17 March 2022

Passos usados para integrar Meraki MX com Zscaler

 Configurações usadas para integrar Meraki MX com Zscaler

1- Identificar que Networks deverão utilizar esta regra

Network tags configuradas em Organization -> Overview, Tag 



2- Configurar non-Meraki VPN peers

Name: (nome que quiserem)
IKE Version: IKEv2
IPsec policies: Custom
        Phase1
            Encryption: AES128
            Authentication: SHA1
            Pseudo-random Function: Defaults to AES
            Diffie-Hellman group: 2
            Lifetime (seconds) : (valor de default)


        Phase2
            Encryption: NULL
            Authentication: MD5
            PFS group: (valor de default)
            Lifetime (seconds) : (valor de default)

Public IP: (ip público do servidor de zscaler)
Local ID: (fqdn que também tem de estar configurado do lado do zscaler. Lista de endereços em: Cloud Enforcement Node Ranges )
Remote ID: (info secundária, nesta situação não foi usada)
Private Subnets: usei 0.0.0.0/0 para permitir todas as redes locais. As redes que passam na VPN são escolhidas em SD-WAN -> Site-to-Site VPN -> VPN Settings
Preshared key: shared key acordada pela equipa que configura a MX e no lado do Zscaler
Availability: network tags configurada no ponto 1



Esta configurações deverão estar "espelhadas" no lado do Zscaler.

Depois de aplicar esta configuração verifica:

Security&SD-WAN -> VPN Status -> non-meraki peer. O status deverá estar "verde"

Ir a Event Log -> "security appliances" -> Event type include: non-meraki/client vpn negotiation e procurar por uma mensagem do género:
msg: <remote-peer-2|xxxx> IKE_SA remote-peer-2[xxxx] established between <mx public ip>[ <fqdn> ]...<zscaler ip>

Para testar, ir a Appliance Status -> Tools -> Ping um endereço público mas com source apontado a uma das redes locais escolhidas para aceder ao zscaler

29 January 2022

ECMS 500-220 - Engineering Cisco Meraki Solutions - my thoughts and suggestions

Passed the Engineering Cisco Meraki Solutions v1.0 (ECMS 500-220).

Start working with Meraki in 2016, did the CMNO in 2018, attended the ECMS2 in 2020, got several Meraki Black belts, the Meraki FIT programs, and the Meraki Guru.
Deployed several projects with Meraki solutions; offices, warehouses, retail stores, hotels, schools.

So I decided to capitalize on all that knowledge and go for the official certification and it went well.




I think it's a fair test, the typical 60 questions/90 minutes multichoice test. It's not easy, but it's not very hard if you have some years of experience working with Meraki. 


As for testing material, I don't know any other vendor that provides so much information and lab environments for free (as long as you are a Meraki partner and have a valid Cisco login).

Here's the list of material that I've consulted:


Manuals and videos

ECMS Exam Self-study Guide

Meraki learning net, especially the deep dive sessions: 

Learning Meraki Net

Meraki Black Belt program:

Black Belt - Engineering - Meraki

Practical labs
Meraki has also a site that suggests the equipment required to build a self-study lab environment

ECMS Self-study Lab Supplement

But even if you don't have access to Meraki equipment, it's possible to run some labs at Cisco's dCloud:

dcloud lab meraki list

(my favorite) Cisco Meraki Launchpad for Partners v1 


For dashboard API, you can check this:

Meraki Developer Hub


Social media
Join the community:

Meraki Community 

subscribe to their youtube channel:

youtube Cisco Meraki Official

and follow them on Twitter:
@meraki

Passos usados para integrar Meraki MX com Zscaler

  Configurações usadas para integrar Meraki MX com Zscaler 1- Identificar que Networks deverão utilizar esta regra Network tags configuradas...