Meraki

Community

Firewall rules for management acces to dashboard and api

joopv
Getting noticed
‎May 25 2021 1:24 PM
‎May 25 2021 1:24 PM

Firewall rules for management acces to dashboard and api

Hi,

 

We need the ip addresses or address ranges that we can use to access the dashboard.  Both for API access and regular browser access.

 

We manage Meraki networks at several large and small organizations.

 

I can find the access rules for Meraki devices, but i need the access rules for management.

0 Kudos
5 Replies 5
Inderdeep
Kind of a big deal
Kind of a big deal
‎May 25 2021 5:02 PM
‎May 25 2021 5:02 PM

@joopv : Using Network Objects may help you:   https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 26 2021 1:21 PM
‎May 26 2021 1:21 PM

From the dashboard, in the top right, go Help/Firewall Info.  It will give you the firewall rules for that specific dashboard.

 

Note the required IP ranges can vary from customer dashboard to customer dashboard.

0 Kudos
In response to PhilipDAth
joopv
Getting noticed
‎May 27 2021 5:36 AM
‎May 27 2021 5:36 AM

Thanks for the reply.  These firewall rules are meant for *Meraki devices* needing access to the Meraki dashboard.

 

I need the rules needed for management access (browser, API calls etc.) to the dashboard.

 

This is for a workstation needing access to *and only to* the meraki dashboard.

 

0 Kudos
In response to joopv
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 27 2021 1:47 PM
‎May 27 2021 1:47 PM

For the API it would be:

api.meraki.com

<shard>.meraki.com

Where <shard> is the shard your org is located on.

If you use MV, then there are going to be a bunch more for image retrieval (snapshot API).

If you use MQTT you are going to need to add in the MQTT servers that you use.

 

For the dashboard, that's a lot tougher.  There are the obvious ones:

meraki.com

www.meraki.com

meraki.cisco.com

account.meraki.com

<shard>.meraki.com

 

That's assuming you use Meraki accounts.  If you log in using SecureX or SAML you'll need to add all those authentication URLs as well.

 

But then you also need all the URLs for all the components used.  If you go to Chrome developer tools (CTRL-SHIFT-I) and go to the "Sources" tab, and then load each page, you'll get the external domains also required.  For example:

PhilipDAth_0-1622148236485.png

 

Note that you won't be able to match on IP address, as a lot of these use load balancers with dynamic sets of IPs growing and expanding, so you have to match on FQDN.

 

If you use MV you are going to need to add in the URLs for the cloud proxies (if viewing from outside) or the cameras (if viewing from inside).

 

In response to PhilipDAth
joopv
Getting noticed
‎Jun 3 2021 12:16 AM
‎Jun 3 2021 12:16 AM

Thanks for your extensive answer!

 

We are already testing and punching holes in the firewall , using the developer tools.  Will update this topic.

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.