FMC scripts to add, modify, delete objects: hosts, ranges, networks, urls, networgroups, urlgroups and objects within groups
A repository of python scripts to perform some routine changes in Cisco FMC in a more handy, quicker and errors-less way then typically allows us via GUI.
Initially there were lot's of data in Excel spreadsheets provided to me by linux teams. Therefore, it was really quick and handy utilize Excel for composition of required objects and groups for FMC. Thus, it can be used to upload, download, delete, modify thounsands of objects for FMC in several minutes. Additionally these scripts work with child domains.
From the scratch please prepare python virtual environment:
git clone [email protected]:hikarikumo/cisco_fmc_api_via_excel_operations.git or copy required files
cd <repo>
pip install virtualenv (if you don't already have virtualenv installed)
virtualenv venv to create your new environment (called 'venv' here)
source venv/bin/activate to enter the virtual environment
pip install -r requirements.txt to install the requirements in the current environment
It is possible to go straight and just launch main script however in such case the FMC ip address, username and password should be provided as the first inputs to start. Otherwise it is possible to provide proper ip address, username, password within fmc_credentials.yaml file if used (for example) in lab
username: api-user
password: fmcAPIbg001
fmc_ip: 192.168.1.16
Just launch the script and as initial run it will connect to FMC and download all objects, groups except for the system ones. All collected data would be saved as a input Excel file. By default is is called FMC_objects.xlsx. Filenames can be changed within the cfg.py file along with other initial info if needed.
python fmc_main_script.pyFurther subsequent script runs would save all objects, groups data into additional file FMC_downloaded_objects.xlsx. In such way the changes in FMC_objects.xlsx would not be overwritten.
Each domain has two or three Excel Sheets:
- One for objects: hosts, ranges, networks, urls
- Second one for groups of objects i.e. networkgroups
- Third one (if urls are present) for urlgroups
Each object require action column to be filled:
- add
- delete
- modify
Therefore in order to add new hosts it is required to fill the following data within the Excel file. Action field should be add:
object_name object action type
H.TEST.GEN.HOST1 198.18.204.1 add Host
H.TEST.GEN.HOST2 198.18.204.2 add Host
H.TEST.GEN.HOST3 198.18.204.3 add Host
Object Types should be properly specified for the FMC, the proper types can be found below: Host, Network, Range, Url, NetworkGroup, UrlGroup
If action field is not specified or specified incorrectly it would be just skipped.
Similar approach is for creation of object groups. Specify group, object, action and group type:
object_group_name object action type
GP.TEST.GROUP H.TEST.HOST4 add NetworkGroup
GP.TEST.GROUP H.TEST.HOST3 add NetworkGroup
Of course, the objects should be added to objects tab too
Similar approach is for creation of url groups. Specify urlgroup, url, action and urlgroup type:
url_group_name url action type
urlgrp.test https://gmail.com add UrlGroup
urlgrp.test https://google.com add UrlGroup
Of course, the urls should be added to objects tab too
Set action filed to delete:
object_name object action type
H.TEST.GEN.HOST1 198.18.204.1 delete Host
H.TEST.GEN.HOST2 198.18.204.2 delete Host
H.TEST.GEN.HOST3 198.18.204.3 delete Host
Bear in mind that before deletion of the object it shoudl be deleted out of the group first (in case it is used in group).
Set action filed to delete:
object_group_name object action type
GP.TEST.GROUP H.TEST.HOST4 delete NetworkGroup
GP.TEST.GROUP H.TEST.HOST3 NetworkGroup
Change object value. Set action filed to modify:
object_name object action type
H.TEST.GEN.HOST1 198.18.0.111 modify Host
H.TEST.GEN.HOST2 198.18.204.2 Host
H.TEST.GEN.HOST3 198.18.204.3 Host