Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Zimble
Zimble
Comes here often
Member since Dec 6, 2022
May 11 2024
Community Record
4
Posts
0
Kudos
0
Solutions
May 9 2024
5:25 PM
Yeah, so the title's a mouthful, but here's the gist: Android device managed by intune Anyconnect using Azure for authentication Conditional access policy requiring device to be managed by Intune to join Device is 100% compliant with Intune, user can VPN from any non-android device just fine, other apps work no issues I keep hoping they'll fix it, but it's literally been years. When you launch the Secure client from the work profile, it goes through login, prompts for MFA and then after auth MS isn't seeing the device as managed and tries to get you to set it up, but it already is. Whatever browser components its launching aren't coming from inside of the work profile, so it doesn't recognize the device status. I get that it's kind of an edge case, but I can't possibly the only person annoyed to crap by this. It used to work, then it just stopped. So my options are no VPN on the phone, or neuter the conditional access which isn't happening. Meraki really can't do much because its the client that's the problem, the request never hits the MX because it's being blocked by Azure. It seems to be launch Chrome from outside of the work profile because I can see open tabs, so I've disabled Chrome on personal and work profiles no joy. Installing chrome in the work profile doesn't do anything...it's a really stupid bug but it's Android so no one cares. Apple devices have zero issues. Any ideas?
... View more
Labels:
- Labels:
-
Azure
-
Client VPN
Dec 6 2022
1:38 PM
Obviously that's the best solution available, but it's a very crummy one. I can't be the only person annoyed at this very basic feature being missing. Adding an exception in Firepower/Fortigate/Sonicwall or anyone else takes about 30 seconds. This is a pretty frustrating shortcoming in the Meraki interface.
... View more
Dec 6 2022
10:49 AM
Most vulnerability scanners are checking on multiple types of assets, servers, endpoints, voip devices, printers...those are definitely not all going to be on the same vlan in a well designed org.
... View more
Dec 6 2022
6:44 AM
I'm running an internal vulnerability scanner in a network behind an MX appliance. We just turned on IPS/IDS and it's blocking all of the simulated traffic from the vuln scanner, which is great and what it should do, but my only way to permit this traffic is to either change the mode to detect only or exempt every single attack type the vuln scanner simulates, which would obviously not be a good route to go as it is not only time consuming but then leaves the IPS in a state where it is overly permissive. I contacted support and they confirmed there is no way to allow list a point of origin past the IPS/IDS. I simply can't wrap my head around that being a true statement. I can't be the only org with MX firewalls and a vulnerability scanner right? Also, if you have an organizational need to whitelist a detected event, your only option is to whitelist it regardless of source. Is Meraki IPS/IDS seriously this undeveloped? This is a very basic control in my opinion, how could this still be missing after all of these years? Here's a Reddit post from 5 years ago complaining about the same thing so I guess this is never going to be fixed huh? (1) MX64 - Allowing threat scanning : meraki (reddit.com)
... View more
Labels:
- Labels:
-
Firewall
© 2025 Cisco Systems, Inc.
