On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

MX L3 Outbound Firewall Block

Workflow #0019

Response Workflow

This workflow blocks the given IP address on a Cisco Meraki MX L3 outbound firewall (using the input observable as the rule’s destination). Supported observable: ip


Change Log

Date Notes
Apr 5, 2021 - Initial release
Apr 8, 2021 - Fixed an issue in one of the Python scripts that caused the rule list JSON to be double wrapped
Sep 10, 2021 - Updated to use the new system atomics
Aug 31, 2022 - Minor updates to naming and descriptions
Nov 14, 2022 - Updated to support multiple organizations and multiple networks (Issue #211)

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • Meraki - Get Networks by Organization
    • Meraki - Get Organizations
    • Meraki - Network - MX - Get L3 Outbound Firewall Rules
    • Meraki - Network - MX - Update L3 Outbound Firewall Rules
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets listed at the bottom of the page
  • Cisco Meraki MX Firewall

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Get the Meraki API key from a global variable (optional)
  3. Loop through each organization:
    • Check the organization name is in scope
    • Loop through each network:
      • Check the network name is in scope
      • Get the existing L3 firewall rules
      • Add the new L3 firewall rule
      • Update the firewall rules


  • Set the Organization Names local variable to a comma-separated list of organization names you want to apply updated rules to. If you leave this blank, all organizations will be updated. Note that these values are case sensitive
  • Set the Network Names local variable to comma-separated list of network names you want to apply updated rules to. If you leave this blank, all networks will be updated. Note that these values are case sensitive
  • Provide the workflow your Meraki API key by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the Meraki API Key local variable; or
    • Disable the Fetch Global Variables group and add your token directly to the Meraki API Key local variable
  • If you want to change the name of this workflow in the pivot menu, change its display name


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco Meraki HTTP Endpoint Protocol: HTTPS
Host: api.meraki.com
Path: /api