07-30-2018 12:27 PM - edited 02-21-2020 08:02 AM
Hello. If I reserve a FMC devnet sandbox environment, it comes with a virtual Firepower NGFW device, a Firepower Threat Defense Device, and a Firepower Management Center. However if I use the API explorer on the FMC in the devnet sandbox, a devices query only shows a single device, the NGFW.
Shouldn't it also show the Threat Defense device? In the sandbox diagram it shows an active bidirectional access mode connection between the Threat Defense and the FMC. It shows the same between the FMC and the NGFW, however only the NGFW shows up as a device with this api query:
GET: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords
Response Text:
{
"links": {
"self": "https://fmcrestapisandbox.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords?offset=0&limit=1"
},
"items": [
{
"id": "2cfbf52a-ad81-11e6-89fc-bf98724a9e06",
"type": "Device",
"links": {
"self": "https://fmcrestapisandbox.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/2cfbf52a-ad81-11e6-89fc-bf98724a9e06"
},
"name": "Firepower_NGFW"
}
],
"paging": {
"offset": 0,
"limit": 1,
"count": 1,
"pages": 1
}
}
Response Info:
Status Code: 200
date: Mon, 30 Jul 2018 19:07:08 GMT
content-encoding: gzip
vary: Accept-Charset,Accept-Encoding,Accept-Language,Accept
server: Apache
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: no-cache, no-store, must-revalidate, max-age=0
transfer-encoding: chunked
connection: Keep-Alive
accept-ranges: bytes
keep-alive: timeout=5, max=100
any suggestions appreciated
07-31-2018 02:21 PM
The devnet sandbox seems to be sending a request for devices with a limit of 1 (look at limit=1 parameter towards the end of the query). This will return only 1 result back and that seems to be the NGFW. Not sure why the FMC api-explorer on devnet is set to this limit. I tried manually adding 2 as limit parameter but it still sends a response with limit set to 1, which makes me believe that the devnet may not be getting the response from an actual spun up FMC.
I tried this on the api explorer on my FMC running 6.2.3.3 and this returns 2 devices without the need of adding an additional parameter.
{ "links": { "self": "https://10.x.x.x/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords?offset=0&limit=2" }, "items": [ { "id": "33c14bbc-26de-11e8-bf08-ec2cd7f4d6cb", "type": "Device", "links": { "self": "https://10.x.x.x/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/33c14bbc-26de-11e8-bf08-ec2cd7f4d6cb" }, "name": "FTD-1" }, { "id": "e589d25c-26dd-11e8-944f-b4ad3f595ea7", "type": "Device", "links": { "self": "https://10.165.83.76/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/e589d25c-26dd-11e8-944f-b4ad3f595ea7" }, "name": "FTD-2" } ], "paging": { "offset": 0, "limit": 2, "count": 2, "pages": 1 } }
08-01-2018 06:36 AM
08-02-2018 05:29 PM
It is possible. Try running some other queries (interfaces, Policies etc) and see if you see any responses that reference the FTD. That would be a good indicator for whether the FTD is registered to the FMC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide