12-08-2020 03:12 AM - edited 12-08-2020 03:13 AM
Hello Experts,
I would like to know if it is possible to create access policy rules using NSO (CLI preferably) and the respective FMC NED.
Should ,like FMC REST API, all objects used in the access rules be referenced via their object IDs or you can use object names (and leave name translation to object ID to NSO)?
Any config examples are welcomed.
Thanks a lot
12-08-2020 05:49 AM
You reference all objects using their names and the NED handles the translation of object names to FMC object IDs for you. Below is an example of an FMC access rule from an NSO show run:
devices device lab-fmc
config
cisco-fmc:policy accesspolicies Lab_Policy
categories "Internet Access"
accessrules "General Internet Access"
category "Internet Access"
action ALLOW
sendEventsToFMC false
logFiles false
logBegin false
logEnd false
variableSet name Default-Set
sourceZones objects Lab
!
destinationPorts objects DNS
type PortObjectGroup
!
destinationPorts objects HTTP
protocol TCP
type ProtocolPortObject
!
destinationPorts objects HTTPS
protocol TCP
type ProtocolPortObject
!
destinationPorts objects NTP-TCP
protocol TCP
type ProtocolPortObject
!
destinationPorts objects NTP-UDP
protocol UDP
type ProtocolPortObject
!
destinationPorts objects icmp-any
type ICMPV4Object
!
destinationZones objects UNTRUST
!
sourceNetworks objects Lab
type Network
!
destinationNetworks objects any-ipv4
type Network
!
enabled
!
!
!
!
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide