01-07-2017 07:34 AM - edited 03-12-2019 06:14 AM
Firepower Management Center API - Object Management
One of my customers, recently migrated to Cisco Firepower Threat Defense. One of the challenges that I ran into was the ASA Configuration migration script from Cisco duplicated objects in Firepower Management Center.
To delete these objects, required clicking delete for each object. This was a painful and time consuming activity, so I built a python script to delete object utilizing the FMC API. Attached to this blog is a python script that will allow you to delete unused objects. If you need to delete a large number of objects, it will save you time.
Solved! Go to Solution.
01-19-2017 12:50 PM
I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the FMC Python scripts.
https://github.com/scourge71/fmcapi
01-19-2017 12:50 PM
I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the FMC Python scripts.
https://github.com/scourge71/fmcapi
03-27-2017 10:42 AM
Jason,
Nice scripts. Do you have similar on creating or adding a new access rule to an existing access control policy? Getting the following on my attempt:
{"error":{"category":"FRAMEWORK","messages":[{"description":"No data."}],"severity":"WARN"}}
Of course, my input JSON is probably not correct, since finding good reference for this has been difficult.
Any pointers to additional test scripts, or docs will be a great.
03-28-2017 07:20 PM
michmcda,
The documentation is lacking. Are you utilizing the api-explorer built-in to Firepower? I ended up do a lot of trial and error with Postman. Check out the links below too. Also, you can post your JSON syntax, so I can look at it.
Postman:
https://www.getpostman.com
CDW Blog:
http://blog.cdw.com/security/programing-ciscos-firepower-6-1-rest-api
03-29-2017 06:20 AM
michmcda,
To be sure of your code can you also provide the script you are using? Couple pointers:
The method should be PUT with the request URI :
/api/fmc_config/v1/domain/DomainUUID/policy/accesspolicies/id_of_access_policy_you_are_editing
A JSON content example would be :
{ "name": "Access Policy to Edit", "description": "Test REST API policy", "type": "AccessPolicy", "id": "id_of_access_policy_you_are_editing", "defaultAction": { "intrusionPolicy": { "id": "id_of_existing_or_new_intrusion_policy", "type": "IntrusionPolicy" },
"type": "AccessPolicyDefaultAction",
"logBegin": "true/false",
"logEnd": "true/false",
"sendEventsToFMC": "true/false",
"action": "any_allowed_action_enum",
"id": "id_of_default_action", "variableSet": { "id": "id_of_variableSet_to_be_added", "type": "VariableSet" }, "snmpConfig": { "id": "id_of_snmpConfig_object", "type": "SNMPAlert" }, "syslogConfig": { "id": "id_of_syslog_object", "type": "SyslogAlert" }, } }
05-07-2019 12:59 AM
Hello Jason,
Can i have a script which will add/remove rules in an ACP from Excel/CSV.
Looking forward for ur response.
Regards
Ismail Kalolwala
kalolwalaismail@yahoo.com
08-23-2017 11:53 PM - edited 08-25-2017 07:09 PM
got it working..thanks
05-07-2019 01:01 AM
Hello Prahant,
Can i have the script which adds/remove rules from ACP.
Regards
Ismail Kalolwala
kalolwalaismail@yahoo.com
08-26-2017 10:28 PM
Hey Mate,
Need your help please! I need to import pre-filter policy. Do you have any script for the same ?
I have retrived ACP sucessfully using your script , thanks to you.
I have migrated ASA to FTD and all policies have been migrated as a part of pre-filter policy. its good to import all of them in an excel file for futher reading.
Thanks for your help
11-20-2018 08:33 AM
Hi Jason,
Wonderful idea, and it's feature that sound be in the FMC, in my opinon.
However, I am having trouible getting it to run. I have python v3 running on my Windows 10 laptop and get syntax errors when running. Do I need to use a different version of Python?
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide