Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX API - Update Network Appliance Firewall L3 Firewall Rules with object and groups

Solved
Gineesh
Conversationalist
‎Jul 6 2022 10:09 PM
‎Jul 6 2022 10:09 PM

Meraki MX API - Update Network Appliance Firewall L3 Firewall Rules with object and groups

Background:

We are trying some automation to create the Firewall L3 rules using the Meraki MX API calls.

Since the API overwrite the existing rules (except the Default rule), we are following the below approach.

  1. we need to fetch the existing rules using Get Network Appliance Firewall L3 Firewall Rules API call
  2. Combine the existing rules with new rule (which we need to add).
  3. Call Update Network Appliance Firewall L3 Firewall Rules API call and pass the combined list.

This is perfectly working for IP/CIDR/FQDN entries in the source and destination fields. But when we fetch rules with object/object groups in the source/destination field, we are not able to pass the rules back to API. 

API source/destination field only supports: Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or 'any'

 

1. Do we have any workaround or solution to pass the objects/object groups in the source/destination field?
Or

2. Do we have any alternative method to append the rule without overwriting existing rules?

Thanks in advance.

0 Kudos
Subscribe
1 Accepted Solution
Crocker
Building a reputation
‎Jul 14 2022 8:05 AM
‎Jul 14 2022 8:05 AM

1. You pass the Object or Object group via it's object ID, with the following format: GRP(################) or OBJ(############). You can find the object ID's by querying these endpoints:

  • /organizations/$orgID/policyObjects - This will get you the individual objects
  • /organizations/$orgID/policyobjects/groups - This will get you the groups
  • /organizations/$orgID/policyobjects/groups/$policyobjectgroupID - This will get you more detailed information about the groups if you need

 

2. Not currently, or at least not that I've found. I query the existing ruleset, store it, append my new rule(s), then PUT it like you describe

View solution in original post

Subscribe
2 Replies 2
Crocker
Building a reputation
‎Jul 14 2022 8:05 AM
‎Jul 14 2022 8:05 AM

1. You pass the Object or Object group via it's object ID, with the following format: GRP(################) or OBJ(############). You can find the object ID's by querying these endpoints:

  • /organizations/$orgID/policyObjects - This will get you the individual objects
  • /organizations/$orgID/policyobjects/groups - This will get you the groups
  • /organizations/$orgID/policyobjects/groups/$policyobjectgroupID - This will get you more detailed information about the groups if you need

 

2. Not currently, or at least not that I've found. I query the existing ruleset, store it, append my new rule(s), then PUT it like you describe

Subscribe
Gineesh
Conversationalist
‎Jul 18 2022 1:21 AM
‎Jul 18 2022 1:21 AM

@Crocker 

Thank you for your reply. 

yes, managed to get it worked by using uppercase GRP/OBJ (I was using the default grp/obj instead) options.
Look like this is the only option so far.

Thank you again.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.