Firewall Objects

PhilipDAth
Kind of a big deal
Kind of a big deal

Firewall Objects

There is now a beta you can request to go onto via support that enables firewall objects for use in ACLs.  Objects can contain groups of other objects.

For some people this will make their firewall rules much simpler.

29 Replies 29
cmr
Kind of a big deal
Kind of a big deal

Wow, I didn't realise that could you not do that before!  We do only use MXs for SD-WAN or public internet access so never needed it, but for a corporate firewall that will make a big difference 🙂

If my answer solves your problem please click Accept as Solution so others can benefit from it.
lpopejoy
A model citizen

That's awesome! Is that going to be released with the 15.x branch?
KRobert
Head in the Cloud

We have been waiting for this ever since migrating from Cisco ASAs!
CMNO, CCNA R+S
Nash
Kind of a big deal

Hah! I was wondering if this was coming along. In Cisco Defense Orchestrator, you can use objects with Meraki L3 firewall, but there I think it's just an overlay.

 

@PhilipDAth Does one have to be on 15.x or is it available on 14.x? Do you know? Thank you.

NolanHerring
Kind of a big deal

According to the Meraki Quarterly, you do not need any specific version of firmware, you just have to have it enabled to use it.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
JohnT
Getting noticed

I opened a ticket with support and they said that I needed to reach out to my Meraki representative instead.  I reached out to her and she said that she doesn't have this kind of access and will need to ask around.  It sounds like they are not quite sure how to turn it on yet.  I'm pretty excited for this feature.  I watched the Q&A section and they said that the feature is in the dashboard and that there isn't a firmware requirement on the MX.

NolanHerring
Kind of a big deal

You are not the first to have that issue.

 

It sounds like there is some miscommunication between internal teams then.

 

Adding @MeredithW  so she can investigate 😃

Nolan Herring | nolanwifi.com
TwitterLinkedIn
BrechtSchamp
Kind of a big deal


@NolanHerring wrote:

You are not the first to have that issue.

 

Nope 😄

Bsalami
Meraki Employee
Meraki Employee

Hello All,

 

Firewall Objects is not yet Public Beta. It currently an internal Beta. We are currently putting finishing touches to the feature and working on documentation before roll out. The feature will be public beta before or latest January 2020.

 

Thank you.

NolanHerring
Kind of a big deal

Thank you for the update and clarification 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Winge
Conversationalist

Hi Flygerian,

 

Is there any update to this? 🙂

Best regards,

Ronni
ToddB
Here to help

Is this in beta yet?

BrechtSchamp
Kind of a big deal


@ToddB wrote:

Is this in beta yet?


Yes, but not in public beta yet as far as I can see.

sidmeister84
New here

@Nash So CDO does support Meraki native network objects as well, but you'll need a feature flag enabled to do this on CDO (please ask support if you'd like this). 


Note: I'm a CDO developer.

taikuritaipale
Here to help

Who should i contact to request this?

 

SopheakMang
Building a reputation

Thanks for this info , expert
JohnT
Getting noticed

I found this video on YouTube that shows how the firewall objects will work.  https://youtu.be/C3UKEjIJZzU

 

Just give this to me now please.  This feature will be life changing.  I'm so tired of copying and pasting my rules into notepad.

Herbiek
Conversationalist

We are again 3 months later and still no signs when the option for adding Objects Groups will be released (while they talked about releasing it January 2020). We used this option very frequently in our ASA firewalls and like to use this in our Meraki's as well. Any clue about a release date?

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Herbiek , we tried to get a customer onto the open Beta but this was pulled last minute as they’d gone back into a closed Beta. This was about two weeks ago so from that I take it as progress is slow.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

I've now created a script based system that lets you migrate a firewall rule base to Meraki that uses objects, object groups and service groups.

https://community.meraki.com/t5/Dashboard-Administration/Meraki-Object-Groups-You-can-have-them-now/... 

DarrenOC
Kind of a big deal
Kind of a big deal

Well done @PhilipDAth . Will check it out

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
theshmike
Getting noticed

Great news for you all!

 

  • We just got into the closed beta today (less great for YOU, but good for ME)
  • Network objects will be release to public beta in about two weeks (more great for YOU 😀)

 

That's what the Meraki guys told me a few minutes ago when they onboarded us to the closed beta!

SPO_SCIBF
Conversationalist

Thanks @theshmike 

What did you say or do to get into the close beta (wink)? 

 

I've also just opened up a ticket and waiting on the product team's response.

theshmike
Getting noticed

@SPO_SCIBFthis was a long way to go, but I'll tell you 🙂

 

The short answer is: I've opened a support ticket and asked when network objects will come into public beta.

 

The full answer is: After Meraki praised the new feature at a roadshow event in November in 2019 (!) to be released soon, we've opened a support ticket in January 2020 asking when the feature will be GA. They answered that it was still in closed beta and that we have to reach out to a special mail address to get into this. I did that and never got a reply.

2 weeks ago, the issue came back on our agenda and we once again opened a support ticket asking when it will be GA. They again answered, that it is still in closed beta. Afterwards, I've got contacted by our sales rep who organized to get us into the beta. Weird thing about it is, that in the onboarding webex they told me that it will be public beta in 2 weeks. If the support just had told me that, I would have just waited the 2 more weeks...

 

So to conclude, I would suggest you to just wait the 2 more weeks until it'll be public beta.

If that is not going to happen, I would suggest to contact your sales rep!

 

 

 

 

SPO_SCIBF
Conversationalist

Thank you @theshmike.

Very much appreciated your detailed response.

Will wait for two weeks then and see how this goes. On a timer now 😀.

Ilasiaq88
Conversationalist

Yaaj! Public beta has now arrived!! 😄

 

See this guide to activate it:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide

Mloraditch
A model citizen

Hmm, it says it can apply to inbound rules but that doesn't appear to be active yet.

 

Also somewhat disappointing that services can't be grouped yet. Hopefully that's on the roadmap. 

 

That in combination with inbound rules are our biggest need.

 

 

 

 

 

 

SPO_SCIBF
Conversationalist

Aaah! Finally!

Used those to a demo network and so far so good.

Planning to use them on a production environment shortly :).

taikuritaipale
Here to help

Finally and thank you for the info!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels