Hi, to all it may concern:   I think I've found the root cause for my issue: It does not work for python2, it needs python3!   Find attached a tar file which contains a full example.   Kind Regards, Andreas   ... View more

Hi Greenberet,   you've actually made a good catch here -- if all countries in the world are switching forward to DST during this hour.   But think about US (have done it two weeks before) or countries in the southern hemisphere (either switching back or also having different cycles like US). With respect to CET (= Central European Time) you are certainly right, and the service window Sunday 28 March 2am to 3am does not exist at all, i.e. is virtually skipped this very Sunday!   Nevertheless, I think it would be a very good idea if Configuration Templates would display either no timezone at all or at least UTC, if any. The mapping of this window to a real local time shall be driven by the local network and its configured timezone.   For networks that are configured to CET, the question for this Sunday is: Shall the Firmware Upgrade happen at 1:02am CET (= 2:02am CEST virtually) or at 2:02am CET (= 3:02am CEST) or automatically being postponed to the next Sunday when this window of lowest usage does really exist once again?   Kind Regards ... View more

Hi im,   you can use the wildcard "*" (asterisk) in the "Outbound rules", but you cannot use it in the "Cellular Failover rules". That's maybe the reason for confusion.   You should either re-open the case (if it's been closed) or insist on a sufficient answer.   Rgds, AE ... View more

Hi Blake,   did you mean "Make a Wish" (on that configuration page) or opening a case (what Customer and what kind of bug/support)?   Regrettably, you cannot "Make a Wish" on the documentation pages -- even if they deserve it many times from my past experience!   Rgds, Andreas ... View more

I hoped that my question would deserve a test and reply from @BrechtSchamp or @Nash or @CameronMoody after 3 weeks...?   ... View more

Let's assume for a moment that "Cellular failover rules" simply substitute the native "Outbound rules" (which would a bad idea since they do not support FQDN, but this is another story).   Given that, every admin should at least add the following rule as new rule #1 (i.e. BEFORE the default allow-any-any-rule is matched):           Otherwise, your SIM card will get a very high bill! ... View more

...and by the way: this rule section would not accept a "FQDN support" type of firewall rule -- neither by GUI nor by API!   Therefore, I requested this feature to be added via "Make a Wish" today: When disaster strikes (i.e. primary internet access WAN1 is gone) you need to be able to control which kind of business critical traffic (most of these are cloud based Web services) you still want to Allow or Deny. ... View more

Look here (this screenshot is not taken from the docu, but from the very original page where you configure the rules):                     To me, this now very much looks like the "Cellular failover rules" shall simply substitute the native outbound rules! This would make sense in some respect -- and of course render my last Message obsolete...   ... View more

Thanks a lot for making this clear to me.   But I would have another very interesting (and at the moment theoretical) question: The documentation says "These firewall rules are appended to the existing outbound rules".   My current ruleset has the following structure:   {"protocol" udp  "srcPort" Any  "srcCidr" Any  "destPort" 53  "destCidr" Any  "policy" allow  "syslogEnabled" false  "comment" DNS for FQDN support} {"protocol" tcp  "srcPort" Any  "srcCidr" Any  "destPort" 80,443  "destCidr" *.microsoft.com  "policy" allow  "syslogEnabled" false  "comment" HTTP[S] to MS} {"protocol" any  "srcPort" Any  "srcCidr" Any  "destPort" Any  "destCidr" Any  "policy" deny  "syslogEnabled" false  "comment" Default catch-all other traffic} {"protocol" Any  "srcPort" Any  "srcCidr" Any  "destPort" Any  "destCidr" Any  "policy" allow  "syslogEnabled" false  "comment" Default rule}   (rule #2 has been capped for demo purposes)   That said my question would be: Where are the Cellular Failover Rules "appended"? Before or after rule #4 (which is the default rule that cannot be changed)? Before or after rule #3 (which I had to insert in order to block unwanted outgoing traffic: I'm not very happy with the default rule #4 -- this is NOT the best practice for firewalls)? How can I control this? How can the Cellular Failover Rules do what they're supposed to do (e.g. deny traffic to microsoft.com, because you don't want to update your device using an expensive cellular service billed by volume)?   Rgds, Andreas ... View more

Hi Philip, hi all,   I think you can change the admin's name using the Dashboard API. At least, I've successfully done this on one of my Customers this morning using this Windows batch command:   .\curl --max-time 3 --proxy proxy.intra.company.com:8090 -L -H "X-Cisco-Meraki-API-Key:***mykey***" -H "Content-Type:application/json" -X PUT --data-binary "{\"name\":\"Michael Fox (newco)\"}" "https://n213.meraki.com/api/v0/organizations/<orgID>/admins/<adminID>" Of course, you need to install curl and all required certs first and insert some details (name of proxy server, your API key, orgID, adminID), but it worked for me!   Regards, AE ... View more

so it's worth opening a case? ... View more

Yes, I'm pretty sure, checked twice.   (I just removed the hyperlinks from the post) ... View more

Hi Brecht,   tx for your list, this is very helpful.   Although I need to admit that the only model I'm missing in this list is just the one I was asking for... Z3C!   Regards, Andreas. ... View more

Ha, I would be so glad if I could configure it manually at all -- not to dream of a template... ... View more

Hi,   can I create a certain "Port tag" and then customize the "Summary Report" in such a way that it will report any traffic on ports tagged like these (e.g. as Anomalies)?   Rgds, Andreas. ... View more

Hi all,   if an MX device needs to be replaced (RMA case), would the replacement device get the same MTU size setting that the broken one had configured (by Meraki Support)?   Or do we have to open a new case right after the device has actually been replaced?   Rgds, Andreas     ... View more

Hi Ajit, I think you can only make "LAN4" to be "WAN2". Your screenshot suggested that "LAN1" could be "WAN2" which IMHO can not be configured on the local status page. Btw: Would be great if Dashboard would reflect that configuration change in the "Status" picture, like 1 2 3 WAN2 WAN1 Rgds, Andreas. PS: The page "Security & SD-WAN"->"Monitor"->"Appliance status" shows "WAN2" IP address as "Not connected" even in the case you have NOT done the local status page config change -- as soon as the Configuration Template's Traffic Shaping setting implies this! ... View more