Firepower Management Center - import many objects automatically

rafaelteran · ‎06-02-2017

Hi,

I am installing a new Firepower Management Center, and our end customer have many different subnets in their network. Is there any possibility to create the Network Objects automatically or via script? The manual process of creating each network object via GUI would take much time!

Thanks and regards

Marvin Rhoads · ‎06-02-2017

I generally just use the predefined RFC 1918 objects in $HOME_NET unless you really intend to use the specific subnets in granular way.

If you do need them all for use in policies, the API can be used for this purpose.

The API guide is here:

http://www.cisco.com/c/en/us/td/docs/security/firepower/621/api/REST/Firepower_REST_API_Quick_Start_Guide_621/objects_in_the_rest_api.html#id_19416

If you would like some background on using the API, there are some third part resources at the following:

https://www.youtube.com/watch?v=1fsgGnant1U

https://github.com/CiscoDevNet/fmc-rest-api/blob/master/labs/firepower-restapi-101/2.md

The API Guide describes the following:

PUT networks

Request Type: PUT

Description: Modify network objects.

URL: /api/fmc_config/v1/domain/{domain_UUID}/object/networks/{object_UUID}

Permissions: Object Manager>Modify Object Manager

If you would like some background on using the API, there are some third part resources at the following:

https://www.youtube.com/watch?v=1fsgGnant1U

https://github.com/CiscoDevNet/fmc-rest-api/blob/master/labs/firepower-restapi-101/2.md