About Objects Used with Meraki Devices
The Meraki dashboard does not support the concept of objects; instead, Meraki utilizes groups of IP addresses, protocols, or port ranges in source and destination fields in outbound access control rules. Once onboarded, CDO translates IP address into network objects, and application layer protocol values into either service objects or protocol objects.
Since Meraki does not support objects, a single rule in CDO can translate into multiple rules in the dashboard. For example, if you add an ASA protocol group that includes both TCP and UDP protocols to a single access control rule in CDO, CDO translates the one CDO rule into multiple rules in the dashboard: one rule containing a TCP protocol and one rule containing a UDP protocol.
Note that the Meraki dashboard and CDO both support CIDR subnet notation. For more information on layer 3 switch interfaces and MX device layout, see the Meraki Knowledge Base.
Which Objects Can You Use With a Meraki Device in CDO?
There are no objects in Cisco Defense Orchestrator (CDO) that are exclusive to MX devices. Instead, you can create or share FTD and ASA objects and associate these objects in rules that are deployed to the device. Because Meraki is not fully compatible with FTD and ASA objects, there may be a few limitations that affect how the MX device uses objects.
Note that if you associate an ASA or FTD object with a MX device, that object becomes shared. Any changes to that object will affect all the devices it is shared with and the devices' configuration status will appear as Not Synced. See Shared Objects for more information. For additional object states that could affect your objects, see the Related Articles section listed at the bottom of this page.
Meraki does not support objects containing IPv6 addresses or FQDNs.
|Object in CDO||Compatible with Meraki|
|Protocol Objects||TCP, UDP, ICMP|
|ASA Service Groups||no|
|FTD Service Groups||no|
What Do Meraki Rules Look Like in CDO
You can view the objects from the device's policy page, or you can filter the objects page based on device. From the policy page you can view, edit, and reorder the access control rules. Because CDO translates the outbound rules from the Meraki dashboard into access control rules with objects, rules and protocols from the Meraki dashboard may look different. The following table addresses the new names for protocols once the device is onboarded to CDO:
|Rule or Protocol Header in the Meraki dashboard||Rule or Object Header in CDO|
|Source IP||Network Object or Network Group|
|Destination IP||Network Object or Network Group|
|Source Port||Network Object or Network Group|
|Destination Port||Network Object or Network Group|
|Layer 3 Application Protocol||Ports (Protocol Groups, Port Groups, or Service Objects)|
The following is an example of what the outbound rules from the Meraki dashboard look in CDO: