Meraki

Community

Regarding Security Center Alerts

MohanYadav
Getting noticed
‎Feb 22 2024 12:15 AM
‎Feb 22 2024 12:15 AM

Regarding Security Center Alerts

As you can see in IDS event section few threats session are allowing, so just wanted to know more about how we can prevent to such threat, it should be blocked by default from the meraki side, but session is allowing from source IP is not our Lan subnet & from where its making session with our MX IP that i am not able to understand. could please help to understand to flow so that i can handle this type case itself.

My corporate office is implementing some new threat detection service throughout our organization, and I need to allow a few ips so they won't get blocked by the Meraki Firewall. I know how to do this on my ASA, but I can't seem to figure it out on our MX64 and MX84. Any help is appreciated.


Feb 21 6:25:34 IDS Alert 98.195.67.12:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 command injection attempt

Feb 21 6:25:34 IDS Alert 98.195.67.12:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 overflow attempt

Feb 21 6:00:16 IDS Alert 98.194.65.92:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 command injection attempt

Feb 21 6:00:16 IDS Alert 98.194.65.92:500 77.231.32.146:500 Allowed SERVER-WEBAPPZyxel unauthenticated IKEv2 overflow attempt

 

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 12:53 AM
‎Feb 22 2024 12:53 AM

You can find it here.

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 12:56 PM
‎Feb 22 2024 12:56 PM

These are the settings I use on 99% of the sites I deploy.  Make sure it is set to "Prevention" to block.

 

PhilipDAth_0-1708635368778.png

 

0 Kudos
In response to PhilipDAth
MohanYadav
Getting noticed
‎Mar 31 2024 5:05 AM
‎Mar 31 2024 5:05 AM

This setting is already configured in our network but still we are getting allow session from the outside country. 

MohanYadav_1-1711886701786.png

 

 

0 Kudos
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 1:07 PM
‎Feb 22 2024 1:07 PM

Sounds like you want to go for Version 18.2 using Trusted Traffic exclusions

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Trusted_Traffic_Exclusio...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.