Meraki

Community

Threat Protection with site-to-site VPN

lordjeffers
Just browsing
‎Jan 23 2018 3:24 AM
‎Jan 23 2018 3:24 AM

Threat Protection with site-to-site VPN

Having set up a site-to-site VPN to an external organisation I'm wondering if traffic entering our network will be protected by Meraki Threat Protection

 

Does Threat Protection scan traffic entering the network via site-to-site VPN (non-meraki peer)?

0 Kudos
7 Replies 7
Adam
Kind of a big deal
‎Jan 23 2018 7:14 AM
‎Jan 23 2018 7:14 AM

I'm pretty sure that threat protection, content filtering, AMP and all those items only apply to WAN ports.  I believe Site to Site VPN is considered a LAN link and then only those firewall rules that you setup on the Security Appliance>Site to Site VPN apply. Only thing I could find in the documentation is this "In a full tunnel topology, all security and content filtering must be performed on the full tunnel client. The Exit hub will not apply Content Filtering, IPS blocking, or Malware Scanning to traffic coming in over the VPN. However, IDS scanning will be performed for this traffic."

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
lordjeffers
Just browsing
‎Jan 23 2018 7:16 AM
‎Jan 23 2018 7:16 AM

Thanks, I found the same documentation but it doesn't really clear things up.  I'll see if I can get a definitive answer out of Meraki Support...

0 Kudos
In response to lordjeffers
lordjeffers
Just browsing
‎Jan 23 2018 7:50 AM
‎Jan 23 2018 7:50 AM

I received the following from Support:

 

This traffic should still be inspected by the threat protection features on the MX as the MX is required to unencrypt the VPN traffic, so will apply the threat protection features during this. 

 

 

0 Kudos
In response to lordjeffers
Adam
Kind of a big deal
‎Jan 23 2018 8:08 AM
‎Jan 23 2018 8:08 AM

I'd be interested in others feedback on this also.  I know for sure the MX unencrypts.  But I was definitely unaware that it still applied the threat protections to the VPN tunnel traffic.   I'd be glad if it does but surprised. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 23 2018 12:12 PM
‎Jan 23 2018 12:12 PM

I'm with @Adam - I don't believe VPN traffic will be AMP inspected.

 

Perhaps do some tests with the EICAR test virus.  Note you might have to have your settings set to prefer "Security" for the test case virus to be blocked.

http://www.eicar.org/85-0-Download.html

0 Kudos
Meraki_Rocks
Here to help
‎Jan 26 2018 7:52 AM
‎Jan 26 2018 7:52 AM

This would be something I hope is clarified soon! -great question

0 Kudos
In response to Meraki_Rocks
LV_MW_MSP
Getting noticed
‎Jan 26 2018 6:50 PM
‎Jan 26 2018 6:50 PM

As far as I know, threat protection absolutely scans all site to site VPN traffic. We had an issue where threat protection was blocking QNAP replication between two sites. After weeks of working with support, they confirmed there is no way to stop that from happening at this time. The only fix was to white list all the signatures so it ignored them. That was our fix which worked.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.