Meraki

Community

Copying a list for IP Addresses for Firewall rules

Solved
jrsilvius
Getting noticed
‎Aug 2 2023 9:52 AM
‎Aug 2 2023 9:52 AM

Copying a list for IP Addresses for Firewall rules

Maybe I'm missing something, but I use to be able to copy a comma separated list of IP addresses into the firewall rules. Now it seems that option isn't available anymore. Did they make a change on one of the firmware updates, or is there another way to do this? I've got to setup the Zoom Phone firewall requirements and they have like 300 IP addresses you have to allow.

Labels:
0 Kudos
1 Accepted Solution
In response to jrsilvius
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 2 2023 12:29 PM
‎Aug 2 2023 12:29 PM

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

View solution in original post

11 Replies 11
alemabrahao
Kind of a big deal
‎Aug 2 2023 9:55 AM
‎Aug 2 2023 9:55 AM

Y can use the policy objects.

 

alemabrahao_0-1690995324569.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
jrsilvius
Getting noticed
‎Aug 2 2023 10:47 AM
‎Aug 2 2023 10:47 AM

So we have to create a policy object for each IP address? That seems a bit cumbersome.

There should be an easier way to copy multiple IP addresses into the firewall.

0 Kudos
In response to jrsilvius
alemabrahao
Kind of a big deal
‎Aug 2 2023 11:24 AM
‎Aug 2 2023 11:24 AM

You have to create each object and associate them in a group.

 

alemabrahao_0-1691000641527.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
jrsilvius
Getting noticed
‎Aug 2 2023 12:28 PM
‎Aug 2 2023 12:28 PM

I know how to do that, but it is asinine. What a waste of time for admins. There should be a way to copy more than one IP address at a time.

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 2 2023 10:05 AM
‎Aug 2 2023 10:05 AM

300 IP addresses for 1 service?  That's a bad service.
I guess you should create policy objects for all those IP addresses and add them to a group.

You can do this faster by using API calls and just copy pasting IP addresses in your JSON body.

0 Kudos
In response to GIdenJoe
jrsilvius
Getting noticed
‎Aug 2 2023 10:49 AM
‎Aug 2 2023 10:49 AM

I'm not familiar with using API calls, where would I find more information about that?

And yes, Zoom is crazy. Different IPs for all their services. Some overlap, but you can see their list here. https://bityl.co/KEr5

 

0 Kudos
In response to jrsilvius
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 2 2023 12:29 PM
‎Aug 2 2023 12:29 PM

You're not kidding about those addresses jeez.  Those IPv6 ranges look much better aggregated.
You have a direct link to the API documentation on the dashboard!

GIdenJoe_0-1691004572970.png

I just looked at action batch supported resources and alas the policy object resource is not part of action batches and you have to create each policy object on it's own which means inside your loop you will need to create a pause and a retry mechanism so you don't run into the rate limit for doing API calls.

So basically you could write a script that takes a list inside a text file with the IP addresses and add each of those as a policy object with a nice structural naming scheme (example: NET_PUB_ZOOM-1) and once all of those have been added you can add them to a group object that then will be used inside the firewall rule.

 

In response to GIdenJoe
jrsilvius
Getting noticed
‎Aug 2 2023 1:18 PM
‎Aug 2 2023 1:18 PM

Thanks, I've never done anything like that before, so I'll have to do some research into it.

I appreciate the information.

0 Kudos
Ryan_Miles
Meraki Employee
Meraki Employee
‎Aug 2 2023 4:49 PM
‎Aug 2 2023 4:49 PM

I'm able to paste in comma separated IPs into L3 firewall rules without issue. What error are you getting?

0 Kudos
In response to Ryan_Miles
jrsilvius
Getting noticed
‎Aug 3 2023 8:11 AM
‎Aug 3 2023 8:11 AM

jrsilvius_0-1691075491550.png

 

0 Kudos
Ryan_Miles
Meraki Employee
Meraki Employee
‎Aug 3 2023 8:16 AM
‎Aug 3 2023 8:16 AM

Quick video of how I'm doing it. Just taking a comma separated list from notepad and pasting into dashboard. Is that the same process you're using?

 

https://youtu.be/VJQAZcCLoCc

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.