Unable to get access-rule from FMC API

Garfield · ‎07-05-2018

Hey everyone,

I'm running FMC 6.2.3.2 and I'm unable to get the data of a specific access-rule.

When I go in the api-explorer to Policy > accesspolicies and do a Get of my access-policies I get all the access-policies UUID's. When I put the UUID of the access-policy in the Container UUID and do a GET of the accessrules I get the list of UUID's of all the rules.

When I now do a GET on a specific access-rule UUID I get an Error: "description": "Resource not found. Please check the UUID passed in url."

Is anyone else facing the same issue?

Thanks

Garfield · ‎08-01-2018

Hey Everyone,

I opened a TAC case on this and it's not a bug it's a feature :).

Let me explain. I was using a nested policy. So in the api explorer I did a GET of all ACP's (access control policy). The access-rules I wanted to query were in a child ACP. So I entered the UUID of the ACP into the container field and did a GET of the access-rules.

This gives you ALL access-rules. So both the rules from the parent ACP as the rules from the child. The same as when you would click the ACP in the GUI.

However when you now take the UUID of an access-rule that is part of the parent ACP and do a GET on that you will get an error, because that UUID is not strictly part of the child ACP.

This makes sense but it's quite unfortunate as it takes quite some extra code from my end to automate this. I need to do a GET on the child ACP and check if there is a parent ACP. Then iterate first through the parent and it's access-rules. Then go to the child and iterate through the rules there and omitting the ones from the parent as they will throw an error.

I think this is quite cumbersome. If anyone has a better way of doing this kind of GET please let me know.