Meraki

ITDUDE · ‎Aug 7 2024

does VPN to VPN traffice pass though the Intrusion detection and prevention threat proteection or does it bypass this?

KarstenI · ‎Aug 7 2024

IPS is done on the MX where the traffic enters the AutoVPN system; not on the Hub if you have Spoke -> Hub -> Spoke traffic.

But if I remember right, IDS would still be done on the Hub.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Jinbe · ‎Aug 8 2024

That is correct, security inspection such as Content Filtering and Threat Protection is done locally on the MX. The hub/concentrator MX will not inspect traffic from the remote VPN subnets.

You can find this information referenced here: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering_and_Th...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

pdeleuw

Sorry for the late reply ... But there is a discrepancy between your answer and Karsten's answer. My understanding is, that Threat Protection includes IPS/IDS and AMP. Karsten mentions, IDS is done on the hub/concentrator. Your answer says, there is no inspection with Content Filtering and Threat Protection on the hub/concentrator. Please, clarify: Is IDS/IDS done on the concentrator for the remote subnets?

KarstenI

There doesn't have to be a discrepancy. IPS is always done on the ingress MX. The second sentence was about pure IDS. I remember seeing alerts from the hub device when there was no IPS on the Spoke, but I could have remembered this wrong. Most importantly, for real protection, the Hub is not used and the function has to be implemented on the spoke.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.