Threat Defense device not showing in FMC api devices query in devnet FMC sandbox

paul.fitzpatrick@logicmonitor. · ‎07-30-2018

Hello. If I reserve a FMC devnet sandbox environment, it comes with a virtual Firepower NGFW device, a Firepower Threat Defense Device, and a Firepower Management Center. However if I use the API explorer on the FMC in the devnet sandbox, a devices query only shows a single device, the NGFW.

Shouldn't it also show the Threat Defense device? In the sandbox diagram it shows an active bidirectional access mode connection between the Threat Defense and the FMC. It shows the same between the FMC and the NGFW, however only the NGFW shows up as a device with this api query:

GET: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords

Response Text:

{
"links": {
"self": "https://fmcrestapisandbox.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords?offset=0&limit=1"
},
"items": [
{
"id": "2cfbf52a-ad81-11e6-89fc-bf98724a9e06",
"type": "Device",
"links": {
"self": "https://fmcrestapisandbox.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/2cfbf52a-ad81-11e6-89fc-bf98724a9e06"
},
"name": "Firepower_NGFW"
}
],
"paging": {
"offset": 0,
"limit": 1,
"count": 1,
"pages": 1
}
}

Response Info:

Status Code: 200
date: Mon, 30 Jul 2018 19:07:08 GMT
content-encoding: gzip
vary: Accept-Charset,Accept-Encoding,Accept-Language,Accept
server: Apache
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: no-cache, no-store, must-revalidate, max-age=0
transfer-encoding: chunked
connection: Keep-Alive
accept-ranges: bytes
keep-alive: timeout=5, max=100

any suggestions appreciated

Rahul Govindan · ‎07-31-2018

The devnet sandbox seems to be sending a request for devices with a limit of 1 (look at limit=1 parameter towards the end of the query). This will return only 1 result back and that seems to be the NGFW. Not sure why the FMC api-explorer on devnet is set to this limit. I tried manually adding 2 as limit parameter but it still sends a response with limit set to 1, which makes me believe that the devnet may not be getting the response from an actual spun up FMC.

I tried this on the api explorer on my FMC running 6.2.3.3 and this returns 2 devices without the need of adding an additional parameter.

{
  "links": {
    "self": "https://10.x.x.x/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords?offset=0&limit=2"
  },
  "items": [
    {
      "id": "33c14bbc-26de-11e8-bf08-ec2cd7f4d6cb",
      "type": "Device",
      "links": {
        "self": "https://10.x.x.x/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/33c14bbc-26de-11e8-bf08-ec2cd7f4d6cb"
      },
      "name": "FTD-1"
    },
    {
      "id": "e589d25c-26dd-11e8-944f-b4ad3f595ea7",
      "type": "Device",
      "links": {
        "self": "https://10.165.83.76/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/e589d25c-26dd-11e8-944f-b4ad3f595ea7"
      },
      "name": "FTD-2"
    }
  ],
  "paging": {
    "offset": 0,
    "limit": 2,
    "count": 2,
    "pages": 1
  }
}

paul.fitzpatrick@logicmonitor. · ‎08-01-2018

Thanks Rahul, I had also tried adding limit=2 as a request parameter with
no effect. I wonder if the spin up of the sandbox omits adding the threat
defense device to the FMC. The diagram indicates they are connected at
least.

Rahul Govindan · ‎08-02-2018

It is possible. Try running some other queries (interfaces, Policies etc) and see if you see any responses that reference the FTD. That would be a good indicator for whether the FTD is registered to the FMC.