Bulk Network object addition on Cisco FMC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 12:09 PM
Hello Team,
We have got a request from our client to add a security policy on the Cisco FTD(4115). The security policy has 800 Network objects(IP addresses and subnets) in the target field.
We are not sure how this will work because the firewall is managed by the Cisco FMC so we don't have CLI access to it. Everything is to be done via FMC GUI.
Could someone advise how we can achieve this with minimal effort?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 12:13 PM - edited 03-21-2023 12:14 PM
@Nikhil5 since 6.7 you can bulk upload objects from a CSV file using the FMC GUI, which is the simpliest method.
You can also create a python script and upload.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 11:48 PM
Hi Rob, thank you for your response.
We are running FMC code version 6.6.1 so we cannot use the bulk upload feature. However, let us try the python scripting if that works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 08:46 PM
I'd also check on the rationale for this large list. I have seen clients wanting to import what they used on an old firewall for public IP blacklist addresses. That content and feature is generally much better addressed via the use of Cisco's Security Intelligence feeds which are automatically updated every 2 hours by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 11:39 PM
Hi Marvin, thanks for your response. I did notice the security intelligence feature where we can upload IP lists to blacklist or whitelist IP addresses, but there is no way we can permit those IPs from the specific host address.
