cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Script to push/post all static routes on Firepower Management Centre (FMC)

347
Views
10
Helpful
0
Comments

Problem:

When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scratch (assuming there is no FTD backup). In these scenarios if we have 100/1000 of static routes then it is really time consuming to configure them.

Solution:

Anupam, Swati and I have created a script which helps pushing all those static routes on FMC quickly. All we need to do is to get all static routes using this script before we un-register/Reimage the FTD from FMC, then re-add the device on FMC and push those static routes.

Here's the Demo:

1) Preparation:

Step 1: Download the script on PC

Step 2: Make sure python3 is installed on PC and have reachability to FMC on 443)

Step 3: Make sure API is enabled on FMC (System -> Configuration -> Rest API Preference -> Enable REST API )

Step 4: Create a separate user on FMC to use during script execution

Step 5: Make sure proper permission is given to script to execute (This applies specifically if you're executing script from linux machine)

2. Execution:

2a) Routes on FMC for FTD (Total static routes available = 41)

Screenshot 2020-10-24 at 12.53.58 PM.png

 

2b) Get all static routes using script

===========================================================================================

$ python3 auto_static.py
Enter the device IP address: 10.197.212.211
Enter the username of the FMC( recommended to have a separate API User):api
Enter the password of the FMC:
###########################################################
# DEVICE LIST #
###########################################################
1 vFTD-3-Primary
2 vFTD-3-Secondary
###########################################################
Choose the Device (integer value):1
###########################################################

###########################################################
1. Get Route
2. Post Route
Choose the Device (integer value):1
###########################################################
Retrieving all routes,
Please Wait...!
Retrieving all routes from Device
Number of routes in Device: 41
Ensure that the below interface names are created before posting.
> Outside

$

===========================================================================================

Note: This script execution get all static routes and put it in a JSON file "Mod_Routes.json" in the same directory/folder you run it from.

 

2c) Re-registered the FTD to FMC. Static routes are empty as expected.

Screenshot 2020-10-24 at 2.13.55 PM.png

 

2d) POST static routes on FMC

===========================================================================================

$ python3 auto_static.py
Enter the device IP address: 10.197.212.211
Enter the username of the FMC( recommended to have a seperate API User):api
Enter the password of the FMC:
###########################################################
# DEVICE LIST #
###########################################################
1 vFTD-3-Primary
2 vFTD-3-Secondary
###########################################################
Choose the Device (integer value):1
###########################################################

###########################################################
1. Get Route
2. Post Route
Choose the Device (integer value):2
###########################################################
Enter the input JSON file :Mod_Routes.json

###########################################################
Posting routes, please wait!
Post was successful!
###########################################################
$

===========================================================================================

2e) POST is successful, here's the static route config now:

Screenshot 2020-10-24 at 2.33.11 PM.png

Note: After POST is successful, if you're already on static route page then doing a refresh won't show pushed routes. On FMC go to Device->Device Management->Edit Device -> Routing-> Static Routes in order to see all static routes which we just pushed.

 

Script is attached here on this document. Please use it and let us know if any improvement is needed.