Regarding Security Center Alerts

MohanYadav
Getting noticed

Regarding Security Center Alerts

As you can see in IDS event section few threats session are allowing, so just wanted to know more about how we can prevent to such threat, it should be blocked by default from the meraki side, but session is allowing from source IP is not our Lan subnet & from where its making session with our MX IP that i am not able to understand. could please help to understand to flow so that i can handle this type case itself.

My corporate office is implementing some new threat detection service throughout our organization, and I need to allow a few ips so they won't get blocked by the Meraki Firewall. I know how to do this on my ASA, but I can't seem to figure it out on our MX64 and MX84. Any help is appreciated.


Feb 21 6:25:34 IDS Alert 98.195.67.12:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 command injection attempt

Feb 21 6:25:34 IDS Alert 98.195.67.12:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 overflow attempt

Feb 21 6:00:16 IDS Alert 98.194.65.92:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 command injection attempt

Feb 21 6:00:16 IDS Alert 98.194.65.92:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 overflow attempt

 

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

You can find it here.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

These are the settings I use on 99% of the sites I deploy.  Make sure it is set to "Prevention" to block.

 

PhilipDAth_0-1708635368778.png

 

This setting is already configured in our network but still we are getting allow session from the outside country. 

MohanYadav_1-1711886701786.png

 

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Sounds like you want to go for Version 18.2 using Trusted Traffic exclusions

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

Get notified when there are additional replies to this discussion.