Meraki

Community

Crowdsec blocklists IP

gplatret
Here to help
‎Jun 10 2024 7:08 AM
‎Jun 10 2024 7:08 AM

Crowdsec blocklists IP

Hello,

How to integrate a list of dynamic IPs to prohibit (List Crowdsec).
Sincerely

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 7:12 AM
‎Jun 10 2024 7:12 AM

I don't know if you'll be able to do this in MX, but if possible, it might be something similar to what's in the link below.

crowdsec.net/blog/integrating-crowdsec-with-firewall-appliances

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 2:14 PM
‎Jun 10 2024 2:14 PM

If I was trying to do this, I think I would write a script to pull the list, and then update a group policy object, and then have a single L3 rule configured to block that.

 

You could also instead consider having it populate L7 firewall rules, as that blocks in both directions.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 2:16 PM
‎Jun 10 2024 2:16 PM

Going sideways - it would be so much easier to use the Meraki content filtering system - powered by Talos - and just block the dynamic threat categories.

 

PhilipDAth_0-1718054197426.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.