Intrusion detection and prevention - Issues

trendkill
Here to help

Intrusion detection and prevention - Issues

I recently encountered a very irritating issue. Users were getting disconnected for 15-20 secs atleast 3-4 times in 1 hour. 

Its the same with LAN & WLAN, Corp or guest network. I checked all event logs and nothing unusual was found. IDP was set to Mode - Prevention & Ruleset - Balanced. As soon as i disabled the IDP there was no issue anymore. i had encountered an issue 1.5 years back related a specific snort rule that it was blocking all M365 Traffic. But meraki announced it globally & specified which snort rule was causing this issue. But this time the meraki support has no clue about which snort rule is casing this issue or its the IDP service itself causing this issue. Friends, may you please suggest as per experience what should be my next steps as i dont want to disable it completely or change the ruleset to connectivity

1 Reply 1
alemabrahao
Kind of a big deal
Kind of a big deal

Have you opened a support case?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.