Performing a Security Assessment on MX95 Appliance


Performing a Security Assessment on MX95 Appliance

Not sure this is the right board but I have a client that requested my company to perform a security assessment on their MX95 appliance. I was wondering if there is a checklist on what to review for best practice security on Meraki's.

Something like...

Password policy

Timeout length

Is SSO configured

2fa enabled enforced

Review local users



5 Replies 5
Kind of a big deal
Kind of a big deal

Check some documentation that can help you.


General MX Best Practices - Cisco Meraki Documentation


MX Security Appliance FAQ - Cisco Meraki Documentation


MX Sizing Guide & Principles - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Kind of a big deal
Kind of a big deal

Hi @ArcherFX , are they expecting you to perform a pen-test or vulnerability assessment or literally just review the configuration against best practices?

Darren OConnor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Just review config against best practices.

Kind of a big deal
Kind of a big deal

I also tend to make comment about these settings (I usually label this bit of the report an "audit" of the current state).


* Threat Protection settings (is it on or off, and if on what level is it set to).  Is there anything bypassing IPS?  If so, is that still valid?
* AMP [Advanced Malware Protection] (is it on or off).  Are there any exclusions?  Are those still valid?

* Content filtering settings (on or off, exclusions, same as above)

* Is the device running the current stable firmware version or better?

* Are the configured destinations for alerts still valid (people come and go)


I also do a review of anything in the security centre.  Is there anything of interest?  Have there been any changes to existing trends?


I'll also have a peek at traffic analytics.  Is the kind of traffic what I would not expect to be seeing for this kind of company?  For example is there a lot of traffic to an unknown port, or is there 1000 hours spent on social media sites per week, etc.

I would also add FW rules to that list. It's easy to set up rules and then 6 months later they are redundant for what ever reason. 


We review our firewall rules bi-annually. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.