Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Firepower API

Firepower Management Center API - Object Management 

 One of my customers, recently migrated to Cisco Firepower Threat Defense. One of the challenges that I ran into was the ASA Configuration migration script from Cisco duplicated objects in Firepower Management Center.

 To delete these objects, required clicking delete for each object. This was a painful and time consuming activity, so I built a python script to delete object utilizing the FMC API. Attached to this blog is a python script that will allow you to delete unused objects. If you need to delete a large number of objects, it will save you time.

  • Firepower API
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

I created a new python script

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the  FMC Python scripts. 

https://github.com/scourge71/fmcapi

4 REPLIES
New Member

I created a new python script

I created a new python script that will utilize the API to create a CSV of the Access Control Policy. See the link below for all the  FMC Python scripts. 

https://github.com/scourge71/fmcapi

Cisco Employee

Jason,

Jason,

Nice scripts. Do you have similar on creating or adding a new access rule to an existing access control policy? Getting the following on my attempt: 

{"error":{"category":"FRAMEWORK","messages":[{"description":"No data."}],"severity":"WARN"}}

Of course, my input JSON is probably not correct, since finding good reference for this has been difficult.

Any pointers to additional test scripts, or docs will be a great.

New Member

michmcda,

michmcda,

 The documentation is lacking. Are you utilizing the api-explorer built-in to Firepower? I ended up do a lot of trial and error with Postman. Check out the links below too. Also, you can post your JSON syntax, so I can look at it. 

Postman:

https://www.getpostman.com

CDW Blog:

http://blog.cdw.com/security/programing-ciscos-firepower-6-1-rest-api

Cisco Employee

michmcda,

michmcda,

To be sure of your code can you also provide the script you are using? Couple pointers:

The method should be PUT with the request URI :

/api/fmc_config/v1/domain/DomainUUID/policy/accesspolicies/id_of_access_policy_you_are_editing

A JSON content example would be : 

{
  "name": "Access Policy to Edit",
  "description": "Test REST API policy",
  "type": "AccessPolicy",
  "id": "id_of_access_policy_you_are_editing",
  "defaultAction": {
    "intrusionPolicy": {
      "id": "id_of_existing_or_new_intrusion_policy",
      "type": "IntrusionPolicy"
    },
"type": "AccessPolicyDefaultAction",
"logBegin": "true/false",
"logEnd": "true/false",
"sendEventsToFMC": "true/false",
"action": "any_allowed_action_enum",
"id": "id_of_default_action", "variableSet": { "id": "id_of_variableSet_to_be_added", "type": "VariableSet" }, "snmpConfig": { "id": "id_of_snmpConfig_object", "type": "SNMPAlert" }, "syslogConfig": { "id": "id_of_syslog_object", "type": "SyslogAlert" }, } }
186
Views
0
Helpful
4
Replies
This widget could not be displayed.