Link Search Menu Expand Document

MX L3 Outbound Firewall Block

Workflow #0019

Response Workflow

This workflow should be triggered from a SecureX pivot menu and supports IP address observables. When triggered, this workflow blocks the given IP address on a Meraki MX L3 outbound firewall (using the input observable as the rule’s destination).

GitHub


Change Log

Date Notes
Apr 5, 2021 - Initial release
Apr 8, 2021 - Fixed an issue in one of the Python scripts that caused the rule list JSON to be double wrapped

See the Important Notes page for more information about updating workflows


Requirements


Workflow Steps

  1. Make sure the observable type provided is supported
  2. Get the Meraki API key from a global variable (optional)
  3. Get information about the Meraki network being modified
  4. Get the existing L3 firewall rules
  5. Add the new L3 firewall rule
  6. Update the firewall rules

Configuration

  • Set the Network Name local variable to the name of your Meraki network
  • Provide the workflow your Meraki API key by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the Meraki API Key local variable; or
    • Disable the Fetch Global Variables group and add your token directly to the Meraki API Key local variable
  • If you want to change the name of this workflow in the pivot menu, change its display name

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco Meraki HTTP Endpoint Protocol: HTTPS
Host: api.meraki.com
Path: /api
None