Solved: Re: I created a new python script

jason_williams · ‎01-07-2017

Firepower Management Center API - Object Management

One of my customers, recently migrated to Cisco Firepower Threat Defense. One of the challenges that I ran into was the ASA Configuration migration script from Cisco duplicated objects in Firepower Management Center.

To delete these objects, required clicking delete for each object. This was a painful and time consuming activity, so I built a python script to delete object utilizing the FMC API. Attached to this blog is a python script that will allow you to delete unused objects. If you need to delete a large number of objects, it will save you time.

jason_williams · ‎01-19-2017

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the FMC Python scripts.

https://github.com/scourge71/fmcapi

View solution in original post

jason_williams · ‎01-19-2017

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the FMC Python scripts.

https://github.com/scourge71/fmcapi

michmcda · ‎03-27-2017

Jason,

Nice scripts. Do you have similar on creating or adding a new access rule to an existing access control policy? Getting the following on my attempt:

{"error":{"category":"FRAMEWORK","messages":[{"description":"No data."}],"severity":"WARN"}}

Of course, my input JSON is probably not correct, since finding good reference for this has been difficult.

Any pointers to additional test scripts, or docs will be a great.

jason_williams · ‎03-28-2017

michmcda,

The documentation is lacking. Are you utilizing the api-explorer built-in to Firepower? I ended up do a lot of trial and error with Postman. Check out the links below too. Also, you can post your JSON syntax, so I can look at it.

Postman:

https://www.getpostman.com

CDW Blog:

http://blog.cdw.com/security/programing-ciscos-firepower-6-1-rest-api

neipatel · ‎03-29-2017

michmcda,

To be sure of your code can you also provide the script you are using? Couple pointers:

The method should be PUT with the request URI :

/api/fmc_config/v1/domain/DomainUUID/policy/accesspolicies/id_of_access_policy_you_are_editing

A JSON content example would be :

{
  "name": "Access Policy to Edit",
  "description": "Test REST API policy",
  "type": "AccessPolicy",
  "id": "id_of_access_policy_you_are_editing",
  "defaultAction": {
    "intrusionPolicy": {
      "id": "id_of_existing_or_new_intrusion_policy",
      "type": "IntrusionPolicy"
    },
  "type": "AccessPolicyDefaultAction", 
  "logBegin": "true/false", 
  "logEnd": "true/false", 
  "sendEventsToFMC": "true/false",
  "action": "any_allowed_action_enum", 
  "id": "id_of_default_action",
    "variableSet": {
      "id": "id_of_variableSet_to_be_added",
      "type": "VariableSet"
    },
    "snmpConfig": {
      "id": "id_of_snmpConfig_object",
      "type": "SNMPAlert"
    },
    "syslogConfig": {
      "id": "id_of_syslog_object",
      "type": "SyslogAlert"
    },

  }
}

ismail_salma1987 · ‎05-07-2019

Hello Jason,

Can i have a script which will add/remove rules in an ACP from Excel/CSV.

Looking forward for ur response.

Regards

Ismail Kalolwala

kalolwalaismail@yahoo.com

prashant dwivedi · ‎08-23-2017

got it working..thanks

ismail_salma1987 · ‎05-07-2019

Hello Prahant,

Can i have the script which adds/remove rules from ACP.

Regards

Ismail Kalolwala

kalolwalaismail@yahoo.com

prashant dwivedi · ‎08-26-2017

Hey Mate,

Need your help please! I need to import pre-filter policy. Do you have any script for the same ?

I have retrived ACP sucessfully using your script , thanks to you.

I have migrated ASA to FTD and all policies have been migrated as a part of pre-filter policy. its good to import all of them in an excel file for futher reading.

Thanks for your help

GWH-jayohaitchenn · ‎11-20-2018

Hi Jason,

Wonderful idea, and it's feature that sound be in the FMC, in my opinon.

However, I am having trouible getting it to run. I have python v3 running on my Windows 10 laptop and get syntax errors when running. Do I need to use a different version of Python?

Thanks

John

Cisco Firepower API