Reply I just got from Meraki.   "Greetings, IDS allowing known malicious signatures usually happens when the MX sees a single packet that matches the signature, but the flow terminates because the remote party reset the connection, so the MX can’t take action to “block” the flow. The security center still logs the event as "allowed" but no real malicious traffic was allowed for the flow since it was terminated. Please let me know if you have any questions." ... View more

Yep I got them again also. Meraki Support has been useless.   ... View more

Nothing constructive from Meraki yet, but I did get some new alerts that were also allowed. The destination on these is also my firewall's external WAN IP. Not sure if this is related, but it seems pretty coincidental if not. Has anyone else seen these new alerts?   ... View more

Yep the exact same IP and details. ... View more

Have you heard back yet? I had the same alerts this morning and am also waiting to hear back from Meraki Support.    Thanks. ... View more