dealing with malware on an MX100 network

billo
New here

dealing with malware on an MX100 network

We use a cloud VOIP phone system at our small office. Recently, the border router of our cloud VOIP provider detected a port scan of their network from our fixed IP.  The border router then blocked our whole IP which took our phones down.  I suspect something on the network has some malware.  I have two questions:

1. Is there a way to do outbound filtering on the MX100? What I'd like is to allow connections to our VOIP provider on only the ports that should be allowed, so the port scan couldn't hit our service provider. Or other suggestions on how to solve this?

 

2. are there any features or add-ons to MX100 to detect bad actors doing things such as port scans or DOS attacks from inside our network.

 

Thanks for any thoughts.

4 REPLIES 4
Chris_M
Getting noticed

You can use firewall rules to restrict ports on outbound connections to what is needed by the VOIP provider. This is done via security appliance firewall layer 3 rules.

 

As for checking for malware, if you have the Advanced Security License, then you can use Advance Malware Protection to protect your network.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
ElliotGardner
Conversationalist

1. Yes you should just be able to setup outbound firewall rules, Security Appliance > Configure > Firewall Rules and add rules under "Outbound Rules'

 

2. Do you have an advanced security license for the MX100?

Thanks, Chris and Eliot. I will take a look at Advanced Security license. I don't have it right now,

 

Also thanks for quick pointer on outbound firewall rules!

 

The Advanced Malware Protection and the intrusion detection/prevention that come with the Advanced Security license are awesome features. I've had AMP stop malware that hitched a ride into the network and the intrusion prevention has really opened my eyes to the fact that even small companies should be concerned with worldwide hackers.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels