Code ExchangeSearchRepository

GVE_DevNet_Meraki_MX_Firewall_Provisioner

prototype code to provision L3 and L7 firewall rules to selected Meraki networks

Contacts

  • Jorge Banegas

Solution Components

  • Meraki
  • MX

Installation/Configuration

This is as a template, project owner to update

  1. First step will be to include your personal api key inside the config.py file for the script to use
    api_key=""
  1. Next will be to edit the l3 and l7 json files that will help provision the firewall rules.

Make sure to visit https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-l-3-firewall-rules and https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-l-7-firewall-rules for reference

    
[
    {
        "comment": "test",
        "policy": "allow",
        "protocol": "tcp",
        "destPort": "443",
        "destCidr": "192.168.1.0/24",
        "srcPort": "Any",
        "srcCidr": "Any",
        "syslogEnabled": "false"
    }
]
  1. create virtual environment and name it env, then activate it
foo@bar:~$ virtualenv env
foo@bar:~$ source env/bin/activate
  1. install the dependencies required for the python script
foo@bar(env):~$ pip install -r requirements.txt
  1. run python script
foo@bar(env):~$ python main.py

Notes

  • If a firewall rule depends on specific LAN configurations, the script will error out. Make sure within these firewall rules, that given subnets have already been declared.

/IMAGES/step1.png

Screenshots

MX configuration before launching the script

/IMAGES/before_script.png

Firewall L3 and L7 rules declared in the json files

/IMAGES/layer7_rules.png

/IMAGES/layer3_rules.png

1st step

/IMAGES/step1.png

2nd step

/IMAGES/step2.png

MX configuration after launching the script

/IMAGES/before_script.png

/IMAGES/0image.png

LICENSE

Provided under Cisco Sample Code License, for details see LICENSE

CODE_OF_CONDUCT

Our code of conduct is available here

CONTRIBUTING

See our contributing guidelines here

DISCLAIMER:

Please note: This script is meant for demo purposes only. All tools/ scripts in this repo are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. Any use of these scripts and tools is at your own risk. There is no guarantee that they have been through thorough testing in a comparable environment and we are not responsible for any damage or data loss incurred with their use.
You are responsible for reviewing and testing any scripts you run thoroughly before use in any non-testing environment.

View code on GitHub

  • Owner

    ggve-sw

  • Contributors

    +1Github contributor

  • Categories

  • Products

    Meraki

  • Programming Languages

    Python

  • License

    Other
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.