cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4354
Views
5
Helpful
7
Replies

Import Multiple URLs to FirePower

TDBAKERJR
Level 1
Level 1

Is there still no way to import multiple URLs into a firepower policy???  I have over 100 I need to enter and will need to update.  

7 Replies 7

syeda3
Level 1
Level 1

Yes you are right there is no direct way to import a object file with multiple URL's on one go. If you want to block or permit certain url's then you have to do that manually otherwise if you want you can do that based on url categories .

Cisco really needs to come up with a way for us to do a bulk upload. I copy/pasted 300 urls today as a part of a migration we are doing. We operate in a very restrictive environment and only allow explicit access. Categories and Whitelists will not work for this.

Claudiu Cismaru
Cisco Employee
Cisco Employee

You can have only Security Intelligence for URL List / Feed in Objects...

Does it help? Or to have URL group objects...

noisey_uk
Level 1
Level 1

You can use the REST API to do this (and other bulk operations) relatively easily.

Useful links:

https://<FMC IP>/api/api-explorer/#featureect/urlgroups_POST

https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api.html

and Google

You can use Postman for more complicated things but the built in GUI works fine for a lot of things. I just used this method to create a URL group with 500 entries.

 

This is an example of the JSON you'd post in the API console body at https://<FMC IP>/api/api-explorer/#featureect/urlgroups_POST:

 

{
"name": "testurlgroup",
"literals": [
{
"type": "Url",
"url": "www.google.com"
},
{
"type": "Url",
"url": "www.cisco.com"
}
],
"type": "UrlGroup"
}


@noisey_uk wrote:

You can use the REST API to do this (and other bulk operations) relatively easily.

Useful links:

https://<FMC IP>/api/api-explorer/#featureect/urlgroups_POST

https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api.html

and Google

You can use Postman for more complicated things but the built in GUI works fine for a lot of things. I just used this method to create a URL group with 500 entries.

 

This is an example of the JSON you'd post in the API console body at https://<FMC IP>/api/api-explorer/#featureect/urlgroups_POST:

 

{
"name": "testurlgroup",
"literals": [
{
"type": "Url",
"url": "www.google.com"
},
{
"type": "Url",
"url": "www.cisco.com"
}
],
"type": "UrlGroup"
}


Thank you for this! Been banging my head against the wall trying to figure out how to use this API stuff. Question though. I have a Word Document full of URLs that I need to enter into this. Copy and pasting them into this JSON format to POST into the API is just as time consuming as manually inputting them in the GUI. Anyone know an easy way to transfer a couple hundred URLs from a Word Document into the above JSON Format ready to POST into the FirePower API?

I've actually changed from using Postman to scripting in Python for interacting with the Firepower API. It's pretty frustrating and took me about a day to script something which updated the Intrusion Policy applied to bulk rules.  But once you get your head around it, it's pretty powerful. You could also use Python to parse your Word document into the JSON format as part of this. I know that's not the quick, easy fix you were probably looking for, but APIs are the future and Python is fast becoming the standard to leverage them... so now's an ideal time for you to start.

If someone important in Cisco reads this: it would be really useful if you could provide some sample Python scripts for common tasks like this. With good inline, critically peer-reviewed comments.

I used excel and notepad++ to do this in my case. Place all the urls in one column in Excel and use the SUBSTITUTE function to replace the string "REPLACE" with the actual URL in the following block.

{
"type": "Url",
"url": "REPLACE"
},

 

Then use notepad++ to clean this out last "," and add remaining blocks.

Review Cisco Networking for a $25 gift card