Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Cisco Meraki Configuration

            Modified on Mon, 12 Aug at 8:31 AM

            The ARIA™ Cybersecurity Solutions Advanced Detection and Remediation (ADR) platform integrates with Cisco® Meraki® products. When configured, NetFlow and/or syslog records from Cisco Meraki products are sent to the Control and Collections Engine (CCE). You can then configure the CCE to generate alerts when suspected activity occurs. This document provides the steps required to configure the Cisco Meraki appliance to send NetFlow and syslog records.


            TABLE OF CONTENTS

            1. NetFlow Records

            To configure the Cisco Meraki appliance to send NetFlow records to the CCE:

            1. Log into the Cisco Meraki appliance.
            2. Select Network-wide > Configure > General.
            3. Configure the following under the Reporting header:
              • NetFlow traffic reporting: Use the drop-down menu to select Enabled: send netflow traffic statistics.
              • NetFlow collector IP: Enter the IP address of the CCE host. This option is available only if NetFlow traffic reporting is set to Enabled: send netflow traffic statistics. 
              • NetFlow collector port: Set the UDP port to 9995. This is the port the CCE uses to listen for NetFlow records. This option is available only if NetFlow traffic reporting is set to Enabled: send netflow traffic statistics.

                For more information, see https://documentation.meraki.com/MX/Monitoring_and_Reporting/NetFlow_Overview.

            2. Syslog Entries

            To configure the Cisco Meraki appliance to send syslog entries to the CCE:

            1. Log into the Cisco Meraki appliance.
            2. Select Network-wide > Configure > General. 
            3. Click Add a syslog server to define a new server.
            4. Complete the following fields:
              • Server IP: Enter the IP address of the server that is hosting the CCE.
              • Port: Enter 514. This is the UDP port the CCE uses to listen for syslog messages.
              • Roles: Add the roles or a description of the CCE.
            5. If the flows role is enabled on an MX security appliance, enable/disable logging for individual firewall rules on the Firewall page (Security appliance > Configure > Firewall).

              For more information, see https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration 


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0