Meraki

Akash01 · ‎May 22 2024

We are currently testing the Intrusion Detection System (IDS) and Intrusion Prevention System (IDPS) capabilities of our Cisco Meraki setup, specifically by conducting port scanning of our network IP. However, we've encountered an issue where no logs are being generated on the portal, even after conducting multiple types of attacks in a controlled environment. Could you please advise if there is a setting or configuration we might be overlooking?

RaphaelL · ‎May 22 2024

Is it intra-vlan trafic ? : https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

alemabrahao · ‎May 22 2024

Did you change your filter to include all logs?

I will confess that I was once embarrassed by a client because the feature didn't work as expected. We simulated several types of attacks and none were blocked.

We got to involve Meraki and it never worked as expected. So in short, the customer gave up on the product.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎May 22 2024

>specifically by conducting port scanning of our network IP

Port scanning won't trigger anything. You'll need to try an actual exploit. Metasploit is a well known popular tool for doing this kind of thing.

https://www.metasploit.com/

Meraki

Community

Issue with Log Generation in Cisco Meraki IDS and IDPS Testing

Issue with Log Generation in Cisco Meraki IDS and IDPS Testing