This flask app provides the ability to provision Meraki MXs with a set of security configurations ("security templates") regardless of network or organization. This app addresses the limitation of native Meraki Templates which only exist within a single organization. 2 types of security templates are supported:
The supported security configurations are:
Templates are combined via Baseline Template + Exception Template
. The combined order of L3, L7, and Content Rules is determined following this equation (order is maintained within the templates).
When deploying a template to a network, existing security configurations will be overwritten.
Note:
In order to use the Meraki API, you need to enable the API for your organization first. After enabling API access, you can generate an API key. Follow these instructions to enable API access and generate an API key:
Organization > Settings > Dashboard API access
Enable access to the Cisco Meraki Dashboard API
My Profile > API access
Generate API key
For more information on how to generate an API key, please click here.
Note: You can add your account as Full Organization Admin to your organizations by following the instructions here.
This app provides a Docker
file for easy deployment. Docker
is the recommended deployment method. Install Docker
here.
git clone [repository name]
. To find the repository name, click the green Code
button above the repository files. Then, the dropdown menu will show the https domain name. Click the copy button to the right of the domain name to get the value to replace [repository name] placeholder..env_sample
file to .env
. Rename config_sample.py
to config.py
(located at: flask_app/config_sample.py
).env
:# Meraki Section MERAKI_API_KEY=""
False
in config.py
.False
, any existing configuration (in the dashboard) is maintained and any respective configuration included within the template files is ignored.tracked_settings = { "mx_l3_outbound_firewall": True, "mx_l7_firewall": True, "mx_content_rules": True }
pip3 install -r requirements.txt
To run the program (from the top-level directory), use the following commands to run with python directly:
$ python3 flask_app/db.py
$ python3 flask_app/app.py
or with the docker command:
$ docker-compose up -d --build
Note:
db.py
creates a sqlite database which maintains the template mappings (it must be run first!) while app.py
represents the main flask app.flask_app/logs
Once the app is running, navigate to http://127.0.0.1:5000 to be greeted with the main landing page (overview page):
To see currently assigned baseline and exception templates, select an organization and search the table.
The remaining pages and workflows are summarized below. The order in which the pages are shown shows a possible workflow when deploying your first security templates.
Download Templates
:
[network-name].json
) in flask_app/mx_configs
. Once downloaded, the security config can be used as a baseline or exception template. The template is organized into named sections (ex: mx_l3_outbound_firewall
) and respective payloads which follow the Meraki API. It's possible to modify/create the JSON files directly, but each section's name and payload must be in the proper format (based on the Meraki API call documentation). See blank_example.json
for the skeleton format.Assign Baseline
:
flask_app/mx_configs
)Assign Exception
:
flask_app/mx_configs
)Deploy Tempaltes
Optional: A cronjob can be created to periodically synchronize the networks and organizations with their assigned templates based on the sqlite database (periodic_enforcement.py
). Please consult crontab.txt
for more information.
Provided under Cisco Sample Code License, for details see LICENSE
Our code of conduct is available here
See our contributing guidelines here
Please note: This script is meant for demo purposes only. All tools/ scripts in this repo are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. Any use of these scripts and tools is at your own risk. There is no guarantee that they have been through thorough testing in a comparable environment and we are not responsible for any damage or data loss incurred with their use.
You are responsible for reviewing and testing any scripts you run thoroughly before use in any non-testing environment.
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community