I'm thinking of enabling network objects in my organization and I'm wondering if there are any issues I need to look out for?
I have 26 networks in my organization with a bunch of firewall rules and site to site vpn firewall rules in production. I've read through the documentation and it looks like a great feature. I'm just a little worried about enabling a feature that's still in Beta.
I've used it. It's great! I would not want to go back to not having them.
It is especially good when you are having to migrate from another firewall (like an ASA) that has been configured using objects and groups already.
Even in normal MX operation, being able to group objects can greatly reduce the number of rules and makes them so much easier to read.
For example, let's say you had a firewall rule for all the AD controllers in your organisation. Let's say you had three offices, and 2 AD controllers in each. You might have had 6 firewall rules to allow access, spread over several Meraki networks.
You can create such a single group and add all the AD controllers to it. The group is global to the whole organisation, and you can reference it in any individual network firewall rules. More than likely you would go from 6 firewall rules down to 1 rule now.