NAME

Net::Cisco::FMC::v1 - Cisco Firepower Management Center (FMC) API version 1 client library

VERSION

version 0.010000

SYNOPSIS

use strict;
use warnings;
use Net::Cisco::FMC::v1;
use Data::Dumper::Concise;

my $fmc = Net::Cisco::FMC::v1->new(
    server      => 'https://fmcrestapisandbox.cisco.com',
    user        => 'admin',
    passwd      => '$password',
    clientattrs => { timeout => 30 },
);

# login to populate domains
$fmc->login;

# list all domain uuids and names
print Dumper($fmc->domains);
# switch domain
$fmc->domain_uuid("e276abec-e0f2-11e3-8169-6d9ed49b625f");

DESCRIPTION

This module is a client library for the Cisco Firepower Management Center (FMC) REST API version 1. Currently it is developed and tested against FMC version 7.2.0.1.

ATTRIBUTES

domains

Returns a list of hashrefs containing name and uuid of all domains which gets populated by "login".

domain_uuid

The UUID of the domain which is used by all methods.

METHODS

login

Logs into the FMC by fetching an authentication token via http basic authentication.

relogin

Refreshes the session by loging in again (not using the refresh token) and restores the currently set domain_uuid.

logout

Logs out of the FMC.

create_accessrule

Takes an access policy id, a hashref of the rule which should be created and optional query parameters.

list_accessrules

Takes an access policy id and query parameters and returns a hashref with a single key 'items' that has a list of access rules similar to the FMC API.

get_accessrule

Takes an access policy id, rule id and query parameters and returns the access rule.

update_accessrule

Takes an access policy id, rule object, a hashref of the rule and an optional hashref of query parameters and returns a hashref of the updated access rule.

delete_accessrule

Takes an access policy id and a rule object id.

Returns true on success.

create_accesspolicy_category

Takes an access policy id, a hashref of the category which should be created and optional query parameters.

list_accesspolicy_categories

Takes an access policy id and query parameters and returns a hashref with a single key 'items' that has a list of categories similar to the FMC API.

get_accesspolicy_category

Takes an access policy id, category id and query parameters and returns the category.

update_accesspolicy_category

Takes an access policy id, category object, a hashref of the category and an optional hashref of query parameters and returns a hashref of the updated category.

delete_accesspolicy_category

Takes an access policy id and a category id.

Returns true on success.

list_deployabledevices

Takes optional query parameters and returns a hashref with a single key 'items' that has a list of deployable devices similar to the FMC API.

create_deploymentrequest

Takes a hashref of deployment parameters.

Returns the created task in the ->{metadata}->{task} hashref.

get_task

Takes a task id and returns its status.

wait_for_task

Takes a task id and an optional callback and checks its status every second until it isn't in-progress any more. The in-progress status is different for each task type, currently only 'DEVICE_DEPLOYMENT' is supported. The callback coderef which is called for every check with the task as argument.

Returns the task.

cleanup_protocolport

Takes a ProtocolPortObject and renames it to protocol_port, e.g. tcp_443. If it has no port 'any' is used instead of the port number no avoid 'predefined name' errors. Returns the ProtocolPortObject with the updated attributes.

cleanup_icmpv4object

Takes a ICMPv4Object and renames it to protocol_type[_code], e.g. icmp_8_0. If it has no code only protocol and type is used.

cleanup_hosts

• removes '_Mask32' from the name
• removes the description if it is 'Created during ASA Migration'

create_cleaned_accesspolicy

Takes an access policy name and a hashref of optional arguments.

Optional arguments

• target_access_policy_name

  Defaults to access policy name with the postfix '-cleaned'.

• rule_name_coderef

  Gets passed the rule number and rule object and must return the new rule name.

Creates a new access policy with the target name containing all rules of the input access policy but cleaned by the following rules:

• the commentHistoryList is omitted

• replace autogenerated DM_INLINE_ NetworkGroups by their content

  Only if they don't contain more than 50 items because of the current limit in FMC.

• replace autogenerated DM_INLINE_ PortObjectGroups by their content

• optional: the rule name is generated

  By passing a coderef named 'rule_name_coderef' in the optional arguments hashref.

The new access policy is created with a defaultAction of:

action          => 'BLOCK'
logBegin        => true
sendEventsToFMC => true

This is mainly for access policies migrated by the Cisco Firepower Migration Tool from a Cisco ASA.

Supports resuming.

KNOWN BUGS

Older FMC versions have bugs like:

• truncated JSON responses

  No workaround on client side possible, only a FMC update helps.

• no response to the 11th call (version 6.2.2.1)

  No workaround on client side because newer FMC versions (at least 6.2.3.6) throttle the login call too.

• accessrule is created but error 'You do not have the required authorization to do this operation' is thrown (version 6.2.2)

  No workaround on client side possible, only a FMC update helps.

AUTHOR

Alexander Hartmaier [email protected]

COPYRIGHT AND LICENSE

This software is copyright (c) 2018 - 2024 by Alexander Hartmaier.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.