Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3209
Views
5
Helpful
6
Replies

FMC: apply changes to multiple Access Control rules

PAUL GILBERT ARIAS
Level 5
Level 5

‎04-04-2019 10:27 AM - edited ‎02-21-2020 09:00 AM

Is there a way to apply the same change to multiple rules within an access control policy?

Recently I had to enable logging on every single rule withing an access control policy and now I have to enable the IPS policy to every single rule. Is there a way to enable this to all the rules at the same time?

0 Helpful
6 Replies 6

Francesco Molino
VIP Alumni
VIP Alumni

‎04-04-2019 09:27 PM

Hi

This isn't possible.
A workaround would be to script this change by using APIs.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

andrew.butterworth
Level 7
Level 7

‎12-15-2022 03:53 AM - edited ‎12-15-2022 03:54 AM

This is sort of possible, however it seems to be only half implemented.  I've tried it on FMC 6.6.5.2, 7.0.5 and 7.3 and the behaviour is the same on all of them.

Open the ACP, hold down shift, left click the 1st rule, go to the last rule or a rule further in the list and left click again and you will see all lines selected.  Right click over one of the selected rules and a menu appears, click 'edit' and you are presented with options to apply to all selected rules.  Check the box for logging (at the beginning or at the end of the connection) and click OK.  This enabled logging for all the selected rules.  However.....  It doesn't set a destination for the logging.  You then need to go into each rule and click the checkbox for the destination (Event Viewer, Syslog or SNMP trap).  So you are no better off.... 

It works for inspection rules though and you can select the IPS policy to apply to all the rules.

Anyone know if its possible to enable logging for multiple rules AND select a destination for the logs?

Andy

0 Helpful

Karsten Iwen
VIP
VIP

‎12-15-2022 04:04 AM

And another opinion ... ;.)

It is easily doable. The first thing with the logging can be done regardless of the FMC version by adding a Monitor Rule at the beginning.. The other thing is done with the newer FMC versions (7.1+ or 7.2+, not sure which one it was) where the new ACP Editor can be enabled and be used to directly apply the same change to a broad range of ACP rules.

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to Karsten Iwen

‎12-15-2022 04:58 AM

"by adding a Monitor Rule at the beginning."

"new ACP Editor can be enabled and be used to directly apply the same change to a broad range of ACP rules."

Please elaborate?

I can see the option in the new UI to select multiple rules and 'Select Bulk Action', however the same options are presented?

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to andrew.butterworth

‎12-15-2022 05:02 AM - edited ‎12-15-2022 05:02 AM

Oh, bollox...  Just realised the logging requires the 'Log at Beggining/End' to be ticked AND the 'Send Connection Events to:' to have a destination ticked when editing a range of rules.....  Thought the GUI would kick it out if no destination is selected as that's an invalid option.

OK, so question answered.  Not sure about the 'adding a Monitor Rule at the beginning' though?

0 Helpful

Karsten Iwen
VIP
VIP
In response to andrew.butterworth

‎12-15-2022 11:05 AM

You can add a rule at the beginning with the Action "Monitor" It will not decide on any traffic to block or allow, the whole purpose is to add a logging action to the further processing.

KarstenIwen_1-1671130984861.png

And with the bulk action you can easily assign the IPS policy to all selected rules:

KarstenIwen_2-1671131094696.png

 

 

 

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card