cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Objects

Highlighted
Kind of a big deal

Firewall Objects

There is now a beta you can request to go onto via support that enables firewall objects for use in ACLs.  Objects can contain groups of other objects.

For some people this will make their firewall rules much simpler.

29 REPLIES 29
Highlighted
Kind of a big deal
Kind of a big deal

Re: Firewall Objects

Wow, I didn't realise that could you not do that before!  We do only use MXs for SD-WAN or public internet access so never needed it, but for a corporate firewall that will make a big difference 🙂

Highlighted
Building a reputation

Re: Firewall Objects

That's awesome! Is that going to be released with the 15.x branch?
Highlighted
A model citizen

Re: Firewall Objects

We have been waiting for this ever since migrating from Cisco ASAs!
CMNO, CCNA R+S
Highlighted
Kind of a big deal

Re: Firewall Objects

Hah! I was wondering if this was coming along. In Cisco Defense Orchestrator, you can use objects with Meraki L3 firewall, but there I think it's just an overlay.

 

@PhilipDAth Does one have to be on 15.x or is it available on 14.x? Do you know? Thank you.

Highlighted
Kind of a big deal

Re: Firewall Objects

According to the Meraki Quarterly, you do not need any specific version of firmware, you just have to have it enabled to use it.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Getting noticed

Re: Firewall Objects

I opened a ticket with support and they said that I needed to reach out to my Meraki representative instead.  I reached out to her and she said that she doesn't have this kind of access and will need to ask around.  It sounds like they are not quite sure how to turn it on yet.  I'm pretty excited for this feature.  I watched the Q&A section and they said that the feature is in the dashboard and that there isn't a firmware requirement on the MX.

Highlighted
Kind of a big deal

Re: Firewall Objects

You are not the first to have that issue.

 

It sounds like there is some miscommunication between internal teams then.

 

Adding @MeredithW  so she can investigate 😃

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Kind of a big deal

Re: Firewall Objects


@NolanHerring wrote:

You are not the first to have that issue.

 

Nope 😄

Highlighted
Meraki Employee

Re: Firewall Objects

Hello All,

 

Firewall Objects is not yet Public Beta. It currently an internal Beta. We are currently putting finishing touches to the feature and working on documentation before roll out. The feature will be public beta before or latest January 2020.

 

Thank you.

Highlighted
Kind of a big deal

Re: Firewall Objects

Thank you for the update and clarification 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Conversationalist

Re: Firewall Objects

Hi Flygerian,

 

Is there any update to this? 🙂

Best regards,

Ronni
Highlighted
Here to help

Re: Firewall Objects

Is this in beta yet?

Highlighted
Kind of a big deal

Re: Firewall Objects


@ToddB wrote:

Is this in beta yet?


Yes, but not in public beta yet as far as I can see.

Highlighted
Here to help

Re: Firewall Objects

Who should i contact to request this?

 

Highlighted
Building a reputation

Re: Firewall Objects

Thanks for this info , expert
Highlighted
Getting noticed

Re: Firewall Objects

I found this video on YouTube that shows how the firewall objects will work.  https://youtu.be/C3UKEjIJZzU

 

Just give this to me now please.  This feature will be life changing.  I'm so tired of copying and pasting my rules into notepad.

Highlighted
Conversationalist

Re: Firewall Objects

We are again 3 months later and still no signs when the option for adding Objects Groups will be released (while they talked about releasing it January 2020). We used this option very frequently in our ASA firewalls and like to use this in our Meraki's as well. Any clue about a release date?

Highlighted
Head in the Cloud

Re: Firewall Objects

Hi @Herbiek , we tried to get a customer onto the open Beta but this was pulled last minute as they’d gone back into a closed Beta. This was about two weeks ago so from that I take it as progress is slow.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Highlighted
Kind of a big deal

Re: Firewall Objects

I've now created a script based system that lets you migrate a firewall rule base to Meraki that uses objects, object groups and service groups.

https://community.meraki.com/t5/Dashboard-Administration/Meraki-Object-Groups-You-can-have-them-now/... 

Highlighted
Head in the Cloud

Re: Firewall Objects

Well done @PhilipDAth . Will check it out

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Highlighted
Getting noticed

Re: Firewall Objects

Great news for you all!

 

  • We just got into the closed beta today (less great for YOU, but good for ME)
  • Network objects will be release to public beta in about two weeks (more great for YOU 😀)

 

That's what the Meraki guys told me a few minutes ago when they onboarded us to the closed beta!

Highlighted
Conversationalist

Re: Firewall Objects

Thanks @theshmike 

What did you say or do to get into the close beta (wink)? 

 

I've also just opened up a ticket and waiting on the product team's response.

Highlighted
Getting noticed

Re: Firewall Objects

@SPO_SCIBFthis was a long way to go, but I'll tell you 🙂

 

The short answer is: I've opened a support ticket and asked when network objects will come into public beta.

 

The full answer is: After Meraki praised the new feature at a roadshow event in November in 2019 (!) to be released soon, we've opened a support ticket in January 2020 asking when the feature will be GA. They answered that it was still in closed beta and that we have to reach out to a special mail address to get into this. I did that and never got a reply.

2 weeks ago, the issue came back on our agenda and we once again opened a support ticket asking when it will be GA. They again answered, that it is still in closed beta. Afterwards, I've got contacted by our sales rep who organized to get us into the beta. Weird thing about it is, that in the onboarding webex they told me that it will be public beta in 2 weeks. If the support just had told me that, I would have just waited the 2 more weeks...

 

So to conclude, I would suggest you to just wait the 2 more weeks until it'll be public beta.

If that is not going to happen, I would suggest to contact your sales rep!

 

 

 

 

Highlighted
Conversationalist

Re: Firewall Objects

Thank you @theshmike.

Very much appreciated your detailed response.

Will wait for two weeks then and see how this goes. On a timer now 😀.

Highlighted
Conversationalist

Re: Firewall Objects

Yaaj! Public beta has now arrived!! 😄

 

See this guide to activate it:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

Highlighted
Getting noticed

Re: Firewall Objects

Hmm, it says it can apply to inbound rules but that doesn't appear to be active yet.

 

Also somewhat disappointing that services can't be grouped yet. Hopefully that's on the roadmap. 

 

That in combination with inbound rules are our biggest need.

 

 

 

 

 

 

Highlighted
Conversationalist

Re: Firewall Objects

Aaah! Finally!

Used those to a demo network and so far so good.

Planning to use them on a production environment shortly :).

Highlighted
Here to help

Re: Firewall Objects

Finally and thank you for the info!

Highlighted
New here

Re: Firewall Objects

@Nash So CDO does support Meraki native network objects as well, but you'll need a feature flag enabled to do this on CDO (please ask support if you'd like this). 


Note: I'm a CDO developer.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.