Solved: correct endpoint for firewall rules?

Adrian41 · ‎01-30-2023

Hi,

New to API's and coding in general.

I am trying to write a script that adds a new firewall rule to a network (I'm using a test site atm).

However I am getting a 404 error which I assume means my URL is wrong?

I got this from the Meraki reference guide but I'm not sure its correct.

/networks/{network_id}/appliance/firewall/l3firewallRules

Also - I read somewhere that adding a new rule would overwrite all the existing rules! Is that true and if so is there a way to add a rule so that it doesn't effect any existing rules?

Thanks!

import requests
import security
import json


api_key = security.MERAKI_API_KEY
organizationId = security.ORG_ID
network_id = "xxxxxxxxx"

rule = {
    'name': 'Test Rule',
    'policy': 'deny',
    'protocol': 'any',
    'srcPort': 'any',
    'srcCidr': '1.1.1.1/24',
    'dstPort': 'any',
    'dstCidr': '0.0.0.0/0',
}


url = f"https://api.meraki.com/api/v1/networks/{network_id}/appliance/firewall/l3firewallRules"


headers = {
    'X-Cisco-Meraki-API-Key': api_key,
    'Content-Type': 'application/json'
}


response = requests.post(url, headers=headers, data=json.dumps(rule), verify=False)

print(response.status_code)

Raphael_L · ‎01-30-2023

HTTP400 is sent because the dashboard doesn't like your request. Doesn't mean you are missing a parameter.

Using the Meraki SDK would be easier to troubleshoot.

The issue is within the payload.

data=json.dumps(rule)

View solution in original post

aleabrahao · ‎01-30-2023

Here is the correct URL:

https://developer.cisco.com/meraki/api/#!update-network-l-3-firewall-rules

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian41 · ‎01-30-2023

Hi,

Thanks for the reply, but Im still getting a 404 error 😞

am I getting the url wrong or can something else cause this issue?

url = f"https://api.meraki.com/api/v1/networks/{network_id}/l3FirewallRules"

response = requests.post(url, headers=headers, data=json.dumps(rule), verify=False)

aleabrahao · ‎01-30-2023

404 - Not Found The requested resource doesn't exist or incorrect API key

You can test It on the Meraki developer Hub before.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Raphael_L · ‎01-30-2023

I would troubleshoot this issue with these steps :

1- Create a dummy rule from the dashboard

2- GET the rule via the API

3- PUT the exact same response received from step #2.

You have to be Org admin / Net admin to do that.

Adrian41 · ‎01-30-2023

huh - if I try to use the PUT operation from the dashboard - its gets a 404 there too

aleabrahao · ‎01-30-2023

Have you enabled API access?

https://documentation.meraki.com/General_Administration/Other_Topics/Cisco_Meraki_Dashboard_API#:~:text=test%20API%20calls.-,Enable%20API%20Access,to%20generate%20an%20API%20key.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian41 · ‎01-30-2023

Yes, as mentioned, moments before i tried the PUT I did a successful GET

Adrian41 · ‎01-30-2023

I think your link may be the out of date version 0

Version 1

https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-l-3-firewall-rules

aleabrahao · ‎01-30-2023

Use this one:

https://developer.cisco.com/meraki/api-latest/

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian41 · ‎01-30-2023

If I run the exact same script as a GET - it works ok. I can also run the get from the dashboard.

I noticed I was using POST rather than PUT so made that change but if I do that I get a 400 error instead 😞

url = f"https://api.meraki.com/api/v1/networks/{network_id}/appliance/firewall/l3FirewallRules"

response = requests.put(url, headers=headers, data=json.dumps(rule), verify=False)

aleabrahao · ‎01-30-2023

400 - Bad Request The request was unacceptable, often due to missing a required parameter.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian41 · ‎01-30-2023

shouldn't the dashboard tell me if there are any required parameters?

Raphael_L · ‎01-30-2023

HTTP400 is sent because the dashboard doesn't like your request. Doesn't mean you are missing a parameter.

Using the Meraki SDK would be easier to troubleshoot.

The issue is within the payload.

data=json.dumps(rule)

Raphael_L · ‎01-30-2023

Not pretty , but should work.

import os
import json
import requests
import codecs

base_url_v1 = 'https://api.meraki.com/api/v1'
NetworkID = XXXXXXXXXXX
headers = {
	'x-cisco-meraki-api-key': format(str(apikey)),
	'Content-Type': 'application/json'
}
def __returnhandler(statuscode, returntext):
    if str(statuscode) == '200':
        return returntext
    else:
        print('HTTP Status Code: {0}\n'.format(statuscode))
def getL3FirewallRules():
    geturl = '{0}/networks/{1}/appliance/firewall/l3FirewallRules'.format(str(base_url_v1), str(NetworkID))
    dashboard = requests.get(geturl, headers=headers,verify=False)
    result = __returnhandler(dashboard.status_code, dashboard.text)
    return result 

L3FWRules = getL3FirewallRules()

payload = L3FWRules
url = 'https://api.meraki.com/api/v1/networks/{0}/appliance/firewall/l3FirewallRules'.format(NetworkID)
response = requests.request('PUT', url, headers=headers, data = payload,verify=False)
print(response.text.encode('utf8'))