Simple MX Configuration

ManolisFr
Getting noticed

Simple MX Configuration

Hello to the community

 

I am not a beginner but also i am not a guru 

 

We have a meraki MX64 till last summer in our company and i am looking for answers of how to configure it as best as possible. We have no serious problems 

Here is my configuration

 

The primary wan port is enabled by default (we have an internet bridge connection on it) and i also configured the Lan 4 port as wan and we have also a bridge internet connection on it

 

The meraki is enabled as dhcp server and we have no wireless connections on it . I mean that we do not have wireless access on our company network. For this case we have a 3rd router which is only for wireless and is outside of our company network (for customers or for our mobile phones)

 

For the operation of port forwarding i have only one rule for a port of our server and 1 static ip from outside is allowed to have access on this port

 

I blocked some website categories like sex,drugs,guns and i added 2 firewall layer 7 rules in order to block p2p networks and online gaming

I have enabled the advanced malware protections and intrusion detection

The last week one time a day i have these events and i don't know what they are

 

Intrusion detection started

Intrusion detection error

Intrusion detection rules update

 

We also have an endpoint protection the last month which is fine (seqrite) .

 

So, we have no serious problems but i want your advices how to add a better protection on meraki by adding some usefull rules 

 

2 Replies 2
MerakiDave
Meraki Employee
Meraki Employee

Hi @ManolisFr it really depends on what else you might want or need to restrict based on company policy for example.  But generally speaking, another common L7 FW deny rule is to block all peer-to-peer traffic for example.  And since you have the Advanced Security license to leverage Content Filtering, IPS and AMP, you might also consider putting geo-FW rules in place to block all traffic to/from specific countries.  Another common practice is to set a global per-client bandwidth limit on the SDWAN & Traffic Shaping page, so no one client or group of clients can hog too much of your ISP's bandwidth, perhaps 5 or 10Mbp with Speedburst enabled for example.  Since you have 2 ISP connections on WAN1 and WAN2/LAN4, you can also adjust the bandwidth sliders to the appropriate levels on that same traffic shaping page.  Hope that helps, perhaps that's a start at least, not sure what else you might be looking to do.

BrechtSchamp
Kind of a big deal

To add to the answer of @MerakiDave . That sequence of intrusion detection log messages is a known issue that is supposed to be solved in firmware version 14.31 according to this topic:

https://community.meraki.com/t5/Security-SD-WAN/Intrusion-Detection-Error-Log/td-p/20568

 

But as far as I can see the stable releases are still on 13.36.

 

If it bothers you you can upgrade to the newer firmware from Organization > Firmware Upgrades and then going to the All networks tab. Find your MX, select it, and click the Schedule upgrades button.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels