Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11502
Views
20
Helpful
9
Replies

Cisco Firepower API

Go to solution
jason_williams
Community Member

‎01-07-2017 07:34 AM - edited ‎03-12-2019 06:14 AM

Firepower Management Center API - Object Management 

 One of my customers, recently migrated to Cisco Firepower Threat Defense. One of the challenges that I ran into was the ASA Configuration migration script from Cisco duplicated objects in Firepower Management Center.

 To delete these objects, required clicking delete for each object. This was a painful and time consuming activity, so I built a python script to delete object utilizing the FMC API. Attached to this blog is a python script that will allow you to delete unused objects. If you need to delete a large number of objects, it will save you time.

4 people had this problem
Labels:
fmc-obj-del.py_.zip
1 Accepted Solution

Accepted Solutions

Go to solution
jason_williams
Community Member

‎01-19-2017 12:50 PM

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the  FMC Python scripts. 

https://github.com/scourge71/fmcapi

View solution in original post

9 Replies 9

Go to solution
jason_williams
Community Member

‎01-19-2017 12:50 PM

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the  FMC Python scripts. 

https://github.com/scourge71/fmcapi

Go to solution
michmcda
Cisco Employee
Cisco Employee
In response to jason_williams

‎03-27-2017 10:42 AM

Jason,

Nice scripts. Do you have similar on creating or adding a new access rule to an existing access control policy? Getting the following on my attempt: 

{"error":{"category":"FRAMEWORK","messages":[{"description":"No data."}],"severity":"WARN"}}

Of course, my input JSON is probably not correct, since finding good reference for this has been difficult.

Any pointers to additional test scripts, or docs will be a great.

0 Helpful

Go to solution
jason_williams
Community Member
In response to michmcda

‎03-28-2017 07:20 PM

michmcda,

 The documentation is lacking. Are you utilizing the api-explorer built-in to Firepower? I ended up do a lot of trial and error with Postman. Check out the links below too. Also, you can post your JSON syntax, so I can look at it. 

Postman:

https://www.getpostman.com

CDW Blog:

http://blog.cdw.com/security/programing-ciscos-firepower-6-1-rest-api

0 Helpful

Go to solution
neipatel
Cisco Employee
Cisco Employee
In response to michmcda

‎03-29-2017 06:20 AM

michmcda,

To be sure of your code can you also provide the script you are using? Couple pointers:

The method should be PUT with the request URI :

/api/fmc_config/v1/domain/DomainUUID/policy/accesspolicies/id_of_access_policy_you_are_editing

A JSON content example would be : 

{
  "name": "Access Policy to Edit",
  "description": "Test REST API policy",
  "type": "AccessPolicy",
  "id": "id_of_access_policy_you_are_editing",
  "defaultAction": {
    "intrusionPolicy": {
      "id": "id_of_existing_or_new_intrusion_policy",
      "type": "IntrusionPolicy"
    },
  "type": "AccessPolicyDefaultAction", 
  "logBegin": "true/false", 
  "logEnd": "true/false", 
  "sendEventsToFMC": "true/false",
  "action": "any_allowed_action_enum", 
  "id": "id_of_default_action",
    "variableSet": {
      "id": "id_of_variableSet_to_be_added",
      "type": "VariableSet"
    },
    "snmpConfig": {
      "id": "id_of_snmpConfig_object",
      "type": "SNMPAlert"
    },
    "syslogConfig": {
      "id": "id_of_syslog_object",
      "type": "SyslogAlert"
    },

  }
}
0 Helpful

Go to solution
ismail_salma1987
Frequent Visitor
Frequent Visitor
In response to michmcda

‎05-07-2019 12:59 AM

Hello Jason,

 

Can i have a script which will add/remove rules in an ACP from Excel/CSV. 

 

Looking forward for ur response.

 

Regards

Ismail Kalolwala

kalolwalaismail@yahoo.com

 

0 Helpful

Go to solution
prashant dwivedi
Level 3
Level 3
In response to jason_williams

‎08-23-2017 11:53 PM - edited ‎08-25-2017 07:09 PM

got it working..thanks

0 Helpful

Go to solution
ismail_salma1987
Frequent Visitor
Frequent Visitor
In response to prashant dwivedi

‎05-07-2019 01:01 AM

Hello Prahant, 

 

Can i have the script which adds/remove rules from ACP. 

 

Regards

Ismail Kalolwala

kalolwalaismail@yahoo.com

0 Helpful

Go to solution
prashant dwivedi
Level 3
Level 3
In response to jason_williams

‎08-26-2017 10:28 PM

Hey Mate,

Need your help please! I need to import pre-filter policy. Do you have any script for the same ?

 

I have retrived ACP sucessfully using your script , thanks to you.

 

I have migrated ASA to FTD and all policies have been migrated as a part of pre-filter policy. its good to import all of them in an excel file for futher reading.

 

Thanks for your help

0 Helpful

Go to solution
GWH-jayohaitchenn
Frequent Visitor
Frequent Visitor

‎11-20-2018 08:33 AM

Hi Jason,

 

Wonderful idea, and it's feature that sound be in the FMC, in my opinon.

 

However, I am having trouible getting it to run. I have python v3 running on my Windows 10 laptop and get syntax errors when running. Do I need to use a different version of Python?

 

Thanks

John

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card