Re: FMC - Rest API POST command: networkgroups not working

aherraez · ‎05-20-2022

Hello,

I am trying to add a new network group object using some existing objects in the FMC but I am receiving the following message:

description":"The group should have atleast one object reference or a literal as override is not enabled."

I am trying to add the following networkgroup object:

{'name': 'Networkgroup_2', 'objects': [{'type': 'host', 'name': 'Host-2', 'id': '000C29A1-CF6B-0ed3-0000-021474836739'}, {'type': 'range', 'name': 'snmp_servers', 'id': '000C29A1-CF6B-0ed3-0000-021474836781'}], 'type': 'NetworkGroup'}

As I know the names of the objects I have searched for the id of that objects to create the data to use in the POST command.

But I am receiving a 400 error message.

What I am doing wrong? How have to be the payload to create the network group object? In the API documentation seems that I only need these three values for each object that I want to add.

Best Regards

Marius Gunnerud · ‎06-01-2022

What is the 400 error you are getting? Your data format looks fine.

The following is the format I have used to add a NetworkGroup which works for me.

object_data1 = {"type" : "Host",

"id" : "000C29F7-A272-0ed3-0000-034359738409",

"name" : "HOST1"

}

object_data2 = {"type" : "Host",

"id" : "000C29F7-A272-0ed3-0000-034359738427",

"name" : "HOST2"

}

objectGrp = {"type" : "NetworkGroup", "name" : "objectGrp2", "objects" : [object_data1, object_data2]}

--
Please remember to select a correct answer and rate helpful posts

mkioga · ‎11-28-2022

Hi Marius.
Thanks a lot for above post.
I am trying to add an FMC NetworkGroup object using ansible and same error message "The group should have atleast one object reference or a literal as override is not enabled".
It looks like we need to add at least one host object to this network group object while creating it.
This is the ansible code I am using. Wondering how you would modify it to add the host object data

- name: POST to create group object "objects_networkgroups_s1""
ansible.builtin.uri:
url: "https://{{server_ip}}/api/fmc_config/v1/domain/sdfgc-edfd-dddd-4444-sksksksksksks/object/networkgroups"
method: POST
headers:
"X-auth-access-token": "{{ auth_access_token }}"
Connection: keepalive
body: {
name: "{{ objects_networkgroups_s1 }}",
type: "{{ object_type }}",
#value: "{{ objects_list_inside_ip_s1 }}",
description: "{{ objects_networkgroups_s1 + ' added via API by Ansible' }}"
}
body_format: json
return_content: yes
status_code: 201
register: added_objects_networkgroups_s1
vars:
object_type: "NetworkGroup"

- name: Print all GET results from creation of Network group object added_objects_networkgroups_s1
ansible.builtin.debug:
msg: "{{ added_objects_networkgroups_s1 }}"

babiojd01 · ‎08-09-2022

I can help you out, what are you using? Python? I have an example for both python and powershell if interested? cisco-firepower-api/Firepower-Network-Object-Multipost.py at master · john-babio/cisco-firepower-api (github.com) Take a look at the items.txt file. If you want the powershell version i can give you that as well.