fmcapi icon indicating copy to clipboard operation
fmcapi copied to clipboard
verified publisher icon marksull

Add Destination/Source Ports literals to Access Rules

Open dadelowo367 opened this issue 5 years ago • 5 comments

Hello Guys,

First of all, thanks for this

It will be really great to have the ability to add port literals for Access Rules just like we can with source and destination networks. Having to create port objects for access rules has left us with a lot of duplicated port objects.

Thanks.

dadelowo367 avatar Jan 03 '21 10:01 dadelowo367

You are welcome! Though, I must admit I didn't write that particular bit of the code. Someone in the community did. :-) I don't read an "issue" here but before I close this "issue" I want to ensure I'm not missing something.

daxm avatar Jan 03 '21 16:01 daxm

Yeah, I think is more a feature request than an ''Issue" . Would it be possible to put this request out there, in case someone can help with this.

dadelowo367 avatar Jan 04 '21 10:01 dadelowo367

I'm glad I asked. I mis-read your message and didn't see any request in it. (I know. I've re-read it and it is obvious. I just missed the message's meaning last time.) No guarantee but I'll see if I can look into this.

daxm avatar Jan 04 '21 13:01 daxm

Alas, the online API documentation doesn't explicitly describe whether "literal" is a valid input for AccessRules. I'll have to spin up an FMC and check it from there.

daxm avatar Jan 04 '21 19:01 daxm

I tried to mess around with the API and was able to create Access rules with literal ports. Here is a sample Payload.

{
   "id":"",
   "enableSyslog":false,
   "sourceNetworks":{
      "literals":[
         {
            "type":"FQDN",
            "value":"10.1.1.22"
         },
         {
            "type":"FQDN",
            "value":"10.2.2.11"
         }
      ],
      "objects":[
         {
            "type":"Network",
            "overridable":false,
            "id":"005056BF-4E01-0ed3-0000-021474836483",
            "name":"Sample-Network-1"
         }
      ]
   },
   "destinationNetworks":{
      "literals":[
         {
            "type":"FQDN",
            "value":"10.4.4.88"
         }
      ]
   },
   "logBegin":false,
   "sourcePorts":{
      "objects":[
         {
            "type":"ProtocolPortObject",
            "protocol":"TCP",
            "overridable":false,
            "id":"005056BF-4E01-0ed3-0000-021474836597",
            "name":"demo_port1"
         }
      ]
   },
   "destinationPorts":{
     "literals":[
          {
             "type":"PortLiteral",
             "port":"7600",
             "protocol":"6"
          }
      ],
      "objects":[
         {
            "type":"ProtocolPortObject",
            "protocol":"TCP",
            "overridable":false,
            "id":"005056BF-4E01-0ed3-0000-021474836616",
            "name":"demo_port2"
         }
      ]
   },
   "logEnd":false,
   "variableSet":{
      "name":"Default Set",
      "id":"76fa83ea-c972-11e2-8be8-8e45bb1343c0",
      "type":"VariableSet"
   },
   "logFiles":false,
   "vlanTags":{
      "objects":[
         {
            "type":"VlanTag",
            "overridable":false,
            "id":"005056BF-4E01-0ed3-0000-021474836635",
            "name":"vlan1"
         },
         {
            "type":"VlanTag",
            "overridable":false,
            "id":"005056BF-4E01-0ed3-0000-021474836654",
            "name":"vlan2"
         }
      ]
   },
   "sendEventsToFMC":false,
   "enabled":true,
   "action":"ALLOW",
   "name":"Demo-Rule511",
   "type":"AccessRule"
}
image

dadelowo367 avatar Jan 06 '21 15:01 dadelowo367