Client VPN and AMP

wadavison
Conversationalist

Client VPN and AMP

Hello, 

 

I'm wondering if somebody would be able to tell me whether AMP on an MX64W would block malicious content coming through a remote computer that is accessing the network using a Client-VPN?

 

Cheers, 

 

Will

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know.

 

AMP does not run on AutoVPN connections.  My guess is it doesn't run on any VPN connections.

Thanks @PhilipDAth

KarstenI
Kind of a big deal
Kind of a big deal

That was one question I asked a Meraki Engineer on last years CiscoLive. There I was told that it's only for native downloads from the internet to an internal client.

That's a shame, would be nice to have. Thanks for your response. 

KarstenI
Kind of a big deal
Kind of a big deal

I did some more tests and it seems that the mentioned statement is not valid (or not valid anymore, I did these tests on MX 15.33):

 

I installed a new web-server on my server-LAN and placed the eicar test-files in the Web-directory. 

 

  • Test1) Accessed it from a PC in the user-LAN: MX blocked the download.
  • Test2) Connected with a client-VPN and accessed the file (so this is the original question): The MX blocked the download!
  • Test3) Accessed the file from a PC that comes through a 3rd party VPN: This one was very strange. The Download was allowed (AMP 4 Endpoint directly kicked in) but the MX Security Center logged a "Blocked" action which was obviously not done. 
  • Test4) Configured a port forwarding from the internet to the web-server and accessed the file. Same as with Test3, the download was allowed but the Security Center says "Blocked".

EDIT:

Later ... (you should not do tests like these while doing parallel other stuff)

 

Only Test1 was an AMP-Block, the other events in the Security-Center came from IPS as there is also a signature for Eicar.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels