Meraki

Community

About StayGB

Re: Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor

by in Security & SD-WAN
‎Nov 8 2022 3:05 AM
‎Nov 8 2022 3:05 AM
Not the NoNAT again. This has been a Beta firmware feature for as long as I can remember. Surely it cannot be recommended to secure PCI cardholder network devices behind a firewall running Beta firmware! Clearly Meraki cannot be satisfied with the security of the feature otherwise it would have not remained in Beta for all this time.   If we are forced to use Beta firmware to provide essential features, which by definition are not supported / recommended in production environments, then what are we paying our subscriptions for? ... View more

Re: Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor

by in Security & SD-WAN
‎Nov 8 2022 2:58 AM
‎Nov 8 2022 2:58 AM
I was extremely concerned by the request to open our firewall permanently and disable (or at least whitelist those blocks) for IDS.   I have already directly requested that Meraki Support adds this to this device. In their response they ignored this and clearly did not wish to comply with my request for whatever reason! ... View more

Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor

by in Security & SD-WAN
‎Nov 7 2022 2:57 PM
‎Nov 7 2022 2:57 PM
To navigate a PCI compliance audit the PCI approved scanning vendor has requested that we open our MX to L3 inbound to their IPv4 blocks so they can scan the devices within our network. Meraki support has stated that the MX only supports 1:1 NAT or port forwarding, but as far as I am aware, none of these options will achieve what is required by the ASV. There is at present only IPv6 inbound layer three firewall.   I cannot believe that a Cisco Meraki MX cannot accommodate PCI scanning so I would greatly appreciate some wisdom on how this could be accomplished. ... View more
Labels:
© 2024 Cisco Systems, Inc.