Using the API to update the MX L3 Firewall using Network Policy Objects

Solved
NJNetworkGuy100
Getting noticed

Using the API to update the MX L3 Firewall using Network Policy Objects

Are there any examples or documentation on updating the L3 Firewall on a MX using existing Network Policy Objects with the API?  I can't seem to find any examples to follow.  

 

 

1 Accepted Solution

When you create a Policy Object or assign multiple Policy Objects to a Group Policy Object, they are all assigned an ID.

You then refer to each Policy Object as OBJ([ID]) or Group Policy as GRP([ID]).

When you then assign these objects to a Firewall Rule in either srcCidr or destCidr, as a single comma-separated string.

Eg.

"rules": [{
    'comment': 'Deny Src Any to Dest Group ID 225', 
    'policy': 'deny', 
    'protocol': 'tcp', 
    'destPort': '443', 
    'destCidr': 'GRP(225)', 
    'srcPort': 'Any', 
    'srcCidr': 'Any', 
    'syslogEnabled': False
},{
    'comment': 'Deny Src Any to Dest Obj ID 662029145223465067,837 and 662029145223465068', 
    'policy': 'allow', 
    'protocol': 'tcp', 
    'destPort': '443', 
    'destCidr': 'OBJ(662029145223465067),OBJ(837),OBJ(662029145223465068)', 
    'srcPort': 'Any', 
    'srcCidr': 'Any', 
    'syslogEnabled': False
}]

This shows two rules as Python Dictionaries.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked the dashboard API? 

 

https://developer.cisco.com/meraki/api-latest/#!update-organization-policy-object

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I have, but I'm curious how to use the Policy Object as a destination or source when writing a Python script to update a rule in a L3 Firewall on a MX.

When you create a Policy Object or assign multiple Policy Objects to a Group Policy Object, they are all assigned an ID.

You then refer to each Policy Object as OBJ([ID]) or Group Policy as GRP([ID]).

When you then assign these objects to a Firewall Rule in either srcCidr or destCidr, as a single comma-separated string.

Eg.

"rules": [{
    'comment': 'Deny Src Any to Dest Group ID 225', 
    'policy': 'deny', 
    'protocol': 'tcp', 
    'destPort': '443', 
    'destCidr': 'GRP(225)', 
    'srcPort': 'Any', 
    'srcCidr': 'Any', 
    'syslogEnabled': False
},{
    'comment': 'Deny Src Any to Dest Obj ID 662029145223465067,837 and 662029145223465068', 
    'policy': 'allow', 
    'protocol': 'tcp', 
    'destPort': '443', 
    'destCidr': 'OBJ(662029145223465067),OBJ(837),OBJ(662029145223465068)', 
    'srcPort': 'Any', 
    'srcCidr': 'Any', 
    'syslogEnabled': False
}]

This shows two rules as Python Dictionaries.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

That is perfect!  Thanks for the explanation.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.