Hello,
I'm trying to configure Layer 7 on multiple meraki firewalls (different network ID's) but the same organization. I got it to work by running the script twice on one page (example below) but I'm thinking there might be a better way to write the script. Thinking of a way to only need to state the firewall rules once in the script and somehow list the multiple network ID's. Any help if this is possible would be great.
import meraki
# Defining your API key as a variable in source code is not recommended
API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Instead, use an environment variable as shown under the Usage section
# @ https://github.com/meraki/dashboard-api-python/
dashboard = meraki.DashboardAPI(API_KEY)
network_id = 'L_646829496481104079'
response = dashboard.mx_l7_firewall.updateNetworkL7FirewallRules(
network_id,
rules=[{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/67', 'name': 'Xbox LIVE'}}, {'policy': 'deny', 'type': 'applicationCategory', 'value': {'id': 'meraki:layer7/category/2', 'name': 'Blogging'}}, {'policy': 'deny', 'type': 'host', 'value': 'google.com'}, {'policy': 'deny', 'type': 'port', 'value': '23'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24:5555'}, {'policy': 'deny', 'type': 'blacklistedCountries', 'value': ['AX', 'CA']}, {'policy': 'deny', 'type': 'whitelistedCountries', 'value': ['US']}]
)
import meraki
# Defining your API key as a variable in source code is not recommended
API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Instead, use an environment variable as shown under the Usage section
# @ https://github.com/meraki/dashboard-api-python/
dashboard = meraki.DashboardAPI(API_KEY)
network_id = 'L_646829496481104079'
response = dashboard.mx_l7_firewall.updateNetworkL7FirewallRules(
network_id,
rules=[{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/67', 'name': 'Xbox LIVE'}}, {'policy': 'deny', 'type': 'applicationCategory', 'value': {'id': 'meraki:layer7/category/2', 'name': 'Blogging'}}, {'policy': 'deny', 'type': 'host', 'value': 'google.com'}, {'policy': 'deny', 'type': 'port', 'value': '23'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24:5555'}, {'policy': 'deny', 'type': 'blacklistedCountries', 'value': ['AX', 'CA']}, {'policy': 'deny', 'type': 'whitelistedCountries', 'value': ['US']}]
)
print(response)
Solved! Go to solution.
I recommend utilizing a pre-existing tool that has already been developed for the purpose of provisioning Layer 7 firewall rules on multiple networks. You can find this tool at the following link: [https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...).
Let's me knew if this solution adequately addresses your request?
Hi ,
Please remove immediatly your API key from your post. I would also renew your API key.
Never post sensible info like that.
Its the meraki sandbox api key.
Relax Raph 😂
I though this was a snippet of his own code. Phewww
That being said , you could loop through all desired networks ( https://developer.cisco.com/meraki/api-latest/get-organization-networks/ , and loop your code with these networkIds.
Not sure how to loop... I cannot find anything in the cisco meraki api list that tells me how.
You get a list of networks then loop through that using Python. Take a look at this example code and adapt it to your requirement https://github.com/meraki/dashboard-api-python/blob/main/examples/org_wide_clients_v1.py
I recommend utilizing a pre-existing tool that has already been developed for the purpose of provisioning Layer 7 firewall rules on multiple networks. You can find this tool at the following link: [https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...).
Let's me knew if this solution adequately addresses your request?
This is exactly what I needed. Thank you!
There is an error in your quoting. What works for me is https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...