|
I just started at a new company, and the bulk of our clients are on cisco meraki's (or switching over) and oh my they are so easy mode I do find myself looking around looking for options whereas I know the ios way... I haven't used them much, did some firewall rules/vlans/site2site vpn's etc, and it feels like anyone off the streets could do it if they know how to google. That said, am I just on cloud9 about it because I'm so used to every loving enterprise network devices from my old jobs (F5's, Sonicwalls, etc etc - Palo Alto's were actually pretty decent i'll admit) - are meraki's really as good as they seem? or are there glaring problems etc that I just haven't encoutered (due to not using it much yet)
|
#
¿
Nov 8, 2020 02:13
|
|
|
|
| # ¿ Apr 23, 2024 09:59 |
|
|
thanks, sounds good, all of our clients are Vet Clinics (and a few animal hospital) so there really shouldn't any really complicated setups (whereas before I worked at eHealth and Telus); ie. my manager was amazed I was able to block a vlan to all other vlans so it only had access to the internet (via firewall rules). It seems like all the sites with Sonicwalls are getting remediated over to meraki's because they work so well for all our clients with it (150+). And yea, my coworker was trying to get a hold of Meraki support for like 3 hours because upgrading from an MX66 to 68 or whatever was giving some call Meraki error 
|
|
#
¿
Nov 8, 2020 03:46
|
|
|
Anyone had any experience with mass importing/changing geographical L7 rules on a meraki? I have over 250+ vet clinics (networks) that the parent company decided to block all traffic except Canada/USA/UK... which I advised against; at least until we can figure out a way to mass implement changes. Since like half the sites these clinics access sites that have like NS servers in Ireland or Netherlands (and I'm not even talking about cloudflare type, just independent hosting in Bahrain was another one I saw...  , etc, etc.) Plus there's the whole Thanks Cloud!Copy/pasting doesn't work because the gui does that good ol auto-complete, and I'm too much of a newb to know how I would even begin to do it via CLI/Scripting Hirez fucked around with this message at 12:03 on Sep 21, 2021 |
|
#
¿
Sep 21, 2021 11:29
|
|
|
Basically I don't wanna type be bri can den finl fran ger irel neth swed unit unit x250 times, and it looks like we need to add Japan too since a new vendor hosts their site there, exciting  e: I assume it's something like this, but even this looks like I need to go through each MX (though I guess that shouldn't be more than a 5min script, assuming I can retrieve all the keys easily)  or maybe I'm gonna need something like https://docs.ansible.com/ansible/la...firewall-module
|
|
#
¿
Sep 21, 2021 12:04
|
|
|
thanks for the answers even though they're sorta latin to me (I log into the API how?! [Don't worry I'll google it, and I think its ssh, I think i did it once!!!  ) I just took a meraki from an old clinic and and I guess I'll gently caress around with it ay home instead of the live Meraki's they have me doing this on with 0 notice and instruction except get it done! (then read all your coworkers emails from clinics about sites they can no longer access or their  Xray and Dental machines phone home before they work because... I feel this is gonna really go up a notch soon as this big partner just got bought out by some British Hedge Fund and now I'm gonna have to learn about this GDRP shitl and actually pay attention Hirez fucked around with this message at 11:36 on Sep 22, 2021 |
|
#
¿
Sep 22, 2021 11:33
|
|
|
e: 420 bad snype everyday heh man, for some reason today meraki decided to think all of google's poo poo was in Hong Kong so I had to manually whitelist it in their stupid L7 gui thing I was bitching about last page... (luckily since it was impacting so many people, we got like 10 people to do it so it took like 30mins but still 5 hours before meraki decided to put something up)  https://community.meraki.com/t5/Security-SD-WAN/Google-com-incorrectly-Geolocated/td-p/129810 also shows how terrible their layer7 filtering stuff is; ie. no logging at all even with syslog, had to packet capture and for some reason only maxmind (meraki's geo2ip vendor or whatever) was showing all this google stuff in Hong Kong also their temp-fix was their engineer just saying to whitelist hong kong til they figure out whats going on  e: oh they just fixed it and lol gently caress them :> We have worked with our GEO IP vendor and identified a root cause for this issue. Meraki Engineering has pushed a fix to remediate the issue. The fix will apply based on the configured list update interval settings which can be configured under SD-WAN > SD-WAN & traffic shaping. For a more immediate update, users can change their current content rules to a full list or top sites, wait for a configuration update, and revert the changes back to the previously configured setting. These settings can be found under SD-WAN > Content filtering. Hirez fucked around with this message at 18:52 on Sep 24, 2021 |
|
#
¿
Sep 24, 2021 18:43
|
|
|
|
| # ¿ Apr 23, 2024 09:59 |
|
|
GreenNight posted:And rebooting a Meraki switch takes loving forever to come back up. but it has rainbow colours you get to tell the meraki tech about while it boots up for 10 minutes...  e: also changing isn't really isn't an option, our "partner company" is like a franchise of animal/dental clinics, that basically has them at every site and they're not replacing those... but they're also dumb and decided to test out the L7 filtering without telling anyone really, and only allowing  & :: (because why would anyone need to access anything else)... then came all the google, office, akamai, cloudflare, etc etc requests to/from like ireland/netherlands and every day is a new website that some clinic just HAS to access and it only works on their phone 
Hirez fucked around with this message at 04:43 on Sep 25, 2021 |
|
#
¿
Sep 25, 2021 04:37
|
|