Hi @ksumann, Point 1 - As per Meraki documentation  - WAN appliances running MX 16.X+ firmware will use UDP Traceroutes over UDP port  33447 instead of ICMP Traceroutes, when users initiate traceroutes via the traceroute tool. While the Ping Live Tool is initiating a series of ICMP Echo requests to the designated IP.   https://documentation.meraki.com/MX/Monitoring_and_Reporting/Using_the_MX_Live_tools   Therefore, please make sure to check that the firewall rules are allowing ICMP upstream.   Point 2 - These fields control what services are available on the outside interface. When a service is set to "None", the appliance will not respond to requests of that type from the WAN. When it is set to "Any", it will respond to requests of that type from any source on the WAN. To specify certain IPs or IP subnets that the appliance should respond to, enter the IPs and/or CIDR subnets in a comma separated list. https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Denying_Inbound_ICMP_on_the_MX   Other useful documentation - https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Ping_Live_Tool   If you have any questions, please don't hesitate to contact us.       ... View more

I guess EA means Entra Application? But having an application for each org is kinda clunky and not user friendly.   To my knowledge, it is only possible to give one role per user. So this role needs to be present in all orgs the user should have access to. This role can have different permissions in different orgs.   BUT it seems completly impossible to "build" user permissions based on different roles. For each permission-org requirement, you need to create a new role. This could get complex if you have a lot of orgs and users. The reply url that needs to be configured points to a specific org. In order to work, the role needs to be defined in this org or the access would be denied. But if the user shouldn't have rights in this org you ether need to have a dummy org, containing all roles, or create a dummy network and give permission to it. This feels not like a clean solution. ... View more

Does anyone know if this is fixed in a newer version? Or is it safe so "disable" those packets with a firewall rule? Or is there another option to disable it? ... View more

Marvin,  Curious if you updated just the time field via the API, or all the elements?   i.e. for Networks scheduled for an upgrade, just modifying the time field for the nextUpgrade for a specific product?  i.e.  response = dashboard.networks.updateNetworkFirmwareUpgrades(     network_id,     products={'appliance': {'nextUpgrade': {'time': '2024-09-09T03:10:00Z'}}} )     ... View more

Can you validate numbers by putting a significant chunk of data through at a known time? A few large software images for instance. Then see how UI/API details compare.   Otherwise, I'd open a support case with exact details in case there's a problem. ... View more

Agreed!!  A simple remote proxy in the MX on the Tools page where you could select the WAN interface and use HTTP/S to configure / review a broadband modem would be such a great feature.   We have duel broadbands at each location, sometimes with the same broadband subnet / gateway.  So even getting on an internal PC and hitting the gateway IP unless you shut down one broadband (or radically manipulate SD-WAN traffic shaping) you can't control which broadband modem you will get.    We've made the same request several times.  Maybe getting some up votes in the community will help.  ... View more

Apologies, @DarkStar - sometimes our automatic spam filter is overzealous. Your post has been restored. Also, status.meraki.net now reports the dashboard being down as a known issue under active investigation (I believe this is separate from the issue with the "Get help & cases" page though). ... View more

There is no other way. ... View more

Same question, i'm searching for an API that is able to detect master/master, or split brain status. The workaround mentioned does not work for this. ... View more

- Network cloning The mentioned device settings are not preserved when cloning a network. For example we wanted to use the notes field for additional Information for our support crew. We cannot use "network notes" because network notes do not exists when a template is bound to network - Warm-Spare Worth a try and would keep most settings. Sadly not working for non-mx devices   Thanks for your suggestions ... View more

This information is not that unimportant ... There is also only one ISP on the firewall? On the MX, you could use the same IP on both WANs, but it doesn't help as the firewall needs to differentiate both WAN ports. If you set them to different IPs, I would assume that it would work if the ISP firewall doesn't mess up the NAT. But that could be solved with two dedicated 1:1 translations on the firewall.  Still, if a customer approached me with this design, I would think they wanted to kid me. ... View more

In firmware 18.208 release notes, there a few points mentioning cellular connectivity ... View more

  response = dashboard.organizations.getOrganizationConfigurationChanges(ORG_ID, total_pages=1)   does also not contain any port information ... View more

Port config is also defined at the template level ... View more

Thanks, this is really weird to use. Adding it in Default Reciepients and clicking save will remove it from the default reciepients, but also leaves the webhook section empty. Only after reloading the whole page, the change is visible ... View more

Any plans to implement this feature? I guess it would be enough to allow a filter by tag option on the firmware upgrade page. ... View more

Any explanation why its normal? Its kinda flooding the logs if it happens multiple times a second. ... View more

A quick update here - so the root issue for the USB dropping from the MX65's under MX 18.x firmware was that some bad coding meant that the MX65's were not providing enough power over the USB for device to run - such as USB LTE dongles. So this has been resolved in firmware version MX 18.107.5 .  This might be the only version it is resolved for, we wait to see. I've done a huge amount of testing upgrading the firmware to MX 18.107.5 under various scenarios and I can confirm that this firmware version does 100% fix the issue.  ... View more

Thx for responding. Thats what i meant by doing it "manually". ... View more

Dashboard page is misleading... You are forced to specify an IP address in the template, but its ignored afterwards, you can also use 0.0.0.0 ... View more

Try asking support if there is any early access beta for AutoVPN over IPv6 you might be able to go on. ... View more

Thanks all, the issue has been resolved after removing antivirus. It had firewall blocking the ports.  ... View more

I'm currently seeing it with an mx device with 17.10.4 where a warm spare is configured, but not online. ... View more

Would be nice to see the network_id in the Dashboard. Meanwhile, you can see it in the source code of the page. Search for Mkiconf.locale_id = "123"; Mkiconf.ng_id = "123";   Some Networks have both, some only one of them. If you have locale_id then your network id is "L_123", and if you have ng_id, your network id is "N_123". If you have both, you can use both.   ... View more