Meraki

Community

How to do multiple network ID's at once (Configuring Layer 7 on multiple Meraki Firewalls at once)??

Solved
Deebow
Conversationalist
‎Jul 14 2023 8:11 AM
‎Jul 14 2023 8:11 AM

How to do multiple network ID's at once (Configuring Layer 7 on multiple Meraki Firewalls at once)??

Hello,

I'm trying to configure Layer 7 on multiple meraki firewalls (different network ID's) but the same organization. I got it to work by running the script twice on one page (example below) but I'm thinking there might be a better way to write the script. Thinking of a way to only need to state the firewall rules once in the script and somehow list the multiple network ID's. Any help if this is possible would be great.  

 

import meraki

# Defining your API key as a variable in source code is not recommended
API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Instead, use an environment variable as shown under the Usage section
# @ https://github.com/meraki/dashboard-api-python/

dashboard = meraki.DashboardAPI(API_KEY)

network_id = 'L_646829496481104079'

response = dashboard.mx_l7_firewall.updateNetworkL7FirewallRules(
network_id,
rules=[{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/67', 'name': 'Xbox LIVE'}}, {'policy': 'deny', 'type': 'applicationCategory', 'value': {'id': 'meraki:layer7/category/2', 'name': 'Blogging'}}, {'policy': 'deny', 'type': 'host', 'value': 'google.com'}, {'policy': 'deny', 'type': 'port', 'value': '23'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24:5555'}, {'policy': 'deny', 'type': 'blacklistedCountries', 'value': ['AX', 'CA']}, {'policy': 'deny', 'type': 'whitelistedCountries', 'value': ['US']}]
)

 

 

 

import meraki

# Defining your API key as a variable in source code is not recommended
API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Instead, use an environment variable as shown under the Usage section
# @ https://github.com/meraki/dashboard-api-python/

dashboard = meraki.DashboardAPI(API_KEY)

network_id = 'L_646829496481104079'

response = dashboard.mx_l7_firewall.updateNetworkL7FirewallRules(
network_id,
rules=[{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/67', 'name': 'Xbox LIVE'}}, {'policy': 'deny', 'type': 'applicationCategory', 'value': {'id': 'meraki:layer7/category/2', 'name': 'Blogging'}}, {'policy': 'deny', 'type': 'host', 'value': 'google.com'}, {'policy': 'deny', 'type': 'port', 'value': '23'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24'}, {'policy': 'deny', 'type': 'ipRange', 'value': '10.11.12.00/24:5555'}, {'policy': 'deny', 'type': 'blacklistedCountries', 'value': ['AX', 'CA']}, {'policy': 'deny', 'type': 'whitelistedCountries', 'value': ['US']}]
)

print(response)

 

 

0 Kudos
1 Accepted Solution
Badr-eddine
Getting noticed
‎Jul 15 2023 5:36 AM
‎Jul 15 2023 5:36 AM

I recommend utilizing a pre-existing tool that has already been developed for the purpose of provisioning Layer 7 firewall rules on multiple networks. You can find this tool at the following link: [https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...).

 

Let's me knew if this solution adequately addresses your request?

View solution in original post

9 Replies 9
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 8:15 AM
‎Jul 14 2023 8:15 AM

Hi ,

 

Please remove immediatly your API key from your post.  I would also renew your API key.

Never post sensible info like that.

In response to RaphaelL
ww
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 8:37 AM
‎Jul 14 2023 8:37 AM

Its the meraki sandbox api key.  

In response to ww
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 8:40 AM
‎Jul 14 2023 8:40 AM

Relax Raph 😂

 

I though this was a snippet of his own code. Phewww

RaphaelL
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 8:19 AM
‎Jul 14 2023 8:19 AM

That being said , you could loop through all desired networks ( https://developer.cisco.com/meraki/api-latest/get-organization-networks/ , and loop your code with these networkIds.

Deebow
Conversationalist
‎Jul 14 2023 9:08 AM
‎Jul 14 2023 9:08 AM

Not sure how to loop... I cannot find anything in the cisco meraki api list that tells me how.

0 Kudos
In response to Deebow
amabt
Building a reputation
‎Jul 18 2023 4:33 AM
‎Jul 18 2023 4:33 AM

You get a list of networks then loop through that using Python. Take a look at this example code and adapt it to your requirement https://github.com/meraki/dashboard-api-python/blob/main/examples/org_wide_clients_v1.py

 

 

0 Kudos
Badr-eddine
Getting noticed
‎Jul 15 2023 5:36 AM
‎Jul 15 2023 5:36 AM

I recommend utilizing a pre-existing tool that has already been developed for the purpose of provisioning Layer 7 firewall rules on multiple networks. You can find this tool at the following link: [https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...).

 

Let's me knew if this solution adequately addresses your request?

In response to Badr-eddine
Deebow
Conversationalist
‎Jul 18 2023 11:21 AM
‎Jul 18 2023 11:21 AM

This is exactly what I needed. Thank you!

In response to Badr-eddine
amabt
Building a reputation
‎Jul 18 2023 3:45 PM
‎Jul 18 2023 3:45 PM

There is an error in your quoting. What works for me is https://developer.cisco.com/codeexchange/github/repo/gve-sw/GVE_DevNet_Meraki_MX_Firewall_Provisione...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.