cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Selectively disabling threat protection (AMP & IDS/IPS) with group policy

SOLVED
JonathanDixon
Here to help

Selectively disabling threat protection (AMP & IDS/IPS) with group policy

Hi All,

 

It looks like it's possible to disable Advanced Malware Protection (ie. HTTP file download inspection) at a group policy level, but not Intrusion detection and prevention (SNORT) - does anyone know if it's possible to do this somehow?

 

Use case is a firewall with lots of guest internet users connected to one subnet that we're not interested in protecting, but we are interested in protecting admin users on a separate subnet.

 

 

Thanks,

 

Jonathan

1 ACCEPTED SOLUTION

Accepted Solutions
HitoshiH
Meraki Employee

Re: Selectively disabling threat protection (AMP & IDS/IPS) with group policy

The group policy is able to override AMP setting but not IDS / IPS.

There is no exclusion of IDS / IPS for particular subnet or IP address is available at this moment.

 

IDP / IPS works between LAN port and Internet ports, and also between VLANs (Subnets).

Thus, the setting is enabled / disabled network-wide for detection / prevention to work for securing the entire network.

~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

The Meraki ECMS exam is now live! Test your knowledge of Meraki and become an official Cisco Meraki Solutions Specialist. More info on the ECMS exam found here.

For information regarding all of Meraki's training offerings, be sure to check out the Meraki Learning Hub.

View solution in original post

2 REPLIES 2
ludwigbery
Getting noticed

Re: Selectively disabling threat protection (AMP & IDS/IPS) with group policy

I believe you can apply a certain Policy per subnet, its on the Addressing and VLAN part of the meraki

HitoshiH
Meraki Employee

Re: Selectively disabling threat protection (AMP & IDS/IPS) with group policy

The group policy is able to override AMP setting but not IDS / IPS.

There is no exclusion of IDS / IPS for particular subnet or IP address is available at this moment.

 

IDP / IPS works between LAN port and Internet ports, and also between VLANs (Subnets).

Thus, the setting is enabled / disabled network-wide for detection / prevention to work for securing the entire network.

~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

The Meraki ECMS exam is now live! Test your knowledge of Meraki and become an official Cisco Meraki Solutions Specialist. More info on the ECMS exam found here.

For information regarding all of Meraki's training offerings, be sure to check out the Meraki Learning Hub.

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.