https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3883333#M945470 <P>Hello Marvin,</P><P>&nbsp;</P><P>How can I get rid of below message while trying to scp</P><P>&nbsp;</P><P>root@HH-HHH-HH1:/var/sf/detection_engines/302e2fca-7a77-11e6-870d-af9f5b863148# sudo scp ngfw.rules admin@10.7.XX.XX:/var/tmp<BR />@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<BR />@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @<BR />@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<BR />IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!<BR />Someone could be eavesdropping on you right now (man-in-the-middle attack)!<BR />It is also possible that a host key has just been changed.<BR />The fingerprint for the ECDSA key sent by the remote host is<BR />SHA256:4raWthjsdjfhsdjhfkjsdhfiwryeiuweryVgdqAQLwraTy3L0NJk.<BR />Please contact your system administrator.<BR />Add correct host key in /root/.ssh/known_hosts to get rid of this message.<BR />Offending ECDSA key in /root/.ssh/known_hosts:2<BR />ECDSA host key for 10.7.XX.XX has changed and you have requested strict checking.<BR />Host key verification failed.<BR />lost connection</P> Tue, 02 Jul 2019 16:22:23 GMT subrun.jamil 2019-07-02T16:22:23Z https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3865803#M945462 <P>Hello,&nbsp;</P><P>&nbsp;</P><P>How to export All the rules in a FirePower Policy.&nbsp; Reason I am asking this question is searching items in SourceFire is not that much user friendly. Like If I want to search with a AD Group name it really does not look at User field. That's why just wondering how to search AD Group in a Firewall Policy. Also better to know after exporting a Firewall Policy How to view them ?&nbsp;&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 17:11:09 GMT https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3865803#M945462 subrun.jamil 2020-02-21T17:11:09Z https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3866097#M945463 Hi<BR /><BR />You will need to use API calls to export ACP and into returned results you'll see all role details which means you will have the AD group condition.<BR /><BR /> Sat, 01 Jun 2019 05:06:04 GMT https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3866097#M945463 Francesco Molino 2019-06-01T05:06:04Z https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3866099#M945467 <P>The deployed access control policy should be located in:</P> <PRE>/var/sf/detection_engines/UUID/ngfw.rules </PRE> <P>The UUID (Universally Unique Identifier) will vary - look in /var/sf/detection_engines folder for your UUIDs and, if there are multiple, choose the one with the latest timestamp.</P> <P>You can export and/or search that file (e.g. with grep utility) to examine the ACP in more detail.</P> <P>&nbsp;</P> Sat, 01 Jun 2019 05:11:43 GMT https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3866099#M945467 Marvin Rhoads 2019-06-01T05:11:43Z https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3883333#M945470 <P>Hello Marvin,</P><P>&nbsp;</P><P>How can I get rid of below message while trying to scp</P><P>&nbsp;</P><P>root@HH-HHH-HH1:/var/sf/detection_engines/302e2fca-7a77-11e6-870d-af9f5b863148# sudo scp ngfw.rules admin@10.7.XX.XX:/var/tmp<BR />@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<BR />@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @<BR />@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<BR />IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!<BR />Someone could be eavesdropping on you right now (man-in-the-middle attack)!<BR />It is also possible that a host key has just been changed.<BR />The fingerprint for the ECDSA key sent by the remote host is<BR />SHA256:4raWthjsdjfhsdjhfkjsdhfiwryeiuweryVgdqAQLwraTy3L0NJk.<BR />Please contact your system administrator.<BR />Add correct host key in /root/.ssh/known_hosts to get rid of this message.<BR />Offending ECDSA key in /root/.ssh/known_hosts:2<BR />ECDSA host key for 10.7.XX.XX has changed and you have requested strict checking.<BR />Host key verification failed.<BR />lost connection</P> Tue, 02 Jul 2019 16:22:23 GMT https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3883333#M945470 subrun.jamil 2019-07-02T16:22:23Z https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3883616#M945475 <P>Do like the message says and:</P> <P>"<SPAN>Add correct host key in /root/.ssh/known_hosts to get rid of this message.</SPAN><BR /><SPAN>Offending ECDSA key in /root/.ssh/known_hosts:2</SPAN>"</P> Wed, 03 Jul 2019 01:10:31 GMT https://community.cisco.com/t5/network-security/how-to-export-all-the-rules-from-a-8350-firepower-policy/m-p/3883616#M945475 Marvin Rhoads 2019-07-03T01:10:31Z