- About NSGuru
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
NSGuru
Getting noticed
Member since Apr 5, 2018
a week ago
Community Record
42
Posts
18
Kudos
0
Solutions
Badges
10-18-2018
01:19 PM
1 Kudo
Do you utilize Meraki to Meraki VPNs as well? Just curious. It does appear to be what @PhilipDAth stated. But another issue ive had is you must limit the non meraki VPN to the specific network you want and you also cannot have subnets set to yes on your VPN settings to share if the non meraki end is not setup with them on their phase 2 selectors as well. If you do have this the meraki will constantly have issues with Phase 2 due to the Meraki trying to share subnets with the non meraki peer that it doesn't know about.
... View more
10-18-2018
01:15 PM
Older firmware i have had buggy AMP. I actually spoke with a representative at one time who told me they were making big changes to AMP because at one point in time the Whitelisted URLs did not actually work when and if in their and listed. One of the newer updates was supposed to help resolve those issues.
... View more
09-24-2018
03:27 PM
1 Kudo
@jdsilva I do want to redact my previous statement. I had forgotten that i built a group policy specifically for this clien(Spam Filter) I created the rule in the group policy it stopped sending or receiving from the blacklisted public IP.... and began sending through as another public IP. So now im working through stopping the malicious attacks in general. Its hard to lock down SMTP when you are an MSP and your clients are utilizing it as a relay.
... View more
09-24-2018
03:04 PM
@jdsilva earlier after setting the rule on L7 and outbound i believe that it was blocking the traffic after i built the rule. Im watching it again now though and i see no packets hitting that rule now.... Luckily i have IP reputation turned on for my Spam Filter so it knows the IP is malicious and blacklisted. But the logs are piling up because i cant get my meraki firewall to block this on the front end.
... View more
09-24-2018
02:51 PM
already had this as well. Sorry forgot to mention it. and i actually believe the layer 7 is still for outbound only as i can see the rogue device still hitting my spam filter. But i can see responses from my spam filter being blocked.
... View more
09-24-2018
02:36 PM
Has anyone had any grief with not being able to create inbound firewall rules. I personally have found this difficult especially coming from more traditional firewalls. It is especially frustrating today as i have clients utilizing our spam filter. and I've noticed a rogue "trying" to utilize it as a SMTP relay. (Immediately my first reaction is to block that specific IP on the firewall coming inbound to stop anymore packets from reaching the Spam filter. However Meraki does not permit this...) Or does it? Ive created an outbound rule and regardless of whether its hitting or not my spam filter wont respond back but it doesn't stop the logs from appearing of the device trying to connect.. Has anyone heard if Meraki will be allowing the use of inbound rules now in or in future. What is stopping them today is it just due to all the potential extra management work it could cause
... View more
The MX/s do not participate in spanning tree so it may be possible it was the cause of your issue. Just an idea as ive had issues with multiple uplinks going from MX to LAN if spanning tree isnt working properly.
... View more
09-17-2018
01:59 PM
Can you explain a bit further? If I am understanding your right you have 2 remote sites and 2 Main sites. You want to have it setup so that if Site 1 goes down the remote sites will all begin pointing to site 2 for all adfs? and what part of site 1 goes down all of it or just internet?
... View more
09-12-2018
03:55 PM
1 Kudo
Have you talked to Meraki support? This may be a known bug. I've run into this issue a few times where bright cloud and meraki are not syncing properly causing web filter issues. There fix was usualy a firmware update or to whitelist with a wildcard.
... View more
09-12-2018
02:27 PM
1 Kudo
It appears with Passthrough mode the same manner of what i mentioned before applies. You will build a route on the edge router to point back to the IP address of the Z and it will send the traffic over the remote site afterwards. Difference is that you will not be doing any NAT from the Z. Meraki documentation link for passthrough: https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z1_Teleworker_Gateway
... View more
09-12-2018
02:22 PM
1 Kudo
Does their current firewall have the ability to do routing? If so why not set the device behind the network. LAN and WAN (do not prefer to double NAT but it works.) After that give the Z3 a LAN IP address and setup a static route in current firewall for any traffic destined to the local LAN on remote office to the Z3 LAN IP address. Make sure site to site VPN is on for the Z3 and the other site as well. Voila you still are using your Verizon internet connection with the current firewall that is able to utilize the throughput verizon gives and if the client needs to reach their office they are able to as well as all traffic to the clients other office will be destined to the Z3.
