Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1963
Views
0
Helpful
4
Replies

Firepower API for - Script Static Routes

paultribe
Level 1
Level 1

‎04-22-2020 08:39 AM - edited ‎04-23-2020 02:10 AM

I do quite a few ASA to FTD migrations and many customers want a "Big Bang" approach. I am familiar with all the Migration tools that Cisco offer but they do have their limitations. The limitation for me is that I have a customer who has 200 static routes and although the new migration tool supports import of static routes I cannot use this as it also requires that the new FTD is migrated on to a "clean" FMC.

I am therefore reaching out to see if anyone out there has managed to write an API script that could be used for this. Unfortunately I got into networking & security way before programming was important so am not very good with tools such as Python, JSON and Postmaster etc. I am trying to go through the DevNet course but have little time so wandered if anyone could help.

 

Regards

Paul T 

0 Helpful
4 Replies 4

ngkin2010
Level 7
Level 7

‎04-22-2020 09:04 AM

Hi,

Are you looking for script/python code that could:
1. read the static route statement from ASA (by manual input)
2. add the corresponding static route entry to FTD via RESTful API
0 Helpful

paultribe
Level 1
Level 1
In response to ngkin2010

‎04-22-2020 09:45 PM - edited ‎04-23-2020 02:08 AM

That sounds about right, with the caveat that I would like to add several static routes from ASA to FTD in one go of course...

0 Helpful

ngkin2010
Level 7
Level 7
In response to paultribe

‎04-23-2020 05:14 AM

Hi,

You may refer to FTD-API Reference to read the API usage. And it also provides the sample code (in Bash or Python) for you to kick start.

First, you authenticate with FTD to obtain OAuth token.
https://developer.cisco.com/site/ftd-api-reference/#!authenticating-your-rest-api-client-using-oauth

Then, you add the static route by call the 'staticrouteentry' api.
https://developer.cisco.com/site/ftd-api-reference/#!staticrouteentry/staticrouteentry

If I have time, I would write a basic version Python for you in later.

I am not experienced in migrating ASA to FTD, so someone have a better solution for @paultribe, please kindly advise.
0 Helpful

paultribe
Level 1
Level 1
In response to ngkin2010

‎04-23-2020 05:43 AM

This sounds great to me - if you do get time it would be great; however don't feel you have to.

I would be happy to share in return a training document I wrote for my colleagues which is easier (I think), than following Cisco's guides. Its aimed at getting to know FMC and FTD in a Greenfield environment so has context around it and takes you through some common features of Firepower. Especially for those new to Firewalls.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card