Re: icmpCode issue

mark.ryan · ‎04-06-2022

Hi,

Anyone else come across this issue? I've not found it detailed anywhere. We're on 6.6.5.1 (build 15) is it fixed it later builds?

When POSTing an ICMP object in the FMC if you use a blank string in the icmpCode field it breaks the API. A GET request for all port objects results in a empty data structure. If that port is then put into a port group any GET requests for port group objects come back empty. Deleting the object from the group and deleting the ICMP object restores service.

In the GUI the icmpCode field is shown as blank rather than Any or 0.

Thanks Mark

Marius Gunnerud · ‎04-06-2022

I have seen this, not with ICMP but with all other fields that specify "any" in the ACP. If the field is to be set to "any" you need to omit the field from the rule configuration you are POSTing. I have not heard of any plan to change this, but then again I am not up to date on everything that goes on in the DevNet field.

--
Please remember to select a correct answer and rate helpful posts

mark.ryan · ‎04-07-2022

Hi,

I forgot to mention that as well. We came across that earlier, it is odd that you can POST an invalid value and effectively render the API useless but if you want to select a valid value you have to omit it?!?!? You get an error for a valid value and there are no checks on invalid values. The only value I believe you can post for icmpCode is 0.

Although the DNAC API is worse. If you want a list over a thousand devices you use paging as the limit is 1000. The issue with that is every GET request returns a random 1000 devices out of say 2000. So if you know there are 2000 you have to keep grabbing random data until you get an individual count of 2000!`