The purpose of this project is to showcase how you can use GitLab CI to ensure your Meraki Template Firewall rules are always compliant with your baseline template. It will be particuarly useful for organizations who use multiple MX Hub concentrators with different templates. This saves network administrators the headache of configuration drift and an inconsistent security policy as it will run on schedule and update.
After completion of the below, you should have a scheduled pipeline which will run every hour to update your destined templates from your source template, ensuring your firewall rules are always compliant with the source template.
1. Installed and working GitLab instance (Either Self Hosted/SaaS)
2. CI Runner setup with Python 3.8+ installed and appropriate tags and connected to GitLab
3. Meraki Organization with Read/Write access.
4. Meraki Templates configured within Organization
5. Linux workstation with Git installed.
1. Login to your GitLab instance and create a new blank project.
2. Clone the repository to your local workstation and open the folder into which the repository was cloned.
git clone https://github.com/VMB-Devnet/meraki-l3-fw-rules-compliance.git
cd meraki-l3-fw-rules-compliance
3. Add new git remote, pointing to your new blank project. You can find the project URL from the following:
git remote remove origin
git remote add origin <gitlab-project-url>
4. Push to new blank project repository. You will be prompted to authenticate.
git push origin main
5. Confirm that the files have been pushed to the repository. It should look like the following:
6. Login to Meraki Dashboard and create an API Key.
7. Copy the names of the baseline FW Template & Templates you wish to become compliant. These can be found under Organization > Configure > Configuration Templates
8. Setup GitLab CI Variables:
VARIABLE | DESCRIPTION |
---|---|
MERAKI_ORG_NAME | Meraki Organization Name you have configured within the Dashboard |
MERAKI_API_KEY | Meraki API Key generated earlier in step 6 |
COMPLIANT_TEMPLATE | Name of the baseline template to configure from. This will become your source configuration template. |
TEMPLATE_TO_CONFIGURE | Comma separated string of templates to configure |
9. Update the .gitlab-ci file with your runners tag:
10. Setup CI/CD Schedule to run on hourly rate.
11. Test the schedule pipeline
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community