Snippets for backup and restore for FDM managed Cisco Firepower devices

Why?

The backup&restore methods available via the GUI on the FDM managed devices are limited to import/export within the same version.

It's also a binary file that limits the possibility of editing and/or auditing.

Using the API allows us to download the configuration in a text format and upload again, even modified, and to a device that's not running the exact same patch release.

Snippets

  • fdm-export.py -- Will export the current configuration to a local file (zipped)
  • fdm-import.py -- Allows you to upload a configuration to the FDM device.
  • fdm-list-configs.py -- Lists available/saved configurations on the device.
  • fdm-load-config.py -- Allows you to load the configuration into a candidate configuration ready for a commit.
    • (Does not commit autmatically!)

Installation

Using a virtual environment to run these scripts can be done in the following way:
For Linux:

    python3 -m venv venv
    source venv/bin/activate
    pip install -r requirements.txt

    For Windows:

    python3 -m venv venv
    venv\Scripts\Activate.bat
    pip install -r requirements.txt

How to use...

All snippets will prompt you for the device IP address along with credentials.

fdm-export will only require, and prompt for, IP address and credentials, and will print out the name of the saved file.

fdm-list-configs will only require, and prompt for, IP address and credentials, and will print out the available configs. Take note of the diskFileName.

fdm-import Requires IP address, credentials and a path to a local filename of the configuration. Usually a .txt file

fdm-load-config Requires IP address, credentials and the name of the config as it is displayed in the diskFileName attribute on the FDM device.

gettoken.py It's just here to get an authentication token for manual or troubleshooting purposes with cURL

fdm-export example

> python3 fdm-export.py

Firepower Host(IP): 192.168.1.1

Username: admin

Password:

Waiting 15 sec for job to maybe finish...

Job finished, lets get that file

Download successful

Attempting to write to Exported-at-2020-10-13-12-38-48Z.zip

fdm-import example

> python3 fdm-import.py

Firepower Host(IP): 192.168.1.1

Username: admin

Password:

File name to import: test-upload-config.txt

Response code is: <Response [200]>

fdm-load-config exmaple

> python3 load-config.py
Firepower Host(IP): 192.168.1.1

Username: admin

Password:

File name according to FDM (diskFileName): test-upload-config.txt

<Response [200]>

fdm-list-configs example:

> python3 fdm-list-configs.py

Firepower Host(IP): 192.168.1.1

Username: admin

Password:

{
  "items" : [ {
    "diskFileName" : "test-upload-config.txt",
    "dateModified" : "2020-10-13 11:36:41Z",
    "sizeBytes" : 10931,
    "id" : "default",
    "type" : "configimportexportfileinfo",
    "links" : {
      "self" : "https://192.168.1.1/api/fdm/latest/action/configfiles/default"
    }
  } ],
  "paging" : {
    "prev" : [ ],
    "next" : [ ],
    "limit" : 10,
    "offset" : 0,
    "count" : 10,
    "pages" : 0
  }
}

Future items to consider

  • refine the code so it will not crash on failure
  • check if credentials were valid before proceeding
  • allowing the export script to wait longer or until job is finished.
  • Better feedback on the import and load job results.
  • Validate user input
View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.