Comments in access policy rules

tbarton · ‎05-03-2017

I've just begun using the REST API for FMC Version: 6.2.0 to provision access policy rules into a Firepower. This has been a bit of a guessing game, because the API Explorer doesn't seem to cover rules, much less proper JSON for creating them. So far, I've had good luck creating all aspects of the rules, with one small hitch. I can't seem to figure out how to add comments. Could someone paste the appropriate JSON? Certain other aspects of the rule, for instance the id, are auto-generated by the system and must be left out of the POST. Thinking this might be the case with comments; I've tried leaving out the timestamp, user, etc from inside the comment history, but this doesn't seem to help.

Best regards and thanks in advance for any assistance.

tbarton · ‎05-08-2017

Is there anything that I could do to clarify the problem I'm having?

byakamovich-NSP1 · ‎06-06-2017

Hello,

Using JSON has been a challenge for me as well. I do not have an answer for you as I am trying to figure out how to create and load objects and rules using this method.

Is there any code that you could share? I have to recreate about 500 rules that the SF ASA conversion utility did not convert.

Thanks very much

tbarton · ‎06-09-2017

How's your java? I might have some code that I could share, but it wouldn't be helpful unless you were pretty fluent.

aniortegr · ‎06-23-2017

Exactly the same for me. Unable to add a comment on an accessrule via REST\API

I've seen the "commentHistoryList" but it doesn't seem to add the comment...

Anyone have an idea how to do this ?

Thanks.

Oliver Kaiser · ‎08-15-2017

I had to reverse engineer the java code used for the rest api to find this out... been struggling a few months back with the same issue.

From what I have found you need to have a dictionary named 'newComments', I have not found any way to update 'commentHistoryList' and had to delete the commentHistoryList and add 'newComments' if I wanted to add/update a rule that had comments.

Hope that helps. :)

tbarton · ‎08-16-2017

Could you post a JSON example?

neipatel · ‎08-16-2017

I have attached an example to this with the last section of the access rule showing the newComment field.

In the 6.2.1 release of Firepower Management Center the "example" button for POST operations in the access rule section of API Explorer now contains this same example.

Regards,

Neil

Oliver Kaiser · ‎08-16-2017

*hint* *hint* feature request...

remove newComments and make commentHistoryList editable. :)

scotttaylor · ‎10-10-2017

I'm attempting to add a comment by modifying an existing rule using a PUT. JSON is as follows:

{ "newComments": [
"comment1",
"comment2"
] }

which returns the following:

"Request UUID and data does not match."

Does anyone know what is needed here if doing a PUT? I've tried adding in other portions such as name and type, but it isn't taking.

scotttaylor · ‎10-10-2017

Figured it out - the content requires the ID to be passed in. Seems redundant to me as it's also used as part of the path in the call as well.