cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
1
Helpful
3
Replies

Firepower Rest APIs - Access Control Rules

jaismith
Level 1
Level 1

I'm attempting to pull our access policy rules and get the allowed networks and port numbers using REST API. When trying to run the GET request {{baseURL}}/api/fmc_config/v1/domain/{{domainUUID}}/policy/accesspolicies/{{???}}/accessrules I keep getting a 

"No data found for: " 404 error. I have tried HA pair and individual device UUIDs with no luck. Does anyone know what Container UUID the request needs to get the information requested?
3 Replies 3

betliu
Cisco Employee
Cisco Employee

Rest API document: {{protocol}}://{{hostname}}/api/api-explorer/

For example:https://1.2.3.4/api/api-explorer/ (1.2.3.4 is FMC IP address or you can input FMC hostname here)

--------------------------

Device_id is FMC ID which can be found in the browser address after you access 'System>Health>Monitor>FMC'.

betliu_7-1698903624141.png

Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies>Access Control>click one of your policies'.

betliu_8-1698903949425.png

I tested in lab to retrieve access control rules and took screenshots for your reference.

Step1: Generate Token

{{protocol}}://{{hostname}}/api/fmc_platform/v1/auth/generatetoken

betliu_0-1698903493989.png

Then you can find ‘token’ and ‘DOMAIN_UUI’ in headers after you click button ‘Send’

‘token’ and ‘DOMAIN_UUI’ will be used in next step.

betliu_1-1698903493999.png

Step2: Get Access Policy ID which is ‘Container ID’ .

option1: operate in FMC GUI directly

Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies>Access Control>click one of your policies'.

betliu_8-1698903949425.png

option2: operate in postman

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies?limit=1000

betliu_2-1698903494008.png

Input the DOMAIN_UUID generated in last step and other required information in the screenshot, click ‘Send’ button, then we can get ‘id’ which is ‘policy id’ and we also call it ‘Container ID’ in the response body.

betliu_3-1698903494024.png

Step3: get access control rules

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies/{{accesspolicy_id}}/accessrules

betliu_5-1698903494049.png

Input ‘Domian_id’ which was generated in step1 and ‘accesspolicy_id’ (‘Container_uuid’) which was generated in step2, along with authentication and token information, click ‘Try’ button.

Then we can get Access Control Rules information in response body.

betliu_6-1698903494064.png

 

 

 

 

 

 

 

 

I'm going to try this in my lab. Will update.

divitgupta
Level 1
Level 1

This is pretty detailed!