Typically the Public IP is assigned to the 5G device and those devices typically have 1, 2 or more "LAN" ports. Those 5G device LAN ports would be plugged directly into your Meraki MX or via L2 switch (5G Lan Port connect to Switch port, MX WAN Ports connected to the switch) with all of those switch ports being in the same VLAN and having private IP's in the same address space/vlan.  Your MX WAN configuration should have the Private IP of the 5G device as their Gateway.     So assuming your 5G device configuration as above, should be fine.  ... View more

Not sure about the VMware on Windows (Im assuming you are using VMWare workstation?). Did you try changing the MX Port settings for the port connected to this VM? Change it from Trunk port to Access Port (VLAN 30).  Im assuming you are changing the virtual machine (the same one) from VLAN 1 to VLAN 30. If that is not the case and you have a switch port uplinked to the Meraki make sure you have presented VLAN 30 over that. ... View more

We block the full threat categories list for multiple customers. Have been doing it for a few weeks with no issues....So far...   Sarv ... View more

Thanks Bruce ... View more

Thank you.  ... View more

Makes sense. Thanks ... View more

Thanks. I was hoping to avoid purchasing additional HW (Firewall) as each site would also need a FW. I knew about the single-arm VPN concentrator mode as this was the only solution available from Meraki prior to the ability of using static routes and active while next hop responds to pings. The client wont spring for additional HW. ... View more

Thanks. I will give the 2nd part of your solution a try. They will not have an internet breakout so both circuits connected to WAN ports will not be an option. Thanks again. ... View more

Wow Bruce you nailed everything without knowing our infrastructure, color me impressed. So my plan was exactly what you detailed out.   All Devices ===> MX LAN Interface (VLAN 100), the appliance would also have one of its interfaces on that same VLAN connected to the MX.   Branch Appliance over the internet ipsec tunnel to appliance at HQ ===> out to internet or internal VLAN's whichever the case may be. This ensures all traffic to/from that branch site is optimized.   Potentially I could connect a 2nd interface from appliance and run it back through the MX on another VLAN, lets say VLAN 200, the appliance would NAT the traffic using it VLAN 200 interface back through the MX but that seems counter intuitive to me.   P.S only a single VLAN currently at the branch location so its not too complicated and AutoVPN will be turned off for the site since all traffic will be routed through this appliance.   Thanks Sarvjit           ... View more

Perfect. I will give it a try. Thanks ... View more

I will give it a shot. Thanks Bruce. ... View more

Remote site has no broadband access available. Using LTE 4G for primary. ... View more

But I suppose its not going to let me create a static route for 0.0.0.0/0. So will have to add each IP accessed by the users individually? That wouldnt be possible, of course. ... View more

We are using the MX for FW, Content Filtering, Threat protection, etc. The third party appliance is for compression and TCP optimization. I suppose I can make the 3rd party appliance the default route for the branch site devices, or possibly use it as inline bridge mode so that all outbound traffic has to pass through the device before hitting the MX, and then the reverse inbound.   I wish Meraki would just bring back the compression/optimization features then no need for additional devices.   Thanks   Sarvjit ... View more

Not sure if this helps, we had similar issues on Windows 10 Native VPN client. The option I believe we had to set was to make sure all traffic was routed through the VPN (i.e no split tunneling).   Thanks Sarvjit ... View more

Thank you.  ... View more