03-21-2023 12:09 PM
Hello Team,
We have got a request from our client to add a security policy on the Cisco FTD(4115). The security policy has 800 Network objects(IP addresses and subnets) in the target field.
We are not sure how this will work because the firewall is managed by the Cisco FMC so we don't have CLI access to it. Everything is to be done via FMC GUI.
Could someone advise how we can achieve this with minimal effort?
03-21-2023 12:13 PM - edited 03-21-2023 12:14 PM
@Nikhil5 since 6.7 you can bulk upload objects from a CSV file using the FMC GUI, which is the simpliest method.
You can also create a python script and upload.
03-21-2023 11:48 PM
Hi Rob, thank you for your response.
We are running FMC code version 6.6.1 so we cannot use the bulk upload feature. However, let us try the python scripting if that works.
03-21-2023 08:46 PM
I'd also check on the rationale for this large list. I have seen clients wanting to import what they used on an old firewall for public IP blacklist addresses. That content and feature is generally much better addressed via the use of Cisco's Security Intelligence feeds which are automatically updated every 2 hours by default.
03-21-2023 11:39 PM
Hi Marvin, thanks for your response. I did notice the security intelligence feature where we can upload IP lists to blacklist or whitelist IP addresses, but there is no way we can permit those IPs from the specific host address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide