Thanks for the reply. I must have misinterpreted the "however, IDS scanning ... " in this Meraki site documentation that says: Security features over full-tunnel VPN In a full tunnel topology, all security and content filtering must be performed on the full tunnel client. The Exit hub will not apply Content Filtering, IPS blocking, or Malware Scanning to traffic coming in over the VPN. However, IDS scanning will be performed for this traffic If this is the case, Z1 teleworker does not really offer any security to my Z1 users, not much use of pointing them to my MX400 . Will try to the EICAR test as suggested and will let you know. Thanks again.
... View more