Group Policy on multiple MX device

AlessioBufalini
New here

Group Policy on multiple MX device

Goodmorning,

I have multiple network, in each network is presente a MX Firewall,

I would set same firewall policy in every MX, It's possible set a template and then associate it to every network?

I would block Internet access, only VPN traffic must be available,

 

 

Regards

 

 

Alessio

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Yes you can do that.  Note that the configuration will be made the same in every network, with only the IP addresses allowed to vary.

https://documentation.meraki.com/General_Administration/Templates_and_Config_Sync/Managing_Multiple_...

 

If you bind an existing network to a template the existing configuraiton will be over written.  You'll need to restore the LAN IP addressing.

GreenMan
Meraki Employee
Meraki Employee

Just to add to Philip's excellent reply...   As this would be Templates for MX specifically, I'd definitely recommend also reading this document thoroughly:   https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Also;   don't miss the fact that firmware is also managed within Templates.   This makes sense when you remember that the idea behind Templates is to make all sites bound to a Template work just the same, sa much as possible;   we all know that, even with the same config, using different firmware across sites can result in fairly big differences in behaviour.

thaack
Getting noticed

Just a heads up - if you are using SecureConnect (fka. AnyConnect) it won't work with configuration templates, only Client VPN. Personally, if you only have a handful of sites, I wouldn't bother with configuration templates especially for such a simple FW configuration.

GreenMan
Meraki Employee
Meraki Employee

Partially to thaak's point...   if scripting with something like Python is up your street, then using the Meraki Dashboard API allows more flexibility than Templates, but still allows you to perform config change at scale.   Of course the API allows a whole host of other things around monitoring and integrations etc. too - but requires some skills to make use of.   Worth noting though;   there is a halfway house - lots of ecosystem partner companies who develop software customised for a host of use cases, making use of the API in the background.

https://developer.cisco.com/meraki/

Get notified when there are additional replies to this discussion.