Closed alxgarder closed 10 months ago
snetlamu
commented
11 months ago The terraform provider uses the FMC's REST API to create the resources. Due to current limitations in the API, literal values for ports in access rules are not supported yet.
Thank you for reporting it and bringing this to our notice, we will implement it when the API starts supporting it.
alxgarder
commented
8 months ago Im not sure I understand. Are you talking about the current FMC rest api? Cause that does implement literals for destination ports.
Example:
curl -k -X 'POST' \
"https://host/api/fmc_config/v1/domain/$DOMAIN_UUID/policy/accesspolicies/$ACCESS_POL/accessrules" \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H "X-auth-access-token: $AUTH_TOKEN" \
-d "{
\"action\": \"ALLOW\",
\"enabled\": true,
\"type\": \"AccessRule\",
\"name\": \"Rule with Literals\",
\"sendEventsToFMC\": false,
\"logFiles\": false,
\"logBegin\": false,
\"logEnd\": false,
\"destinationPorts\": {
\"literals\": [
{
\"type\": \"PortLiteral\",
\"port\": \"443\",
\"protocol\": \"6\"
}
]
}
}"The above produces a new rule with destination port TCP/443.
snetlamu
commented
8 months ago Apologies for the confusion caused. We've added support for port literals which should be merged soon and available for use in the next release. Thanks for commenting on the issue!
I dont see that I can do destination port literals on an access rule (fmc_access_rules). Is there no way to do ports without named ports within port-group added to the access rule?
Seems over complicated to do: "fmc_port_objects -> fmc_port_group_objects -> fmc_access_rules" to add simple ports to a rule.
Am I missing something?