search

meraki / dashboard-api-python

Official Dashboard API library (SDK) for Python
MIT License
293 stars 154 forks source link

Firewall Rules Return 404 For Some Networks #132

Closed Carmezim closed 3 years ago

Carmezim commented 3 years ago

Hey guys, so it happens occasionally when I've got an MR network, no MX devices, and I am able to perform a GET to L3 Firewall rules and get it successfully. Other times occasionally a similar MR network returns 404s for GET L3 Firewall rules.

Any clue what could be happening or if I might be missing something config wise even?

Thank you

TKIPisalegacycipher commented 3 years ago

Hi Adriano,

Could you provide an example GET URL for this?

On Thu, Dec 17, 2020 at 1:52 PM Adriano Carmezim notifications@github.com wrote:

Hey guys, so it happens occasionally when I've got an MR network, no MX devices, and I am able to perform a GET to L3 Firewall rules and get it successfully. Other times occasionally a similar MR network returns 404s for GET L3 Firewall rules.

Any clue what could be happening or if I might be missing something config wise even?

Thank you

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/meraki/dashboard-api-python/issues/132, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5EUKRG5MV7VSRRP6577PTSVJ4TBANCNFSM4VAJTVDQ .

Carmezim commented 3 years ago

Hey @TKIPisalegacycipher thanks for your prompt reply.

Sure:

GET https://n320.meraki.com/api/v1/networks/N_743093938516131883/appliance/firewall/l3FirewallRules
TKIPisalegacycipher commented 3 years ago

The appliance scoped endpoints are intended for use with MX appliances so if the networks in question don't contain any MX appliances then I'm not sure why they would be relevant to your MR appliances.

Wireless networks have SSID scoped layer 3 firewall rules and associated endpoints. Are you intending to do wireless layer three rules or appliance layer three rules?

On Thu, Dec 17, 2020, 2:30 PM Adriano Carmezim notifications@github.com wrote:

Hey @TKIPisalegacycipher https://github.com/TKIPisalegacycipher thanks for your prompt reply.

Sure:

GET https://n320.meraki.com/api/v1/networks/N_743093938516131883/appliance/firewall/l3FirewallRules

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/meraki/dashboard-api-python/issues/132#issuecomment-747740742, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5EUKUCAJ2243HLCNPFYLDSVKBBHANCNFSM4VAJTVDQ .

Carmezim commented 3 years ago

Thanks again for your reply @TKIPisalegacycipher.

You're correct. It's interesting though that some networks as I've mentioned only with MRs still return the L3 Firewall Rules or just don't return a 404 when requested.

So it would be unintentional the L3 endpoints return for non MXs?

For example, this below returns successfully:

https://n320.meraki.com/api/v1/networks/L_743093938516135770/appliance/firewall/l3FirewallRules
TKIPisalegacycipher commented 3 years ago

The difference is between a combined network (which starts with L) and a device-specific network (which starts with N).

I bet this is why you're seeing the difference. It sounds like intended behavior since combined networks are intended to work for all product types.

On Thu, Dec 17, 2020 at 2:45 PM Adriano Carmezim notifications@github.com wrote:

Thanks again for your reply @TKIPisalegacycipher https://github.com/TKIPisalegacycipher.

You're correct. It's interesting though that some networks as I've mentioned only with MRs still return the L3 Firewall Rules or just don't return a 404 when requested.

So it would be unintentional the L3 endpoints return for non MXs?

For example, this below returns successfully:

https://n320.meraki.com/api/v1/networks/L_743093938516135770/appliance/firewall/l3FirewallRules

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/meraki/dashboard-api-python/issues/132#issuecomment-747746746, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5EUKTCMIV4PIGBQPIDYXTSVKCZBANCNFSM4VAJTVDQ .

Carmezim commented 3 years ago

Ah okay I see, that's good to know. Thanks for that info.

I was wondering then for a network to be combined we don't need necessarily to have an MX in it then, it's based on product types set in the network's config?

TKIPisalegacycipher commented 3 years ago

Right, the network type simply determines what types of devices it can contain.

On Thu, Dec 17, 2020, 3:14 PM Adriano Carmezim notifications@github.com wrote:

Ah okay I see, that's good to know. Thanks for that info.

I was wondering then for a network to be combined we don't need necessarily to have an MX in it then, it's based on product types set in the network's config?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/meraki/dashboard-api-python/issues/132#issuecomment-747763830, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5EUKU6F7QAOPVVAIYW4VDSVKGGFANCNFSM4VAJTVDQ .

Carmezim commented 3 years ago

Thank you so much for all the clarifications @TKIPisalegacycipher. That was really helpful.

Have a great day :)