ... View more
Kudos from
User Count
ARaoufi
ARaoufi
1
mel-astrosat
mel-astrosat
1
silent
silent
1
Happiman
Happiman
1
RH6379
RH6379
1
View All
Kudos given to
User Count
misdial
misdial
1
CarolineS
Community Manager CarolineS
4
MerakiDave
Meraki Employee MerakiDave
1
Adam
Adam
1
chrismoses
chrismoses
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Visio Shapes

Off the Stack
5 91117

Re: help date licence mx100

Security / SD-WAN
2 2329

Re: Non-Meraki / Client VPN entries in event log

Security / SD-WAN
1 3442

Re: Inbound Firewall Rules please

Security / SD-WAN
1 7802

Re: Broadcast Storm Brought Down Entire MS120 Network

Switching
1 6765
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki