Workaround for deep packet inspection

SOLVED
IT_Magician
Building a reputation

Workaround for deep packet inspection

As the title says, I am looking for deep packet solution that works with Cisco Meraki. We love Meraki, but we need the ability to scan encrypted traffic, scan it for PII, and if the destination/source is not on the allow list, the packet is dropped.

 

Since Meraki cannot do deep packet inspection, does anyone know of an affordable way to integrate a deep packet inspection engine with DLP capabilities on the edge? Maybe somehow filter through a proxy that can do this?

1 ACCEPTED SOLUTION
Brash
Kind of a big deal
Kind of a big deal

The integration piece that Cisco/Meraki offers here is Cisco Umbrella with SIG Essentials or SIG Advantage licensing.

 

Otherwise you'd be looking at putting another vendor's security appliance inline.

View solution in original post

5 REPLIES 5
Brash
Kind of a big deal
Kind of a big deal

The integration piece that Cisco/Meraki offers here is Cisco Umbrella with SIG Essentials or SIG Advantage licensing.

 

Otherwise you'd be looking at putting another vendor's security appliance inline.

KarstenI
Kind of a big deal
Kind of a big deal

As Brash mentioned, the Umbrella SIG is likely the best option if you want to scan only internet-traffic. If you also want to inspect traffic flowing from VLAN to VLAN or between different auto-VPN sites, Umbrella would not help. But the mentioned inline device between the MX and the internal switch would do the Job. For Cisco, this could be a Firepower appliance with the appropriate licensing.

IT_Magician
Building a reputation

Thank you for the quick responses, we are looking into Umbrella SIG.

 

This is 100% just my opinion, but Meraki is so far ahead of the competition when it comes to ease of use, ability to quickly pinpoint the issue, and preventing misconfigurations that could cause an issue, that moving to some of the DPI capable vendors for us, is a huge step backwards.

PhilipDAth
Kind of a big deal
Kind of a big deal

Funnily enough - Meraki MX used to have HTTPS inspection - and the feature was removed.  It didn't work very well.

 

I still have it enabled in my lab.  You might be able to ask support to turn it on for you to play with - but you'll be on your own.  Meraki could break it at any time - no longer supported.

 

PhilipDAth_0-1682890185992.png

 

 

Umbrella SIG is a million times better than the deprecated HTTPS inspection feature.

Brash
Kind of a big deal
Kind of a big deal

I've always been of the opinion that HTTPS inspection sounds great in theory but is still too processor intensive to be truly effective on a security appliance, unless you hugely overspe the appliance.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels