Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3587
Views
2
Helpful
4
Replies

Cisco Firepower FMC Export Configuration option using CLI mode

VeeraselvamManoharan53181
Level 1
Level 1

‎01-04-2021 02:05 AM

Is there any way to export Cisco Firepower  FMC configuration using CLI mode? Cisco Firepower FTD case I am using "show running-config" CLI command to get configuration data.

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎01-04-2021 02:10 AM

what is the use case here, did you lost GUI, the config can be backup from GUI, that what intention of making Manamgement as FMC.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-04-2021 02:36 AM

No. FMC configuration can only be backed up using the FMC backup feature from within the GUI.

(Or, if it is a VM, via an external VM backup tool)

0 Helpful

VeeraselvamManoharan53181
Level 1
Level 1
In response to Marvin Rhoads

‎01-04-2021 07:53 PM

I am using a third-party tool to generate rule management reports. (like policy optimization report, security audit reports). Currently my organization using 2 FortiGate firewalls and Cisco Firepower FMCFortiGate firewall case our third-party tool providing all rule management related reports, but Cisco Firepower FMC case they requested CLI commands to get complete configuration data.(Policy/Network/Interface/Service object data).

 

In my google search I found below Cisco Firepower FMC CLI command reference document:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/command_line_reference.pdf

 

In the above document listed below command options:

   1) system generate-troubleshoot SYS (System Configuration, Policy, and Logs)

   2) system generate-troubleshoot DES (Detection Configuration, Policy, and Logs)

   3) system generate-troubleshoot NET (Interface and Network Related Data)

 

What is the usage of "system generate-troubleshoot" command? Above command output file will contain Policy/Network/Interface/Service object information? 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-05-2021 10:49 AM

The problem is that FMC does not store all of its configuration in a text file. There are multiple database tables and elements that comprise both an FMC configuration and that of a managed device.

If you want a human readable export of a managed device configuration, you can always generate a report for that policy. Go to Policies > Access Control and click the icon on the right to generate a report for the policy or policies you need.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card