Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
1
Helpful
12
Replies

Postman API calls to Cisco Secure Firewall not retrieving all objects

jaismith
Level 1
Level 1

‎12-10-2024 07:59 AM

Cisco Secure Firewall Version 7.4.2.1 (build 30)

I am trying to get all of our network objects using the following API call

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/object/networks?expanded=true&limit=100

 

    "paging": {
        "offset": 0,
        "limit": 100,
        "count": 70,
        "pages": 1

We have 25 pages and nearly 500 objects, but when I try to run this it only shows 70 objects and will not allow me to offset any higher than 69. It appears there is some limitation preventing me from pulling the remaining objects. Is anyone able to assist with getting all objects pulled from Secure Firewall? Please let me know if you need any more information 

 

Secure Firewall, REST API, Cisco Firepower Management Center (FMC), API
12 Replies 12

bigevilbeard
VIP
VIP

‎12-10-2024 08:22 AM

According to the document for 7.x "The REST API will serve only 25 results per page. This can be increased up to 1000 using the limit query parameter"  There was an old thread on this here https://community.cisco.com/t5/network-security/fmc-api-maximum-objects-1000/td-p/3758869

See what happens if you start with offset=0 and then offset=100, offset=200, and so on, until you have fetched all pages.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

jaismith
Level 1
Level 1
In response to bigevilbeard

‎12-10-2024 08:27 AM

Thank you for the reply. When increasing the offset at 70 or higher it returns a 0 count

    "links": {},
    "paging": {
        "offset": 0,
        "limit": 0,
        "count": 0,
        "pages": 0
    }
 
Here is offset set to 69
 
 "paging": {
        "offset": 69,
        "limit": 1000,
        "count": 70,
        "prev": [
 
        ],
        "pages": 1
    }
}
 
 
0 Helpful

bigevilbeard
VIP
VIP
In response to jaismith

‎12-10-2024 09:24 AM

Interesting i wonder if this might be an issue with how the API handles offsets beyond the total number of objects? If i was doing this Python I would print out the count and length in each iteration and verify the exact number of objects given. Not sure how you do this in Postman tbh.

Are you seeing consistent behavior across different API calls too or just this one?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

jaismith
Level 1
Level 1
In response to bigevilbeard

‎12-11-2024 05:46 AM - edited ‎12-11-2024 05:47 AM

I tested with port objects and it appears to pull all of them. Oddly, it appears to only limit the network objects. The "count" is displayed at the bottom when I send a GET request through postman. 

0 Helpful

bigevilbeard
VIP
VIP
In response to jaismith

‎12-11-2024 06:10 AM

@jaismith nice inconsistent pagination between different object types then, this suggests there might be a potential API bug specific to network object, maybe some hidden configuration limiting network object retrieval or even some unexpected constraint in the network object endpoint.

Ive not found anything else, other than past bugs which said results between what the UI showed and API differed.I did find this code which implies it works (does not say the version tho) https://github.com/CiscoDevNet/fmc-rest-api/blob/master/labs/firepower-restapi-106/3.md

Glancing over this - it shows the pagination Strategy as:

  • Loops 11 times
  • Retrieves 1000 objects per iteration
  • Uses offset calculation: i * 1000
  • Attempts to retrieve all network objects

 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

jaismith
Level 1
Level 1
In response to bigevilbeard

‎12-11-2024 06:53 AM

Getting in touch with my security team to allow this LOL. 

0 Helpful

gerard0796
Level 1
Level 1

‎12-11-2024 07:01 AM

verry good.

0 Helpful

jaismith
Level 1
Level 1
In response to gerard0796

‎12-11-2024 09:41 AM

Firstly, thank you for your suggestion. I was able to get my access and when running the script, I am receiving the same results, making me think this issue isn't with the API call itself. Do you happen to have any other ideas?

0 Helpful

bigevilbeard
VIP
VIP
In response to jaismith

‎12-11-2024 09:55 AM

Sorry @jaismith I maybe missing your ask. You are now using the Python script and it’s give you the same results as Postman was/is?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

jaismith
Level 1
Level 1
In response to bigevilbeard

‎12-11-2024 12:01 PM

It only appears to get only 70 objects, when nearly 500 exist in Secure Firewall. 

0 Helpful

bigevilbeard
VIP
VIP
In response to jaismith

‎12-11-2024 12:12 PM

@jaismith ok, so I think then there is an issue with the api endpoint here

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

jaismith
Level 1
Level 1
In response to bigevilbeard

‎12-11-2024 12:14 PM

Thanks, I will move forward with a TAC case.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card