Hello,   I believe the best available approach for backup is to provision from the beginning your organizational infrastructure using Meraki Terraform provider. This approach ensures that you consistently maintain a clear picture of what's deployed under the Terraform state file. Consequently, if any manual changes occur, you can simply execute Terraform apply across your organization's setup to restore it effortlessly. Alternatively, you can opt for Meraki third-party tools to manage your backup needs. Please let me know if this addresses your concerns. ... View more

I didn't find a straightforward solution using Meraki MX since it lacks this feature.However, I previously managed this task with legacy Cisco ASA firewalls :). The workaround involves manually creating objects at the Meraki organization level for each CIDR and organizing them into object groups for each country or region, then setting up corresponding firewall rules. For instance, you can explore IP CIDR or range by country using resources like this example: https://github.com/herrbischoff/country-ip-blocks   Another consideration for the most secure approach is to eliminate this attack surface altogether and replace direct access with VPN connectivity. ... View more

Unfortunately, the dashboard event log hasn't uncovered any significant details about this issue. Additionally, the device logs indicate that the printer is unable to connect to the server.   Given recent changes in email policies by Google Workspace and Yahoo, I'll investigate the potential impact of these updates on the scan to mail service. ... View more

I removed all restrictions to see if there was any rule blocking the flow, but unfortunately, that didn't resolve the issue. I have doubts that it's related to a problem with the firmware version. ... View more

The email service is on the Cloud ... View more

Hello,   Could you try this solution, which might help you:   https://developer.cisco.com/codeexchange/github/repo/baadrdeen/Meraki_vpn_hub_updater     ... View more

Hello,   For your migration challenge, I propose two solutions without relying on third-party VPN peers:   1. Dynamic Routing Solution: - Implement OSPF or eBGP between the L3 device, old MX, and new MX at the hub. - Configure the L3 device to redistribute routes, ensuring both MXs are aware of each other's subnets. - As spokes are migrated, the new MX dynamically advertises updated subnets to the L3 device, maintaining seamless connectivity.   2. Static Routing Alternative: - Place the old and new MXs in the same VLAN for direct communication. - On the new MX, create a summary route pointing to the old MX to handle traffic for all spokes, adjusting the metric accordingly. - As spokes are migrated, add specific static routes on the old MX for corresponding subnets, directing traffic to the new MX. - Document routing changes thoroughly, communicate adjustments to the team, and regularly test connectivity during the migration. - Once all sites are migrated, remove the summary route and unnecessary static routes from the old MX to complete the transition. I think those solutions ensure a controlled and organized migration process without relying on external  VPN peers.   Feel free to ask if I overlook something! ... View more

I completely agree with you. It would be highly beneficial to have a pre-production environment that replicates the production environment, allowing us to thoroughly test our configurations and pipelines. ... View more

Hello,   Regarding your query, here's a breakdown:   Option 1 is recommended If your priority is simplicity and your use case is straightforward, and it provides a more streamlined approach with fewer rules. Option 2 is recommended if you require more granular control over different subnets and ports or if your security policy necessitates distinct treatment for each combination. It allows for a more detailed and specific rule set tailored to specific scenarios.   The optimal choice depends on the specific security policies and requirements of your network. Please let me know if this information addresses your question. ... View more

Hello,   I believe you are seeking documentation on the creation of switch port profiles and the assignment of these profiles to specific switches:   Switch port profile: https://developer.cisco.com/meraki/api/get-organization-config-template-switch-profiles/   Assignment of the profile: https://developer.cisco.com/meraki/api/update-device/   Please let me know if the information I provided aligns with what you are looking for.     ... View more

Hello,   SD-WAN Policies : https://developer.cisco.com/meraki/api/get-network-appliance-traffic-shaping Threat Protection : I'm unsure if we have existing endpoints for threat protection ... View more

Could you please provide additional information regarding the deployed topology? How the AWS and the SRX are connected ? ... View more

Anytime 😜 ... View more

  Yes, WAN1 is the primary LAN interface for both the Meraki Switch (MS) and Meraki AP  (MR). Here's an example of the body request that I used to push in my requests: { "wan1": { "usingStaticIp": true, "staticIp": "10.{{XX}}.{{YY}}.250", "staticSubnetMask": "255.255.255.224", "staticGatewayIp": "10.{{XX}}.{{YY}}.254", "staticDns": ["8.8.8.8", "8.8.4.4"], "vlan": {{ZZ}} } } This setup uses a static IP address, subnet mask, gateway IP, and DNS servers, with a VLAN of ZZ for network segmentation. ... View more

Hi, try this JavaScript test script in Postman:   // Test if the response status code is 200 pm.test("Response status code is 200", function () { pm.response.to.have.status(200); }); // Test and filter the response based on product type and isBoundToConfigTemplate pm.test("Filters the JSON response data to find networks with the 'wireless' product type that are not bound to a configuration template", function () { // Parse the JSON response data var jsonData = pm.response.json(); // Filter the array of networks based on specified conditions var filteredNetworks = jsonData.filter(function (network) { return network.productTypes.includes('wireless') && network.isBoundToConfigTemplate === false; }); // Assert that the filteredNetworks array is not empty pm.expect(filteredNetworks).to.be.an('array').and.not.empty; // Store the filteredNetworks array in the environment as a JSON string pm.environment.set('filteredNetworks', JSON.stringify(filteredNetworks)); });   This Postman test script validates an API response: 1. It checks if the response status code is 200. 2. It filters the JSON response data to find networks with the 'wireless' product type that are not bound to a configuration template. 3. The filtered network array is asserted to be non-empty, and the result is stored in the environment as a JSON string for further use.   Make sure that you have created an environment in Postman.   Feel free to ask! ... View more

The JSON objects you provided seem to be correctly formatted, and there are no obvious syntax errors or missing commas.   The issue might be related to how the input data is being passed to the script, or how the script reads the input file?   Ensure that the update_input.txt file is saved with the proper encoding, such as UTF-8. You can check and change the encoding in Visual Studio Code by clicking on the "File" menu, then "Save with Encoding," and select "UTF-8" if it's not already set.   Otherwise, I reviewed the function loadruleset (responsible for loading a ruleset from a file and returning it as a list of JSON objects (rules)) catches any exceptions that occur during JSON parsing using a general except block so try to add some print statements to debug the function and check the values of p_filepath, buffer, jdump and the detailed exception at different stages to see if they match your expectations.   Let me knew If the issues persist! ... View more

Absolutely, interface bandwidth cannot exceed the maximum throughput of the MX ... View more

Hello,   After conducting thorough research, I have discovered an additional API call that retrieves uplink configurations of an MX device. This particular call can be made using the endpoint.   /devices/{serial}/appliance/uplinks/settings   However, I noticed that the response from this call does not include the provisioned bandwidth settings. It appears that the provisioned bandwidth might be a fixed value depending on the interface type. For example, in the case of an MX67 device, all of its interfaces are RJ45 ports, allowing them to achieve a maximum bandwidth of 1G.   ... View more