by Robinson Roca
Practice Leader – Network Infrastructure
Cisco Meraki is changing its API backend infrastructure to provide greater scalability. Customers that directly utilize Meraki’s API backend to make Meraki infrastructure configuration changes or to pull API based information will only be affected. This change is NOT going to affect customers accessing the standard Meraki dashboard to manage their infrastructure. This API backend infrastructure will no longer be tied to fixed static IPs. Access-lists tied to specific IPs will need to be adjustments by November 20, 2020 or internal API scripts configured to “post” or “Get” Meraki API data will stop working. In today’s very ,“As a Service” society, making use of load balanced hostname infrastructure provides scalability and resiliency. Depending on the firewall’s Access Policy design, Access-Lists tied to the FQDN “api.meraki.com” to permit access.
As a helpful note, the ASA post 8.3 supports FQDN objects in ACLs, and maintains a list of IPs in Cache. Same for Firepower threat Defense FTD post-6.3, it supports FQDNs in objects may need to be adjusted, If using Fortinet Fortigate Firewalls FQDN based ACLs in policy are supported in 6.2.2 and higher. Palo Alto supports FQDN access-lists in PAN-OS 7.1 and Higher. Checkpoint supports FQDN Objects in Policy in version R80.10 is FQDN mode.
Helient strongly recommends that thorough testing be performed prior to rolling out any change to production systems. If you or your firm require any technical assistance, contact Helient’s experts via email@example.com.