This has actually forced us to move on to a different firewall, that supports basic enterprise features like this.  ... View more

I looked into this exploit a bit more, and it specifically looks for .cab files.   https://snort.org/rule_docs/1-16295 Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header. Windows Update sends out .cab files through it's updates, and it can be common sometimes for antivirus / firewalls to trigger .cab files as false-positives. ... View more

I can confirm one of these IP's is a windows update server.  So there's no way Meraki can tell us that this isn't a false positive.. because well there's no way microsoft's windows update server is sending us KasperSky Exploits.  "vip0x008.map2ssl.hwcdn.net" - 209.197.3.8 =  ctldl.windowsupdate.com"        ... View more

I mean, I highly doubt any of us are using Russian anti-virus software in our organizations, so it probably is safe to whitelist.  But it is annoying that you can't create any exemptions for specific hosts, that you either whitelist the entire signature or nothing at all..   So if it was a signature for something that could sometimes be a false positive and sometimes not, the only choice you have is to keep it.. or risk an actual attack. Meraki is good for switches, good for WiFi.  But as a Firewall, meh.  ... View more

Can confirm our organization is getting this as well.  Got a bunch of alerts for that buffer overflow relating to AKAMAI Technologies.  Also getting these other ones that look like this, but not as many:  vip0x008.map2.ssl.hwcdn.net  ... View more

We're now headed in a different direction.  Going with Fortigate for SSLVPN w/ SAML Authentication to O365.  Without rules for vpn traffic, we can't continue to use Meraki. ... View more

@PhilipDAth   Hey Philip,  you seemed pretty helpful wanted to ask you about this topic.   I am trying to do Cisco AnyConnect w/ SAML authentication with Microsoft Azure..  do you know if this is still a limitation where group policy cannot be applied if SAML is being used?  And if it's not possible, is there any workaround for it?  I was looking at Azure, and their conditional access policies don't support time-based restrictions.. which is what I'm trying to implement in group policy.  Our company has a requirement where VPN access has to be restricted from 8am-5pm.   ... View more