def load(self):
system = search.element_by_href_as_json(
search.element_entry_point('system'))
if system:
self.link.extend(system.get('link'))
return self
else:
raise SMCException("Exception retrieving system settings")
def ElementCreator(cls):
"""
Helper method for create classmethods. Returns the href if
creation is successful
"""
result = SMCRequest(href=search.element_entry_point(cls.typeof),
json=cls.json).create()
if result.msg:
raise CreateElementFailed(result.msg)
return result.href
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
primary_mgt=True,
primary_heartbeat=True,
outgoing=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create(cls, name, trust_all_cas=True):
"""
Create new External Gateway
:param str name: name of external gateway
:param boolean trust_all_cas: whether to trust all internal CA's
(default: True)
"""
data = {'name': name,
'trust_all_cas': trust_all_cas }
href = search.element_entry_point('external_gateway')
result = SMCElement(href=href, json=data).create()
if result.href:
return ExternalGateway(name).load()
else:
raise CreateElementFailed('Failed creating external gateway, '
'reason: {}'.format(result.msg))
def create(cls, name, nat=False, mobile_vpn_toplogy_mode=None,
vpn_profile=None):
"""
Create a new policy based VPN
:param name: name of vpn policy
:param boolean nat: whether to apply NAT to the VPN (default False)
:param mobile_vpn_toplogy_mode: whether to allow remote vpn
:param str vpn_profile: reference to VPN profile, or uses default
"""
json = {'mobile_vpn_topology_mode': None,
'name': name,
'nat': nat,
'vpn_profile': vpn_profile}
href = search.element_entry_point('vpn')
result = SMCElement(href=href,
json=json).create()
if result.href:
return VPNPolicy(name).load()
else:
raise CreatePolicyFailed('VPN Policy create failed. Reason: {}'.format(result.msg))
def task_history():
"""
Get all tasks stored by the SMC
Example of aborting an existing task by follower link::
for task in task_history():
if task.follower == task:
task.abort()
Abort any in progress tasks::
for task in task_history():
if task.in_progress:
task.abort()
:return: :py:class:`~Task`
"""
task_href = search.element_entry_point('task_progress')
return [
Task(**search.element_by_href_as_json(task.get('href')))
for task in search.element_by_href_as_json(task_href)
]
def create(cls, name, template):
"""
Create Firewall Policy. Template policy is required for the
policy. The template policy parameter should be the href of the
template entry as obtained from the SMC API.
This policy will then inherit the Inspection and File Filtering
policy from that template.
Existing policies and templates are retrievable from search methods,
such as::
smc.search.fw_template_policies(policy=None)
:mathod: POST
:param str name: name of policy
:param str template: name of the FW template to base policy on
:return: SMCResult with href attribute set with location of new policy
To use after successful creation, call::
FirewallPolicy('newpolicy').load()
"""
template_href = collections.describe_fw_template_policies(name=[template])
if not template_href:
raise CreatePolicyFailed('Cannot find fw policy template: {}'.format(template))
policy = {'name': name,
'template': template_href[0].href}
policy_href = search.element_entry_point('fw_policy')
result = SMCElement(href=policy_href, json=policy).create()
if result.href:
return FirewallPolicy(name).load()
else:
raise CreatePolicyFailed('Failed to load firewall policy: {}'.format(
result.msg))
def __init__(self):
entry = search.element_entry_point('system')
super(System, self).__init__(href=entry)
def test_type_error_in_common(self):
# Catch TypeError in common. Caused by malformed JSON
self.assertRaises(
TypeError,
lambda: SMCRequest(href=search.element_entry_point('host'),
json={'test'}).create())
def bad_json_POST(self):
# If customized json is going through and it's invalid, TypeError is
# thrown
href = search.element_entry_point('host')
self.assertRaises(
TypeError, lambda: SMCRequest(href=href, json={'ertrte'}).create())
def __init__(self, meta=None):
meta = Meta(href=search.element_entry_point('system'))
super(System, self).__init__(meta)
pass
def create(cls,
name,
master_type,
macaddress,
nodes,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_interface_on_master_engine(mgmt_interface,
macaddress,
nodes,
is_mgmt=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
cluster_virtual,
cluster_mask,
macaddress,
cluster_nic,
nodes,
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False):
"""
Create a layer 3 firewall cluster with management interface and any number
of nodes
:param str name: name of firewall engine
:param cluster_virtual: ip of cluster CVI
:param cluster_mask: ip netmask of cluster CVI
:param macaddress: macaddress for packet dispatch clustering
:param cluster_nic: nic id to use for primary interface
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_virtual_interface(cluster_nic,
cluster_virtual,
cluster_mask,
macaddress,
nodes,
is_mgmt=True,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat)
href = search.element_entry_point('fw_cluster')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='fw_cluster'))
else:
raise CreateEngineFailed('Could not create the firewall, '
'reason: {}'.format(result.msg))
def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
**kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param boolean default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
:py:class:`smc.api.exceptions.LoadEngineFailed`: master engine not found
"""
virt_resource_href = None #need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
'Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
physical = VirtualPhysicalInterface()
physical.add_single_node_interface(
interface.get('interface_id'),
interface.get('address'),
interface.get('network_value'),
zone_ref=interface.get('zone_ref'))
#set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = _interface_helper(physical.data)
intf.outgoing = True
intf.auth_request = True
new_interfaces.append(physical())
engine = Engine.create(
name=name,
node_type=cls.node_type,
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, #Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
engine.pop('log_server_ref',
None) #Master Engine provides this service
href = search.element_entry_point('virtual_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='virtual_fw'))
else:
raise CreateEngineFailed('Could not create the virtual engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
default_nat=False,
reverse_connection=False,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
location_ref=None,
enable_ospf=False,
ospf_profile=None):
"""
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param str log_server_ref: (optional) href to log_server instance for fw
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean reverse_connection: should the NGFW be the mgmt initiator (used when behind NAT)
:param boolean default_nat: (optional) Whether to enable default NAT for outbound
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_single_node_interface(
mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
reverse_connection=reverse_connection,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
href = search.element_entry_point('single_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_fw'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}.'.format(result.msg, engine))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface='0',
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: (optional) logical_interface reference
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
interfaces = []
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
zone_ref=zone_ref)
intf_href = logical_intf_helper(logical_interface)
inline = PhysicalInterface()
inline.add_inline_interface(inline_interface, intf_href)
interfaces.append(physical())
interfaces.append(inline())
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
href = search.element_entry_point('single_ips')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_ips'))
else:
raise CreateEngineFailed(
'Could not create the engine, reason: {}'.format(result.msg))