Meraki Community

Kingoftheday · ‎Jun 4 2023

I want to transfer or copy my Cisco ASA5515 configuration to Meraki MX 85 Firewall. I have the copy of the ASA configuration file. Is there any way I can do this? Any help will be appreciated. Thanks

KarstenI · ‎Jun 4 2023

Look at the following script if it can help you with the migration:

https://github.com/wifiguru10/Meraki_MX_Converter

But be aware that for every migration the rule “garbage in, garbage out” also applies here. Clean up the old config before the migration.

Kingoftheday · ‎Jun 6 2023

Before I start the conversion, how do I back my current configuration now either to cloud or local

alemabrahao · ‎Jun 4 2023

Take a look at this link.

https://www.ifm.net.nz/cookbooks/mfw.html

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Kingoftheday · ‎Jun 6 2023

How can I export the rules I have on Dashboard now to Excel or CSV file to see how they should look like

alemabrahao · ‎Jun 6 2023

Take a look at this, I just googled it. https://github.com/meraki/automation-scripts/blob/master/export_mx_l3.py

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Kingoftheday · ‎Jun 8 2023

I have exported the configuration but it does not match any of your Excel file. Let me put sample of Code here

object-group service 123
service-object udp source eq 1900
object-group service 1900 udp
port-object eq 1900
object-group network sales
network-object 10.12.12.0 255.255.255.0
object-group network vpn_pool_ip
network-object 10.10.10.0 255.255.255.0
object-group network inside
network-object 10.0.0.0 255.255.255.0
network-object 192.168.50.0 255.255.255.0
network-object 10.1.0.0 255.255.0.0
object-group network VPN_Access
network-object 10.10.10.0 255.255.255.0
object-group service DNS_servers
service-object udp destination eq domain
object-group network DNS_SERVERS
network-object host 64.59.144.19
network-object host 4.2.2.2
object-group network FTP_EPSON
network-object host 63.73.69.140
network-object host 69.164.87.20
network-object host 69.164.87.37

I also have DHCP on some VLAN

Jonathan-S · ‎Jun 9 2023

Hi Kingoftheday,

I just wanted to chime-in here and state that we (Meraki) do not have any official tools or solutions for a configuration migration like this and as a result you are using these third-party tools and utilities at your own risk.

That being said, we try to make the configuration of the MX platform to be quite simple and straightforward. As long as you have a high-level understanding of the ASA's current configuration, you should be able to adapt this to the Meraki MX platform fairly quickly and easily.

If you haven't done so already, be sure to read through our "MX Firewall Settings" knowledge-base article to get a full understanding of the configuration options available on the MX platform. You may also find the use of "Policy/Network Objects" to help streamline the configuration of your firewall rules. Additionally, since you mentioned DHCP services being enabled on some VLANs/subnets, I'll also share our "DHCP Services" KB.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Kingoftheday · ‎Jun 12 2023

Hi Jonathan,

I have gone through the documentation which really helps but I have a questions. First, I can not find any information on creating network-object under Object-group. Example

object-group network DATES
network-object 63.73.69.140 255.255.255.0
network-object 69.164.87.20 255.255.255.0
network-object 69.164.87.37 255.255.255.224
network-object 66.151.149.32 255.255.255.224
network-object 49.146.147.0 255.255.255.0

Jonathan-S · ‎Jun 13 2023

Hi Kingoftheday,

In the Meraki Dashboard, "Policy Objects" are used to simply apply a user-friendly label to a specific IP address, subnet, or FQDN. These convenient labels then can be used to help you build out your firewall rules more easily. For example "Deny Any Traffic To/From 'Guest Network' and 'Internal Network'" could be a set of L3 firewall rules on the MX as opposed to needing to remember and type out the exact IP addressing (CIDR notation) for each of the subnets every time.

To start configuring these "Policy Objects" head to Organization > Policy objects from within your Meraki Dashboard portal. Do note that because this is under the "Organization" section, this will require that your Dashboard admin account has Organization-level admin privileges.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.