Update Layer 7 Firewall rules

RichB
Conversationalist

Update Layer 7 Firewall rules

Hi, I'm trying to add to the layer 7 rules via the updateNetworkApplianceFirewallL7FirewallRules api. As I understand it, I cannot just add a new rule, I have to read in the existing rules and then add my rule and send the whole lot back. I've got to the point where I have the existing and new rule as variables and have combined them. When I try to update the rules, I get the error: 400 Bad Request, {'errors': ['The "rules" parameter must be an array of hashes (each representing a firewall rule)']}

 

This is new rules variable I'm trying to send:

 

print (l7fw_rules)
{'rules': [{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/101', 'name': 'CBS Sports'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/40', 'name': 'ESPN'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/96', 'name': 'foxsports.com'}}]}

 

going round in circles now so any help would be appreciated.

 

Cheers

 

2 Replies 2
xaviervalette
Getting noticed

Hello @RichB,

Are you talking about this endpoint : https://developer.cisco.com/meraki/api-v1/#!get-network-appliance-firewall-l-7-firewall-rules ?

 

If yes, here is a working script using your payload (note the json.dumps() for the payload):

 

Code

 

import requests
import json
import yaml

# Open the config.yml file and load its contents into the 'config' variable
with open('config.yml', 'r') as file:
config = yaml.safe_load(file)

# New rules to be created
newRules = {'rules': [{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/101', 'name': 'CBS Sports'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/40', 'name': 'ESPN'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/96', 'name': 'foxsports.com'}}]}

# Create the URL for retrieving all VLANs in the network
url = f"https://api.meraki.com/api/v1/networks/{config['networkId']}/appliance/firewall/l7FirewallRules"

# Set the HTTP headers
headers = {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Cisco-Meraki-API-Key": config["apiKey"]
}

# Make the API request using the requests library
response = requests.request("PUT", url, headers=headers, data=json.dumps(newRules))

# Print the status code of the response
print("\nRequest status code : "+str(response.status_code), "\n")

# Parse the response as JSON
responseJson = response.json()

print(responseJson)

Ouptut

 

Request status code : 200 

{'rules': [{'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/101', 'name': 'CBS Sports'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/40', 'name': 'ESPN'}}, {'policy': 'deny', 'type': 'application', 'value': {'id': 'meraki:layer7/application/96', 'name': 'foxsports.com'}}]}

 

Indeed, it removed the existing rules :

 

xaviervalette_0-1678956787439.png

 

You can find everything on the following repo: https://github.com/xaviervalette/meraki-update-l7-firewall-rules,

 

Hope it helps! 🙂

 

Xavier VALETTE
RichB
Conversationalist

Hi @xaviervalette, thank you for taking the time to reply and for your help. Although not exactly what I was looking for, this has helped me greatly by expanding my knowledge of using the requests library rather than the meraki library which is what I was using before. I'm a python beginner so have learned a lot by trial and erro and I've now got some working code.

Cheers.

Get notified when there are additional replies to this discussion.