Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5174
Views
0
Helpful
8
Replies

FirePower Management Center 6.1 Time-based access policy

Silver_Cat
Level 1
Level 1

‎10-21-2016 09:25 AM - edited ‎02-21-2020 05:56 AM

Is there any way to implement time based access/url filtering policy ? Is there any roadmap for this feature ?

I know version 6.1 supports rest APIs .As a work around, Is is possible to write a script to push specific access rules to implement the above feature? thoughts?

1 person had this problem
0 Helpful
8 Replies 8

Oliver Kaiser
Level 7
Level 7

‎10-27-2016 12:20 PM

Time Range objects are currently not supported. Time range objects are on the roadmap (not 6.2) but no further information has been published yet.

IMO using the REST API might be the only solution to this problem at the moment. CRUD operations are working for ACPs and deployment is working as well.

The easiest solution would be to create block rules and change the rule from enabled/disabled based on some time schedule using cron. Let me know if you got any questions considering the REST API, I have already tinkered some time with it. :)

0 Helpful

Silver_Cat
Level 1
Level 1
In response to Oliver Kaiser

‎11-01-2016 07:01 AM

Thanks kaisero , do u have any reference material on how to use Cron with time range objects in FTD?

0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to Silver_Cat

‎11-01-2016 07:21 AM

Like i stated above, time-range objects are not supported atm. You need to enable/disable ACP rules via the Rest API and use some Scheduler like cron to start your script to build this functionality yourself.

If you need help  writing this script I can post some sample Python code. In case developing this yourself is not an Option you would have to wait for a future release that will add this feature.

0 Helpful

Silver_Cat
Level 1
Level 1
In response to Oliver Kaiser

‎11-01-2016 09:17 AM

understood , thank you Kaisero , if you dont mind sharing some Python code. I guess its time for me to ramp up my python skills :) 

0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to Silver_Cat

‎11-12-2016 12:56 PM

Sorry for the late response. I wanted to send you something more complete but I didnt get to work on my script for some time.

I have attached a sample script that can be generated using the api explorer at

https://FMC-FQDN/api/api-explorer to get access-control-policy rules.

I am currenty working on a library for the Firepower API but I am still not done. I will release it in about 2 weeks and will post a link to github here.

Preview file
3 KB
0 Helpful

Silver_Cat
Level 1
Level 1
In response to Oliver Kaiser

‎11-17-2016 06:58 AM

Thanks kaisero, i have been told by one of the Cisco SE that feature should be introduced in some capacity in 6.2 and in it’s entirety in 6.3 (mid-late 2017). 

Thanks again.

0 Helpful

chris.kruslicky
Level 1
Level 1
In response to Silver_Cat

‎02-28-2020 06:56 AM

I'm using FMC "Software Version 6.4.0.4 (build 34)" and can create time-range objects but I see no way to apply them to an APC

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎11-01-2016 03:27 PM

For access policy, I used a time-based ACL on the traffic redirect from the ASA to the SFR module. I'll be deploying it in the next couple of weeks, so I'm not 100% sure it works, but seemed the most logical solution to me.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card