https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4953010#M477 <P>This is pretty detailed!</P> Fri, 03 Nov 2023 05:18:47 GMT divitgupta 2023-11-03T05:18:47Z https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4938166#M474 <P>I'm attempting to pull our access policy rules and get the allowed networks and port numbers using REST API. When trying to run the GET request&nbsp;<SPAN class=""><SPAN>{{baseURL}}</SPAN></SPAN><SPAN>/api/fmc_config/v1/domain/</SPAN><SPAN class=""><SPAN>{{domainUUID}}</SPAN></SPAN><SPAN>/policy/accesspolicies/</SPAN><SPAN class=""><SPAN>{{???}}</SPAN></SPAN><SPAN>/accessrules I keep getting a&nbsp;</SPAN></P><DIV><DIV><SPAN>"No&nbsp;data&nbsp;found&nbsp;for: " 404 error. I have tried HA pair and individual device UUIDs with no luck. Does anyone know what Container UUID the request needs to get the information requested?</SPAN></DIV></DIV> Wed, 11 Oct 2023 15:01:22 GMT https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4938166#M474 jaismith 2023-10-11T15:01:22Z https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4952380#M476 <P>Rest API document: <SPAN class="resolvedVariable" data-testid="resolvedVariable"><SPAN data-offset-key="8rkjm-0-0">{{protocol}}</SPAN></SPAN><SPAN data-offset-key="8rkjm-1-0">://</SPAN><SPAN class="resolvedVariable" data-testid="resolvedVariable"><SPAN data-offset-key="8rkjm-2-0">{{hostname}}</SPAN></SPAN>/api/api-explorer/</P> <P>For example:<A href="https://1.2.3.4/api/api-explorer/" target="_blank" rel="noopener">https://1.2.3.4/api/api-explorer/</A> (1.2.3.4 is FMC IP address or you can input FMC hostname here)</P> <P>--------------------------</P> <P>Device_id is FMC ID which can be found in the browser address after you access 'System&gt;Health&gt;Monitor&gt;FMC'.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_7-1698903624141.png" style="width: 770px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201431iE4DF4D09B1E20F31/image-dimensions/770x260?v=v2" width="770" height="260" role="button" title="betliu_7-1698903624141.png" alt="betliu_7-1698903624141.png" /></span></P> <P>Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies&gt;Access Control&gt;click one of your policies'.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_8-1698903949425.png" style="width: 750px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201432iE8C16029DA238450/image-dimensions/750x243?v=v2" width="750" height="243" role="button" title="betliu_8-1698903949425.png" alt="betliu_8-1698903949425.png" /></span></P> <P>I tested in lab to retrieve access control rules and took screenshots for your reference.</P> <P>Step1: Generate Token</P> <P>{{protocol}}://{{hostname}}/api/fmc_platform/v1/auth/generatetoken</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_0-1698903493989.png" style="width: 748px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201426iCD0012F6A1FA63A4/image-dimensions/748x242?v=v2" width="748" height="242" role="button" title="betliu_0-1698903493989.png" alt="betliu_0-1698903493989.png" /></span></P> <P>Then you can find ‘token’ and ‘DOMAIN_UUI’ in headers after you click button ‘Send’</P> <P>‘token’ and ‘DOMAIN_UUI’ will be used in next step.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_1-1698903493999.png" style="width: 740px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201425i2647BB9DB04B450C/image-dimensions/740x345?v=v2" width="740" height="345" role="button" title="betliu_1-1698903493999.png" alt="betliu_1-1698903493999.png" /></span></P> <P>Step2: Get Access Policy ID which is ‘Container ID’ .</P> <P>option1: operate in FMC GUI directly</P> <P>Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies&gt;Access Control&gt;click one of your policies'.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_8-1698903949425.png" style="width: 741px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201432iE8C16029DA238450/image-dimensions/741x240?v=v2" width="741" height="240" role="button" title="betliu_8-1698903949425.png" alt="betliu_8-1698903949425.png" /></span></P> <P>option2: operate in postman</P> <P>{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies?limit=1000</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_2-1698903494008.png" style="width: 753px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201424iAF2735434137CE95/image-dimensions/753x274?v=v2" width="753" height="274" role="button" title="betliu_2-1698903494008.png" alt="betliu_2-1698903494008.png" /></span></P> <P>Input the DOMAIN_UUID generated in last step and other required information in the screenshot, click ‘Send’ button, then we can get ‘id’ which is ‘policy id’ and we also call it ‘Container ID’ in the response body.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_3-1698903494024.png" style="width: 762px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201429iA15C9B880CA8D34E/image-dimensions/762x329?v=v2" width="762" height="329" role="button" title="betliu_3-1698903494024.png" alt="betliu_3-1698903494024.png" /></span></P> <P>Step3: get access control rules</P> <P>{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies/{{accesspolicy_id}}/accessrules</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_5-1698903494049.png" style="width: 756px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201427i48F1CF7E25CA7B10/image-dimensions/756x289?v=v2" width="756" height="289" role="button" title="betliu_5-1698903494049.png" alt="betliu_5-1698903494049.png" /></span></P> <P>Input ‘Domian_id’ which was generated in step1 and ‘accesspolicy_id’ (‘Container_uuid’) which was generated in step2, along with authentication and token information, click ‘Try’ button.</P> <P>Then we can get Access Control Rules information in response body.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="betliu_6-1698903494064.png" style="width: 816px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/201430i3BE6D8ED43400003/image-dimensions/816x359?v=v2" width="816" height="359" role="button" title="betliu_6-1698903494064.png" alt="betliu_6-1698903494064.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 03 Nov 2023 06:17:45 GMT https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4952380#M476 betliu 2023-11-03T06:17:45Z https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4953010#M477 <P>This is pretty detailed!</P> Fri, 03 Nov 2023 05:18:47 GMT https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4953010#M477 divitgupta 2023-11-03T05:18:47Z https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4971121#M484 <P>I'm going to try this in my lab. Will update.</P> Mon, 04 Dec 2023 17:42:46 GMT https://community.cisco.com/t5/network-security/firepower-rest-apis-access-control-rules/m-p/4971121#M484 asadabbasawan 2023-12-04T17:42:46Z