Automated Blacklisting of Malicious IP addresses on MX250

Melgrove
Conversationalist

Automated Blacklisting of Malicious IP addresses on MX250

We have a customer who recently suffered from an unsuccessful attack to/through their MX250 from a country that should not be trying to access their network.

I understand that this could have been a hidden address range etc and that it is possible to manually blacklist IP addresses/ranges but is there an automated update of malicious IP addresses that can be sent to the MX, maybe from Talos that provides automatic protection from known malicious ranges?

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

You wont be able to get a a block list from an attacker just targeting one customer.  However the content filtering lists are dynamic.

 

This is the settings I typically use:

Screenshot from 2018-11-24 21-40-34.png

 

Also make sure you have threat protection enabled.

 

Screenshot from 2018-11-24 21-42-12.png

Melgrove
Conversationalist

Thanks Philip. I will check and ensure that these features are enabled.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels