Meraki Community

KRobert · ‎Dec 20 2022

Hello, has anyone figured out how to design a script that allows you to update only one L3 firewall rule at a time? My understanding right now is that the API has "Get L3 Firewall Rules" and "Put Firewall Rules." The GET command grabs all of the rules that the appliance currently has for L3 Firewall Rules. When you use the PUT command, and you are changing a rule you have to include all of the rules of the firewall in your rule list.

I'd like to be able to call out L3 Firewall rule 29 and only modify that rule. The current method seems pretty prone to destroying your entire firewall rule list if you aren't careful.

Thank you,

CMNO, CCNA R+S

RaphaelL · ‎Dec 20 2022

Hi ,

You can't append / modify a single object. You have to push the entire rulebase. So you would have to code some logic to pull the rulebase , edit XYZ rule and push the new rulebase with the modified rule.

Captain_Canuk · ‎Dec 20 2022

This is pretty normal too. F5 and few other firewalls I've tried to automate are like this. Its nerve racking as it essentially deletes the rulebase and recreates it each time!

PhilipDAth · ‎Dec 21 2022

Check out the "mx_firewall_control" Python script in the Meraki github automation collection.

https://github.com/meraki/automation-scripts/tree/master/mx_firewall_control

It lets you insert, append or replace individual lines in the firewall rule base.

Meraki Community

Update Firewall Rules - One at a Time

Update Firewall Rules - One at a Time