Meraki

PhilipDAth · ‎Dec 11 2019

sas sucks in a wireshark capture and spits out firewall rules in a group policy for a Cisco Meraki MX with a default deny rule. This makes it perfect for creating firewall rules for IoT devices and then restricting those IoT devices in case they later become compromised.

sas is aware of resources that are accessed via a DNS name that use dynamically changing IP addresses.

sas is also able to read in an existing group policy and update any existing firewall rules with anything found in the packet capture not currently contained in the rule set.

http://www.ifm.net.nz/cookbooks/meraki-sas.html

PhilipDAth · ‎Dec 12 2019

How funny, the Meraki blog for today is about securing IoT devices.

https://meraki.cisco.com/blog/2019/12/the-key-for-iot/

CptnCrnch · ‎Dec 12 2019

WTH, this is utterly brilliant! Thanks a million Philip! I‘ve got an issue that will be solved by sas. Guess I owe you (at least) one beer 🤗

PhilipDAth · ‎Dec 12 2019

The problem I frequently run into is the firewall documentation I get from IoT vendors is nearly always wrong. I can't think of the last time it was correct.

The IoT devices are made of of so many components and the developers only focus on the code they wrote when writing the firewall rules and not everything else.

The last one I did was an IoT device running on top of Windows. The client wanted the Windows devices to be kept patched. And of course, the firewall rules did not include anything to allow Windows Update to run.

Meraki

Community

Meraki Suck and Spit (sas for short)

Meraki Suck and Spit (sas for short)