Meraki

Community

About DAlleman

Re: Content filtering to allow 1 website on WiFi SSID, but apple captive po...

by Meraki Employee in Security & SD-WAN
‎Apr 5 2024 7:27 PM
5 Kudos
‎Apr 5 2024 7:27 PM
5 Kudos
Hi @merakitrucker! I suspect it's due to Apple Captive Network Assistant (CNA). I can't find great documentation on Apple's side to explain the full process, but when a client connects to a wireless network, the CNA launches and sends a request to captive.apple.com. If it's successful, the device assumes it has network connectivity, and no action is taken. If it can't reach this website, the device will attempt to redirect you to a captive portal. I tested this in my lab and found the same behavior you explained, except if I select cancel and "Use Without Internet," I can still reach the internal IPs I am allowing and no longer receive this pop-up unless I "Forget This Network." To circumvent this, you can add a rule to allow access to 17.0.0.0/8, which will disable CNA. We cover some of this in our documentation for Device Posturing using Cisco ISE / Disable CNA.   ... View more

Re: MX Site to Site VPN with SonicWall Firewall

by Meraki Employee in Security & SD-WAN
‎Apr 4 2024 9:45 AM
1 Kudo
‎Apr 4 2024 9:45 AM
1 Kudo
1) We do not have any official documentation for creating a VPN with SonicWall. Still, any VPN that is not Meraki to Meraki is configured the same using the Non-Meraki VPN Peers guide. 2) For the MX platform, static routes are used to define subnets accessible through the MX LAN, so you cannot configure static routes over the Non-Meraki VPN. Any local subnet you have enabled on the VPN page of the Meraki dashboard will route to the Customer 2 subnets defined in the private subnet field of the Non-Meraki VPN configuration. 3) @jimmyt234 is correct; This is a tricky process, but it can be achieved: Tag-Based IPsec VPN Failover documentation. 4) I agree with @cmr; a simplified approach is using the Meraki-Auto VPN, which would require installing an MX at both locations.  If you run into any configuration issues during your setup or need further clarification on the MX VPN capabilities, I suggest opening a support case so we can review your specific configurations and provide solutions. ... View more

Re: API Call to /networks/[networkid]/firmwareUpgrades fails with "Invalid ...

by Meraki Employee in Developers & APIs
‎Apr 4 2024 7:47 AM
1 Kudo
‎Apr 4 2024 7:47 AM
1 Kudo
@etamminga We have a known issue affecting patch version upgrades specifically for MX node groups when called via the API. This is not impacting other nodes (MS, MR, etc.) or full version upgrades like MX18.208. In your example above, if you upgrade to "id": "2850" for MX18.208, the call will be successful. Please open a support case with us so we can track this issue and keep you updated with any developments. ... View more

Re: NAT Exceptions (BETA)

by Meraki Employee in Developers & APIs
‎Apr 3 2024 2:18 PM
‎Apr 3 2024 2:18 PM
@Swissipher Thank you for the suggestion, but you are correct; we do not have API functionality for this feature yet. This feature is still listed as a BETA option and requires assistance from Meraki support to enable it. You can contact the team directly for any suggestions and feedback at nonat@meraki.net.   ... View more

Re: Whitelist incoming IP address

by Meraki Employee in Security & SD-WAN
‎Apr 19 2023 9:45 AM
‎Apr 19 2023 9:45 AM
If what you are trying to achieve is an external scan of your environment and you have no NATs configured, then it's only going to scan the MX as that is all that is exposed to the internet. If you're planning to scan your servers or other resources then you will need to move the scan onto an internal host. ... View more

Re: Whitelist incoming IP address

by Meraki Employee in Security & SD-WAN
‎Apr 18 2023 2:15 PM
‎Apr 18 2023 2:15 PM
By default the MX is going to block all inbound traffic unless it was initiated from inside, so the scan would be blocked or only scan the public IP of the MX. Please reference either document below for further explanation: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_Appliances https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings   ... View more

Re: New MSP Dashboard not allowing cloning of Organizations

by Meraki Employee in Dashboard & Administration
‎Apr 5 2023 11:34 AM
‎Apr 5 2023 11:34 AM
Currently, our Development team is still looking into this behavior and investigating the root cause for it and how to implement a fix. Another known workaround: 1. Navigate to Organization "A" Source of clone 2. Navigate to Global Overview 3. Create a new Organization, cloning from Organization "A" ... View more

Re: HTTPS Issue has ben solved on L3 Switch and MX -firmware issu on 17 x V...

by Meraki Employee in Switching
‎Apr 5 2023 11:25 AM
‎Apr 5 2023 11:25 AM
Good catch! Networks that were using an incorrect tracking method resulted in security features failing to identify clients correctly on the newer firmware levels. Depending on if you use any layer 3 devices downstream of the MX, we recommend different tracking methods as outlined in the documentation Here. ... View more
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.