Meraki

LeonardoTNS

Hi,

I have a cloud based threat & vulnerability scanning solution, it's not possible to white list the IP to allow Port scanning device subnets on the LAN side of an MX?

The customer MX doesnt support 18.2

Regards

alemabrahao

Meraki MX does not support direct port scanning of LAN subnets from external (WAN) sources unless you configure port forwarding or NAT rules to expose internal devices.
Even then, only the public IP of the MX is exposed, and internal devices are not directly reachable unless explicitly configured.

MX Firewall Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

LeonardoTNS

Hi,

I explained wrong sorry, Nessus is located at the Customer DC, the Customer DC have VPN connectivity with all the customer sites.

The MXs are blocking the scan from Nessus.

Its possible to allow the IP of Nessus at the MX?

alemabrahao

In this case, you cannot whitelist the IP in IDS/IPS directly, but you can allow the traffic using Layer 3 firewall rules and adjust IPS settings to avoid blocking the scans.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RaphaelL

Without MX18.2++ and Trusted Traffic Exclusions

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

I don't see any viable solution

Meraki

Community

IPS/IDS Whitelisting without Traffic Exclusion

IPS/IDS Whitelisting without Traffic Exclusion