How to disable older TLS versions in the Meraki MX security appliances?

rhamersley
Getting noticed

How to disable older TLS versions in the Meraki MX security appliances?

Meraki security appliance does not have an “SSL Decryption” setting in the dashboard.  How can you enforce higher security standards to block older TLS versions.   Ideally we would like to block all outdated TLS versions.   I do believe Meraki does not provide a direct way to specify TLS versions in Layer 7 rules.   Would like to get insight to see how this is possible.

 

Thank you!!

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

With MX I believe you won't be able to do anything, you will probably need another solution or even another firewall.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

To add to @alemabrahao answer (which is correct), Cisco would recommend the use of Cisco Umbrella - which only supports TLSv1.2 clients.

 

Both Meraki MX and MR devices have native Umbrella integration options.

https://documentation.meraki.com/MX/Meraki_Umbrella_SDWAN_Connector/Deployment_Guide 

jfigueroa
Here to help
alemabrahao
Kind of a big deal
Kind of a big deal

This is talking about 802.1x specifically.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels