Meraki

RobG · ‎Sep 27 2017

As far as I can tell there isn't a way to whitelist an IP in the Threat Protection (Snort IPS/IDS). What are you doing when it comes to performing vulnerability scans on your network because of this limitation? Do you have a workaround? I'm only using the MX line of Meraki products.

ww · ‎Sep 27 2017

I think you can exclude the address/range here? "security appliance > Threath protection > Protected networks"

WadeAlsup · ‎Sep 27 2017

I don't see the option for "Protected Networks" there under security appliance > Threat protection.

Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

ww · ‎Sep 28 2017

This "Protected networks" field seems to be only available when in "Passthrough or VPN concentrator" mode.

PhilipDAth · ‎Sep 27 2017

The only option I can think of is to change the mode from "Prevention" to "Detection" for the duration of the scan. Then at least it wont attempt to stop it - only log it.

ARiK_LeV · ‎Sep 27 2017

Create a group policy and apply it to the clients that will be in the test, schedule it for the days and times for the test as well and disable AMP. I suspect IDS/IPS is disabled when AMP is inactive. Not sure but give this a test. Make a wish to include IPS/IDS controls in the Group Policy options.

jbhehoman · ‎Sep 28 2017

I've filled out the 'Make A Wish' for this same reason. I like the idea someone mentioned about using detect instead of prevent, but we have too many networks to do this manually each time.

Meraki

Community

Snort IPS/IDS exception

Snort IPS/IDS exception