... View more
09-12-2018
10:59 AM
It sounds like your best option if your MX is also acting as your switch is to do the following. Enable VLANs under routing of the addressing and vlans tab. (Make sure the current vlan is still setup properly afterwards, Check DHCP and make sure it is proper as it was before also.) Create a new VLAN/Subnet for this specific device. Change the interface that the device is connected to and give it the native VLAN of the new VLAN you have just setup. Setup DHCP also so the device grabs proper IP and DNS. After this and the device is up and working properly... You can then go into firewall rules and create rules to block the device/subnet from communicating to the other devices/subnet that you are trying to achieve.
... View more
09-12-2018
10:51 AM
Hi All, Not sure if this should go under Security or Network-Wide but im interested to see if anyone else has worked with Meraki on source based routing out through a VPN tunnel yet. (send specific subnet through IPsec VPN and out the other sites internet) Weve tried Spoke to Hub with default route to other network and it works great. (This is being used so that our clients phones keep the same public address so once an WAN outage occurs the VPN tunnel comes back up immediately on secondary circuit and allows the phones to continue going out using the same public IP address stopping the phone from having to re-register after 5 minutes.) Ive discussed with Meraki and it is possible to do source routing but they state it is in beta mode and we the administrators do not have the ability to program any of this as it is all done on the back end with a newer version firmware. My point to this is... Has anyone else tried this yet? Did it go well were there any struggles?
... View more
07-20-2018
11:14 AM
5 Kudos
Any update on Visio stencils. I dont see MX250 as a device in the stencils today.
... View more
04-18-2018
12:12 PM
Awesome! Thank you!
... View more
04-18-2018
12:10 PM
1 Kudo
If we want to talk about storage space for Meraki swag I have some at my office in Arizona haha 😀
... View more
04-18-2018
12:06 PM
@dmac What about setting up two factor authentication for that email to point to your cellphone and if a student needs access they must first request the two factor code from you? The code changes often. You will also want to setup in organization settings that two-factor authentication be set for the organization. This will make sure that the user cant turn it off and try getting in from somewhere else. For extra layer of security you can then add Login IP ranges so that the site you and the students work from is the only Public IP allowed to login to the dashboard. This is under Organization settings as well right under two-factor authentication.
... View more
04-18-2018
11:46 AM
Is there a way to had unanswered topics shown on the main page of the community when logged in?
... View more
04-17-2018
12:41 PM
@Zach Can you clarify what you mean by they are the same subnet on each side? What are the subnets and networks for each side today?
... View more
04-17-2018
12:17 PM
What type of MX are you using today? MX100?
... View more
04-17-2018
12:07 PM
@Griz Yea sorry I cant think of a good way to do it with a Meraki product. Im hoping they allow for a bit more customization of routing in the future on the Meraki firewalls and switches. I think the only reason they don't is it could cause major issues communicating to Meraki Cloud if not programmed properly.
... View more
04-17-2018
11:50 AM
Hi, @Griz What interface does the point to point connect to on the firewalls is it only a layer 2 point to point? In order to route (internet) traffic out the MX firewalls it must be connected to a WAN interface or so ive been told.
... View more
04-17-2018
11:46 AM
@smccloud. Have you already tried to reboot it by disconnecting and reconnecting to see if it can initiate connection to Meraki Cloud again? If so and that did not work try factory default. Factory Reset Button If the button is pressed and held for at least five seconds and then released, the MR33 will reboot and be restored to its original factory settings by deleting all configuration information stored on the unit. https://documentation.meraki.com/MR/Installation_Guides/MR33_Installation_Guide If all else fails call Meraki support (415)-937-6671 as you may have a faulty device. Please let me know the results im interested to see if the default works. Ive had APs do this a few times but factory default always seemed to fix the problem.
... View more
04-17-2018
11:29 AM
Hi @smccloud have you tried to factory default the device, are you able to tell if it’s pulled dhcp so it can get ip and gateway to get out? Is the ms220 communicating to the cloud?
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 5 | 16743 | |
| 2 | 799 | |
| 1 | 1026 | |
| 1 | 2659 | |
| 1 | 1966 |
