cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Suck and Spit (sas for short)

Highlighted
Kind of a big deal

Meraki Suck and Spit (sas for short)

sas sucks in a wireshark capture and spits out firewall rules in a group policy for a Cisco Meraki MX with a default deny rule. This makes it perfect for creating firewall rules for IoT devices and then restricting those IoT devices in case they later become compromised.

 

sas is aware of resources that are accessed via a DNS name that use dynamically changing IP addresses.

 

sas is also able to read in an existing group policy and update any existing firewall rules with anything found in the packet capture not currently contained in the rule set.

 

http://www.ifm.net.nz/cookbooks/meraki-sas.html 

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Meraki Suck and Spit (sas for short)

How funny, the Meraki blog for today is about securing IoT devices.

https://meraki.cisco.com/blog/2019/12/the-key-for-iot/ 

Highlighted
Head in the Cloud

Re: Meraki Suck and Spit (sas for short)

WTH, this is utterly brilliant! Thanks a million Philip! I‘ve got an issue that will be solved by sas. Guess I owe you (at least) one beer 🤗

Highlighted
Kind of a big deal

Re: Meraki Suck and Spit (sas for short)

The problem I frequently run into is the firewall documentation I get from IoT vendors is nearly always wrong.  I can't think of the last time it was correct.

 

The IoT devices are made of of so many components and the developers only focus on the code they wrote when writing the firewall rules and not everything else.

 

The last one I did was an IoT device running on top of Windows.  The client wanted the Windows devices to be kept patched.  And of course, the firewall rules did not include anything to allow Windows Update to run.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.