Restrictions of AMP file inspection

TKMY
Conversationalist

Restrictions of AMP file inspection

I found below restructions from past Cisco Live documents and I would like to know if these still exists.

 

- AMP file inspection supports only HTTP traffic (HTTPS, SMTP, POP3, IMAP, FTP etc. aren't supported).

- Max inspected file size is 5MB.

 

Please let me know if there are anything else I should be aware of.

5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal

This restriction is still in place as there is no TLS decryption on the MX/Z-series. Two years ago there was a CiscoLive presentation where it was stated that it is coming, and there already was a screenshot showing it. But I wouldn't expect that Meraki will really implement it. My guess is that they just rely on Umbrella SIG for HTTPS decryption.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
TKMY
Conversationalist

Thank you for your quick response.

 

You mentioned that TLS decryption is still beta and not recommended for production.
Is it correct ?

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection

 

TKMY
Conversationalist

How about 5MB restriction?

KarstenI
Kind of a big deal
Kind of a big deal

I am not aware of any changes in checked file sizes. But with only HTTP inspected, AMP is not really relevant nowadays.

For the TLS decryption: Yes, beta (or alpha?), and I would expect that Meraki will drop this feature in favour of the Umbrella SIG integration. But that is only a guess. And I don't want to imagine what happens to my MX64 after enabling the inspection. Probably it will just burn and cry because of missing resources ... 😉

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
BlakeRichardson
Kind of a big deal
Kind of a big deal

I have foudn AMP to be a pain and it has caused me numerous issues with online platforms like Steam where it was obstructing downloads for no reason with nothing listed in the event logs as to why traffic was blocked.

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels