Meraki

Community

Client VPN and AMP

wadavison
Conversationalist
‎Sep 10 2020 3:31 PM
‎Sep 10 2020 3:31 PM

Client VPN and AMP

Hello, 

 

I'm wondering if somebody would be able to tell me whether AMP on an MX64W would block malicious content coming through a remote computer that is accessing the network using a Client-VPN?

 

Cheers, 

 

Will

0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 10 2020 4:23 PM
‎Sep 10 2020 4:23 PM

I don't know.

 

AMP does not run on AutoVPN connections.  My guess is it doesn't run on any VPN connections.

In response to PhilipDAth
wadavison
Conversationalist
‎Sep 10 2020 4:43 PM
‎Sep 10 2020 4:43 PM

Thanks @PhilipDAth

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 10 2020 4:40 PM
‎Sep 10 2020 4:40 PM

That was one question I asked a Meraki Engineer on last years CiscoLive. There I was told that it's only for native downloads from the internet to an internal client.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
wadavison
Conversationalist
‎Sep 10 2020 4:43 PM
‎Sep 10 2020 4:43 PM

That's a shame, would be nice to have. Thanks for your response. 

0 Kudos
In response to KarstenI
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 11 2020 3:58 AM
‎Sep 11 2020 3:58 AM

I did some more tests and it seems that the mentioned statement is not valid (or not valid anymore, I did these tests on MX 15.33):

 

I installed a new web-server on my server-LAN and placed the eicar test-files in the Web-directory. 

 

  • Test1) Accessed it from a PC in the user-LAN: MX blocked the download.
  • Test2) Connected with a client-VPN and accessed the file (so this is the original question): The MX blocked the download!
  • Test3) Accessed the file from a PC that comes through a 3rd party VPN: This one was very strange. The Download was allowed (AMP 4 Endpoint directly kicked in) but the MX Security Center logged a "Blocked" action which was obviously not done. 
  • Test4) Configured a port forwarding from the internet to the web-server and accessed the file. Same as with Test3, the download was allowed but the Security Center says "Blocked".

EDIT:

Later ... (you should not do tests like these while doing parallel other stuff)

 

Only Test1 was an AMP-Block, the other events in the Security-Center came from IPS as there is also a signature for Eicar.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.