Enhanced Firewall Rules for MX

SOLVED
PaintTheNight
Here to help

Enhanced Firewall Rules for MX

So I just watched the "Security Made Simple" webinar (https://meraki.cisco.com/securitymadesimple/)

 

Very excited for the new Firewall Object Groups. I'm currently in the process of writing firewall rules accross all our networks but much rather use groups.Does anybody know when we're expected to see this feature?

1 ACCEPTED SOLUTION
PaintTheNight
Here to help

For everyone following this thread:

 

The new feature is now in open beta and is called "Network Objects":

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

 

Havn't implemented these in production yet but so far I'm pretty happy with how this feature has been implemented.

 

- Network Objects are work accross an Organization so they can be used at multiple sites

- The UI is pretty intuitive but doesn't allow for cut and paste (probably a design decision)

- The auto search /search for objects is great !!

View solution in original post

9 REPLIES 9
NolanHerring
Kind of a big deal

I think I speak for everyone, but mostly myself, when I say.....nope I have no clue. 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn

No clue either. I tried getting access to the beta, but failed. I know @jdsilva has tried it out, maybe he knows more.

I know they exist, I can confirm that much. As to then they're going to be widely available... I don't have the slightest idea 😞

Here's hoping it's sooner rather then later. I'm at a cross roads now if I decide to implement flat rules or wait until this feature comes out.

Ahmad_Qattan
Here to help

Hi,

 

I am subscribing for the RSS Feed for this one.

 

may you please update this topic when the feature is out and configurable.

 

it is a long waited feature.

 

regards,

Ahmad Qattan

I've now created a script based system that lets you migrate a firewall rule base to Meraki that uses objects, object groups and service groups.

https://community.meraki.com/t5/Dashboard-Administration/Meraki-Object-Groups-You-can-have-them-now/... 

PaintTheNight
Here to help

For everyone following this thread:

 

The new feature is now in open beta and is called "Network Objects":

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

 

Havn't implemented these in production yet but so far I'm pretty happy with how this feature has been implemented.

 

- Network Objects are work accross an Organization so they can be used at multiple sites

- The UI is pretty intuitive but doesn't allow for cut and paste (probably a design decision)

- The auto search /search for objects is great !!

I've used this feature in production and it worked GREAT.

 

One thing it couldn't do was have a group contain another group.  For example, you can't great a group for printers on one floor and a group for printers on another floor, and then add those two groups to a group of all printers.

I am very happy that Network Objects came out ahead of IPV6.  Using IPV6 addresses instead of objects would render firewall rules almost impossible to manage!

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels