There is now a beta you can request to go onto via support that enables firewall objects for use in ACLs. Objects can contain groups of other objects.
For some people this will make their firewall rules much simpler.
Wow, I didn't realise that could you not do that before! We do only use MXs for SD-WAN or public internet access so never needed it, but for a corporate firewall that will make a big difference 🙂
Hah! I was wondering if this was coming along. In Cisco Defense Orchestrator, you can use objects with Meraki L3 firewall, but there I think it's just an overlay.
@PhilipDAth Does one have to be on 15.x or is it available on 14.x? Do you know? Thank you.
I opened a ticket with support and they said that I needed to reach out to my Meraki representative instead. I reached out to her and she said that she doesn't have this kind of access and will need to ask around. It sounds like they are not quite sure how to turn it on yet. I'm pretty excited for this feature. I watched the Q&A section and they said that the feature is in the dashboard and that there isn't a firmware requirement on the MX.
Firewall Objects is not yet Public Beta. It currently an internal Beta. We are currently putting finishing touches to the feature and working on documentation before roll out. The feature will be public beta before or latest January 2020.
@Nash So CDO does support Meraki native network objects as well, but you'll need a feature flag enabled to do this on CDO (please ask support if you'd like this).
Note: I'm a CDO developer.
I found this video on YouTube that shows how the firewall objects will work. https://youtu.be/C3UKEjIJZzU
Just give this to me now please. This feature will be life changing. I'm so tired of copying and pasting my rules into notepad.
We are again 3 months later and still no signs when the option for adding Objects Groups will be released (while they talked about releasing it January 2020). We used this option very frequently in our ASA firewalls and like to use this in our Meraki's as well. Any clue about a release date?
Hi @Herbiek , we tried to get a customer onto the open Beta but this was pulled last minute as they’d gone back into a closed Beta. This was about two weeks ago so from that I take it as progress is slow.
I've now created a script based system that lets you migrate a firewall rule base to Meraki that uses objects, object groups and service groups.
Well done @PhilipDAth . Will check it out
Great news for you all!
That's what the Meraki guys told me a few minutes ago when they onboarded us to the closed beta!
What did you say or do to get into the close beta (wink)?
I've also just opened up a ticket and waiting on the product team's response.
@SPO_SCIBFthis was a long way to go, but I'll tell you 🙂
The short answer is: I've opened a support ticket and asked when network objects will come into public beta.
The full answer is: After Meraki praised the new feature at a roadshow event in November in 2019 (!) to be released soon, we've opened a support ticket in January 2020 asking when the feature will be GA. They answered that it was still in closed beta and that we have to reach out to a special mail address to get into this. I did that and never got a reply.
2 weeks ago, the issue came back on our agenda and we once again opened a support ticket asking when it will be GA. They again answered, that it is still in closed beta. Afterwards, I've got contacted by our sales rep who organized to get us into the beta. Weird thing about it is, that in the onboarding webex they told me that it will be public beta in 2 weeks. If the support just had told me that, I would have just waited the 2 more weeks...
So to conclude, I would suggest you to just wait the 2 more weeks until it'll be public beta.
If that is not going to happen, I would suggest to contact your sales rep!
Thank you @theshmike.
Very much appreciated your detailed response.
Will wait for two weeks then and see how this goes. On a timer now 😀.
Yaaj! Public beta has now arrived!! 😄
See this guide to activate it:
Hmm, it says it can apply to inbound rules but that doesn't appear to be active yet.
Also somewhat disappointing that services can't be grouped yet. Hopefully that's on the roadmap.
That in combination with inbound rules are our biggest need.
Used those to a demo network and so far so good.
Planning to use them on a production environment shortly :).