def main():
'''
The purpose of this program is to configure a new network object using
standard naming conventions. The ASAAAA class is used to establish a session,
the ASARouting class is used to collect the current routes, and the ASAObject
class is used to configure the new network object. The other functions are
used to handle formatting. This is similar to a 'object network name' from
the CLI of a Cisco ASA.
Print:
The configuration result: A 201 means the configuration was applied,
other codes indicate an issue with the request. Failures do print
the code, reason, and content of the response.
Example:
(py3) C:\\asa_api_tests>python asa_configure_object_network.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
What is the value of the new object? EX: 192.168.1.0/24# 192.168.6.98/32
Please provide the host or network name# LABDB002
POST OBJECT CONFIG STATUS_CODE: 201 OK
ASA CLI Config Results in:
object network lab-network-192.168.6.98_32
host 192.168.6.98
description LABDB002
'''
asa = input('What ASA do you want to configure? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
routes = ASARouting(asa, header)
asa_routes = routes.asa_get_all_static_routes().text
sorted_routes = sort_routes(json.loads(asa_routes)['items'])
config = config_variables()
used_route = route_used(sorted_routes, config['host'])
key = determine_obj_key(config['host'])
obj_name = make_name(key, used_route, config['host'])
if '/32' in config['host']:
config['host'] = config['host'].split('/')[0]
net_obj = ASAObject(asa, header)
config_obj = net_obj.asa_create_network_object(obj_name, config['host'], config['desc'])
if config_obj.ok:
print("\nPOST OBJECT CONFIG STATUS_CODE: {} OK\n".format(config_obj.status_code))
else:
print("\nPOST OBJECT CONFIG FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}".format(
config_obj.status_code, config_obj.reason, config_obj.content))
def main():
'''
The purpose of this program is to list out the configured network objects.
The ASAAAA class is used to establish a session, and the ASAObject class
is used to collect then network objects. The other functions are used to
handle formatting. This is similar to a 'show run object network' from the
CLI of a Cisco ASA.
Print:
The network objects configured on the given ASA.
Example:
(py3) C:\\asa_api_tests>python asa_get_object_network.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
GET NETWORK OBJECT STATUS_CODE: 200 OK
lab-server-192.168.6.8_32
lab server
192.168.6.8
weblab-range-192.168.12.7_20
Weblab Range for HTTP Servers
192.168.12.7-192.168.12.20
securelab-network-192.168.11.44_32
LABWSWP00023
192.168.11.44
weblab-network-192.168.12.64_26
Weblab HTTPS Servers
192.168.12.64/26
'''
asa = input('What ASA do you want to view? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
asa_objects = ASAObject(asa, header)
net_objects = asa_objects.asa_get_network_objects()
if net_objects.ok:
print("GET NETWORK OBJECT STATUS_CODE: {} OK \n".format(
net_objects.status_code))
net_objects_json = json.loads(net_objects.text)['items']
print_net_objects(net_objects_json)
else:
print(
"GET NETWORK OBJECTS FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(net_objects.status_code, net_objects.reason,
net_objects.content))
def main():
'''
The purpose of this program is to list out an interface's confiugration.
The ASAAAA class is used to establish a session, and the ASAInterface class
is used to collect the Interface configuration. The other functions are used
to handle formatting. This is similar to a 'show run interface x/y' from the
CLI of a Cisco ASA.
Print:
The given interface's configuration on the given ASA.
Example:
(py3) C:\\asa_api_tests>python asa_get_interface_phys.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
What interface would you like to view?
['GigabitEthernet0/2', 'Management0/0', 'GigabitEthernet0/1',
'GigabitEthernet0/0']: GigabitEthernet0/1
Interface GigabitEthernet0/1
to lab 5K
securelab
192.168.10.1 255.255.255.0
Security: 40
Speed: auto
Duplex: auto
'''
asa = input('What ASA would you like to view? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
intfc = input('What interface would you like to view?\n{}: '.format(used_intfcs_hardware_id(asa, header)))
asa_intfc = ASAInterface(asa, header)
intfc_config = asa_intfc.asa_get_phys_interface(intfc)
if intfc_config.ok:
intfc = sort_intfc(json.loads((intfc_config.text)))
print('\nInterface {}\n {}\n {}\n {}\n Security: {}\n Speed: {}\n Duplex: {}'.format(
intfc['intfc'], intfc['desc'], intfc['name'], intfc['ip'],
intfc['level'], intfc['speed'], intfc['duplex']))
else:
print("GET Interface FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}".format(
intfc_config.status_code, intfc_config.reason, intfc_config.content))
def main():
'''
The purpose of this module is to configure a new static route on a Cisco ASA.
