Guys, is there a way in meraki mx to block a lots of ip addresses in one entry?
Just like these ip addresses:
I want to block all of this in one entry in the firewall not manual per ip address or segment. Since in the Cisco firepower services, i am able to upload a list of ip addresses in a notepad.
Solved! Go to Solution.
Also did you just try doing the IP/32?
Just tried on 13.28 firmware (latest stable). Can confirm it works and not a new feature on 14.xx firmware.
I just spent the last 30 minutes going thru this. I was able to recreate the error you showed. The error only occurred when trying to summarize the IPs in Group Policy using "Custom network firewall & shaping rules". I am unable to combine multiple IPs into the one rule and the error message you showed is generated. This happens regardless of firmware version.
When placed in Security Appliance > Configure > Firewall, the rule works without any issue. This leaves me to believe that it is a problem with group policy looking for only ONE IP when creating custom rules. Have you tried placing the rule in the Layer 3 section of the Security Appliance > Configure > Firewall page? This will apply to ALL groups on your MX unless you create a custom rule under group policy. If everyone is to be blocked from these IPs, my recommendation would be to place it there.
Meraki newbie here. The answer you give looks to be for OUTBOUND traffic. This doesn't seem to be able to keep these IPs from hitting my devices behind our MX67. Obviously the OUTBOUND rule will keep any further traffic TO those problem IPs, but I'm wondering if this is sufficient. For example, what would keep IPs I've enter in this OUTBOUND rule from DDOSing my servers?
Thanks in advance for any clarity you might be able to shed on this matter!
Traffic can only come into your internal devices if they first made a request out - and that case is handled.
The other case is if you NAT/port forward an inbound port. In this case you wont be able to block the inbound packet. You can only create an "allow" list that blocks everything except what is listed.
You can bulk edit firewalls using the native Cisco Meraki API that utilize Postman.
You can build rules via JSON and use the PUT command to process them.
Check out Cisco Meraki API and Postman.
Everyone on this post should really look at the tool Postman to do bulk modifications via API.
I can update our 40+ MX deployment with the same rules with a simple modification of my put command, simple copy paste then hit send.
@jpier I agree with you that Postman is one great way to make multiple updates with only a few quick changes. You can also take this one step further and use a scripting language like Python to access the APIs.
Another path you may want to consider is using the Policy Objects for the firewalls (yes, its beta, but its been around a while now, and there are great successes with it). You define organisation-wide Policy Groups which you can then use in your inbound and outbound firewall rules (they don't work on Group Policy, yet). Then if you need to make a change you just update the Policy Object and its applied everywhere that policy is used.