- Clone project repository or download ZIP and extract
- Install required python packages using
pip3 install -r requirements.txt
> python3 fmc_api_tools.py
***********************************************************************************************
* *
* Cisco FMC 6.7+ API Tools (Written for Python 3.6+) *
* *
***********************************************************************************************
***********************************************************************************************
* *
* TOOLS AVAILABLE: *
* *
* 1. Basic URL GET *
* *
* 2. Create Network-Objects in bulk *
* *
* 3. Create Network-Objects in bulk and add to New Object-Group *
* *
* 4. Update IPS and/or File Policy for Access Rules *
* *
* 5. Get Inventory List from FMC *
* *
* 6. Register FTD to FMC *
* *
* 7. Deploy Pending FTDs *
* *
* 8. Migrate Prefilter rules to Access Rules *
* *
* 9. Update Object Group with entries from txt file *
* *
* 10. Export ACP and Prefilter Rules to CSV file *
* *
* 11. Download Snort.org Rules *
* *
* 12. Delete FTDs from FMC using Name or Model search *
* *
* 13. Edit manager config for FTDs in bulk *
* *
***********************************************************************************************
Please Select Tool:
- Basic URL GET
- Create Network-Objects in bulk
- Create Network Objects and Object Groups in bulk
- Update IPS and/or File Policy for Access Rules
- Get Inventory List from FMC
- Register FTD to FMC
- Deploy Pending FTDs
- Migrate Prefilter rules to Access Rules
- Update Object Group with entries from txt file
- Export ACP and Prefilter Rules to CSV file
- Download Snort.org Rules
- Delete FTDs from FMC using Name or Model search
- Edit manager config for FTDs in bulk
USER INPUT NEEDED:
- URI Path (/api/fmc_config/v1/domain/{domain_UUID}/object/networkgroups/{object_UUID})
- Expand output to show details of each object *(Not Supported with {object_UUID} GET)
- Limit output to a specific number of objects *(Not Supported with {object_UUID} GET)
- Save output to JSON file
USER INPUT NEEDED:
-
Select Object type
-
CSV Data Input file
- CSV FORMAT:
- No Header Row & comma delimited
- Can contain Host, Range, Network or FQDN objects, not a combination
- Column0 = ObjectName
- Column1 = Address
USER INPUT NEEDED:
- TXT Data Input file
- Output from ASA "show run object network" AND "show run object-group network"
- Ensure no object names overlap with existing objects
- Ensure nested groups are above groups nesting them
object network Net-1
subnet 10.1.1.0 255.255.255.0
object network Host-1
host 10.1.1.1
object network FQDN-1
fqdn www.google.com
object network Range-1
range 10.1.1.1 10.1.1.255
object-group network Group-1
network-object host 10.1.1.1
network-object 10.2.2.0 255.255.255.0
object-group network Group-2
network-object object Net-1
network-object object Host-1
network-object object FQDN-1
network-object object Range-1
group-object Group-1
USER INPUT NEEDED:
- Select Access Policy
- Apply IPS and File Policy to ALL rules? [y/N]
- Selecting
NOwill apply changes only to rules which currently have IPS/File policy applied
- Selecting
- Select Intrusion Policy and Variable Set
- Selecting
Nonewill NOT remove currently applied policy
- Selecting
- Select File Policy
- Selecting
Nonewill NOT remove currently applied policy
- Selecting
USER INPUT NEEDED:
- Save output to JSON or CSV file
USER INPUT NEEDED:
- FTD IP address
- FTD display name
- FTD CLI username and password
- Select ACP to apply to FTD
USER INPUT NEEDED:
- Deploy FTDs with Traffic Interruption? [y/N]
USER INPUT NEEDED:
- Select Access Policy
- Select Intrusion Policy and Variable Set to apply to ALL converted rules
- Select File Policy to apply to ALL converted rules
USER INPUT NEEDED:
- Object Group Name
- TXT Data Input file
- Supports groups with only IPv4 Host and Network objects
- Text file must contain only host IPs and networks with CIDR notation
10.1.1.1
10.1.1.3
10.1.3.0/24
10.2.2.0/24
Automatically saves CSV file to local directory
Automatically downloads base rules from Snort.org and modifies SID to be imported into FMC
USER INPUT NEEDED:
- Search for FTD by name
- Search for FTD by model
- Verify FTDs to be deleted
USER INPUT NEEDED:
- Primary FMC UUID to edit (obtain from FMC CLI "show version")
- New IP address for Primary FMC
- Secondary FMC UUID to edit (obtain from FMC CLI "show version")
- New IP address for Secondary FMC
- CSV File for FTD SSH details
- CSV FORMAT:
- No Header Row & comma delimited
- Column0 = ftd_hostname
- Column1 = ssh_port
- Column2 = ftd_user
- Column3 = ftd_pass
- Comma separated list of FTD hostnames or IPs (IE. "1.1.1.1, 2.2.2.2, 3.3.3.3")
- FTD SSH port, if not default
- Username and Password for FTD SSH
ftd1.cisco.com,2200,admin,cisco123
ftd2.cisco.com,2201,admin,cisco123
ftd3.cisco.com,2202,admin,cisco123