Re: Disabling multiple unused rules through the FMC API

Scott_22 · ‎02-02-2021

Can multiple rules be referenced in the API script to disable those that are unused?

Marius Gunnerud · ‎02-02-2021

Yes, this is possible. but how are you identifying the unused ACP rules? and will you be doing this through a script or using Postman, etc.?

depending on how you are doing this, you may (or may not) need to add ?bulk=true to the end of the POST URL you will be using.

--
Please remember to select a correct answer and rate helpful posts

Oliver Kaiser · ‎02-02-2021

6.4.0 introduced an api endpoint for hitcounts. You could do the following to disable all rules without hitcount

1. PUT to /policy/accesspolicies/{container_uuid}/operational/hitcounts) to update hitcounts (no payload needed)
2. GETto /policy/accesspolicies/{container_uuid}/operational/hitcounts to get all hitcount data

3. GET to /policy/accesspolicies/{container_uuid}/accessrules to read all accessruled

4. Loop through all hitcounts, check if hitcount = 0, edit the corresponding accessrule to set state to DISABLED (as fetched via step 3)

5. PUT to /policy/accesspolicies/{container_uuid}/accessrules?bulk=True with the list of rules that you want to change

I created a python library to interface with FMC, maybe that will be helpful to you: https://github.com/kaisero/fireREST

There is also another cool project called fmcapi that you could look into https://github.com/daxm/fmcapi

atsukane · ‎12-04-2024

Hi @Oliver Kaiser

I'm new to the whole API thing and just started using Postman to try a few things from a branch created from their FMC library.

So far I've reached your step 3 using the request called Read Hitcounts for Device"

GET: {{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies/{{accesspolicy_id}}/operational/hitcounts?filter=deviceId:{{device_id}}&expanded=True

Would you be able to elaborate how do I do step 4 and 5?

Many thanks,