Meraki Community

I_Naitoh · ‎Dec 11 2019

Greeting.

I am using L3 FW Rule API.

As Meraki's specification, the PUT API is an update of the FW rule, so if there is a rule you want to add, we recognize that you need to PUT with an existing rule and a new rule.

In this case, will the existing rule be temporarily blanked (all traffic is passed) at the timing when the FW rule is put on the API?

PhilipDAth · ‎Dec 11 2019

I don't clearly understand what you are asking.

Typically if you want to update the rules you'll retrieve the current rules, modify them, and then PUT back the new complete modified set.

So the existing rule set is not "blanked" - it is replaced.

I_Naitoh · ‎Dec 11 2019

@PhilipDAth

Thank you for response.

For example, there are 50 FW rules, are FW rules put together and saved?
Or is it saved one line at a time when putting 50 FW rules?

I'm sorry if the intention is not communicated.
I want to know the operation related to setting application when I put FW rules with API.

PhilipDAth · ‎Dec 11 2019

All 50 rules are saved at once.

Nash · ‎Dec 12 2019

If it helps, I'm fairly sure this would be the same way it works behind the scenes. You save the firewall page, it checks the entered rules against its stored rules. If there is a difference, then it runs a PUT to update all the rules to match your desired state.

PUT has the advantage of "idempotency", aka no matter how many times you run the same PUT command, you have the same end result. I personally prefer this when handling firewall rules especially. Making changes on an ASA makes me anxious.

Windows 10 Client VPN scripts: Makes life better!

Meraki Community

MX L3 Firewall API

MX L3 Firewall API