Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7171
Views
15
Helpful
9
Replies

Cisco FMC/FTD - Adding Bulk NAT or ACL

Go to solution
shabeeb
Level 1
Level 1

‎06-28-2020 01:55 AM

Team, 

 

Is there anyway i can add a lot of new NAT or ACL rules in Bulk?

I have noticed that this is possible via the FMC API, but for a noob like me, the scripting, json, python etc doesnt make any sense. Is there a working example of how we can do this. Any help is appreciated. 

 

Regards, 

Shabeeb

 

1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to shabeeb

‎07-05-2020 11:39 AM

You can go on FMC api explorer (https://fmc/api/api-explorer/) and loop across some apis functions. I believe this will be more complex if you never played with Python.

I would recommend you use ansible as most functions are already built and you need to fill in variables.
Here a devnet ansible help: https://developer.cisco.com/docs/ftd-ansible-v6-3/#!examples/create-an-accessrule

I'm sorry I didn't had time to make a a quick and dirty playbook but the way you'll need to run it will be:
- Have a excel file with access rules and nat
- You need to validate objects your using in both of them are already created and get their id or create them and get their id
- Then you can create rules and nat policies.

If you go to the github related project, you will have examples on how to create all of these: https://github.com/CiscoDevNet/FTDAnsible/tree/master/samples/ftd_configuration
Examples are in folder samples/ftd_configuration

Hope this helps

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-28-2020 09:15 PM

Hi

You're right there only way would be using API.
I'm on my phone right now so can't give you a quick example but can you look at developer.cisco.com or GitHub if there are existing cider example doing so?
Otherwise I'll try to do something quick and dirty tomorrow or Tuesday if I got time.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
shabeeb
Level 1
Level 1
In response to Francesco Molino

‎07-05-2020 09:40 AM

Hi Francesco, 

 

Kind reminder. Im going through the cisco developer api tools. Theres is a lot of new things for me. I feel this is going to take some time to properly understand.

 

In the meantime, anything you can provide will be a great help for me and pretty much everyone like me :D

 

TIA, 

Shabeeb

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to shabeeb

‎07-05-2020 11:39 AM

You can go on FMC api explorer (https://fmc/api/api-explorer/) and loop across some apis functions. I believe this will be more complex if you never played with Python.

I would recommend you use ansible as most functions are already built and you need to fill in variables.
Here a devnet ansible help: https://developer.cisco.com/docs/ftd-ansible-v6-3/#!examples/create-an-accessrule

I'm sorry I didn't had time to make a a quick and dirty playbook but the way you'll need to run it will be:
- Have a excel file with access rules and nat
- You need to validate objects your using in both of them are already created and get their id or create them and get their id
- Then you can create rules and nat policies.

If you go to the github related project, you will have examples on how to create all of these: https://github.com/CiscoDevNet/FTDAnsible/tree/master/samples/ftd_configuration
Examples are in folder samples/ftd_configuration

Hope this helps

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
shabeeb
Level 1
Level 1
In response to Francesco Molino

‎07-07-2020 01:52 PM

Hi Francesco,

Appreciate this a lot. Ill need to spend the next few days trying out these. Fingers crossed.

BR,
Shabeeb
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to shabeeb

‎07-08-2020 05:19 PM

Sure if you need help to understand something or helping on issues while running them, let us know.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Supermantech
Level 1
Level 1
In response to Francesco Molino

‎09-30-2020 10:50 AM

Hi Francesco

Can you give an example of 

1. adding a new ACL 

2. Removing an existing ACL

3.  Adding an object (like ip address)

Thank you

rod

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Supermantech

‎10-04-2020 08:31 PM

I don't have a playbook already built as I'm mostly using APIs with csv file.
Allow me some time to do that after my work and I'll come back to you


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Supermantech

‎10-14-2020 06:29 PM

Didn't forget you. I'll try my best this weekend.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Supermantech

‎10-17-2020 12:13 PM

I was building you an example but while going to the github page I saw samples are already existing.

 

Check this out: https://github.com/CiscoDevNet/FTDAnsible/tree/master/samples

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card