Hello

I am trying to post/put the access rule to add the application ( eg. Facebook) instead of ports based rule.

I checked the unit test script and don't see the option for the application.

Would it be possible to add the access rule to reference the application instead of the destination port?

Thanks for your help

Looking for help in updating the Mission Statement and Goals for this project. I haven't updated them for a long time but I don't want to "push" any agenda on anyone helping with this project. So, I'd like to use this "issue" ticket to generate discussion on what we should do going forward. https://github.com/daxm/fmcapi/blob/master/docs/MissionStatement%20and%20Goals.md

Describe the bug While using the same fmc object in a loop and posting a set new access rule, it will post every rule before it.

If I am looping 6 new rules, it will post 1 - 12 -123 -1234 -12345 - 123456 for a total of 21 rules created.

To Reproduce Loop creation of access rules while using a with statement of a fmc object.

Expected behavior Only posting 6 rules when supplied 6 rules.

import fmcapi

class Connection(fmcapi.FMC):
    def __init__(
        self,
        host="fmc01",
        username="admin",
        password="Admin123",
        domain='test',
        autodeploy=False,
        file_logging=None,
        logging_level="INFO",
        debug=False,
        limit=1000,
        timeout=15):
        super().__init__(
            host, username, password,
            domain, autodeploy,
            file_logging, logging_level,
            debug, limit, timeout)

    def rule_add(self, rule_list):
        '''
        '''
        if not isinstance(rule_list, list):
            rule_list = [rule_list]

        rule_results = []
        for rule in rule_list:
            rule_details = fmcapi.AccessRules(
                fmc=self, acp_name=rule.access_policy)

          # prep rules

            rule_results.append(rule_details.post())
            print('---')

        return rule_results

Python environment

asttokens==2.0.5
autopep8==1.6.0
backcall==0.2.0
bcrypt==3.2.2
Brotli==1.0.9
certifi==2022.6.15
cffi==1.15.0
charset-normalizer==2.1.0
click==8.1.3
colorama==0.4.5
cryptography==37.0.2
dash==2.5.1
dash-core-components==2.0.0
dash-cytoscape==0.3.0
dash-html-components==2.0.0
dash-table==5.0.0
DateTime==4.4
decorator==5.1.1
diffios==0.0.9
executing==0.8.3
flake8==4.0.1
Flask==2.1.2
Flask-Compress==1.12
fmcapi==20220914.0
future==0.18.2
idna==3.3
ipaddress==1.0.23
ipython==8.4.0
itsdangerous==2.1.2
jedi==0.18.1
Jinja2==3.1.2
MarkupSafe==2.1.1
matplotlib-inline==0.1.3
mccabe==0.6.1
netmiko==4.1.0
networkx==2.8.4
ntc-templates==3.0.0
paramiko==2.11.0
parso==0.8.3
passlib==1.7.4
pickleshare==0.7.5
plotly==5.9.0
prompt-toolkit==3.0.30
pure-eval==0.2.2
pycodestyle==2.8.0
pycparser==2.21
pycryptodome==3.15.0
pyflakes==2.4.0
Pygments==2.12.0
PyNaCl==1.5.0
pyserial==3.5
pytz==2022.1
PyYAML==6.0
requests==2.28.1
scp==0.14.4
six==1.16.0
stack-data==0.3.0
tenacity==8.0.1
textfsm==1.1.2
toml==0.10.2
traitlets==5.3.0
urllib3==1.26.9
wcwidth==0.2.5
Werkzeug==2.1.2
zope.interface==5.4.0

Additional context Add any other context about the problem here.

Is your feature request related to a problem? Please describe. I have a script to add hosts to the group. The script login, get the group, search in the response if the object is already in the group, if not add, if yes skip, finally verify. This involves several get/post/get operations. While executing the script, if another user tries to execute the script again, it will invalidate the first user token, and the first script will lock in an endless loop until the refresh timer.

Describe the solution you'd like If there was a successful first login, then wait a few seconds and try to log in again.

[**Is](url categories.zip )

I made a script for the creation of category in the access policy, however being beginning in python, could check if everything is good (and publish if you want)

Check with FMC 6.6 and 6.5

Best regards

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

I'm trying to create a script to export all the NAT rules into a CSV, but I can't quite get it working the way I want so wondering if you had a working example that you could share?

Describe the solution you'd like A clear and concise description of what you want to happen.

Working Example would be great, or a few pointers?

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

I've looked around and at the module, but can only get a list of the NAT Policies so far not the actual NAT rules. I may be missing something obvious.

Additional context Add any other context or screenshots about the feature request here.

