Hi Yeah, I am aware of ISE.. but wanted to see if Meraki Systems Manager would do the trick or any recommendations before investing in an additional platform if going ISE, would a cloud option support HA.. as we don't want to lockout our users if one ISE instance fails .. ... View more

It didn't work at all for us.. as if the settings are not there.. I totally never expected that from Meraki ... View more

HI Did anyone manage to have this feature working? or Does Meraki plan to remove it from the dashboard, since a non working feature is misleading.. ... View more

Hi   I thought the poster accepts answers and not Meraki staff 🙂  Sad that you don;t integrate with intune.. this is a major drawback for us.. not being able to apply conditional access policies based on the compliance of Meraki SM, will force us to have 2 systems.. frankly speaking.. we don;t see the value of Systems manager against intune or jamf in that scenario.. I will need to pull your partners pre sales to help here further ... View more

Hi All The root cause of the issues were a conjunction of issues related to unreachable destinations from the ISP provider to the SASE provider, while all other traffic was ok, this led to the SASE clients to send tens of retries spiking the connections limits on the Firewalls and bringing everything down..    Unfortunately the MX firewalls have no mean to detect such spikes in connections, we had these highlighted on Firepower firewalls.. hopefully the MEraki team will implement such details along with much needed CPU, memory and storage usage on the devices.. ... View more

HI I would be interested to see if anyone applied anything practical..  ... View more

Hi Sad to see that Meraki does not have such a much needed dashboard element, also nothing about CPU and memory usage.. only if I recall CPU usage can be seen in reports...       ... View more

Hi @PhilipDAth  Thanks for the info, too bad it doesn't show.. I tried also to get an idea of the connections via the wan captured pcap statistics, but it won't be way close to what is needed... I configured Netflow, need to see why it is not showing all the traffic, sum in Netflow doesn't reflect what I see on the Wan uplink live data chart.. using ofc NF v 9   Regards ... View more

Yeah   We tested it now.. both will become masters simply..  ... View more

Now this sounds more crazy.. with the above packets we had disruptions in traffic.. we were able to reproduce the problem by loading the uplink.. any upload would trigger traffic disruptions from Zerotrust connected clients.. looks like shaping is applied upstream.. ... View more

Upd: Unfortunately the issue persists.. there was a case related to L7 blocked p2p being falsly identified as cloudflare warp traffic, but in our case we don;t block that traffic.. back to square 1 and Meraki support is to no avail.. thinking of opening a new tocket to get another support on the call and see how this would go.. Nothing in the MX logs suspicious.. ... View more

Does thius apply to default rules? we are seeing degradations but no custom rules and we are not getting the option to upgrade the firmware, greyed ... View more

Hi I am not able to upgrade from 18.211 , my options are greyed out ... View more

Upd: patched, had to go to the schedule upgrade to see that the minor version was available Now trying to patch the MX to the latest release, however somehow it is greyed out and we are off by .2 versions and the .2 is a stable release not beta   I see this     FIRMWARE Up to date Current version: MX 18.211   ... View more

So update.. Meraki support didn;t much help rather pushing it on ISP or Cloudflare.. We disabled a S2S vpn that was set with a cloud provider and the issue seems to be solved.. now it might be related to the latest MX bug with VPN.. we need to make sure our VPN can be brought up too.. ... View more

No, it is not a S2S, it is a Zerotrust/SASE solution more P2S But we see traffic degradation also on non connected devices ... View more

And also we started to get Disabled Gateway (Bad DNS) errors on the MX uplink randomly   ... View more

Hi   Yes, Meraki support actually pointed to the Malformed packets, we are on the latest firmware.. they mentioned that there is a bug on the latest with VPN.. might it be related? but we have been on that firmware for over a month now and issues started to happen only Monday We use Cloudflare SASE, these guys are blaming the ISP.. the ISP says all good.. we are trying by elimination.. We have an edge MS stack segmented with a vlan exposed to the internet to accomodate the ISP 2 routers and BGP virtual IP.. this stack is part of the same network dashboard and the MX is connected to it on one hand.. I suspect it might be something to lok at as that Network is clocking 32K clients and these are all the public IPs seems that connected to that stack on the public VLAN..   ... View more

Well, at least it was Qwerty 🙂 ... View more

Update on this issue: After spending some time with Meraki support, they did indeed point out to the fact that the early access feature of the L3 inbound tules are the culprit, if no rules are configured, an explicit allow all kicks in..which you don't see in the inbound L3 rules as the default is deny, see previous post screenshot.. confusing..  ... View more