Meraki

rodney

Hi everyone,

I’m working on a script that needs to add L3 firewall rules under a group policy, and I’m wondering if there’s any support for including a `source` field in the request payload. I couldn’t find any mention of this in the official documentation, but I’m curious if it’s supported unofficially or possibly planned for a future release.

According to the documentation, the schema for `L3FirewallRules` is as follows:

- `L3FirewallRules`: `object[]`

An ordered array of the L3 firewall rules

- `comment`: `string` — Description of the rule (optional)

- `destCidr*`: `string` — Destination IP address (IP, CIDR, FQDN, or 'any')

- `destPort`: `string` — Destination port (1–65535, range, or 'any')

- `policy*`: `string` — 'allow' or 'deny'

- `protocol*`: `string` — 'tcp', 'udp', 'icmp', 'icmp6', or 'any'

As you can see, there’s no mention of a `source` field. Has anyone tried including it anyway, or received clarification from the dev team?

Any insights would be greatly appreciated!

Thanks in advance!

RaphaelL

Hi ,

You can't add sources to the group policies since they are already applied to a source ( either a client / vlan ).

You have the same behavior directly on the dashboard.

rodney

But why in this screenshot(captured from the dashboard). It allows to define the source as well.

alemabrahao

Where did you get this screenshot from? From the internet or from your dashboard?

I agree with Raphael on this one, as far as I know it is not possible to specify the source.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

rhbirkelund

Where do you have that screenshot from, because there's no source field on my lab network.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

mlefebvre

The Source field is only available if you are using AD integration, per Meraki documentation.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Note: Source IP addresses on layer 3 firewall rules are only configurable on WAN Appliance when active directory integration is enabled.

alemabrahao

@mlefebvreis right, I just tested it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

rodney

Yes, it is available when AD integration is enabled, just as @mlefebvre mentioned. By the way, is this something that can also be done via the API?

alemabrahao

Unfortunately not.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

rodney

Okay, thanks for the help!

Meraki

Community

Meraki Group Policy L3 API Question

Meraki Group Policy L3 API Question