Is the change log for firewall rules useless?

zeestrat-nina
Here to help

Is the change log for firewall rules useless?

Hi folks!

We just got started with Meraki and had to check the change log for L3 outbound firewall rule changes today.
To our suprise, the log entries contained the old and new value of the first 4096 characters of the complete ruleset making it extremely difficult to see any changes and impossible when the rule is further down the ruleset.
The CSV export linked on the page just shows the same dataset.
I found a post on the Meraki subreddit that observed the same issue so it's not just our deployment.

Has this feature always been broken and useless?
How are others tracking changes?
Any plans on the roadmap to fix this?

4 REPLIES 4
ww
Kind of a big deal
Kind of a big deal

I guess so. Did you log a support case ?

 

Would use the api to backup the rulebase, then push the new one


@ww wrote:

I guess so. Did you log a support case ?

 

Would use the api to backup the rulebase, then push the new one

Yes. I created a case where they acknowledged that it is broken and gave the regular make-a-wish-foundation spiel:

I understand and share your frustration as we see the same first 4096 characters of the entire outbound firewall ruleset. The length of any field in the change log is capped at 4096 characters. I would suggest using the Meraki dashboard to "make a wish" and submit a feature request. You can submit a feature request at the bottom of any dashboard page. Any wish that is made, sends an email to our Product Managers and Development Teams. These wishes are considered and used to help shape our product roadmaps. The most wished-for items are incorporated into product development.

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @zeestrat-nina , whilst it should be a great feature it is pretty useless.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
rc008
Conversationalist

yes it is entirely useless. it is limited in the number of characters and the only way to get the full list is through API. We are using policy objects and the APi results show object IDs and not the names so it’s even more cryptic. 

 

i reached out to our rep about this and from what i understand meraki does not intend to fix this or improve on it. there’s a 3rd party tool on their marketplace and they suggest looking into that. it’s probably a python script that can do a diff check. 

 

if you want to use the API to backup and update the rules then you’ll need to push the whole list. the API will not update the new row, it’ll replace the whole firewall rules. On python I worked out a script to do diff check and saved my firewall rules on our git server 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels