Alongside Cisco AMP, you can configure the IDS/IPS feature set for even further security monitoring. When enabled, the IDS/IPS feature set inspects all routed traffic passing through the MX while looking for potentially malicious traffic patterns. These traffic patterns are referred to as signatures and are grouped into specific rulesets based on a determined severity score for each signature. When configuring IDS/IPS (see Figure 5-4), you can choose from three rulesets, composed of different signatures based on threat level, depending on your deployment and security needs: Connectivity, Balanced, and Security. Each of these rulesets provides increasingly more strict or potentially impactful signatures, allowing you to tailor your IDS/IPS functionality based on the specific needs of each site.

Figure 5-4 IDS/IPS Configuration Section of the Threat Protection Page in the Dashboard

The IDS and IPS systems function identically other than the specific action each takes when a malicious signature is detected. When configured in IDS (Detection) mode, an alert is generated in the Security & SD-WAN > Security Center page and event details are logged, but the traffic is not actually blocked by the MX and is allowed to flow.

When configured for IPS (Prevention) mode, when a malicious signature is detected, the MX will actively block the remaining traffic related to that flow in an attempt to disrupt the malicious activity, in addition to generating an alert in the Security Center on the Dashboard.

Pro Tip

With the introduction of subscription licensing, security functions like AMP and IDS/IPS become foundational for all license tiers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Syslog – Automating the Dashboard – Cisco Meraki

Similar to using webhooks, you can use syslog messages to trigger outside automation based on network events and alerts. The primary differences between using webhooks and syslog for automation are

Hub Prioritization – MX and MG Best Practices – Cisco Meraki

Meraki has worked to ensure that deploying Auto VPN is as simple as possible while still ensuring that you are able to perform more advanced configuration to fine-tune the deployment

Sizing It Right – MX and MG Best Practices – Cisco Meraki

When planning and deploying your Auto VPN topology, there are several best practices to keep in mind to ensure optimal performance. The first and most important practice is to ensure