The ASAAAA class is used to establish a session, and the ASARouting class is
used to collect the currently used to POST the new route configuration to the
ASA. The other functions are used to collect configuration and handle formatting.
This is similar to a 'route interface_name network subnet_mask gateway' from the
CLI of a Cisco ASA.
Print:
The configuration result: A 201 means the configuration was applied,
other codes indicate an issue with the request. Failures do print
the code, reason, and content of the response.
Example:
(py3) C:\\asa_api_tests>python asa_configure_static_route.py
What ASA would you like to modify? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
What Network would you like to route? EX 192.168.1.0/24: 192.168.100.0/24
What is the gateway used to reach this network? 192.168.1.9
What interface name is used to reach this network?
['weblab', 'management', 'securelab', 'lab'] lab
POST ROUTE CONFIG STATUS_CODE: 201 OK
'''
asa = input('What ASA would you like to modify? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
config = config_variables(asa, header)
route = ASARouting(asa, header=header)
config_route = route.asa_add_static_route(config['network'],
config['gateway'],
config['zone'])
if config_route.ok:
print("\nPOST ROUTE CONFIG STATUS_CODE: {} OK\n".format(
config_route.status_code))
else:
print(
"\nPOST ROUTE CONFIG FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(config_route.status_code, config_route.reason,
config_route.content))
def main():
'''
The purpose of this program is to configure a new interface on an ASA.
The ASAAAA class is used to establish a session, and the ASAInterface
class is used to configure the Interface. The other functions are used
to handle formatting.
Print:
The configuration result: A 201 means the configuration was applied,
other codes indicate an issue with the request. Failures do print
the code, reason, and content of the response.
Example:
(py3) C:\\asa_api_tests>python asa_configure_interface.py
What ASA would you like to configure? 10.10.10.5
What interface would you like to configure? GigabitEthernet0/3
What is the secuirity level of the interface? 70
What is the name of the interface? test
What is the IP address of the interface? 192.168.1.25
What is the Mask for this address? 255.255.255.248
Please enter a description? test desc
What is your username? username
Enter your password:
LOGIN STATUS_CODE: 204 OK
POST INTERFACE CONFIG STATUS_CODE: 204 OK
'''
asa = input('What ASA would you like to configure? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
config = config_variables(asa, header)
interface = ASAInterface(asa, header)
config_interface = interface.asa_config_phys_interface(
config['interface'], config['security_level'], config['name'],
config['ip_address'], config['net_mask'], config['description'])
if config_interface.ok:
print("\nPOST INTERFACE CONFIG STATUS_CODE: {} OK\n".format(
config_interface.status_code))
else:
print(
"\nPOST INTERFACE CONFIG FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(config_interface.status_code, config_interface.reason,
config_interface.content))
def main():
'''
The purpose of this program is to list out the configured static routes.
The ASAAAA class is used to establish a session, and the ASARouting class
is used to collect the Routing configuration. The other functions are used
to handle formatting. This is similar to a 'show run route' from the CLI
of a Cisco ASA.
Print:
The static routes configured on the given ASA.
Example:
(py3) C:\\asa_api_tests>python asa_get_routes.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
Network 192.168.20.0/23 is reachable via 192.168.1.9 over interface
GigabitEthernet0/0 in zone lab
Network any4 is reachable via 10.1.1.1 over interface Management0/0
in zone management
Network 192.168.6.0/23 is reachable via 192.168.1.9 over interface
GigabitEthernet0/0 in zone lab
Network 192.168.12.0/23 is reachable via 192.168.1.17 over interface
GigabitEthernet0/2 in zone weblab
'''
asa = input('What ASA do you want to configure? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
routes = ASARouting(asa, header)
configured_routes = routes.asa_get_all_static_routes()
if configured_routes.ok:
configured_routes_json = json.loads(configured_routes.text)
print_routes(configured_routes_json['items'])
else:
print(
"GET STATIC ROUTES FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(configured_routes.status_code, configured_routes.reason,
configured_routes.content))
def main():
'''
The purpose of this program is to list out the inbound ACL policy for a particular
interface. The ASAAAA class is used to establish a session, the ASAInterface class
is used to provide a list currently used interfaces, and the ASAACL class is used
to collect the policy for the given interface. The other functions are used to handle
formatting. This is similar to a 'show run access-list acl_name' from the CLI of a
Cisco ASA.
Print:
The active policy entries for the particular interface is printed out in the format:
(permit or deny) source (source) destination (destination) protocol (protocol[/port])
Example:
(py3) C:\\asa_api_tests>python asa_get_policy.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
What interface's would you like to view?
