Meraki

Boston · ‎Jul 23 2025

Hello,

We frequently need to allow WAN access strictly to things like Microsoft 365/Azure and Windows update and block all other WAN access. There is no real native way to do this short of manually importing all of Microsoft's IPs which change frequently.

Can I request something similar to Palo Alto's External Dynamic lists to allow/deny traffic around? EDL Hosting Service

RWelch · ‎Jul 23 2025

Nothing wrong with posting it here but you might consider Give your feedback (previously Make a Wish) from the dashboard since it is what you would like changed with the product and how that would help you (if you haven't done so already - perhaps you already have?).

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

PhilipDAth · ‎Jul 23 2025

I'm not 100% sure exactly what you are requesting, but if you are using SD-WAN and want to break out specific applications like Office 365, then you need an SD-WAN Plus licence.

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

RaphaelL · ‎Jul 23 2025

No not related.

What we want is a way to allow/deny services without creating objects with 31726 IPs.

Instead what great firewalls do , is that they use EDL. Which is a dynamic list managed by the manufacturer.

Eg : https://saasedl.paloaltonetworks.com/feeds/m365/worldwide/any/all/ipv4

It takes 10 minutes to implement with Meraki's API but it's not native.

Boston · ‎Jul 23 2025

This!

Boston · ‎Jul 23 2025

side note, how can i implement it with Meraki's API?

RaphaelL · ‎Jul 23 2025

Pretty easy.

1- GET Policy objects

2- GET EDL : https://saasedl.paloaltonetworks.com/feeds/m365/worldwide/any/all/ipv4

3 - PUT Policy objects with content from step 2

4- Profit

Voila.

Meraki

Community

cFeature Request External Dynamic list

cFeature Request External Dynamic list