Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX L3Firewall Push Method ?

Abdul-USA
New here
‎Mar 8 2022 3:39 PM
‎Mar 8 2022 3:39 PM

MX L3Firewall Push Method ?

Hello Community,

 

I am novice API + Python user. My objective was to update an existing Layer 3 Firewall rule for an Organization that has over 100 sites(MXs), we ended up doing it manually. I tried to test the API Python script but it has only "Put method". It was not updating my existing rule, instead it was over-writing it. Is there away that I can update an existing L3Firewall rule let us say there 100 rules and I want to add 2 more rules to make it 102 rules. How can I do this?

Your help is appreciated here and if someone has a template for this and would like to share, please let me know. This is my very posting in this community but I always read stuff from here to rich my skillset and kudos to the contributors here !

This is the link I used for reference when I created my code for a single device test lab. The only difference was of-course the Network ID and my API. The script works but I run to the above mentioned issues.

https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-l-3-firewall-rules 

Regards,
Abdul

0 Kudos
Subscribe
4 Replies 4
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 8 2022 3:48 PM
‎Mar 8 2022 3:48 PM

Hi ,

 

it's pretty simple. You have to GET the current rule base then append your changes and then PUT. 🙂 

 

You can't simply ''add'' , ''remove'' or ''edit'' a rule. You edit the ruleset then push it.

Subscribe
In response to RaphaelL
Abdul-USA
New here
‎Mar 8 2022 4:12 PM
‎Mar 8 2022 4:12 PM

Hi Raphael,

 

Thanks for the quick response, I understood what you meant but that is not a solution to my problem which is not scalable, if I do that way. I hope there is either work around or Meraki will implement a method that does update an actual existing rule. I wish they had a way to add a rule ID # to differentiate the existing rules so that I can say this is rule # xyz from the list and boom the problem solved 😀.  

0 Kudos
Subscribe
In response to Abdul-USA
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 8 2022 4:20 PM
‎Mar 8 2022 4:20 PM

I agree with you. You will have the same issues when looking at the syslogs , you can't filter a firewall hit by rule ID.

0 Kudos
Subscribe
In response to Abdul-USA
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 8 2022 11:49 PM
‎Mar 8 2022 11:49 PM

That's not that hard to do.

 

When you retrieve all the rules, the can call the first rule #1, the second rule #2, etc.

You can also use the rule description and add your own tag.  For example, you could use a description "workstation", then to do a change, get the rules, update the one with "workstation" in the description, and then put it back.

 

There are no issues with scale.  There might be an issue with how the rules are organised to make updating them easy ...

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.