About StayGB

StayGB · ‎11-08-2022

Not the NoNAT again. This has been a Beta firmware feature for as long as I can remember. Surely it cannot be recommended to secure PCI cardholder network devices behind a firewall running Beta firmware! Clearly Meraki cannot be satisfied with the security of the feature otherwise it would have not remained in Beta for all this time. If we are forced to use Beta firmware to provide essential features, which by definition are not supported / recommended in production environments, then what are we paying our subscriptions for?

StayGB · ‎11-08-2022

I was extremely concerned by the request to open our firewall permanently and disable (or at least whitelist those blocks) for IDS. I have already directly requested that Meraki Support adds this to this device. In their response they ignored this and clearly did not wish to comply with my request for whatever reason!

StayGB · ‎11-07-2022

To navigate a PCI compliance audit the PCI approved scanning vendor has requested that we open our MX to L3 inbound to their IPv4 blocks so they can scan the devices within our network. Meraki support has stated that the MX only supports 1:1 NAT or port forwarding, but as far as I am aware, none of these options will achieve what is required by the ASV. There is at present only IPv6 inbound layer three firewall. I cannot believe that a Cisco Meraki MX cannot accommodate PCI scanning so I would greatly appreciate some wisdom on how this could be accomplished.

StayGB

Community Record

Re: Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor

Re: Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor

Meraki MX cannot meet the requirements of PCI Approved Scanning Vendor