Meraki Firewall

Version: Meraki Firewalls MX Series.

Meraki Firewalls are cloud-managed network security appliances designed to make distributed networks fast, secure, manageable by employing stateful inspection and auto-configuring VPN options. Netsurion’s Open XDR platform amasses and examine logs generated by Meraki Firewall to help an administrator to monitor IDS alerts, VPN sessions, web traffic, user behavior and system activity.

Netsurion Data Source Integration for Meraki Firewall allows you to monitor the following:-

  • Operations – Web traffic and VPN sessions
  • Security – IDS alerts and blocked web content
  • Compliance – User behavior and system activity¬†

Netsurion’s Open XDR platform supports McAfee Firewall Enterprise (Sidewinder) and it can be configured to send syslog to Netsurion Enterprise.

Netsurion Data Source Integration for McAfee Sidewinder allows you to monitor following:-

  • Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
  • Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
  • Compliance – Changes in policy configuration (addition and deletion).

Once Meraki Firewall is configured to deliver events to Netsurion’s Open XDR platform; alerts, dashboards and reports can be configured into Netsurion’s Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Meraki Firewall – IDS alert detected This alert is generated when unusual traffic is detected by IDS.
Security Meraki Firewall – Suspicious content blocked This alert is generated when suspicious web content is blocked by content filter.

Reports

Type Name Description
Security Meraki Firewall – IDS alert details This report provides information related to threats detected by IDS which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Protocol Type and Alert Details fields.
Security Meraki Firewall – Blocked web content details This report provides information related to web content blocked by content filter which includes Host Address, Host Port, Blocked URL Category and Blocked URL fields.
Operations Meraki Firewall – Traffic flow details This report provides information related to traffic flow which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Protocol Type and Rule Name fields.
Operations Meraki Firewall – Web traffic details This report provides information related to web traffic which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Request Type and Requested URI fields.
Operations Meraki Firewall – VPN session details This report provides information related to VPN sessions establishment, connection or disconnection which includes VPN Type, VPN Status, User Name, Source IP, Source Port, Destination IP and Destination Port fields.
Compliance Meraki Firewall – User authentication details This report provides information related to local user authentication attempt which includes Host MAC, User Name, User Details and Group Details fields.
Compliance Meraki Firewall – Device activity details This report provides information related to configuration changes and system events which includes Device Name, Event Time and Activity fields.

Documentation

The configuration details are consistent with Netsurion’s Open XDR platform version 7.x or later, and McAfee Firewall Enterprise (Sidewinder) 7.X and later.

Download Integration Guide and How-to Guide for more information and to configuration instructions.