Code ExchangeSearchRepository

Firepower Management Center - Dynamic Object Updater

This code repository contains a script to automatically update FMC dynamic objects using information from a DNS zone transfer.

This script will:

  • Request zone transfer for a target domain
  • Query FMC dynamic objects to inspect current contents
  • Compare results to determine addresses to add/remove from FMC object
  • Modify FMC object to add/remove addresses

Contacts

Solution Components

  • Cisco Firepower Management Center

Installation/Configuration

[Step 1] Clone repo:

git clone <repo_url>

[Step 2] Install required dependancies:

pip install -r requirements.txt

[Step 3] Configure required variables:

Configure the following values within fmc_dynamic_object_updater.py:

#######################
# Set FMC details & login credentials:
USERNAME = "<FMC USER>"
PASSWORD = "<FMC PASSWORD>"
FMC = "<FMC ADDRESS>"

# FMC Dynamic object name to domain name mappings
# Example:
#  DOMAIN_INFO = {"fmc_object_name": "corp_domain.local"}
DOMAIN_INFO = {
    "corp_domain_ip_list": "test.local",
    "lab_domain_ip_list": "lab.test.local",
}
#######################

Usage

Run the script with python3 fmc_dynamic_object_updater.py

The script will then:

  • Find nameservers for each domain
  • Request zone transfer information for each domain
  • Store all unique IP addresses for any DNS A records
  • Query FMC to locate matching dynamic objects
  • Store current contents of dynamic objects
  • Compare zone transfer data with current contents of dynamic object
  • Build list of addresses to add or remove from dynamic object
  • Push requested changes to FMC

Screenshots

Example of script execution:

/IMAGES/example_output.png

LICENSE

Provided under Cisco Sample Code License, for details see LICENSE

CODE_OF_CONDUCT

Our code of conduct is available here

CONTRIBUTING

See our contributing guidelines here

DISCLAIMER:

Please note: This script is meant for demo purposes only. All tools/ scripts in this repo are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. Any use of these scripts and tools is at your own risk. There is no guarantee that they have been through thorough testing in a comparable environment and we are not responsible for any damage or data loss incurred with their use.
You are responsible for reviewing and testing any scripts you run thoroughly before use in any non-testing environment.

View code on GitHub
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.