Enabling Network Objects

CML_Todd
Getting noticed

Enabling Network Objects

I'm thinking of enabling network objects in my organization and I'm wondering if there are any issues I need to look out for? 

 

I have 26 networks in my organization with a bunch of firewall rules and site to site vpn firewall rules in production.  I've read through the documentation and it looks like a great feature.  I'm just a little worried about enabling a feature that's still in Beta.

 

Any feedback is greatly appreciated.

5 REPLIES 5
UCcert
Kind of a big deal

Re: Enabling Network Objects

Commenting for visibility.

 

Not yet implemented ourselves for customers 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal

Re: Enabling Network Objects

I've used it.  It's great!  I would not want to go back to not having them.

 

It is especially good when you are having to migrate from another firewall (like an ASA) that has been configured using objects and groups already.

 

Even in normal MX operation, being able to group objects can greatly reduce the number of rules and makes them so much easier to read.

 

For example, let's say you had a firewall rule for all the AD controllers in your organisation.  Let's say you had three offices, and 2 AD controllers in each.  You might have had 6 firewall rules to allow access, spread over several Meraki networks.

You can create such a single group and add all the AD controllers to it.  The group is global to the whole organisation, and you can reference it in any individual network firewall rules.  More than likely you would go from 6 firewall rules down to 1 rule now.

 

GIdenJoe
Kind of a big deal

Re: Enabling Network Objects

They take some initial time setting up but once you have your objects and groups, they're great.
Service objects would be a nice complement though 🙂

I also see the objects are also available on site2site vpn firewall rules.

The only place where it does not work is on AP's and subsequently on group policies since they have to be compatible with AP's.

CML_Todd
Getting noticed

Re: Enabling Network Objects

Thanks for the information everyone.  

 

I appreciate the feedback.

 

When you enabled it in your organizations, were there any issues that surfaced?  Or did it "just work?"

 

 

CptnCrnch
Kind of a big deal

Re: Enabling Network Objects

It just worked

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.