30 FAQ about Meraki MX Firewall and SDWAN

Intrusion Detection and Prevention IDPS is part of Cisco Meraki MX Threat protection which comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology.

MX can work as IPS and IDS mode to do the followings:

– Inspect al traffic between LAN and Internet
– Inspect all traffic between VLANS
– INTRA-VLAN traffic not inspected (where Client 1 and Client 2 are both in the same VLAN)

There are three detection rulesets:

– Connectivity: Contains rules from the current year and the previous two years for vulnerabilities with a CVSS score of 10.
– Balanced: Contains rules for Malware-CNC, Blacklist, SQL Injection, Exploit kit from the current year and the previous two years, are for vulnerabilities with a CVSS score of nine (9) or greater
– Security: Contains rules for Malware-CNC, Blacklist, SQL Injection, App-detect from the current year and the previous three years, are for vulnerabilities with a CVSS score of eight (8) or greater

From time-to-time, Cisco Meraki may add additional signatures that fall outside of these criteria based on various factors, including recommendations from the Cisco Talos threat intelligence group.