I'm trying to edit existing rules through the API. More specifically all I want to change is switching source and destination zone. I obtain them in following lines:

`acprule = ACPRule(fmc=fmc1, acp_name=acpname) acprule.name = rule['name'] #rule has been obtained from a send_to_api function obtaining all policies in the ACP acprule.id = rule['id'] acprule.get()

                    acprule.sendEventsToFMC = True
                    acprule.logBegin = True
                    acprule.intrusion_policy(action='set', name='IPS-Balanced')
                    acprule.source_zone(action='clear')
                    acprule.destination_zone(action='add', name=src_zone)

                    print(acprule.format_data())

                    acprule.put()`

The rule gets obtained just fine with all metadata in the get function. Printing the format_data also lists that all information from the obtained rule is still there, plus the changes made to the rule. However, when I then try to put the changes to the API, the format_data function called in the API changes "ALLOW" to "BLOCK". Even if I manually set the action to allow before calling the put function.

Do you have any idea how the action-attribute gets lost the moment I call the put function? I'm still quite new to python, but have some experience in programming ... so I'm not sure if it's actually the fmcapi-module or not causing this.

The output of formate_data looks like this:

Before put:
{'id': 'acp_id', 'name': 'ACL_1', 'action': 'ALLOW', 'enabled': True, 'sendEventsToFMC': True, 'logFiles': False, 'logBegin': True, 'logEnd': False, 'variableSet': {'name': 'Default-Set', 'id': 'set_id', 'type': 'VariableSet'}, 'type': 'AccessRule', 'vlanTags': {}, 'sourceNetworks': {'objects': [{'type': 'NetworkGroup', 'name': 'my_group', 'id': 'group_id'}]}, 'destinationNetworks': {'objects': [{'type': 'NetworkGroup', 'name': 'any', 'id': 'group_id'}]}, 'destinationPorts': {'objects': [{'type': 'ProtocolPortObject', 'protocol': 'UDP', 'name': 'my_port', 'id': 'port_id'}, {'type': 'ProtocolPortObject', 'protocol': 'TCP', 'name': 'my_port2', 'id': 'port_id2'}]}, 'ipsPolicy': {'name': 'IPS-Balanced', 'id': 'ips_id', 'type': 'intrusionpolicy'}, 'destinationZones': {'objects': [{'name': 'INTERNET', 'id': 'zone_id', 'type': 'SecurityZone'}]}}

After put:
{'id': 'acp_id', 'name': 'ACL_1', 'action': 'BLOCK', 'enabled': True, 'sendEventsToFMC': True, 'logFiles': False, 'logBegin': False, 'logEnd': False, 'variableSet': {'name': 'Default-Set', 'id': 'set_id', 'type': 'VariableSet'}, 'type': 'AccessRule', 'vlanTags': {}, 'sourceNetworks': {'objects': [{'type': 'NetworkGroup', 'name': 'my_group', 'id': 'group_id'}]}, 'destinationNetworks': {'objects': [{'type': 'NetworkGroup', 'name': 'any', 'id': 'group_id'}]}, 'destinationPorts': {'objects': [{'type': 'ProtocolPortObject', 'protocol': 'UDP', 'name': 'my_port', 'id': 'port_id'}, {'type': 'ProtocolPortObject', 'protocol': 'TCP', 'name': 'my_port2', 'id': 'port_id2'}]}, 'ipsPolicy': {'name': 'IPS-Balanced', 'id': 'ips_id', 'type': 'intrusionpolicy'}, 'destinationZones': {'objects': [{'name': 'INTERNET', 'id': 'zone_id', 'type': 'SecurityZone'}]}}

I would like the ability to easily add/append "comments" to the access rules for each rule change. If this functionality is available, I'm not sure how to use it at the moment.

https://github.com/daxm/fmcapi/blob/master/fmcapi/api_objects/policy_services/accessrules.py

Is your feature request related to a problem? Please describe. I can't fine any documentation about using fmcapi to modify existing objects. I am trying to modify a network group object to add more ip addresses to it. I would also like to modify existing rules to add destination ports or destination addresses

Describe the solution you'd like I would like update documentation with some examples of modifying objects.

I successfully created literals in the networkobjectgroups but that option is missing in portobjectgroups. I see a comment "Technically you can have objects OR literals" but there is no "unnamed" section. I'm just not sure if you can have literals in the portobjectgroup or you just haven't got around to coding it yet. Thanks

I've been poking around with this module for a couple of days now and one thing I can't determine is if you have the ability to post objects in bulk?

I.E. I need to post thousands of individual Hosts, and Networks objects and doing this 1 by 1 takes hour(s).

I skimmed through the few examples but didn't notice any bulk posts, I didn't notice any in the YouTube video either, and VS Code intellisense isn't pointing me to a solution.

Anyway, I love this module. Thank you for writing and maintaining it.

Hello Guys,

First of all, thanks for this

It will be really great to have the ability to add port literals for Access Rules just like we can with source and destination networks. Having to create port objects for access rules has left us with a lot of duplicated port objects.

Thanks.