Layer 3 Firewall rules in Group Policy won't accept CSV lists for IP ranges and singles

SOLVED
CharlesIsWorkin
Building a reputation

Layer 3 Firewall rules in Group Policy won't accept CSV lists for IP ranges and singles

Maybe you guys have run into this?

The main Layer 3 Firewall page will accept csv lists for Firewall rules, however in Group Policies, it won't accept csv lists?

I literally copied and pasted the csv list. I'm trying to make some allowances for VoIP stuff and Net2Phone gave me a list of allowances of IP ranges and addresses.

1 ACCEPTED SOLUTION

Hi,

 

yes,  that is the error you get when you add multiple destination subnets separated by commas. You will need to create a separate rule for each destination.

 

 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.

View solution in original post

5 REPLIES 5
ww
Kind of a big deal
Kind of a big deal

Every subnet needs a rule. I think that is because GP also can be used for wireless (and switch) so it has to comply with that rules to.(wireless also dont accept more then one subnet in a rule.)

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

Are you getting any errors when saving the config? Please note that the FW page in the group policy doesn't allow you to enter multiple destinations subnets in one rule unlike on the main FW configuration page where you can.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
CharlesIsWorkin
Building a reputation

@DensyoV @ww 

Ok so it sounds like you guys are saying the same thing. It's currently not allowed to put more than one IP or IP range into a rule in Group Policies. I do get t

 

This is the error I get from the copied and pasted IP list.

 

There were errors in saving this configuration:
  • At least one of your firewall rules is invalid. Please check them and try again.
  • Destination address must be an IP address or a subnet in CIDR form (e.g. '192.168.1.0/24'), a domain name (e.g. mail.foo.com or foo.com), or 'any'


 

Hi,

 

yes,  that is the error you get when you add multiple destination subnets separated by commas. You will need to create a separate rule for each destination.

 

 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
VinoyMohan
Getting noticed

@DensyoV But that comma seperated list works fine while configuring direcly on the Meraki dashboard.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels