Export NAT Rules from FMC (Manual or API)

mrlorincz · ‎11-11-2022

Does anyone know of a way to export the NAT policies from FMC? Preferably with API but even a manual report would suffice. I've found some handy scripts on exporting ACP policies, but nothing on NAT.

Thanks!

Mike

Rob Ingram · ‎11-11-2022

@mrlorincz you can export NAT policies/rules using API - https://www.cisco.com/c/en/us/td/docs/security/firepower/70/api/REST/firepower_management_center_rest_api_quick_start_guide_70/Objects_In_The_REST_API.html#reference_hfp_vtc_bcb

mrlorincz · ‎11-11-2022

Thanks, this is helpful and I'm able to run some gets in postman, but i need to run a separate get for each object_uuid (rule) in the nat policy list, a bit tedious for my applications.

Anyone know of a script that gets the natrules and parses the various object_uuids, maybe into a csv or something? If I had any scripting skills of my own I'd take a crack but alas I'm not very knowledgeable there.

jjevans1 · ‎02-15-2023

Has anyone come up with a reasonable work around on how to export all NAT Policies from FMC?

mrlorincz · ‎02-16-2023

@jjevans

Nothing natively built in that I can find. For ACP rules, I ultimately I ended up getting familiar enough with python to be able to run this script, it worked great

https://github.com/raghukul-cisco/csvExportFirepower

For NAT rules, it's possible to use API, but I didn't find a pre-canned script. I utlimately just did a 'show nat' from the cli and manually pasted into excel file.

I might toy with creating NAT to CSV feature using the fireREST suite. https://github.com/kaisero/fireREST

I wouldn't be surprised if someone already created one, just need to scour the cisco dev exchange for it