A customer bought Meraki MX84 and want to migrate the existing Fortigate users to new box.. Need clarification for below points. Please share your insights fellows.
1) Where to check live logs for troubleshooting ? - In event log content based filter is available but not source and destination based.
2) MAC based authentication possible ?
3) Does it supports LDAP authentication ?
Solved! Go to solution.
How to check in cloud console ??
Firewall logs will not be uploaded to the cloud, so the only chance is the local syslog server
Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..
No, and why would you do that? MAC spoofing is a piece of cake, so from a security point of view, proper authentication is the way to go here.
1) You can send syslogs to a syslog server. Here's an example of the supported events: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...
2) When you say mac-based authentication, do you mean 802.1x on the ports? If so, no, not on an MX84. (https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X))
3) What do you want to authenticate? Client VPN supports RADIUS or ActiveDirectory. (I prefer RADIUS via NPS in an AD environment... simpler.) Or you can use SAML for authenticating administrators.
Thanks for the reply.
1) You can send syslogs to a syslog server. Here's an example of the supported - Not with external syslog. How to check in cloud console ??
2) When you say mac-based authentication, do you mean 802.1x on the ports? If so, no, not on an MX84. - Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..
How to check in cloud console ??
Firewall logs will not be uploaded to the cloud, so the only chance is the local syslog server
Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..
No, and why would you do that? MAC spoofing is a piece of cake, so from a security point of view, proper authentication is the way to go here.
Thanks man . .
To check events in the cloud console, you go to Network -> Event Log.
Meraki firewalls are beginning to offer HTTPS packet inspection in a beta version of the firmware, but the performance hit is significant. AMP offers malware detection over HTTP by default, and you can use the baked in content filtering.
I will note that I am generally really NOT a fan of HTTPS packet inspection. We encrypt stuff for a reason.
Thanks Nash
>MAC based authentication possible ?
Meraki group policies are based on MAC addresses, so in this sense, yes.
Also if you use a splash page for authentication then that client authentication is done based on their MAC address.
HI Philip,
Meraki group policies are based on MAC addresses, so in this sense, yes.
Also if you use a splash page for authentication then that client authentication is done based on their MAC address.
How can I config it on Meraki Dashboard?
Nicholas