Existing Configuration

Version:

You can use object, that are already configured on FMC. Required items need to defined under existing key in your YAML data structure.

Every object defined under existing key, will be created as data source and cannot be modified. This take precedence over resources. I.a. if device is configured both under fmc and exsiting keys, it will be treated as data source.

Note: The file is build using objects from schema.

Diagram

Classes

existing

Name	Type	Constraint	Mandatory	Default Value
fmc	Class	`[fmc]`	No

fmc (existing)

Name	Type	Constraint	Mandatory
domains	List	`[domains]`	No
smart_license	String	max: `255`	No
name	String		No

domains (existing.fmc)

Name	Type	Constraint	Mandatory
name	String		Yes
devices	Class	`[devices]`	No
objects	Class	`[objects]`	No
policies	Class	`[policies]`	No

devices (existing.fmc.domains)

Name	Type	Constraint	Mandatory
devices	List	`[devices]`	No
clusters	List	`[clusters]`	No
ha_pairs	List	`[ha_pairs]`	No
ftd_platform_settings	List	`[ftd_platform_settings]`	No

objects (existing.fmc.domains)

Name	Type	Constraint	Mandatory
applications	List	`[applications]`	No
application_filters	List	`[application_filters]`	No
application_filter_conditions	Class	`[application_filter_conditions]`	No
hosts	List	`[hosts]`	No
networks	List	`[networks]`	No
ranges	List	`[ranges]`	No
network_groups	List	`[network_groups]`	No
urls	List	`[urls]`	No
url_groups	List	`[url_groups]`	No
ports	List	`[ports]`	No
icmp_v4s	List	`[icmp_v4s]`	No
port_groups	List	`[port_groups]`	No
fqdns	List	`[fqdns]`	No
fqdn_groups	List	`[fqdn_groups]`	No
dynamic_objects	List	`[dynamic_objects]`	No
sgts	List	`[sgts]`	No
security_zones	List	`[security_zones]`	No
standard_access_lists	List	`[standard_access_lists]`	No
extended_access_lists	List	`[extended_access_lists]`	No
variable_sets	List	`[variable_sets]`	No
bfd_templates	List	`[bfd_templates]`	No
file_types	List	`[file_types]`	No
file_categories	List	`[file_categories]`	No
ipv4_address_pools	List	`[ipv4_address_pools]`	No
ipv6_address_pools	List	`[ipv6_address_pools]`	No
ise_sgts	List	`[ise_sgts]`	No
endpoint_device_types	List	`[endpoint_device_types]`	No
tunnel_zones	List	`[tunnel_zones]`	No

policies (existing.fmc.domains)

Name	Type	Constraint	Mandatory
alerts	Class	`[alerts]`	No
access_control_policies	List	`[access_control_policies]`	No
ftd_nat_policies	List	`[ftd_nat_policies]`	No
intrusion_policies	List	`[intrusion_policies]`	No
file_policies	List	`[file_policies]`	No
prefilter_policies	List	`[prefilter_policies]`	No
network_analysis_policies	List	`[network_analysis_policies]`	No
health_policies	List	`[health_policies]`	No

devices (existing.fmc.domains.devices)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
vrfs	List	`[vrfs]`	No
bgp_general_settings	List	`[bgp_general_settings]`	No

clusters (existing.fmc.domains.devices)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

ha_pairs (existing.fmc.domains.devices)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

ftd_platform_settings (existing.fmc.domains.devices)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

applications (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

application_filters (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

application_filter_conditions (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory
types	List	`[types]`	No
tags	List	`[tags]`	No
risks	List	`[risks]`	No
categories	List	`[categories]`	No
business_relevances	List	`[business_relevances]`	No

hosts (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

networks (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

ranges (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

network_groups (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	matches: `^[A-Za-z0-9-_\.]+$`	Yes

urls (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

url_groups (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

ports (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

icmp_v4s (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	max: `30`	Yes

port_groups (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

fqdns (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

fqdn_groups (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

dynamic_objects (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

sgts (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

security_zones (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

standard_access_lists (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

extended_access_lists (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

variable_sets (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

bfd_templates (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	Yes

file_types (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

file_categories (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

ipv4_address_pools (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

ipv6_address_pools (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

ise_sgts (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

endpoint_device_types (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

tunnel_zones (existing.fmc.domains.objects)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

alerts (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
syslogs	List	`[syslogs]`	No
snmps	List	`[snmps]`	No

access_control_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_ -]{1,64}$`	Yes

ftd_nat_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_ -]{1,64}$`	Yes

intrusion_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

file_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

prefilter_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

network_analysis_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

health_policies (existing.fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

vrfs (existing.fmc.domains.devices.devices)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
ipv4_static_routes	List	`[ipv4_static_routes]`	No
physical_interfaces	List	`[physical_interfaces]`	No
etherchannel_interfaces	List	`[etherchannel_interfaces]`	No
sub_interfaces	List	`[sub_interfaces]`	No

bgp_general_settings (existing.fmc.domains.devices.devices)

Name	Type	Constraint	Mandatory	Default Value
as_number	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

types (existing.fmc.domains.objects.application_filter_conditions)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

tags (existing.fmc.domains.objects.application_filter_conditions)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

risks (existing.fmc.domains.objects.application_filter_conditions)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

categories (existing.fmc.domains.objects.application_filter_conditions)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

business_relevances (existing.fmc.domains.objects.application_filter_conditions)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

syslogs (existing.fmc.domains.policies.alerts)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

snmps (existing.fmc.domains.policies.alerts)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes

ipv4_static_routes (existing.fmc.domains.devices.devices.vrfs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+-]{1,64}$`	No

physical_interfaces (existing.fmc.domains.devices.devices.vrfs)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

etherchannel_interfaces (existing.fmc.domains.devices.devices.vrfs)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

sub_interfaces (existing.fmc.domains.devices.devices.vrfs)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes

Example configuration:

existing:
  fmc:
    domains:
      - name: Global
        policies:
          intrusion_policies:
            - name: Balanced Security and Connectivity
        objects:
          networks:
            - name: any-ipv4
          ports:
            - name: HTTP