cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
852
Views
0
Helpful
0
Replies

Meraki MX simultaneous API calls for IP block issue

Vikasverma1
Level 1
Level 1

Hello All,

Hope you are doing well. 

We are trying to develop an automated response process to block IPs on Meraki based on as and when there are any security alerts. There may be more than one simultaneous calls for IP block depending on many uses we have for it .

Now, I have a question on Meraki APIs for blocking an IP on firewall. Based on whatever I have read over the internet and in API documentation, it seems everytime we try to block an IP on firewall, we need to get a complete list of rules in place and then add the rule to be blocked and post the complete (newly blocked IP + already existing rules in firewall) back. 

So, assume if we try to block IPs via two simultaneous calls, as below

Trigger 1 ---> IP block API call ---> get rules ---> add block IP ---> post all rules back to meraki fw.

(Started after trigger 1) Trigger 2 ------> IP block API call -----> get rules ( fetched rules before trigger 1 is able to add new block IP) ------> add block IP ------> post all rules back to meraki fw.

In this case, would there be any "rules loss" (IP blocked by trigger 1) because when trigger 2 fetched all rules, trigger 1 was still under process of completing the block IP flow? And since trigger 2 process (with set of fw rules before trigger 1 was able to add new blocked IP) finished after trigger 1, it may not have IP to be blocked by trigger 1 at all?

Apologies of I am not able to explain this properly but my concern is, would there be any rules that might get missed/deleted due to two simultaneous API calls to block IPs? Is there any mechanism such as locking built in meraki firewall APIs which states that two simultaneous API calls to update/block IP is not possible?

Any response on this is highly appreciated as this is becoming a bottleneck for us at the moment.

Thanks

Vikas

0 Replies 0