L3 Firewall Update API automatically converting IP to CIDR

Solved
Craiegg
Getting noticed

L3 Firewall Update API automatically converting IP to CIDR

Hello all,

I am trying to update the L3 Firewall rules of a particular network via API for testing purposes, however whenever I enter the IP address I want in the Source and Destination it gets automatically converted to IP/subnet.

I have tested it with both v0 and v1 using Postman. Attaching the screenshot reference and the JSON data being passed to the API below. Do I need to switch the key from srcCidr to srcAddr and destCidr to destAddr? Any suggestions would be appreciated

Craiegg_0-1611018181634.png

 
  "rules": [
    {
        "comment""Default rule",
        "policy""allow",
        "protocol""Any",
        "srcPort""Any",
        "srcCidr""Any",
        "destPort""Any",
        "destCidr""Any",
        "syslogEnabled"false
    },
    {
        "comment""Testing rule",
        "policy""allow",
        "protocol""Any",
        "srcPort""Any",
        "srcCidr""192.168.128.56",
        "destPort""Any",
        "destCidr""2.2.2.9",
        "syslogEnabled"false   
    }
  ]
}
1 Accepted Solution
bmehta
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @Craiegg 
In the dashboard configuration it does take only IP without subnet details. If on API it doesn't take only IP as an option the I believe this issue can be reported. However, for more information how does it converting to IP/subnet affecting your creating an issue. Thanks in advance.

View solution in original post

4 Replies 4
bmehta
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @Craiegg 
In the dashboard configuration it does take only IP without subnet details. If on API it doesn't take only IP as an option the I believe this issue can be reported. However, for more information how does it converting to IP/subnet affecting your creating an issue. Thanks in advance.

Craiegg
Getting noticed

Hello @bmehta , @PhilipDAth@Bruce 

Thank you for all your responses and suggestions.

Yes, there is no issue with the subnet being added. I was actually wondering if there was a change in the API, as when I used it last month, it took the IP address as is without conversion ( hence the query here ) . 

However, I agree with all your suggestions of it not affecting anything if the subnet being added.

@bmehta  I will report this issue as it does not take only IP and always converts to subnet.

Thanks everyone.
Cheers,
Craig.

Bruce
Kind of a big deal

I may be completely off track here, but if you're trying to specify a host for those two fields have you tried using the 'subnet mask' of /32, (i.e. 255.255.255.255), which is generally used to specify a host. For example, "srcCidr": "192.168.128.56/32" and "destCidr": "2.2.2.9/32".

PhilipDAth
Kind of a big deal
Kind of a big deal

192.168.128.56 and 192.168.128.56/32 are exactly the same thing.  /32 means it is a host IP address.

Get notified when there are additional replies to this discussion.