Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
5
Helpful
2
Replies

How to often fetch the access rules for a child policy with FMC API

Difan_Zhao
Level 1
Level 1

‎01-27-2023 12:51 PM

I have got another problem I am trying to solve... When I use this URL to get the access rules for a policy, it gets the rules for its parent as well...

 

“/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{accesspolicy_id}/accessrules?limit=500&expanded=True”

 

Is there a way to only get it for the child policy? 

Just in case you are curious about what I am trying to do. I want to duplicate a policy with the same prefilter and inheritance settings and with the same rules but without the Interface Zones in the configuration.

Thanks!

0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎01-27-2023 01:35 PM

The issue is with inheritance from the "parent policy".  So, unless you are able to disable inheritance from the base policy (via GUI or API) then the only other thing you can do to filter out the rules you want is to write a script that extracts the Child Rules for you. i.e. copy the complete Child Policy rules, then delete the Base Policy rules.

--
Please remember to select a correct answer and rate helpful posts

Difan_Zhao
Level 1
Level 1
In response to Marius Gunnerud

‎01-27-2023 03:15 PM

Thanks for confirming Marius! Mind also helping me with my other question about inheritance?

https://community.cisco.com/t5/network-security/how-to-assign-a-parent-base-policy-to-an-access-policy-with-fmc/td-p/4764254

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card