['weblab', 'management', 'securelab', 'lab'] lab
permit source 10.1.1.22 destination any protocol ip
permit source 10.1.1.53 destination 10.2.2.22 protocol udp
permit source 10.1.1.28 destination 10.2.2.33 protocol icmp/echo
permit source 10.1.1.28 destination 10.2.2.0/24 protocol web_protos
permit source 10.1.1.29 destination web_servers protocol tcp/http
'''
login_cred = ASAAAA(asa=input('What ASA do you want to view? '))
header = login_cred.asa_login()
intfc = input("What interface's would you like to view?\n{} ".format(
used_intfcs_name(login_cred.asa, header)))
print()
acl = ASAACL(login_cred.asa, header)
policy = acl.asa_get_acl_access_in(intfc)
if policy.ok:
policy_json = json.loads(policy.text)
print_acls(policy_json['items'])
else:
print("GET POLICY FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: ".format(
policy.status_code, policy.reason, policy.content))
def main(csv):
'''
The purpose of this program is to configure new lines of policy to
existing ACLs on a Cisco ASA. The ASAAAA class is used to establish a
session, the ASAObject and ASARouting classes are used to help determine
which interface the source object group is associated with, and the ASAACL
class is used to POST the new ACL configuration policy. The other functions
are used to collect configuration and handle formatting. This is similar to
an 'access-list acl_name remark remark' and 'access-list acl_name extended
[permit,deny] source destination service log' from the CLI of a Cisco ASA.
Print:
The configuration result: A 201 means the configuration was applied,
other codes indicate an issue with the request. Failures do print
the code, reason, and content of the response.
Example:
(py3) C:\\asa_api_tests>python asa_configure_acls_csv.py asa_new_policy.csv
What ASA would you like to modify? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
POST ACL CONFIG STATUS_CODE: 201 OK
POST ACL CONFIG STATUS_CODE: 201 OK
CSV file reads:
Source Application,Source,Destination Application,Destination,Protocol,
Justification,Remark
Network Engineering,grp-lab-neteng-networks,Thousand Eyes,grp-weblab-thousandeyes-monitors,
grp-tcp-https,Network Engineering MGMT,RITM00029
Thousand Eyes,grp-weblab-thousandeyes-monitors,Thousand Eyes,grp-securelab-thousandeyes-db,
grp-tcpudp-thousandeyes,Thousand Eyes DB Access,RITM00029
'''
asa = input('What ASA would you like to modify? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
obj = ASAObject(asa, header)
acl = ASAACL(asa, header)
routes = ASARouting(asa, header)
config_acls(csv, asa, header, obj, acl, routes)
def main():
'''
The purpose of this program is to list out the inbound ACLs and their
corresponding interfaces. The ASAAAA class is used to establish a session,
and the ASAACL class is used to collect the ACL configuration. The other
functions are used to handle formatting. This is similar to a 'show run
access-group' from the CLI of a Cisco ASA.
Print:
The mapping of all inbound ACLs and their corresponding interface
Example:
(py3) C:\\asa_api_tests>python asa_get_acls.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
ACL: lab_access_in
Direction: IN
Interface: lab
ACL: weblab_access_in
Direction: IN
Interface: weblab
'''
login_cred = ASAAAA(asa=input('What ASA do you want to view? '))
header = login_cred.asa_login()
acls = ASAACL(login_cred.asa, header=header)
access_groups = acls.asa_get_acls_in()
if access_groups.ok:
access_groups_json = json.loads(access_groups.text)
print_access_groups(access_groups_json['items'])
else:
print(
"GET ACCESS GROUPS FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(access_groups.status_code, access_groups.reason,
access_groups.content))
def __init__(self, asa, header=None, base_url=None):
'''
The __init__ method requires an ASA name or IP that can be used to make API calls.
It is expected that the ASAAAA class will be used to obtain a header containing a
valid authentication token; however, a user will be prompted to initialize ASAAAA and
obtain the necessary token if none is provided. The default base URL is based on Cisco's
API documentation; all methods will build off the base URL for making an API call.
Args:
asa: The IP or hostname to be used to reach the desired ASA.
header: The header to use for providing the authentication token.
base_url: The base URL used by all API calls in the module.
Example:
>>>asa = input('What firewall would you like to use? ')
What firewall would you like to use? 10.10.10.5
>>>asa_login = ASAAAA(asa)
What is your username? username
Enter your password: getpass is used to hide password input
>>>header = asa_login.asa_login()
LOGIN STATUS_CODE: 204 OK
>>>asa_interface = ASAAInterface(asa, header)
'''
self.asa = asa
if header == None:
self.header = ASAAAA().asa_login()
else:
self.header = header
if base_url == None:
self.base_url = "https://{}/api/interfaces/".format(asa)
else:
self.base_url = base_url
def main():
'''
The purpose of this program is to list out an interface's configuration.
The ASAAAA class is used to establish a session, and the ASAInterface class
is used to collect the Interface configuration. The other functions are used
to handle formatting. This is similar to a 'show run interface x/y' from the
CLI of a Cisco ASA.
Print:
The given interface's configuration on the given ASA.
Example:
(py3) C:\\asa_api_tests>python asa_get_interfaces_phys.py
What ASA do you want to view? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
Interface GigabitEthernet0/2
to lab 5K
weblab
192.168.1.22 255.255.255.248
Security: 100
Speed: auto
Duplex: auto
Interface Management0/0
management
10.10.10.5 255.255.255.128
Security: 100
Speed: auto
Duplex: auto
Interface GigabitEthernet0/1
to lab 5K
securelab
192.168.10.1 255.255.255.0
Security: 40
Speed: auto
Duplex: auto
Interface GigabitEthernet0/0
to lab 5K
lab
192.168.1.14 255.255.255.248
Security: 20
Speed: auto
Duplex: auto
Available Interfaces are:
GigabitEthernet0/3
GigabitEthernet0/4
GigabitEthernet0/5
GigabitEthernet0/6
GigabitEthernet0/7
'''
asa = input('What ASA would you like to view? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
asa_intfcs = ASAInterface(asa, header)
intfcs_config = asa_intfcs.asa_get_phys_interfaces()
if intfcs_config.ok:
intfcs_config_json = json.loads(intfcs_config.text)['items']
print_intfcs(intfcs_config_json)
else:
print(
"GET Interfaces FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(intfcs_config.status_code, intfcs_config.reason,
intfcs_config.content))
def main():
'''
The purpose of this program is to configure a new line of policy to an
existing ACL on a Cisco ASA. The ASAAAA class is used to establish a
session, the ASAInterface class is used to collect the currently used
interfaces, and the ASAACL class is used to POST the new ACL configuration
policy. The other functions are used to collect configuration and handle
formatting. This is similar to an 'access-list acl_name remark remark'
and 'access-list acl_name extended [permit,deny] source destination
service log' from the CLI of a Cisco ASA.
Print:
The configuration result: A 201 means the configuration was applied,
other codes indicate an issue with the request. Failures do print
the code, reason, and content of the response.
Example:
(py3) C:\\asa_api_tests>python asa_configure_acl.py
What ASA would you like to modify? 10.10.10.5
What is your username? username
Enter your password: getpass is used to hide password input
LOGIN STATUS_CODE: 204 OK
What interface's policy would you like to modify?
['weblab', 'management', 'securelab', 'lab']lab
What kind of object is the Source Address?
('AnyIPAddress', 'IPv4Address', 'IPv4Network', 'IPv4Range',
'objectRef#NetworkObj', 'objectRef#NetworkObjGroup')IPv4Address
What is the source? 10.1.1.56
What kind of object is the Destination Address?
('AnyIPAddress', 'IPv4Address', 'IPv4Network', 'IPv4Range',
'objectRef#NetworkObj', 'objectRef#NetworkObjGroup')IPv4Network
What is the destination? 10.2.2.0/24
What kind of service needs to be opened?
('AnyService', 'ICMPService', 'NetworkProtocol', 'NetworkServiceGroups',
'NetworkServiceObjects', 'TcpUdpService')TcpUdpService
What service needs to be opened? tcp/22
Please provide the Request #: 78910
POST ACL CONFIG STATUS_CODE: 201 OK
'''
asa = input('What ASA would you like to modify? ')
login_cred = ASAAAA(asa)
header = login_cred.asa_login()
intfc = input(
"What interface's policy would you like to modify?\n {} ".format(
used_intfcs_name(asa, header)))
position = get_acl_last_position(asa, header, intfc)
config = config_variables(intfc, position)
acl = ASAACL(asa, header)
config_acl = acl.asa_configure_acl_access_in(
intfc, config["source_kind"], config['source'],
config['destination_kind'], config['destination'],
config['service_kind'], config['service'], config['remark'],
config['position'])
if config_acl.ok:
print("\nPOST ACL CONFIG STATUS_CODE: {} OK\n".format(
config_acl.status_code))
else:
print(
"\nPOST ACL CONFIG FAILED!!! STATUS_CODE: {}\nReason: {}\nContent: {}"
.format(config_acl.status_code, config_acl.reason,
config_acl.content))