Interested in how the MX84 (or similar) device actually isolates a device it recognizes as having malware. Does it turn off the switch port (if so how does it do this) or is there some other mechanism it uses to isolate the device and protect other connect devices on the LAN.
I guess my point is the blocking of the device is only out through the firewall so whether the switches are Meraki switches or other Cisco switches (or other Managed switches) the blocking function is still the same and the LAN is still exposed other than manual intervention?
I assume you are referring to the Advanced Malware Protection (AMP)? If so, "When enabled, all HTTP traffic will be analyzed for malware. Files determined to be malicious will automatically be blocked before they reach the client. For a description of file types that will be evaluated, visit our Security Filtering Documentation Page"
So basically it just protects/stops the malware. It doesn't isolate or, in any way, contain the entire clients traffic. Only the malware identified traffic that the client is trying to participate in.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.