fmc_find_nat_rules
FMC_Find_NAT_Ruls.py
Finds the NAT Rules by IP Address or Network Groups
Motivation
Currently, there is no option available in FMC for searching the NAT Rules. So the administrator has to go every NAT rule to find the specific rule. In complex environments, it might be difficult to find the same, especially in troubleshooting sessions. This script saves time by searching the NAT Rules.
A tutorial of argparse! .
python3 fmc_find_nat_rules.py -h
usage: fmc_find_nat_rules.py [-h] FMCIP username password {i,g} IPorGroup
A tutorial of argparse!
| Positional arguments | Description |
|---|---|
| FMCIP | IP Address / Hostname of FMC, Please do not add any suffix like- https |
| username | Username of FMC |
| password | password of FMC |
| {i,g} | 'i' for searching with IP Address or 'g' for Group |
| IPorGroup | IP Address / Group to filter the NAT rules |
| optional arguments | -h, --help show this help message and exit |
Features
Search can be based on the IP Address or Network Group.
The search parameter is considered as Original Source/source Group in FMC NAT rules and Original network in the Auto NAT rules.
Scripts consider all instances of IP Addresses and Groups while searching the NAT Rules and displays.
All NAT policies are searched for individual NAT Rules for the match. If-Match is found, scripts return the line number and NAT Rule as well.
The script is written and tested for single domain deployment of FMC.
Technologies & Frameworks Used
FMC APIs are used.
NO Third-Party products or Services are used.
The script is written in Python 3
Installation
- Clone the repo
git clone https://github.com/CiscoSE/fmc_find_nat_rules.git- cd into directory
cd fmc_find_nat_rules- Create the virtual environment in a sub dir in the same directory
python3 -m venv venv- Start the virtual environment and install requirements.txt from the <fmc_find_nat_rules>
source venv/bin/activate pip install -r requirements.txt
- Execute the script as any other Python script form console. Check the reachability to FMC. Script is tested on FMC 6.3.
python fmc_find_nat_rules.py -hAuthors & Maintainers
This is my first script in Python, contact me for any modifications on this script.
Niranjan Kiran Kumar Dhurjaty nidhurja@cisco.com
Extensions
Script can be extended in the following ways.
Search can be restricted to first 3 octets of IPv4 address, so that user may get more flexibility.
Search and list all groups with IP address provided in switch “I”. This will eliminate the requirement of “ Group name search ”.
License
This project is licensed to you under the terms of the Cisco Sample
Code License.
Owner
Contributors
Github contributorsCategories
Products
Secure FirewallProgramming Languages
PythonLicense
Other
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityCisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.