topic Re: FMC: apply changes to multiple Access Control rules in Network Security

FMC: apply changes to multiple Access Control rules

PAUL GILBERT ARIAS — Fri, 21 Feb 2020 17:00:58 GMT

Is there a way to apply the same change to multiple rules within an access control policy?

Recently I had to enable logging on every single rule withing an access control policy and now I have to enable the IPS policy to every single rule. Is there a way to enable this to all the rules at the same time?

Re: FMC: apply changes to multiple Access Control rules

Francesco Molino — Fri, 05 Apr 2019 04:27:40 GMT

Hi

This isn't possible.
A workaround would be to script this change by using APIs.

Re: FMC: apply changes to multiple Access Control rules

andrew.butterworth — Thu, 15 Dec 2022 11:54:28 GMT

This is sort of possible, however it seems to be only half implemented. I've tried it on FMC 6.6.5.2, 7.0.5 and 7.3 and the behaviour is the same on all of them.

Open the ACP, hold down shift, left click the 1st rule, go to the last rule or a rule further in the list and left click again and you will see all lines selected. Right click over one of the selected rules and a menu appears, click 'edit' and you are presented with options to apply to all selected rules. Check the box for logging (at the beginning or at the end of the connection) and click OK. This enabled logging for all the selected rules. However..... It doesn't set a destination for the logging. You then need to go into each rule and click the checkbox for the destination (Event Viewer, Syslog or SNMP trap). So you are no better off.... 😞

It works for inspection rules though and you can select the IPS policy to apply to all the rules.

Anyone know if its possible to enable logging for multiple rules AND select a destination for the logs?

Andy

Re: FMC: apply changes to multiple Access Control rules

Karsten Iwen — Thu, 15 Dec 2022 12:04:14 GMT

And another opinion ... ;.)

It is easily doable. The first thing with the logging can be done regardless of the FMC version by adding a Monitor Rule at the beginning.. The other thing is done with the newer FMC versions (7.1+ or 7.2+, not sure which one it was) where the new ACP Editor can be enabled and be used to directly apply the same change to a broad range of ACP rules.

Re: FMC: apply changes to multiple Access Control rules

andrew.butterworth — Thu, 15 Dec 2022 12:58:07 GMT

"by adding a Monitor Rule at the beginning."

"new ACP Editor can be enabled and be used to directly apply the same change to a broad range of ACP rules."

Please elaborate?

I can see the option in the new UI to select multiple rules and 'Select Bulk Action', however the same options are presented?

Re: FMC: apply changes to multiple Access Control rules

andrew.butterworth — Thu, 15 Dec 2022 13:02:48 GMT

Oh, bollox... Just realised the logging requires the 'Log at Beggining/End' to be ticked AND the 'Send Connection Events to:' to have a destination ticked when editing a range of rules..... Thought the GUI would kick it out if no destination is selected as that's an invalid option.

OK, so question answered. Not sure about the 'adding a Monitor Rule at the beginning' though?

Re: FMC: apply changes to multiple Access Control rules

Karsten Iwen — Thu, 15 Dec 2022 19:05:35 GMT

You can add a rule at the beginning with the Action "Monitor" It will not decide on any traffic to block or allow, the whole purpose is to add a logging action to the further processing.

And with the bulk action you can easily assign the IPS policy to all selected rules:

Re: FMC: apply changes to multiple Access Control rules

Kasper Elsborg — Thu, 01 May 2025 08:39:13 GMT

at least the new FMC has the option to bulkupdate ACP, I cant remember from which version but this is from a 7.4, just select the all chackbox