Solved: Exporting NAT/ Devices objects from FMC (WEB Gui preferably)

holtt · ‎06-03-2025

Hi All

I working in a environment where we manage NAT for multiple parties coming in and out of our network we often get asked to run queries against the FMC for certain IP or host names to witch we have to manually export each record out one by one is there way to natively export these searches into a CSV or PDF i can screen shot the smaller ones but the larger ones this isn't really a option. Or does anyone have another way of doing this i was thinking of scripting something but i was speaking to a collegue and they said there might be something as it would be a simple feature that would greatly help for compliance.

Thanks
Trav

Jonatan Jonasson · ‎06-03-2025

No direct good way, however...

#1
In the FMC UI, where you list your NAT policies, you there's a report option that exports the NAT policy as a PDF file.
Not ideal, but def better than reviewing each record, and you could either quickly search or use a tool to parse the PDF.
(in-house LLM/copilot etc?)

#2
As mentioned in another, older, thread, you could also SSH into the appliance, do "show nat", paste in to excel and work there.
https://community.cisco.com/t5/network-security/export-nat-rules-from-fmc-manual-or-api/td-p/4719979

#3
And related, if you want to script or use something like Postman, there's one mentioned in the link above, and maybe more you could find on DevNet code exchange -- https://developer.cisco.com/codeexchange

#4
You can actually practice using the API without any scripting, just load the API explorer on your fmc (https://fmc/api/api-explorer), and in the "policy" section you'll find a few for NAT rules.
You can start with using the "/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies" endpoint to find the containerUUID for the policy you want to see, and then use the "/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/natrules" endpoint to get all the rules.
Just change the "expand" to "true" to see all the rule contents.
This can get a bit advanced if you have a lot of rules, but you'll end up with json output that you can either parse or search through.

View solution in original post

Jonatan Jonasson · ‎06-03-2025

No direct good way, however...

#1
In the FMC UI, where you list your NAT policies, you there's a report option that exports the NAT policy as a PDF file.
Not ideal, but def better than reviewing each record, and you could either quickly search or use a tool to parse the PDF.
(in-house LLM/copilot etc?)

#2
As mentioned in another, older, thread, you could also SSH into the appliance, do "show nat", paste in to excel and work there.
https://community.cisco.com/t5/network-security/export-nat-rules-from-fmc-manual-or-api/td-p/4719979

#3
And related, if you want to script or use something like Postman, there's one mentioned in the link above, and maybe more you could find on DevNet code exchange -- https://developer.cisco.com/codeexchange

#4
You can actually practice using the API without any scripting, just load the API explorer on your fmc (https://fmc/api/api-explorer), and in the "policy" section you'll find a few for NAT rules.
You can start with using the "/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies" endpoint to find the containerUUID for the policy you want to see, and then use the "/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/natrules" endpoint to get all the rules.
Just change the "expand" to "true" to see all the rule contents.
This can get a bit advanced if you have a lot of rules, but you'll end up with json output that you can either parse or search through.