Copying a list for IP Addresses for Firewall rules

Solved
jrsilvius
Getting noticed

Copying a list for IP Addresses for Firewall rules

Maybe I'm missing something, but I use to be able to copy a comma separated list of IP addresses into the firewall rules. Now it seems that option isn't available anymore. Did they make a change on one of the firmware updates, or is there another way to do this? I've got to setup the Zoom Phone firewall requirements and they have like 300 IP addresses you have to allow.

1 Accepted Solution
GIdenJoe
Kind of a big deal
Kind of a big deal

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

View solution in original post

11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal

Y can use the policy objects.

 

alemabrahao_0-1690995324569.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
jrsilvius
Getting noticed

So we have to create a policy object for each IP address? That seems a bit cumbersome.

There should be an easier way to copy multiple IP addresses into the firewall.

alemabrahao
Kind of a big deal
Kind of a big deal

You have to create each object and associate them in a group.

 

alemabrahao_0-1691000641527.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
jrsilvius
Getting noticed

I know how to do that, but it is asinine. What a waste of time for admins. There should be a way to copy more than one IP address at a time.

GIdenJoe
Kind of a big deal
Kind of a big deal

300 IP addresses for 1 service?  That's a bad service.
I guess you should create policy objects for all those IP addresses and add them to a group.

You can do this faster by using API calls and just copy pasting IP addresses in your JSON body.

jrsilvius
Getting noticed

I'm not familiar with using API calls, where would I find more information about that?

And yes, Zoom is crazy. Different IPs for all their services. Some overlap, but you can see their list here. https://bityl.co/KEr5

 

GIdenJoe
Kind of a big deal
Kind of a big deal

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

jrsilvius
Getting noticed

Thanks, I've never done anything like that before, so I'll have to do some research into it.

I appreciate the information.

Ryan_Miles
Meraki Employee
Meraki Employee

I'm able to paste in comma separated IPs into L3 firewall rules without issue. What error are you getting?

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
jrsilvius
Getting noticed

jrsilvius_0-1691075491550.png

 

Ryan_Miles
Meraki Employee
Meraki Employee

Quick video of how I'm doing it. Just taking a comma separated list from notepad and pasting into dashboard. Is that the same process you're using?

 

https://youtu.be/VJQAZcCLoCc

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels