Meraki

ga123456

I would definitely test things out in a lab first before deploying to any production networks. While NAT Exceptions with Manual Inbound Firewall is Early Access, it's been around for a good amount of time and works well. I've got both the NAT Exception and Inbound FW features configured for a customer and they are working well for us. In your case you could leave the NAT Exceptions as default and only configure the inbound FW since that is the feature you require. You can either add your FQDN as a policy object under "Organisation > Configure > Policy Objects" or add it to the rule directly. I created a policy object for each FQDN for easier management and visibility, you can then group them together based on service, region or whatever makes sense to you. If you have a lot to add, definitely use the API Create Organization Policy Object - Meraki Dashboard API v1 - Cisco Meraki Developer Hub From there you reference those in your firewall policy "Security & SDWAN > Configure > Firewall" under Layer 3 Inbound rules. Made-up Example: Action - Description - Protocol - Source - Src Port - Dest - Dest Port Allow - Example to HR - TCP - *.example.com - Any - 192.168.1.0/24 - 443

ga123456

Recently I was going away for PTO and had a project that was due to kick-off while I was away. The customer is an organisation with 40+ sites across the country all with an almost identical setup so I built everything using configuration templates. This is an existing customer of ours we are doing a hardware refresh for and moving them to Meraki from another network vendor so we had all the details ready to go. Using the Meraki API I then: - Created all the networks and bound them to the relevant configuration template - Added the hardware to the relevant networks - Renamed all the devices - Added a note to each AP with the install location from the wireless predictive planning - Added a note to each switch with the rack location from the site audit With the hardware claimed in the dashboard, I was easily able to export the inventory list and import that into our asset management tool within seconds, that's including hostnames, models, serials, MACs etc. All of this while the hardware was still in transit into the country. This meant that my handover document for my colleague whilst I was away, was essentially: 1. Label hardware 2. Send to site 3. Plug and play!

ga123456

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MX_Security_and_SD-WAN/MX_Templates_Best_Practices#Performing_MX_Templates_Firmware_Upgrades Under the section: "Performing MX Templates Firmware Upgrades" It directs you to change the time zone via "Security & SD-WAN>Configure>General". This is not correct, under a configuration template the correct trail is "Network-wide>Configure>General"

ga123456

Using HAR Files to Troubleshoot Web Pages that are Failing to Fully Load - Cisco Meraki Documentation I was provided this documentation by TAC as part of their troubleshooting. I think it should mention that .har files can't be uploaded to the TAC portal unless they are compressed in a .zip archive, some people might not know to try that.

Meraki

Community

About ga123456

ga123456

Community Record

Badges

Re: Inbound allowing of FQDNs

True ZTP with the API and Meraki Dashboard

Re: Spring Cleaning Challenge 🧹🧼🧽 Help us tidy up for a chance to win!

Re: Spring Cleaning Challenge 🧹🧼🧽 Help us tidy up for a chance to win!

True ZTP with the API and Meraki Dashboard

Re: Spring Cleaning Challenge 🧹🧼🧽 Help us tidy up for a chance to win!

Re: Inbound allowing of FQDNs

Re: Spring Cleaning Challenge 🧹🧼🧽 Help us tidy up for a chance to win!