Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3045
Views
20
Helpful
6
Replies

Cisco FMC- set up using script

Go to solution
loc.nguyen
Level 1
Level 1

‎04-01-2022 01:39 PM

Hi,

 

I need to create about hundred of objects and rules.  Using GUI is surely painful process.

 

I looks like REST API can do the job better, but it is quite complex I think.

 

Could you suggest any other way to do that? Or if REST API is the only way does, could you share links that I can learn form some good examples.

 

Thanks

 

Loc

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
carstenlymann1
Level 1
Level 1

‎04-05-2022 02:10 AM

I would say RestAPI as well.

It need some programming skills but its fun to learn, and really usable with other stuff as well later on.

 

If you have no programming experience, i would get help. And try if it can be programmed together with the help, so you learn at the same time.. 

I got a script some where i can share at some point. I just need to make sure i dont have any company secret data in it. 

But it creates the objects. (not the rules) 

I can recommend looking in here: https://developer.cisco.com/secure-firewall/management-center/

It has a sandbox where you can try and error without destroying anything on your site. 

Please remember to select a correct answer and rate helpful posts
/ Carsten

View solution in original post

Go to solution
carstenlymann1
Level 1
Level 1
In response to loc.nguyen

‎04-07-2022 12:16 PM

That link looks correct yet.

Im busy the next couple of days. I might be able to share some script ideas Tuesday or Wednesday. (Have not used it for more than a year, so need to take a closer look and try it out so im sure it still working). 

 

I have not looked at the script mentioned below but found this shared in the community earlier from Shubham Bharti:

https://github.com/shubhambharti89/BulkPushObjectsFMC/tree/master/URL-Obj

Please remember to select a correct answer and rate helpful posts
/ Carsten

View solution in original post

6 Replies 6

Go to solution
carstenlymann1
Level 1
Level 1

‎04-05-2022 02:10 AM

I would say RestAPI as well.

It need some programming skills but its fun to learn, and really usable with other stuff as well later on.

 

If you have no programming experience, i would get help. And try if it can be programmed together with the help, so you learn at the same time.. 

I got a script some where i can share at some point. I just need to make sure i dont have any company secret data in it. 

But it creates the objects. (not the rules) 

I can recommend looking in here: https://developer.cisco.com/secure-firewall/management-center/

It has a sandbox where you can try and error without destroying anything on your site. 

Please remember to select a correct answer and rate helpful posts
/ Carsten

Go to solution
loc.nguyen
Level 1
Level 1
In response to carstenlymann1

‎04-07-2022 09:28 AM

Hi Carsten,

 

I  found  a link for creating objects. Is it the one you are talking about?

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215972-push-objects-in-bulk-to-fmc-using-rest-a.html

I appreciate it if you can share any scripts.

 

Thanks

 

Loc

0 Helpful

Go to solution
carstenlymann1
Level 1
Level 1
In response to loc.nguyen

‎04-07-2022 12:16 PM

That link looks correct yet.

Im busy the next couple of days. I might be able to share some script ideas Tuesday or Wednesday. (Have not used it for more than a year, so need to take a closer look and try it out so im sure it still working). 

 

I have not looked at the script mentioned below but found this shared in the community earlier from Shubham Bharti:

https://github.com/shubhambharti89/BulkPushObjectsFMC/tree/master/URL-Obj

Please remember to select a correct answer and rate helpful posts
/ Carsten

Go to solution
loc.nguyen
Level 1
Level 1

‎04-11-2022 02:39 PM - edited ‎04-11-2022 02:41 PM

I have a follow up question. 

I can create the object using the python script.

Now my object group looks like below from the command line of a FTD:

ctrma-ftd-1# show run object-group id CTRMA_CCRMA_PRENAT_GROUP

object-group network CTRMA_CCRMA_PRENAT_GROUP
network-object object ctrma-maint2-036
network-object object ctrma-maint2-151
network-object object ctrma-maint2-030

Is there a way to make it organized by name?

I need it to be as below:
 object-group network CTRMA_CCRMA_PRENAT_GROUP
network-object object ctrma-maint2-030
network-object object ctrma-maint2-036
network-object object ctrma-maint2-151

FYI: I need to NAT one-to-one so I need the object list need to sort by name. 

 

THanks

 

Loc

 

0 Helpful

Go to solution
carstenlymann1
Level 1
Level 1

‎04-11-2022 11:15 PM

Cool. Great work..

 

Im not sure if its possible to organize it. Cisco do try to get us away from using cli, so not sure it can be done. 

Makes most sense to me that it should be in the order entered on the device, but never looked at my automation in cli afterwards.

Please remember to select a correct answer and rate helpful posts
/ Carsten
Customers Also Viewed These Support Documents