Meraki

Community

IPS/IDS Whitelisting

Solved
Lorenzo1
Here to help
‎Jan 3 2024 9:08 AM
‎Jan 3 2024 9:08 AM

IPS/IDS Whitelisting

Hi everyone.

I've followed numerous threads on the subject , but I just wanted to check I've understood the replies correctly.

 

If I have  a cloud based threat & vulnerability scanning solution, it's not possible to white list the IP to allow Port scanning device subnets on the LAN side of an MX?

0 Kudos
1 Accepted Solution
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jan 3 2024 9:12 AM
‎Jan 3 2024 9:12 AM

If you have a supported MX model and run 18.2 you could look into using Trusted Traffic Exclusions https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

View solution in original post

5 Replies 5
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jan 3 2024 9:12 AM
‎Jan 3 2024 9:12 AM

If you have a supported MX model and run 18.2 you could look into using Trusted Traffic Exclusions https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

RaphaelL
Kind of a big deal
Kind of a big deal
‎Jan 3 2024 9:13 AM
‎Jan 3 2024 9:13 AM

Yes (maybe?) with MX18.200+ and Trusted IP Addresses/Subnets

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

 

but.... I wouldn't run that version in production , seems super buggy. Your mileage may vary.

Wifikohai
Comes here often
‎Jul 16 2024 8:01 AM
‎Jul 16 2024 8:01 AM

Hi, 

Does anyone know if I add an Ip addres on Trustestes/network traffic. Traffic on any direction (from and to this host/network) won't be analyzed by the IPS? 

0 Kudos
Geasnox
New here
‎Oct 13 2025 2:23 AM
‎Oct 13 2025 2:23 AM

I usually just switch the threat level to Detection instead of Prevention when I need something to bypass IPS. It won’t block traffic, but I can still see the alerts.

0 Kudos
Geasnox
New here
‎Oct 17 2025 6:12 AM
‎Oct 17 2025 6:12 AM

Cloud-based scanners usually come from dynamic IPs, so whitelisting them for MX LAN port scans doesn’t really work. I had to work around this once by using Residential Proxies, which let the scan appear from a consistent IP without messing with the MX rules.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.