Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[info request] DHCP relay and access NAT rules #198

Open
giovanniaugusto-cs50 opened this issue May 2, 2024 · 4 comments
Open

[info request] DHCP relay and access NAT rules #198

giovanniaugusto-cs50 opened this issue May 2, 2024 · 4 comments

Comments

@giovanniaugusto-cs50
Copy link

giovanniaugusto-cs50 commented May 2, 2024
edited
Loading

Thank you for your efforts on this,

I would like to know if it is possible to configure DHCP relay, I cannot find any reference for it anywhere, honestly neither in the API explorer.

Also I'd like to access the NAT rules for a specific Policy attached to a firewall to verify that a NAT rule exist before creating it but I am not able to retrieve it.

Furthermore I am not seeing all policy attached to a device or an HA pair while fetching the devicerecord, is there a way to do so?

How to access flexconfig policies?

thanks
@manofcolombia
Copy link
Contributor

Currently not directly supported by this library at this time, but dhcp relay in api explorer(fmc 7.4.1) should be: /api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/dhcp/dhcprelaysettings/{objectId}

NAT policy can be found with FTDNatPolicies class. NAT rules can then be accessed via classes based on nat rule type: AutoNatRules, ManualNatRules, NatRules.

For "all policy attached to a device or an HA pair", try using devicerecords with expanded=True and includeOtherAssociatedPolicies=True. Example found in devicerecords unit_test:

    all_device_records = fmcapi.DeviceRecords(fmc=fmc)
    all_device_records.get(expanded=True, includeOtherAssociatedPolicies=True)
    # Note: attached RAVPN policies output from 'includeOtherAssociatedPolicies=True'
    # have the INCORRECT UUID. Bug ID: CSCwj27112. This can be worked around for now
    # by subtracting 1 from the UUID in the response. This has ONLY been observed with
    # devicerecords api + 'includeOtherAssociatedPolicies=True' + ravpn policies.

@giovanniaugusto-cs50
Copy link
Author

giovanniaugusto-cs50 commented May 2, 2024 via email

@manofcolombia
Copy link
Contributor

Very likely. I have only tested this on 7.4+

@manofcolombia
Copy link
Contributor

Here is what 7.4.1 api explorer looks like for that api endpoint. Also, make sure you are using includeOtherAssociatedPolicies=True WITH expanded=True. I noticed that without expanded includeOtherAssociatedPolicies doesn't work properly. Not sure if that's intended by Cisco or not.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manofcolombia @giovanniaugusto-cs50