Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
1
Helpful
3
Replies

Firepower Rest APIs - Access Control Rules

jaismith
Level 1
Level 1

‎10-11-2023 08:01 AM

I'm attempting to pull our access policy rules and get the allowed networks and port numbers using REST API. When trying to run the GET request {{baseURL}}/api/fmc_config/v1/domain/{{domainUUID}}/policy/accesspolicies/{{???}}/accessrules I keep getting a 

"No data found for: " 404 error. I have tried HA pair and individual device UUIDs with no luck. Does anyone know what Container UUID the request needs to get the information requested?
0 Helpful
3 Replies 3

betliu
Cisco Employee
Cisco Employee

‎11-01-2023 10:51 PM - edited ‎11-02-2023 11:17 PM

Rest API document: {{protocol}}://{{hostname}}/api/api-explorer/

For example:https://1.2.3.4/api/api-explorer/ (1.2.3.4 is FMC IP address or you can input FMC hostname here)

--------------------------

Device_id is FMC ID which can be found in the browser address after you access 'System>Health>Monitor>FMC'.

betliu_7-1698903624141.png

Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies>Access Control>click one of your policies'.

betliu_8-1698903949425.png

I tested in lab to retrieve access control rules and took screenshots for your reference.

Step1: Generate Token

{{protocol}}://{{hostname}}/api/fmc_platform/v1/auth/generatetoken

betliu_0-1698903493989.png

Then you can find ‘token’ and ‘DOMAIN_UUI’ in headers after you click button ‘Send’

‘token’ and ‘DOMAIN_UUI’ will be used in next step.

betliu_1-1698903493999.png

Step2: Get Access Policy ID which is ‘Container ID’ .

option1: operate in FMC GUI directly

Container_uuid is the access control policy id which can be found in the browser address after you access 'Policies>Access Control>click one of your policies'.

betliu_8-1698903949425.png

option2: operate in postman

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies?limit=1000

betliu_2-1698903494008.png

Input the DOMAIN_UUID generated in last step and other required information in the screenshot, click ‘Send’ button, then we can get ‘id’ which is ‘policy id’ and we also call it ‘Container ID’ in the response body.

betliu_3-1698903494024.png

Step3: get access control rules

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies/{{accesspolicy_id}}/accessrules

betliu_5-1698903494049.png

Input ‘Domian_id’ which was generated in step1 and ‘accesspolicy_id’ (‘Container_uuid’) which was generated in step2, along with authentication and token information, click ‘Try’ button.

Then we can get Access Control Rules information in response body.

betliu_6-1698903494064.png

 

 

 

 

 

 

 

 

asadabbasawan
Level 1
Level 1
In response to betliu

‎12-04-2023 09:42 AM

I'm going to try this in my lab. Will update.

0 Helpful

divitgupta
Level 1
Level 1

‎11-02-2023 10:18 PM

This is pretty detailed!

0 Helpful
Customers Also Viewed These Support Documents