cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX84 - Isolate Client Device

SOLVED
Highlighted
Here to help

MX84 - Isolate Client Device

Interested in how the MX84 (or similar) device actually isolates a device it recognizes as having malware.  Does it turn off the switch port (if so how does it do this) or is there some other mechanism it uses to isolate the device and protect other connect devices on the LAN.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: MX84 - Isolate Client Device

It does not do anything to protect other devices on the LAN.

 

If you use Systems Manager, you can have it check the antivirus/antivirus on the machine and if that reports the machine is infected you can have a group policy applied.

 

If it is plugged into a Meraki switch or connected via Meraki WiFi it could be isolated at that point in time.

View solution in original post

6 REPLIES 6
Highlighted
Kind of a big deal

Re: MX84 - Isolate Client Device

It does not do anything to protect other devices on the LAN.

 

If you use Systems Manager, you can have it check the antivirus/antivirus on the machine and if that reports the machine is infected you can have a group policy applied.

 

If it is plugged into a Meraki switch or connected via Meraki WiFi it could be isolated at that point in time.

View solution in original post

Highlighted
Here to help

Re: MX84 - Isolate Client Device

So coupled with a Meraki Switch it can instruct the Switch to turn off the port?

Highlighted
Kind of a big deal

Re: MX84 - Isolate Client Device

No.  You you can have it apply a firewall rule blocking all the traffic.

Highlighted
Here to help

Re: MX84 - Isolate Client Device

I guess my point is the blocking of the device is only out through the firewall so whether the switches are Meraki switches or other Cisco switches (or other Managed switches) the blocking function is still the same and the LAN is still exposed other than manual intervention?

Highlighted
Kind of a big deal

Re: MX84 - Isolate Client Device

I have looked into this further.  L3 and L7 firewall rules for group policy can only be applied to MX and MR, and not MS.  So it can not be done at the switch port level.

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

 

You should be able to do this using 802.1x and Cisco ISE, but that is a very complex setup.

You should be able to do this using 802.1x and Microsoft NPS using a health policy, but that is a fairly complex setup.

Highlighted
Kind of a big deal

Re: MX84 - Isolate Client Device

I assume you are referring to the Advanced Malware Protection (AMP)?  If so, "When enabled, all HTTP traffic will be analyzed for malware. Files determined to be malicious will automatically be blocked before they reach the client. For a description of file types that will be evaluated, visit our  Security Filtering Documentation Page"  

 

So basically it just protects/stops the malware.  It doesn't isolate or, in any way, contain the entire clients traffic.  Only the malware identified traffic that the client is trying to participate in. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.