Security Intrusion Detection and Prevention
Dashboard Location: Security and SD-WAN > Configure > Threat Protection
Security Intrusion Management
Section titled “Security Intrusion Management”Security intrusion detection and prevention (IDS/IPS) in Meraki appliances provides comprehensive network threat protection through real-time traffic analysis, signature-based detection, and automated threat response. This functionality enables organizations to identify and block malicious network activity, protect against known attack vectors, and maintain security compliance through continuous monitoring. The intrusion protection system integrates with Meraki’s threat intelligence feeds to provide up-to-date protection against emerging threats while supporting customizable security policies for different network environments.
⚠️ License Requirement: This feature requires an Advanced Security license subscription.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”appliance (meraki.domains.organizations.networks)
Section titled “appliance (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| security_intrusion | Class | [security_intrusion] | No |
security_intrusion (meraki.domains.organizations.networks.appliance)
Section titled “security_intrusion (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| mode | Choice | detection, disabled, prevention | No | |
| ids_rulesets | Choice | balanced, connectivity, security | No | |
| protected_networks | Class | [protected_networks] | No |
protected_networks (meraki.domains.organizations.networks.appliance.security_intrusion)
Section titled “protected_networks (meraki.domains.organizations.networks.appliance.security_intrusion)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| use_default | Boolean | true, false | No | |
| included_cidr | List | String | No | |
| excluded_cidr | List | String | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates security intrusion detection and prevention configuration.
This configuration enables advanced threat detection and prevention capabilities for network security monitoring. The example includes IDS/IPS settings, threat detection modes, and rule-based security enforcement for comprehensive network protection.
This configuration establishes intrusion detection and prevention using “mode: prevention” to actively block detected threats, “ids_rulesets: balanced” to apply optimized threat detection rules, and optional “protected_networks” settings with “use_default: true”, “included_cidr” for specific subnets to monitor, and “excluded_cidr” for trusted networks to bypass protection. The protected networks configuration is only applicable when the appliance operates in passthrough mode for selective network protection.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: security_intrusion: mode: prevention ids_rulesets: balanced # Protected networks is valid configuration but can only be applied when appliance is in passthrough mode. # protected_networks: # use_default: true # included_cidr: # - "192.168.20.0/24" # excluded_cidr: # - "192.168.10.0/24"