Link Search Menu Expand Document

MX L3 Outbound Firewall Block

Workflow #0019

Response Workflow

This workflow blocks the given IP address on a Cisco Meraki MX L3 outbound firewall (using the input observable as the rule’s destination). Supported observable: ip


Change Log

Date Notes
Apr 5, 2021 - Initial release
Apr 8, 2021 - Fixed an issue in one of the Python scripts that caused the rule list JSON to be double wrapped
Sep 10, 2021 - Updated to use the new system atomics

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • Meraki - Get Networks by Organization
    • Meraki - Get Organizations
    • Meraki - Network - MX - Get L3 Outbound Firewall Rules
    • Meraki - Network - MX - Update L3 Outbound Firewall Rules
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets listed at the bottom of the page
  • Cisco Meraki MX Firewall

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Get the Meraki API key from a global variable (optional)
  3. Get information about the Meraki network being modified
  4. Get the existing L3 firewall rules
  5. Add the new L3 firewall rule
  6. Update the firewall rules


  • Set the Network Name local variable to the name of your Meraki network
  • Provide the workflow your Meraki API key by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the Meraki API Key local variable; or
    • Disable the Fetch Global Variables group and add your token directly to the Meraki API Key local variable
  • If you want to change the name of this workflow in the pivot menu, change its display name


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco Meraki HTTP Endpoint Protocol: HTTPS
Path: /api