How many Firewall rules are too much? And a few more Qs...

NWNSM1
Here to help

How many Firewall rules are too much? And a few more Qs...

Looking at the security log each day or more often, we block IPs that are doing malicious things.  Obviously, there are a fair amount of counties blocked but we have single IPs in the block list too.  How many are too many?  (We have a 450 MX.)

 

Also, how do you decide to enable snort rules that are not enabled by default?  

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

You can't choose which individual snort rules to enable.  You can only choose between three rule sets, which are mostly based on CVSS scores and category.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrus... 

CptnCrnch
Kind of a big deal
Kind of a big deal

I haven't heard of any limitations regarding firewall rules. I'm pretty sure it will be more than what you could be able to manage from a logical point of view though. 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels