cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3588
Views
2
Helpful
4
Replies

Cisco Firepower FMC Export Configuration option using CLI mode

Is there any way to export Cisco Firepower  FMC configuration using CLI mode? Cisco Firepower FTD case I am using "show running-config" CLI command to get configuration data.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

what is the use case here, did you lost GUI, the config can be backup from GUI, that what intention of making Manamgement as FMC.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame

No. FMC configuration can only be backed up using the FMC backup feature from within the GUI.

(Or, if it is a VM, via an external VM backup tool)

I am using a third-party tool to generate rule management reports. (like policy optimization report, security audit reports). Currently my organization using 2 FortiGate firewalls and Cisco Firepower FMCFortiGate firewall case our third-party tool providing all rule management related reports, but Cisco Firepower FMC case they requested CLI commands to get complete configuration data.(Policy/Network/Interface/Service object data).

 

In my google search I found below Cisco Firepower FMC CLI command reference document:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/command_line_reference.pdf

 

In the above document listed below command options:

   1) system generate-troubleshoot SYS (System Configuration, Policy, and Logs)

   2) system generate-troubleshoot DES (Detection Configuration, Policy, and Logs)

   3) system generate-troubleshoot NET (Interface and Network Related Data)

 

What is the usage of "system generate-troubleshoot" command? Above command output file will contain Policy/Network/Interface/Service object information? 

Marvin Rhoads
Hall of Fame
Hall of Fame

The problem is that FMC does not store all of its configuration in a text file. There are multiple database tables and elements that comprise both an FMC configuration and that of a managed device.

If you want a human readable export of a managed device configuration, you can always generate a report for that policy. Go to Policies > Access Control and click the icon on the right to generate a report for the policy or policies you need.

Review Cisco Networking for a $25 gift card