BULK IP ADDRESS BLOCKING

SOLVED
Ritchie
Getting noticed

BULK IP ADDRESS BLOCKING

Guys, is there a way in meraki mx to block a lots of ip addresses in one entry?

Just like these ip addresses:

46.233.0.70
204.17.56.42
89.31.57.5
162.247.73.206
162.247.72.217
46.235.227.70
193.107.85.56
5.79.68.161
37.48.120.196
37.187.7.74
162.247.72.199
109.169.33.163
176.10.107.180

 

I want to block all of this in one entry in the firewall not manual per ip address or segment. Since in the Cisco firepower services, i am able to upload a list of ip addresses in a notepad.

 

 

 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I'm using 14.x firmware. Perhaps it is a new feature.

View solution in original post

20 REPLIES 20
PhilipDAth
Kind of a big deal
Kind of a big deal

Just comma separate them and copy and paste them in.

 

Screenshot from 2018-05-29 17-46-54.png

mx.PNG

I also try it with ip address only without cidr but it shows error.

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm using 14.x firmware. Perhaps it is a new feature.
ww
Kind of a big deal
Kind of a big deal

what ip did you put in there?  .../24

PhilipDAth
Kind of a big deal
Kind of a big deal

I copied and pasted the first three in your list and comma separated them.

yeah its the version of the mx.

Anyway thanks sir.

Adam
Kind of a big deal

Also did you just try doing the IP/32?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Ritchie
Getting noticed

yes I tried /32 and /24 but it is the same error.

Just tried on 13.28 firmware (latest stable). Can confirm it works and not a new feature on 14.xx firmware.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

I am on the same version as you mention but it doesn't work.

I just spent the last 30 minutes going thru this. I was able to recreate the error you showed. The error only occurred when trying to summarize the IPs in Group Policy using "Custom network firewall & shaping rules". I am unable to combine multiple IPs into the one rule and the error message you showed is generated. This happens regardless of firmware version.

 

When placed in Security Appliance > Configure > Firewall, the rule works without any issue. This leaves me to believe that it is a problem with group policy looking for only ONE IP when creating custom rules. Have you tried placing the rule in the Layer 3 section of the Security Appliance > Configure > Firewall page? This will apply to ALL groups on your MX unless you create a custom rule under group policy. If everyone is to be blocked from these IPs, my recommendation would be to place it there.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

@Mr_IT_Guythank sir.
It works.

Meraki newbie here.  The answer you give looks to be for OUTBOUND traffic.  This doesn't seem to be able to keep these IPs from hitting my devices behind our MX67.  Obviously the OUTBOUND rule will keep any further traffic TO those problem IPs, but I'm wondering if this is sufficient.  For example, what would keep IPs I've enter in this OUTBOUND rule from DDOSing my servers?

Thanks in advance for any clarity you might be able to shed on this matter!

PhilipDAth
Kind of a big deal
Kind of a big deal

Traffic can only come into your internal devices if they first made a request out - and that case is handled.

 

The other case is if you NAT/port forward an inbound port.  In this case you wont be able to block the inbound packet.  You can only create an "allow" list that blocks everything except what is listed.

jpier
New here

Hi Ritchie,

 

You can bulk edit firewalls using the native Cisco Meraki API that utilize Postman.

 

You can build rules via JSON and use the PUT command to process them.

 

Check out Cisco Meraki API and Postman.

Justin Pier
TLoperDenverIT
Conversationalist

Goto Security & SD-WAN ------ CONTENT FILTERING, then URL Blocking?

ww
Kind of a big deal
Kind of a big deal

@TLoperDenverIT 

Thats only for http(s) traffic

jpier
New here

Hi Ritchie,

 

Everyone on this post should really look at the tool Postman to do bulk modifications via API.

 

I can update our 40+ MX deployment with the same rules with a simple modification of my put command, simple copy paste then hit send.

 

Justin

Justin Pier
Bruce
Kind of a big deal

@jpier I agree with you that Postman is one great way to make multiple updates with only a few quick changes. You can also take this one step further and use a scripting language like Python to access the APIs.

 

Another path you may want to consider is using the Policy Objects for the firewalls (yes, its beta, but its been around a while now, and there are great successes with it). You define organisation-wide Policy Groups which you can then use in your inbound and outbound firewall rules (they don't work on Group Policy, yet). Then if you need to make a change you just update the Policy Object and its applied everywhere that policy is used.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels