Skip to content

Security Intrusion Detection and Prevention

Dashboard Location: Security and SD-WAN > Configure > Threat Protection

Security Intrusion Management

Security intrusion detection and prevention (IDS/IPS) in Meraki appliances provides comprehensive network threat protection through real-time traffic analysis, signature-based detection, and automated threat response. This functionality enables organizations to identify and block malicious network activity, protect against known attack vectors, and maintain security compliance through continuous monitoring. The intrusion protection system integrates with Meraki’s threat intelligence feeds to provide up-to-date protection against emerging threats while supporting customizable security policies for different network environments.

⚠️ License Requirement: This feature requires an Advanced Security license subscription.

Diagram

Diagram

Classes

appliance (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
security_intrusionClass[security_intrusion]No

security_intrusion (meraki.domains.organizations.networks.appliance)

NameTypeConstraintMandatoryDefault Value
modeChoicedetection, disabled, preventionNo
ids_rulesetsChoicebalanced, connectivity, securityNo
protected_networksClass[protected_networks]No

protected_networks (meraki.domains.organizations.networks.appliance.security_intrusion)

NameTypeConstraintMandatoryDefault Value
use_defaultBooleantrue, falseNo
included_cidrListStringNo
excluded_cidrListStringNo

Examples

Example-1: The example below demonstrates security intrusion detection and prevention configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
appliance:
security_intrusion:
mode: prevention
ids_rulesets: balanced
# Protected networks is valid configuration but can only be applied when appliance is in passthrough mode.
# protected_networks:
# use_default: true
# included_cidr:
# - "192.168.20.0/24"
# excluded_cidr:
# - "192.168.10.0/24"