Community Record
35
Posts
27
Kudos
2
Solutions
Badges
Nov 15 2017
12:06 PM
3 Kudos
The Challenge Question: Globally malicious web activity has morphed into a multi-billion dollar industry, threatening organizations large and small. How have you seen organizations leverage Meraki’s advanced security tools to combat emerging threats? The Challenge Response: Advanced Malware Protection (read more) and IPS/IDS (read more) are the features that immediately come to mind when thinking about combating malicious web activity. Furthermore, Meraki in June of 2017 released support for Threat Grid (read more), this add-on strengthens the advanced security tools portfolio. Lastly, Meraki has other features such as content filtering, identity based firewall, layer 3 rules, layer 7 rules, ACLs, and others that help organizations in this capacity that may not be "advanced security tools" but are still helpful in the fight. What I love about these three advanced offerings (AMP, IDS/IPS, and Threat Grid) is that Meraki allows organizations to deliver ubiquitous protection to combat emerging threats, and best of all, sticking to the mission statement, we now have cloud managed security tools that simply work! This simplification of powerful security tools has allowed organizations to deploy protections where the users may have previously been left in the dark due to various barriers such as, technical know-how, budget constraints, and systems management overhead. Organizations now have the freedom to focus their passions rather than spending time worrying about these threats and tools, Merakified* security! *(v. past part. merakified) to add soul, creativity or love to something, improving its performance through innovation, simplicity and flair!
... View more
Oct 20 2017
1:05 PM
I agree with @Dashboard_DJ that does not appear to be expected behavior. I do not see this when making firewall changes to MR devices I would expect the same for the MX.
... View more
Oct 20 2017
12:14 PM
@PhilipDAth I think you are correct on the specs. I would also add the MR42 supports AC Wave 2, had a dedicated scanning radio, just to name a few more. I agree with you here, where possible I try to deploy an MX as a dedicated security appliance and use MRs for the wifi needs.
... View more
Oct 20 2017
11:44 AM
We have a couple of the MX65w's running at a few remote locations. Unfortunately I cannot speak to the issue at hand. For me I was left feeling that the build in wifi on the MX65 was no where near what the MR42 could offer. Having said that we hung an MR42 off the MX with a PoE injector, that configuration works really great for us.
... View more
Oct 13 2017
2:32 PM
1 Kudo
Hello @CarolineS, Thank you for jumping in here and letting us know, so nice to have some Cisco Meraki presence here.
... View more
Oct 13 2017
1:41 PM
3 Kudos
@Jack I am not sure what it was removed, there was nothing in there that was a privacy concern. Anyway, earlier I was testing with a Win 7 box, when I tested with a Win 10 box, bam right away Windows Update broke. I am running MX 12.24 on this MX 100, I moved the client over to my MX 250 running MX 14.XX and right away the updates started working. I can confirm there is an issue here and I was able to replicate it exactly as you described. Ryan
... View more
Oct 13 2017
1:23 PM
@Jack I wrote out a really lengthy reply and added screenshots, it now disappeared or was removed, did you get a chance to see that reply?
... View more
Oct 13 2017
12:56 PM
Hello Again @Jack I have a spare MX100 running 12.24 that I reset back to factory and I enabled AMP and IDS like you have, see screenshots. I also added the L7 rules you mentioned above. I happen to have an extra connection to the outside world with a public IP, so there is not a double NAT taking place here. I had no problem fetching updates from windows update servers or adobe updates. if this traffic was getting grabbed by IDS or by AMP, there would be a log of that event that is easy to find the in security center. This very much sound like an issue with Content Filtering, more specifically IP/URL reputation as @PhilipDAth mentioned. "In firmware version 13.3, URL reputation was prioritized over IP reputation, as opposed to IP reputation being the deciding factor on previous firmware versions. If, for some reason, the IP has a different categorization then the URL, the client could be allowed through." I can tell you that I am running MX 14.15 on an MX250 and I have not been adversely affected by this beta firmware in a production environment with 1000+ daily clients. "If a client is being blocked from accessing a page, the easiest way to tell whether content filtering is blocking the traffic is to check your Event Log. When looking at the Security Appliance's network in the dashboard, navigate to Network-wide > Monitor > Event log. To help narrow down the scope, the event type 'Content filtering blocked URL' can be included in the 'Event type include' field." I hope this helps. Ryan
... View more
Oct 13 2017
12:31 PM
@Jack May I get a screen capture of your content filtering and layer 3 / 7 rules? You are running MX 12.24 correct? Ryan
... View more
Oct 13 2017
12:06 PM
Hello @Jack I have an MX100 sitting as a cold spare to our MX250. I will fire this up and create a test network and try to duplicate the issue. When we had the MX100 in operation AMP was grabbing Console8 updates as malicious. I am assuming AMP is enabled and what are you IDS settings? Prevention and Balanced? Just want to duplicate your settings here.
... View more
Oct 13 2017
11:02 AM
2 Kudos
My personal knee jerk reaction here is that you will spend more time managing a non-standard implementation than anything. If you put a dollar figure on the time it takes to manage this solution, Im betting in the long run going VPP will save you time and as a result money. The other thing I might mention, VPP with SM scales, where as if you try to scale 20, this solution does not scale. I don't have all of the details here honestly and I could be totally off base. I just know from experience at my organizations, I take the Meraki approach, Simplify IT. I hope this is somehow helpful. Ryan
... View more
Oct 12 2017
10:15 PM
1 Kudo
I was told day before last at a Meraki event in Spokane the following is required for Direct Streaming. 1. Endpoint and MV are behind the same NAT device. 2. The endpoint has an IP route to the private IP of the MV. 3. There must not be any layer 3 firewall rules that block interVLAN routing between the endpoint subnet and the MV subnet. Direct Streaming can also happen when the endpoint is either on the LAN or connected via VPN. If the stream is taking place via the Cloud proxy, you will see a cloud symbol in the bottom left hand corner of the video feed window.
... View more
Oct 12 2017
9:58 PM
I also would like to see some addition options around Cisco Meraki certifications, to include the CMNA. As a customer, I see value in the CMNA, I constantly have to sell solutions / products to management ever year. Budgeting, 5 YR plans, Erate Category 2 availability, etc. While perhaps I am not selling the product direct to a customer, many of us selling it to "someone". I am drinking the Meraki cool-aid and some additional options here will keep it sweet. Ryan
... View more
Oct 12 2017
9:31 PM
1 Kudo
Hello Everyone, Ryan Zimmerle here from Forrest M. Bird Charter Schools, we are a small school located in Sandpoint, Idaho. We are a full stack customer if you will and I look forward to being a part of this community. Thank you Cisco Meraki. Ryan
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 37662 | Oct 13 2017 1:41 PM | |
| 9575 | Oct 12 2017 10:15 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 37672 | |
| 3 | 37662 | |
| 2 | 12227 | |
| 1 | 35248 | |
| 1 | 9575 |
