What are Cisco IDPS features in Meraki MX?
30 FAQ about Meraki MX Firewall and SDWAN
Intrusion Detection and Prevention IDPS is part of Cisco Meraki MX Threat protection which comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology.
MX can work as IPS and IDS mode to do the followings:
– Inspect al traffic between LAN and Internet
– Inspect all traffic between VLANS
– INTRA-VLAN traffic not inspected (where Client 1 and Client 2 are both in the same VLAN)
There are three detection rulesets:
– Connectivity: Contains rules from the current year and the previous two years for vulnerabilities with a CVSS score of 10.
– Balanced: Contains rules for Malware-CNC, Blacklist, SQL Injection, Exploit kit from the current year and the previous two years, are for vulnerabilities with a CVSS score of nine (9) or greater
– Security: Contains rules for Malware-CNC, Blacklist, SQL Injection, App-detect from the current year and the previous three years, are for vulnerabilities with a CVSS score of eight (8) or greater
From time-to-time, Cisco Meraki may add additional signatures that fall outside of these criteria based on various factors, including recommendations from the Cisco Talos threat intelligence group.