cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Copying a list for IP Addresses for Firewall rules

SOLVED
Go to solution
jrsilvius
Getting noticed
‎08-02-2023 09:52 AM
‎08-02-2023 09:52 AM

Copying a list for IP Addresses for Firewall rules

Maybe I'm missing something, but I use to be able to copy a comma separated list of IP addresses into the firewall rules. Now it seems that option isn't available anymore. Did they make a change on one of the firmware updates, or is there another way to do this? I've got to setup the Zoom Phone firewall requirements and they have like 300 IP addresses you have to allow.

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
In response to jrsilvius
GIdenJoe
Kind of a big deal
Kind of a big deal
‎08-02-2023 12:29 PM
‎08-02-2023 12:29 PM

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

View solution in original post

Subscribe
11 REPLIES 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎08-02-2023 09:55 AM
‎08-02-2023 09:55 AM

Y can use the policy objects.

 

alemabrahao_0-1690995324569.png

 

0 Kudos
Subscribe
In response to alemabrahao
jrsilvius
Getting noticed
‎08-02-2023 10:47 AM
‎08-02-2023 10:47 AM

So we have to create a policy object for each IP address? That seems a bit cumbersome.

There should be an easier way to copy multiple IP addresses into the firewall.

0 Kudos
Subscribe
In response to jrsilvius
alemabrahao
Kind of a big deal
Kind of a big deal
‎08-02-2023 11:24 AM
‎08-02-2023 11:24 AM

You have to create each object and associate them in a group.

 

alemabrahao_0-1691000641527.png

 

0 Kudos
Subscribe
In response to alemabrahao
jrsilvius
Getting noticed
‎08-02-2023 12:28 PM
‎08-02-2023 12:28 PM

I know how to do that, but it is asinine. What a waste of time for admins. There should be a way to copy more than one IP address at a time.

0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎08-02-2023 10:05 AM
‎08-02-2023 10:05 AM

300 IP addresses for 1 service?  That's a bad service.
I guess you should create policy objects for all those IP addresses and add them to a group.

You can do this faster by using API calls and just copy pasting IP addresses in your JSON body.

0 Kudos
Subscribe
In response to GIdenJoe
jrsilvius
Getting noticed
‎08-02-2023 10:49 AM
‎08-02-2023 10:49 AM

I'm not familiar with using API calls, where would I find more information about that?

And yes, Zoom is crazy. Different IPs for all their services. Some overlap, but you can see their list here. https://bityl.co/KEr5

 

0 Kudos
Subscribe
In response to jrsilvius
GIdenJoe
Kind of a big deal
Kind of a big deal
‎08-02-2023 12:29 PM
‎08-02-2023 12:29 PM

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

Subscribe
In response to GIdenJoe
jrsilvius
Getting noticed
‎08-02-2023 01:18 PM
‎08-02-2023 01:18 PM

Thanks, I've never done anything like that before, so I'll have to do some research into it.

I appreciate the information.

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎08-02-2023 04:49 PM
‎08-02-2023 04:49 PM

I'm able to paste in comma separated IPs into L3 firewall rules without issue. What error are you getting?

0 Kudos
Subscribe
In response to Ryan_Miles
jrsilvius
Getting noticed
‎08-03-2023 08:11 AM
‎08-03-2023 08:11 AM

jrsilvius_0-1691075491550.png

 

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎08-03-2023 08:16 AM
‎08-03-2023 08:16 AM

Quick video of how I'm doing it. Just taking a comma separated list from notepad and pasting into dashboard. Is that the same process you're using?

 

https://youtu.be/VJQAZcCLoCc

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki