Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automated Blacklisting of Malicious IP addresses on MX250

Melgrove
Conversationalist
‎Nov 23 2018 12:27 AM
‎Nov 23 2018 12:27 AM

Automated Blacklisting of Malicious IP addresses on MX250

We have a customer who recently suffered from an unsuccessful attack to/through their MX250 from a country that should not be trying to access their network.

I understand that this could have been a hidden address range etc and that it is possible to manually blacklist IP addresses/ranges but is there an automated update of malicious IP addresses that can be sent to the MX, maybe from Talos that provides automatic protection from known malicious ranges?

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 24 2018 12:42 AM
‎Nov 24 2018 12:42 AM

You wont be able to get a a block list from an attacker just targeting one customer.  However the content filtering lists are dynamic.

 

This is the settings I typically use:

Screenshot from 2018-11-24 21-40-34.png

 

Also make sure you have threat protection enabled.

 

Screenshot from 2018-11-24 21-42-12.png

In response to PhilipDAth
Melgrove
Conversationalist
‎Nov 30 2018 2:15 AM
‎Nov 30 2018 2:15 AM

Thanks Philip. I will check and ensure that these features are enabled.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.