06-16-2017 09:33 AM - edited 02-21-2020 06:11 AM
Hi all,
I'm now to the FMC API, and FTD in general. I have been tasked with creating an automated process to disable a subinterface on an FTD. I am able to pull the subinterfaces, but do not appear to be able to change the state via the API. I have also tried fplogicalinterfaces, but can't seem to pull any data from that. Is this something that simply isn't supported yet? Any recommendations on alternative ways to disable a subinterface?
06-16-2017 09:40 AM
tmagill_sig,
For getting the details about the subinterfaces you are using the GET method. To enable or disable the subinterface you should be changing the method for the same URI to PUT. The PUT json data should be something like below:
post_data = {"type": "SubInterface",
"vlanId": "50",
"subIntfId": "50",
"enabled": False,
"MTU": 1500,
"managementOnly": False,
"enableDNSLookup": True,
"enableAntiSpoofing": True,
"ifname": "subint_vlan_50",
"name": interface_name,
"ipv4": {
"static": {
"address": ip_address,
"netmask": netmask,
"id":[interface id from the get]
}
}
-Neil
06-16-2017 09:59 AM
Thanks for the quick response!
That is exactly what I tried, but I was getting a URL error. I realized during some testing I had changed it to a POST instead of PUT. I fixed that and it resolved the URL error. What I'm seeing now is:
{"error":{"category":"FRAMEWORK","messages":[{"description":"Request UUID and data does not match."}],"severity":"ERROR"}}
I'm sending the following PUT to shut down the interface:
URL:
https://10.32.2.72/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/7a628088-9f7e-11e6-b3e5-81bddcad0051/subinterfaces/843DC698-7A16-0ed3-0000-188978563388
Payload:
{"enabled": false, "id": "843DC698-7A16-0ed3-0000-188978563388"}
I'm pulling the id directly from the subinterface ['id']. Are there other required values i must send even though they aren't changing? I can't find any documentation on a subinterface PUT, only GET.
06-16-2017 09:59 AM
tmagill_sig,
The URL you are using looks good. You may be on a version of FMC that does not support subinterface configuration. What is the exact version of FMC you are running. I have attached what API explorer should look like with newer versions of FMC.
-Neil
06-16-2017 10:14 AM
I am on 6.1. Sounds like its time for an upgrade!
06-16-2017 10:16 AM
tmagill_sig,
Yes, upgrade to 6.2 would be needed for the subinterface CRUD on the APIs.
Regards,
Neil
06-16-2017 10:20 AM
Thanks! Also, not sure if it matters, but i'm looking at object model in the 6.2.1 docs and it still only shows GET for subinterfaces... That may need to be updated to match the explorer.
One other question that will be relevant after I upgrade. Since this is an HA pair and the container on the PUT is a device, not a devicegroup, do i need to PUT it to both members of the group?
08-25-2017 03:00 AM
Running 6.2.1
As a test, I try changing the name of an Access Control Policy and always get the same error:
{"error": {"messages": [{"description": "Request UUID and data does not match."}], "category": "FRAMEWORK", "severity": "ERROR"}}
payload = {'name': 'test2'}
header = {'x-auth-access-token': token, 'Content-Type': 'application/json'}
Same error with:
results = requests.put(url, json=payload, headers=header, verify=False)
and
results = requests.put(url, data=json.dumps(payload), headers=header, verify=False)
Could it be the same problem as the sub-interface disable issue?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: