Re: Bulk Network object addition on Cisco FMC

Nikhil5 · ‎03-21-2023

Hello Team,

We have got a request from our client to add a security policy on the Cisco FTD(4115). The security policy has 800 Network objects(IP addresses and subnets) in the target field.

We are not sure how this will work because the firewall is managed by the Cisco FMC so we don't have CLI access to it. Everything is to be done via FMC GUI.

Could someone advise how we can achieve this with minimal effort?

Rob Ingram · ‎03-21-2023

@Nikhil5 since 6.7 you can bulk upload objects from a CSV file using the FMC GUI, which is the simpliest method.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/objects-object-mgmt.html

You can also create a python script and upload.

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215972-push-objects-in-bulk-to-fmc-using-rest-a.html

Nikhil5 · ‎03-21-2023

Hi Rob, thank you for your response.

We are running FMC code version 6.6.1 so we cannot use the bulk upload feature. However, let us try the python scripting if that works.

Marvin Rhoads · ‎03-21-2023

I'd also check on the rationale for this large list. I have seen clients wanting to import what they used on an old firewall for public IP blacklist addresses. That content and feature is generally much better addressed via the use of Cisco's Security Intelligence feeds which are automatically updated every 2 hours by default.

Nikhil5 · ‎03-21-2023

Hi Marvin, thanks for your response. I did notice the security intelligence feature where we can upload IP lists to blacklist or whitelist IP addresses, but there is no way we can permit those IPs from the specific host address.