After much packet capture analysis and research, I have finally found the issue. The issue is with Meraki and Client Tracking implementation. A firmware downgrade does not resolve this issue and isn't much of an option. Meraki, by default, tracks clients based on MAC address. This function breaks TCP traffic outbound, and some inside, if you have a non-Meraki Layer 3 device behind the Meraki MX95. In order to use the Meraki MX95 with non-Meraki Layer 3 devices, you must section those off in the dashboard in separate networks. They cannot be combined in the same network. One network for Meraki MX95 and any other Meraki devices using MAC Address client tracking or the beta Unique Client Identifier. Then, non-Meraki Layer 3 devices must be placed in their own separate network using IP Address client tracking. Then another network for non-Meraki Layer 2 devices. Non-Meraki WAP;s should also go in their own network. So, the bottom line is that the Meraki client tracking breaks TCP traffic if you use MAC Address Client Tracking and have non-Meraki Layer 3 devices behind that Meraki MX. A firmware downgrade as everyone suggests, will not fix this issue and problem. It only introduces vulnerabilities in to your network security.
... View more