I'm running an internal vulnerability scanner in a network behind an MX appliance. We just turned on IPS/IDS and it's blocking all of the simulated traffic from the vuln scanner, which is great and what it should do, but my only way to permit this traffic is to either change the mode to detect only or exempt every single attack type the vuln scanner simulates, which would obviously not be a good route to go as it is not only time consuming but then leaves the IPS in a state where it is overly permissive.
I contacted support and they confirmed there is no way to allow list a point of origin past the IPS/IDS. I simply can't wrap my head around that being a true statement. I can't be the only org with MX firewalls and a vulnerability scanner right? Also, if you have an organizational need to whitelist a detected event, your only option is to whitelist it regardless of source.
Is Meraki IPS/IDS seriously this undeveloped? This is a very basic control in my opinion, how could this still be missing after all of these years?
Here's a Reddit post from 5 years ago complaining about the same thing so I guess this is never going to be fixed huh?
Obviously that's the best solution available, but it's a very crummy one. I can't be the only person annoyed at this very basic feature being missing. Adding an exception in Firepower/Fortigate/Sonicwall or anyone else takes about 30 seconds. This is a pretty frustrating shortcoming in the Meraki interface.