Apply Policy Object/Groups to a L3 firewall rule using API

Solved
VinoyMohan
Getting noticed

Apply Policy Object/Groups to a L3 firewall rule using API

I am trying to figure out a way to apply a particular Policy Object/Groups to an L3 firewall rule using API. I can create an L3 firewall rule using CIDR/FQDN etc, but I am unable to map the firewall rule to a Policy Object using API.

 

Any leads will be appreciated.

1 Accepted Solution
VinoyMohan
Getting noticed

I have found the answer myself. For attaching the Policy Object & Groups we should use the below format in the API call.

 

Policy Object: 

         "destCidr" or "srcCidr": "OBJ(Policy Object ID)"
 
Policy Object Group: 
        "destCidr" or "srcCidr": "GRP(Policy Group ID)"

View solution in original post

9 Replies 9
VinoyMohan
Getting noticed

I have found the answer myself. For attaching the Policy Object & Groups we should use the below format in the API call.

 

Policy Object: 

         "destCidr" or "srcCidr": "OBJ(Policy Object ID)"
 
Policy Object Group: 
        "destCidr" or "srcCidr": "GRP(Policy Group ID)"
KarstenI
Kind of a big deal
Kind of a big deal

Can you give an example on how to do that?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
VinoyMohan
Getting noticed

Sure, please find below example for both Policy Object and Groups tagging a particular firewall rule.

 

Policy Object tagging to a firewall rule:

API URL: https://api.meraki.com/api/v1/networks/{{ network id}}/appliance/firewall/l3FirewallRules

{
    "rules": [
                {
            "comment": "Allow TCP traffic to subnet with HTTP servers.",
            "policy": "allow",
            "protocol": "tcp",
            "destPort": "443",
            "destCidr": "OBJ(1234567890)", #### 1234567890 is the Policy Object id
            "srcPort": "Any",
            "srcCidr": "10.10.10.0/24",
            "syslogEnabled": false
        }            ]
       
}
 

Policy Groups tagging to a firewall rule:

API URL: https://api.meraki.com/api/v1/networks/{{ network id}}/appliance/firewall/l3FirewallRules

{
    "rules": [
                {
            "comment": "Allow TCP traffic to subnet with HTTP servers.",
            "policy": "allow",
            "protocol": "tcp",
            "destPort": "443",
            "destCidr": "GRP(7894564679)", #### 7894564679 is the Policy Group id
            "srcPort": "Any",
            "srcCidr": "10.10.10.0/24",
            "syslogEnabled": false
        }            ]
       
}
 
 
Hope this helps
VinoyMohan
Getting noticed

I dont know somehow my response to  your query is getting deleted automatically.

VinoyMohan
Getting noticed

Policy Object mapping to an L3 firewall rule

API URL:https://api.meraki.com/api/v1/networks/{{ network id}}/appliance/firewall/l3FirewallRules

{
    "rules": [
                {
            "comment": "Allow TCP traffic to subnet with HTTP servers.",
            "policy": "allow",
            "protocol": "tcp",
            "destPort": "443",
            "destCidr": "OBJ(1234567890)",###  1234567890 is the policy object ID
            "srcPort": "Any",
            "srcCidr": "10.10.10.0/24",
            "syslogEnabled": false
        }            ]
       
}
 
KarstenI
Kind of a big deal
Kind of a big deal

Thanks for that, I'll play a bit with it 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
RaphaelL
Kind of a big deal
Kind of a big deal

Off topic:I still wish we could disable/enable rules for testing purpose instead of deleting / re-creating them.

VinoyMohan
Getting noticed

Yes, absolutely true. But there is no feature yet and deleting a particular firewall rule using API is also not there right now.

VinoyMohan
Getting noticed

Policy Groups mapping to an L3 firewall rule

API URL:https://api.meraki.com/api/v1/networks/{{ network id}}/appliance/firewall/l3FirewallRules

{
    "rules": [
                {
            "comment": "Allow TCP traffic to subnet with HTTP servers.",
            "policy": "allow",
            "protocol": "tcp",
            "destPort": "443",
            "destCidr": "GRP(9879879879)", ###  9879879879 is the policy group ID
            "srcPort": "Any",
            "srcCidr": "10.10.10.0/24",
            "syslogEnabled": false
        }            ]
       
}

Hope this helps
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels