The Cisco FMC Terraform Provider supports bulk operations for certain resources, allowing you to create or delete multiple resources in a single API call. This feature leverages the Secure Firewall Management Center (FMC) API bulk capabilities to improve performance when managing large numbers of objects.

For more details, see the official provider documentation.

Bulk operations provide several key benefits:

• Improved Performance: Significantly faster when managing large numbers of resources
• Reduced API Calls: Fewer requests to the FMC API, reducing load and potential rate limiting issues

By default, all objects are created in individual mode, except for network_groups and policies, which are always created in bulk. YAML definition of resources is common for bulk and non-bulk operation mode, however chaning bulk/individual mode will require objects to be recreated.

In the NAC module, you can enable bulk operations using the nac_configuration settings:

# Enable bulk mode for all supported objects
fmc:
  nac_configuration:
    bulk: true

# Enable bulk mode per object type:
fmc:
  nac_configuration:
    hosts_bulk: true
    networks_bulk: true
    ranges_bulk: true

NOTE: Even if object is labeled as bulk, it may create/delete objects one-by-one. Refresh is always in bulk. Please refer to Terraform resource documentation for details in each individual case.

When using bulk resources, there are some limitations related to dependencies between resources:

When replacing objects that are referenced by other resources (e.g., a host used in a network group), you may encounter dependency conflicts. Terraform cannot:

• Modify the bulk resource first (would break references)
• Modify the dependent resource first (new object doesn’t exist yet)

Solution: Use a staged deployment approach:

1. Stage 1: Add the new object while keeping the old one and update references
2. Stage 2: Remove the old object

When removing objects that are referenced by other resources, you cannot do it in a single step.

Solution: Use a staged deployment approach:

1. Stage 1: Remove references to the object from dependent resources
2. Stage 2: Remove the object itself from the bulk resource