Meraki

may1990 · ‎May 15 2025

I am setting up a rest api data connector in Microsoft Sentinel for my on prem Meraki FWs (MX75, MX105). I am unable to use FQDN or Azure service tags for IP restriction and find it unfeasible to reactively update IP whitelist as Azure IPs are rolled over.

Has anyone faced this issue? What was your solution?

ShaunB93 · ‎May 16 2025

Are you referring to the Cisco Meraki Events via REST API connector available from the Sentinel Content Hub?

If so, I had to remove API IP restrictions on our Meraki Org (not ideal, I know)
Then, let the connector run for a few days and then query the ASimWebSessionLogs table to get the Sentinel IP's calling the Meraki API
Then re-enable API IP restrictions on our Meraki Org with these IP's added
The Sentinel IP's have not changed since I set this up many months ago but I guess there is a risk that they might.

alemabrahao · ‎May 16 2025

Hi,

You can deploy an Azure Function App or Logic App to a dedicated App Service Plan with VNET integration, and then route outbound traffic through an Azure NAT Gateway or Azure Firewall with a static public IP by whitelisting this static IP in your Meraki dashboard.
This configuration ensures that all API calls to Meraki originate from a fixed, known IP.

Here is a discussion that might be of interest to you.

Need Cisco Meraki firewall logs on sentinel - Microsoft Q&A

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

IP Restriction for Azure Cloud on Meraki MX75, MX105

IP Restriction for Azure Cloud on Meraki MX75, MX105