For those interested in the Meraki comment on VPNFilter. Please review the Talos blog post listed within this blog for most up-to-date and full detailed explanation
Sorry, I might not understand this correctly... Since VPNFilter is obviously proven to be bad stuff and AMP already has its signature and blocking it why do I still need to manually create content filtering rules ( to block those Photobucket links ) and Layer 3 firewall rule to block those bad IP?
Good question. If you read the Talos blog post, it mentions particular routers that are vulnerable. Meraki MX isn’t one of them. However, if you have one of the affected routers elsewhere in your network, there is a small chance those other routers are affected.
You are correct that have IPS enabled is the most important piece to keep the network safe. Content filtering and Layer 3 firewall rules are mostly redundant steps to provide additional safety.
So, at this time, the only possible additional protection right now for Meraki MX Enterprise users would be upgrade to the Advanced Security License. Correct?
You can implement Layer 3 firewall rules with the Enterprise license. However, content filtering and Intrusion Detection are part of the Advanced Security license.