Alongside Cisco AMP, you can configure the IDS/IPS feature set for even further security monitoring. When enabled, the IDS/IPS feature set inspects all routed traffic passing through the MX while looking for potentially malicious traffic patterns. These traffic patterns are referred to as signatures and are grouped into specific rulesets based on a determined severity score for each signature. When configuring IDS/IPS (see Figure 5-4), you can choose from three rulesets, composed of different signatures based on threat level, depending on your deployment and security needs: Connectivity, Balanced, and Security. Each of these rulesets provides increasingly more strict or potentially impactful signatures, allowing you to tailor your IDS/IPS functionality based on the specific needs of each site.

Figure 5-4 IDS/IPS Configuration Section of the Threat Protection Page in the Dashboard

The IDS and IPS systems function identically other than the specific action each takes when a malicious signature is detected. When configured in IDS (Detection) mode, an alert is generated in the Security & SD-WAN > Security Center page and event details are logged, but the traffic is not actually blocked by the MX and is allowed to flow.

When configured for IPS (Prevention) mode, when a malicious signature is detected, the MX will actively block the remaining traffic related to that flow in an attempt to disrupt the malicious activity, in addition to generating an alert in the Security Center on the Dashboard.

Pro Tip

With the introduction of subscription licensing, security functions like AMP and IDS/IPS become foundational for all license tiers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Adaptive Policy (SGT) – MX and MG Best Practices – Cisco Meraki

Meraki has also implemented support for the Cisco TrustSec architecture with a feature called Adaptive Policy. Designed to offer improved management and scalability over more traditional access control methods, Adaptive

Wireless Network Health – Building a Scalable Foundation with Dashboard – Cisco Meraki

Wireless networks sometimes are prone to issues, whether they be deployment related, client related, or even just environmental. Fortunately, the Meraki platform has again embraced the power of the cloud

Automated Topology Views – Building a Scalable Foundation with Dashboard – Cisco Meraki

Stepping down from the organization views into a specific network, Meraki’s integrated topology views can provide full-stack visibility for any Dashboard network containing MS switches. Using Cisco Discovery Protocol (CDP)