Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6576
Views
22
Helpful
8
Replies

FMC-Copying Access rules from an ACP and applying those copied rules to another ACP

Narayan Dev Sarma
Spotlight
Spotlight

‎04-16-2020 11:30 AM - edited ‎04-16-2020 11:50 AM

Is there a way in FMC to copy access rules from an ACP and paste those in another ACP which is already loaded with access rules and applied to an FTD. Actually, will have to 2-3 migrations of ASAs to FTD but at different time frames. So, at last need to have all consolidated as one ACP. Tried inheritance policy option but can't modify the copied rules. 

FMC-ver-6.4.04

 

1 person had this problem
0 Helpful
8 Replies 8

Francesco Molino
VIP Alumni
VIP Alumni

‎04-16-2020 08:17 PM

Hi,

There's no way to copy a rule from 1 ACP and paste over another ACP.
The only way would be to use APIs to do so.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Narayan Dev Sarma
Spotlight
Spotlight
In response to Francesco Molino

‎04-17-2020 12:07 AM

Thanks for your reply.

Does FMC offers an API to perform this?

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Narayan Dev Sarma

‎04-17-2020 06:28 PM

There's no 1 api to do copy/paste specifically but using api you can read at rules for 1 ACP and then re-create them into the other ACP.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Narayan Dev Sarma
Spotlight
Spotlight
In response to Francesco Molino

‎04-19-2020 03:37 AM

Thanks. I am still a new learner with APIs but will give a try.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-16-2020 11:14 PM

It's not supported - even in FMC 6.6.

If you use CDO management, it is quite easy to do. However CDO cannot (currently) manage a device that is also FMC-managed.

CDO uses the API to interact with managed devices along the lines @Francesco Molino was referring to.

Narayan Dev Sarma
Spotlight
Spotlight
In response to Marvin Rhoads

‎04-17-2020 12:05 AM

Thanks for your reply
0 Helpful

Anupam Pavithran
Cisco Employee
Cisco Employee

‎09-22-2020 01:30 AM

Hi Narayan,

 

We have created a python script for achieving the same. Please check if it's helpful in you case.

https://community.cisco.com/t5/security-documents/fmc-api-based-tool-merge-two-access-control-policy-s-rules-into/ta-p/4109405

Peter Beshay
Level 1
Level 1

‎05-11-2021 07:48 AM - edited ‎05-11-2021 07:54 AM

the New version 6.7.0 can do the copy from ACP to another ACP or from Prefilter Policy to another Prefilter Policy

"Copy and move rules between access control and prefilter policies"
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/features.html 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card