Not a web server, not a proxy. It does run secondary/backup DNS, but our primary has not gone offline, is always reachable.  We do have firewall/inbound rules created, nothing forwarded to this server, no NAT.  Not sure it would be a bad DNS request, this would get stopped at the client before it hit the DNS server. We have allow/block rules set for our HIP system.  The IDS alerts that pop up from this server are not generated internally from a host callup, they are all incoming (from what I can see).  I appreciate all the help from everyone. Meraki's response again yesterday was "Our engineers are still investigating this issue, and no timeline to resolution". FYI Today already, no we do not use AWS for anything.  Thank you again everyone.    ... View more

We ran into same issue, same error in MX events. We have a very large Xerox press that scan to email suddenly stopped working. I added our printer as a trusted IP and allowed rule in IDP. Scan to email now works. Will continue to monitor, but it does seem like a false positive in Talos.  ... View more

What are you using to measure the 500/200 speed?   Is the speed better after the MX has had a reboot? ... View more

We do have some port forwards for several servers, but nothing forwarded to this server.  We run some client VPN connections; NO-NAT is not enabled. No local users have rights to this server.  Just very odd that the IP, FQDN of this IDS alert resolves to dhs.gov on AWS. These events were just Monday and yesterday. Nothing today. I did upgrade firmware to 211.4 last night, may have fixed that issue but not our speed issue. Our internet speeds are still very low coming through our MX250. I might open a ticket today. We have gig/gig fiber. Before new firmware we were getting 900/200. Today I am getting 500/200.  Not good.  ... View more

I have used "unique client identifier" a lot without issue. ... View more

I have not. The community is always my first goto 😉 The repeater is working for one of my SSID's, so I know it's halfway?.....working.....lol I will open a case and  post what I find.  Thank you everyone again!!!   ... View more

Turn it on.  I net you don't notice any performance difference on the existing WiFi network. ... View more

that's a distribution node on Level3's backbone. They have endpoints all over, and are pretty much a tier 0 network ... View more

Are the alerts in question being thrown by traffic directed to the MX's WAN/Public IP? If so, you're going to see "Allowed" as a decision, because the IDS sees and processes packets before the inbound firewall does. If there are no port forwards, or other static NAT rules in place that permit that traffic, the IDS will alert that it's seen a payload matching a signature, and start waiting for additional traffic to drop. If no more comes - in this case, because the packet in question never gets a response because the inbound firewall dropped it - the IDS effectively cannot block any further traffic, so it notes it as Allowed. ... View more

Nice! Thanks for reporting back. Glad we could make it a pleasant experience! ... View more