"So, even when the security group has no inbound rules, effectively blocking all incoming traffic, it will not block the traffic, even if it is encrypted, because it is within a VPN tunnel that operates on the lower OSI level than the security group?...

Hi @Stallone,I will share my understanding:"Could you please explain why traffic that goes through the VPN tunnel from on-premises resources is not blocked by the vMX instance's security group"It is not blocked by the Security Group because of the ve...

Hi @Stallone,Are you pinging the public IP or the private IP of the vMX? Are you pinging from a host across the VPN tunnel?If you are pinging the private IP of the vMX through the VPN tunnel, then look into the VPN firewall rules as shared by Philip ...

Hi @squuiid, You can find this information at the very end of the document linked above. "Are MX devices with wireless capabilities affected?No. MX devices do not support 802.11r and are not affected by the vulnerability." Regards, Marco

Hi all, Please refer to the following article for an explanation of the vulnerability and the firmware fix: https://documentation.meraki.com/zGeneral_Administration/Support/802.11r_Vulnerability_(CVE%3A_2017-13082)_FAQ UPDATE 2pm PDT 16 Oct: Our bl...