Meraki

Community

MX Ingestion of external threat feed

Stealth_Network
Getting noticed
3 weeks ago
3 weeks ago

MX Ingestion of external threat feed

Hi,

 

Is there a way to configure the MX to ingest an IP address based threat feed. I know Firepower and other firewalls can do this but don't see any docs here that show how the MX's can do it. 

 

If not I will submit a feature request.

 

Thanks

0 Kudos
9 Replies 9
cmr
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

No, it uses the Cisco feeds.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
Stealth_Network
Getting noticed
3 weeks ago
3 weeks ago

Not sure what you are meaning here?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Create a layer 7 firewall rule to block access to a group.

 

Create a group and load all of the IP addresses into that.

 

PhilipDAth_0-1734030217887.png

 

 

In response to PhilipDAth
Stealth_Network
Getting noticed
3 weeks ago
3 weeks ago

I could do that but the group only allows you to add entries one at a time. I have hundreds.

 

 

0 Kudos
In response to Stealth_Network
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

In steps the API.  🙂

 

Write a script to injest your file of things to block, and update that single object group.

0 Kudos
In response to PhilipDAth
Stealth_Network
Getting noticed
3 weeks ago
3 weeks ago

Thank you I will investigate, have you tested this?

 

I spun up a webapp that housed the list and created the object, created the FW rules, but it did not work so not sure if it requires a special convention.

0 Kudos
CptnCrnch
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Using Cisco Defense Orchestrator (CDO), nowadays called Security Cloud Control, this would be useable via CSDAC (Dynamic Attributes Connector). Makes sense when you're dealing with more than "only" Meraki MX.

In response to CptnCrnch
DarrenOC
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Think I know the answer already @CptnCrnch but is that free?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
CptnCrnch
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

You're right: it's not free - but something really worth to consider when managing a fleet of ASA, FTD and Meraki devices. Not even talking about the new and even more interesting things like Multicloud Defense and Hypershield.

 

Having harmonized objects over your whole environment and something like the mentioned above is only one of the small advantages. Having AIOps in place now, I'm really excited to present this to my customers.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.