Organization Policy Objects and Groups Configuration
Dashboard Location: Organization > Configure > Policy Objects
Centralized Network Policy Object Management and Security Group Configuration
Section titled “Centralized Network Policy Object Management and Security Group Configuration”Organization policy objects and groups configuration in Meraki provides administrators with comprehensive network object definition capabilities, enabling centralized security policy management, reusable network definitions, scalable firewall rule creation, and consistent security enforcement across multiple networks. This functionality supports network segmentation strategies, security policy standardization, firewall rule optimization, access control consistency, and centralized object management while providing efficient policy deployment and maintenance capabilities. Policy objects are essential for enterprise security architectures, consistent rule enforcement, scalable policy management, compliance standardization, and maintaining organized security infrastructure while supporting complex network environments and multi-site deployments.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”organizations (meraki.domains)
Section titled “organizations (meraki.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_objects | List | [policy_objects] | No | |
| policy_objects_groups | List | [policy_objects_groups] | No |
policy_objects (meraki.domains.organizations)
Section titled “policy_objects (meraki.domains.organizations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| category | Choice | adaptivePolicy, network | No | |
| type | Choice | adaptivePolicyIpv4Cidr, cidr, fqdn, ipAndMask | No | |
| cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
| fqdn | String | min: 1, max: 1024 | No | |
| mask | String | Regex: ^(255|254|252|248|240|224|192|128|0+)(\.0|\.128|\.192|\.224|\.240|\.248|\.252|\.254|\.255){0,3}$ | No | |
| ip | IP | No | ||
| group_names | List | String[min: 1, max: 127] | No |
policy_objects_groups (meraki.domains.organizations)
Section titled “policy_objects_groups (meraki.domains.organizations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| category | Choice | NetworkObjectGroup, GeoLocationGroup, PortObjectGroup, ApplicationGroup | No | |
| object_names | List | String[min: 1, max: 127] | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates policy object configuration.
This configuration creates reusable network policy objects for centralized security and access control management. The example includes IP address groups, port groups, and application objects for streamlined policy administration across multiple networks.
There are two policy objects defined: test cidr, a CIDR type under the network category representing the network 10.0.0.0/24, and test fqdn, an FQDN type also under the network category representing the domain www.cisco.com. Additionally, there are two policy object groups named test cidr and test fqdn, both categorized as NetworkObjectGroup, which include the corresponding policy objects by their names.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org policy_objects: - name: test cidr category: network type: cidr cidr: 10.0.0.0/24 - name: test fqdn category: network type: fqdn fqdn: www.cisco.com policy_objects_groups: - name: test cidr category: NetworkObjectGroup object_names: - test cidr # This references the "test" policy object by name - name: test fqdn category: NetworkObjectGroup object_names: - test fqdn # This references the "test" policy object by name