Meraki

Community

Moving firewall rules to another MX - The smoothest way? - Except a SS that support suggested :D

DavidR
Here to help
yesterday
yesterday

Moving firewall rules to another MX - The smoothest way? - Except a SS that support suggested :D

So except a screen shot - easiest way to move an MX?
Well I actually have two MX so I can set up the other first and then copy all settings?
No export?

Labels:
0 Kudos
11 Replies 11
rhbirkelund
Kind of a big deal
Kind of a big deal
yesterday
yesterday

No Export per se. You would use the API to get the rules, and post them to the other MX.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
DarrenOC
Kind of a big deal
Kind of a big deal
yesterday
yesterday

This is the way.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
rhbirkelund
Kind of a big deal
Kind of a big deal
yesterday
yesterday

If you use Objects and Object Groups, it'll be a bit more complex, as you'll have to keep track of the IDs, assuming you'll be moving rules between organizations. It it's between networks within the same organization, it shouldn't be much difficult, other than you'll need to keep track of the source networks. If I remember correctly, the source ip network, needs to exist in the Meraki Network for it to work.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Clone the network

In response to RaphaelL
DavidR
Here to help
yesterday
yesterday

OK Hmm

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Can you clarify exactly what you are doing?  Is this an in-place upgrade, or something else?

0 Kudos
In response to PhilipDAth
DavidR
Here to help
yesterday
yesterday

I am moving an MX67 to another organisation (and network) but want to keep all the firewall settings.

0 Kudos
In response to DavidR
cmr
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Is it a new Organisation, or does the organisation already have Meraki networks configured?

 

If it is then split the current combined network into constituent parts, re-combine the non-MX networks if you want to and then ask support to move the MX network to a new org with the license.  I'm pretty certain they will do that.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
cmr
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Here is a link to the documentation, MXs aren't on the not allowed list:

Organization Split Overview and FAQ - Cisco Meraki Documentation

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to DavidR
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

In the Meraki GitHub, there is a script for exporting and importing firewall rules between Organisations.

https://github.com/meraki/automation-scripts/tree/master/mx_firewall_control

 

0 Kudos
In response to DavidR
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

There is also a network migration script that could be worth a look.

https://github.com/meraki/automation-scripts/blob/master/migrate_networks/migrate_networks.py

 

All the network automation scripts are here:

https://github.com/meraki/automation-scripts/

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.