I've been a Meraki MX user since Nov '14 and I think it's a great product but it lacked a community for it's users to collaborate on the direction we want the product to go in with new features. I want this to get the attention of Meraki and hopefully they'll join us in implementing these features.

1/4/16 Update: Meraki has begun responding to various posts!

Right now this site running on the free version of UserEcho so it doesn't have some features I'd like it to have (such as tagging).

Rob Geoghan
rgeoghan {at} gmail.com


Add ICMP to protocols in Flow preferences

Mark Lein 8 months ago 0

Currently in Security Appliance --> Configure --> Traffic shaping --> Flow preferences, you can chose TCP or UDP or Any which is just both TCP and UDP. It would be great if Any actually meant any, not just TCP and UDP. Or add ICMP to the list. This way those of us with dual WAN can monitor latency through both connections.


MANY:MANY NAT and Address Groups.

dlamon 9 months ago 0

For the MX security appliances would like the option to have a Many to Many NAT. Also would like to have a feature request to use Address Groups similar to how Sonicwall handles them.  Multiple Public IP's or range of Public IP's to multiple internal IP's.  


Force Internet back on primary port when it was offline and came back

norbert_huebner 10 months ago • updated by Rob Geoghan 10 months ago 1


recently I came across a missing “feature” in the MX routers. I am working in Papua New Guinea, where many technical things are very unreliable. The internet in PNG is not very stable. In one of our location we have a Panasonic IP-Phone System (TDE-600) that is using VOIP providers. We have a dedicated MX-60 for the phone system.

On the MX-60 we use two ISP. On WAN 1 (our primary) we have a low latency internet connection, on WAN 2 a VSAT internet connection (slow and high latency). The MX60 use WAN 1 as the primary internet connection and the WAN2 port only as backup. Also our Panasonic IP Phone System has two IP addresses, one that is be using for the VOIP signalling and the other one for the VOICE DSP that is handling the pure voice traffic during the conversation. Now here is the problem. As long as WAN 1 works  everything works fine. The VOIP signalling traffic and the VOICE traffic itself goes through WAN 1 and we can make and receive phone calls. When WAN1 fails the MX forces all traffic immediately going to WAN 2. That works fine. However, soon as WAN 1 comes back online the MX routes all new traffic to WAN 1, the existing traffic stays on WAN 2. This was designed in order not to interrupt existing TC/IP flow. In our case the VOIP signalling traffic stays on WAN 2 (because the phone system contacts the VOIP provider constantly). If I now try to make a phone call the new VOICE traffic (from the second IP of the phone system) is routed through WAN 1, but the signalling traffic stays on WAN2 and this caused that I can’t hear the other party. The only way to fix this problem is manually disconnect WAN 2 and then connect WAN 2 again. This force the MX to use WAN 1 again as primary port for all traffic. One of the MX technician told me that I need to request the “feature” to force the MX to route all traffic immediately  to the main WAN port when it comes back online.



Move off of SMS 2fa MFA

Rob Geoghan 12 months ago • updated 12 months ago 2

SMS as a second factor is no longer suggested by the experts. Please move to the authenticator apps.


Improved summary page links

Rob Geoghan 2 years ago 0

I wish that from the summary page I could click on the top clients, blocked sites, categories, etc.


DHCP Reservations not show in DHCP leases on appliance status page

Rob Geoghan 3 years ago 0
I have several devices that have DHCP reservations setup and they've been working fine. The bug in my opinion is that they aren't listed in the DHCP leases on the appliance status page. Also renamed clients aren't showing their renamed name (couldn't think of a better way to put it) there either.
Support responded that this is not a bug so I put in a feature request.

Global VLANs

Rob Geoghan 3 years ago 0
It would be nice if you could have your servers (not specific to servers) in a specific VLAN that is routable behind any MX in your organization.  This would make failing over easier since you wouldn't need to deal with changing the private/interal IP addresses.

Port mirroring on firewalls

Rob Geoghan 3 years ago 0
The firewalls should have a port mirroring feature.  Because this feature didn't exist it made troubleshooting an intermittent internet outage difficult to troubleshoot.  I had to plug in another device between my ISP and my Z1.

Ability to manually fail over a site to site VPN

Rob Geoghan 3 years ago 0
I had a unique situation where two sites from two different providers were both online but there was a routing issue between the two providers.  These two sites had two WAN connections but the site to site VPN only goes between the two primary links.  I needed to wait for TWC and Verizon to fix the issue.  I would have liked to been able to failed over just the site to site VPN.

Automation & management of client VPN settings

Rob Geoghan 3 years ago 0
Meraki doesn't provide a method to automatically deploy the client VPN settings to the users.  I was able to automate it myself about 95% but I had to tell the users what the PSK was and then they'd authenticate with their Active Directory credentials as well.  Users can also choose if they want to use split of full tunnel.  We as admins should control that choice.