Selectively disabling threat protection (AMP & IDS/IPS) with group policy

Solved
JonathanDixon
Here to help

Selectively disabling threat protection (AMP & IDS/IPS) with group policy

Hi All,

 

It looks like it's possible to disable Advanced Malware Protection (ie. HTTP file download inspection) at a group policy level, but not Intrusion detection and prevention (SNORT) - does anyone know if it's possible to do this somehow?

 

Use case is a firewall with lots of guest internet users connected to one subnet that we're not interested in protecting, but we are interested in protecting admin users on a separate subnet.

 

 

Thanks,

 

Jonathan

1 Accepted Solution
HitoshiH
Meraki Employee
Meraki Employee

The group policy is able to override AMP setting but not IDS / IPS.

There is no exclusion of IDS / IPS for particular subnet or IP address is available at this moment.

 

IDP / IPS works between LAN port and Internet ports, and also between VLANs (Subnets).

Thus, the setting is enabled / disabled network-wide for detection / prevention to work for securing the entire network.

~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

The Meraki ECMS exam is now live! Test your knowledge of Meraki and become an official Cisco Meraki Solutions Specialist. More info on the ECMS exam found here.

For information regarding all of Meraki's training offerings, be sure to check out the Meraki Learning Hub.

View solution in original post

2 Replies 2
ludwigbery
Getting noticed

I believe you can apply a certain Policy per subnet, its on the Addressing and VLAN part of the meraki

HitoshiH
Meraki Employee
Meraki Employee

The group policy is able to override AMP setting but not IDS / IPS.

There is no exclusion of IDS / IPS for particular subnet or IP address is available at this moment.

 

IDP / IPS works between LAN port and Internet ports, and also between VLANs (Subnets).

Thus, the setting is enabled / disabled network-wide for detection / prevention to work for securing the entire network.

~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

The Meraki ECMS exam is now live! Test your knowledge of Meraki and become an official Cisco Meraki Solutions Specialist. More info on the ECMS exam found here.

For information regarding all of Meraki's training offerings, be sure to check out the Meraki Learning Hub.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels