Greetings   Wondering If I am missing something obvious here so excuse me if that's the case.   Is is possible to resctict the scope of a security policy to a device group using tags? In my dashboard, when I create a security policy, it is applied to all devices...   Shoud I use the Security policy mappings setting under System Manager -> ISE settings? If so, excuse me for my ignorance but I don't understand why this setting falls under the ISE settings, so I haven't tried it yet in fear of messing up something... (we don't use the ISE SCEP Wi-Fi profile feature).   Thanks for your help! ... View more

Hey folks   I don't know if this situation is specific to my own organization, please bear with me ... When looking at the list of connected devices via the Meraki Client VPN (Network-Wide -> Clients -> clientType:client-vpn) the only info I can use to identify clients is their MAC address and a sm_1234567809@meraki.com domain address. That's the info showing up under the 'Description' and 'User' collumn respectivelly. Those clients get their VPN configuration via the SM. At the opposite, for manually configured clients added in 'User management' (Security & SD-WAN -> Client VPN) what's listed under the 'User' collumn is the 'Email (Username)' info from 'User management'. That is fine.   So is there a way to get the 'Device Name' to show up or anything else that would make the process of identifying the clients easier?   Thanks for your feedback! ... View more

Hello fellows   This is regarding the L3 firewall on group policy (on MX).   I want to isolate a client, only allow it to communicate to it's own subnet and to the WAN. -> From / to 192.168.1.0/24 and from / to WAN   The thing is, I have many subnets / vlans, so although having a deny rule to each subnet would work fine, I find it cumbersome and would prefer to avoid. So my idea is to: - Allow 192.168.1.0/24 (all ports / proto) - Block Any (all ports / proto) But I think that would also block the client from accessing the WAN. So my quesiton is: What destination sould I specify to allow traffic to the WAN? I already tried to use the public IP and the gateway, to no avail... maybe I did something wrong here? ... like not using the correct mask... you tell me Many thanks! ... View more

Hi folks I have two rules:     The second one DENY all traffic from subnet192.168.30.0 to subnet 192.168.10.0, and the first one ALLOW from host 192.168.30.31 to server 192.168.10.147:51414/TCP.   Right now, the ALLOW rule has no effect, I do have some very clear logs showing me that 51414/TCP packets are blocked because of the DENY rule: <134>1 1657686991.844793491 Meraki_MX100 flows src=192.168.30.31 dst=192.168.10.147 mac=00:50:56:BF:60:F3 protocol=tcp sport=36336 dport=51514 pattern: deny (dst 192.168.10.0/24) && (src 192.168.30.0/24)   Also, each subnet is on it's own vlan and I am not using any Group Policy on the vlans or the clients... Please, tell me what I'm missing here... Thanks! EDIT: Following Ryan_Miles's comment, I replaced the screen capture. ... View more