- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Snort IPS/IDS exception
As far as I can tell there isn't a way to whitelist an IP in the Threat Protection (Snort IPS/IDS). What are you doing when it comes to performing vulnerability scans on your network because of this limitation? Do you have a workaround? I'm only using the MX line of Meraki products.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you can exclude the address/range here? "security appliance > Threath protection > Protected networks"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't see the option for "Protected Networks" there under security appliance > Threat protection.
Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This "Protected networks" field seems to be only available when in "Passthrough or VPN concentrator" mode.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only option I can think of is to change the mode from "Prevention" to "Detection" for the duration of the scan. Then at least it wont attempt to stop it - only log it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create a group policy and apply it to the clients that will be in the test, schedule it for the days and times for the test as well and disable AMP. I suspect IDS/IPS is disabled when AMP is inactive. Not sure but give this a test. Make a wish to include IPS/IDS controls in the Group Policy options.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've filled out the 'Make A Wish' for this same reason. I like the idea someone mentioned about using detect instead of prevent, but we have too many networks to do this manually each time.