Meraki Community

davidvan · ‎May 23 2018

Hi All,

For those interested in the Meraki comment on VPNFilter. Please review the Talos blog post listed within this blog for most up-to-date and full detailed explanation

https://meraki.cisco.com/blog/2018/05/ensure-youre-secure-from-vpnfilter/

Jack · ‎May 25 2018

Sorry, I might not understand this correctly... Since VPNFilter is obviously proven to be bad stuff and AMP already has its signature and blocking it why do I still need to manually create content filtering rules ( to block those Photobucket links ) and Layer 3 firewall rule to block those bad IP?

davidvan · ‎May 27 2018

Hi Jack,

Good question. If you read the Talos blog post, it mentions particular routers that are vulnerable. Meraki MX isn’t one of them. However, if you have one of the affected routers elsewhere in your network, there is a small chance those other routers are affected.

You are correct that have IPS enabled is the most important piece to keep the network safe. Content filtering and Layer 3 firewall rules are mostly redundant steps to provide additional safety.

Castar · ‎May 29 2018

Hey David:

So, at this time, the only possible additional protection right now for Meraki MX Enterprise users would be upgrade to the Advanced Security License. Correct?

davidvan · ‎May 29 2018

Hi Castar,

You can implement Layer 3 firewall rules with the Enterprise license. However, content filtering and Intrusion Detection are part of the Advanced Security license.

Meraki Community

VPNFilter Malware Blog Post

VPNFilter Malware Blog Post