An Overview of Meraki’s New Firewall Object Group Security Feature

January 30, 2020

As devices in the workplace continue to multiply, managing network traffic is becoming an increasingly complex job.

In particular, access control lists pose a challenge to modern IT departments. Used to manage traffic and permissions for access to applications, web services or data, this manual and time-consuming process slows down networks and raises cybersecurity risk.

With the introduction of firewall object groups, however, Cisco Meraki has created an elegant method of managing a multitude of devices and applications, making networking safer in the long run.

How Firewall Object Groups Work

Cisco Meraki’s latest feature simplifies the process of creating firewall access rules on its MX line of enterprise security appliances. The process works by mapping one or many network object groups together, upon which permission rules can be applied.

For example, a hotel might create a group of guest printers and a group of employee-use printers based on their IP addresses, and assign different permissions and restrictions to each group. With the right provisions, this could secure both groups of printers, while preventing sensitive guest information from being printed on public printers and restricting guests from using the printers behind the counter.

Without an object group, a permission list entry would need to be written for each printer via its IP address, one at a time. Such access rule lists are notorious for being long and hugely complex. Single object groups can replace hundreds of lines of access control.

On top of these greater simplicity considerations, object groups are a boon to security and network performance as well.

Since organizations frequently add new technologies, devices and applications, firewall rules require near-constant maintenance. IT departments often lack sufficient resources to dedicate to this continuous and time-consuming task, which often leads to outdated or overly permissive rule sets. This both slows down network performance and leaves holes in a company’s cybersecurity, increasing exposure to cyberattacks.

Firewall object groups greatly simplify and automate firewall management, creating a more manageable and accurate process that reduces the risk of this security practice may becoming a security liability.