massive changes in MX

SOLVED
Jos_HS
Here to help

massive changes in MX

Hi,

 

I'm an administrator of a medium/big network in meraki, I have around 500 devices MX series and I want to know the easiest way to make changes to web filtering in a group policy that all devices have in common without having to enter one by one to make the change since it takes a long time, is there any way to do it massively? The templates do not work for me because each device has a different network address, they are /24, I was reviewing the APIs but I cannot find a way to modify a group policy. Thanks for the help you can give me, regards!

1 ACCEPTED SOLUTION
Jos_HS
Here to help

Thank you very much to all for the information and the tips sent, analyzing in depth I chose to place in the option of Block/white URL's of the policy: APPEND. With this when the client requests a massive change I use an API that adds the URL (block / white) in the general content filtering and with this applies to the group policy that has been created in each Meraki. Of course in this time I have to enter one by one on each device to add the config however for the future it will no longer be necessary.

View solution in original post

7 REPLIES 7
NolanHerring
Kind of a big deal

I am not aware of any ability (currently) do create/update group policies for an existing network.

There are API calls to update clients and what group policy they reside in, but as for the actual policy itself, I believe you'll need to create them manually.

I'm not very familiar with the whole template side of Meraki. I tend to stay away from it as it confuses me and also scares me when I'm sleeping (jk lol).
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Would this template feature solve your "each network has its own network address" problem?

 

MX/Z1 - Firewall Rules and DHCP Reservations for Templates

You have additional source and destination options when configuring layer 3 firewall rules for a configuration template.  Because the subnet for a given VLAN may be different in each template child network, VLAN objects allow you to create firewall rules using the VLAN names as source and destination network objects, rather than actual IPs or CIDR subnets. These VLAN objects are automatically translated by each child network into the local subnet associated with that VLAN.

If you wish to use only a certain IP within a VLAN in a firewall rule, you can add a host bit.  For instance, let us imagine that you have a firewall rule containing the source Data.50 representing the Data VLAN, host bit 50.  If a child network has subnet 192.168.100.0/24 for the Data VLAN, this source will be interpreted in this network as 192.168.100.50.

Mousing over the VLAN dropdown when entering a Source or Destination will display a hover list of available VLANs and their addressing.

DHCP reservations can be configured in much the same way.  The VLAN name for each DHCP scope will be autopopulated, and only the host bits of the reserved range needs to be set.

 

 

Source:

https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple...

I'm going to create a demo to carry out tests, so it's simpler and I do not have the pressure to leave something offline

Templated networks can have unique /24's per site - and it sounds like you should be using templates.

https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple...

Then if you change the template every site will get updated automatically.

 

It will be a big effort to change over.  You'll want to create a template by copying an existing network first (to get most of the settings).  Set the template to use unique addressing.  Then you can bind one network at a time to the template.  note that when you bind a network to a template it will loose the existing subnet assigned - so you will need to go into the bound network afterwards and configure the subnet you want to use again.

 

Using a template will make sure all of your sites are configured identically.


I'm going to create a demo to carry out tests, so it's simpler and I do not have the pressure to leave something offline

yes it's a little tedious to go one by one
Jos_HS
Here to help

Thank you very much to all for the information and the tips sent, analyzing in depth I chose to place in the option of Block/white URL's of the policy: APPEND. With this when the client requests a massive change I use an API that adds the URL (block / white) in the general content filtering and with this applies to the group policy that has been created in each Meraki. Of course in this time I have to enter one by one on each device to add the config however for the future it will no longer be necessary.

Get notified when there are additional replies to this discussion.