def fw_ipv6_nat_rules(self):
"""
IPv6NAT Rule entry point
:return: :py:class:`smc.policy.rule.IPv6NATRule`
"""
return IPv6NATRule(meta=Meta(href=self._link('fw_ipv6_nat_rules')))
def create(cls, name, template):
"""
Create Firewall Policy. Template policy is required for the
policy. The template parameter should be the name of the
firewall template.
This policy will then inherit the Inspection and File Filtering
policy from the specified template.
:mathod: POST
:param str name: name of policy
:param str template: name of the FW template to base policy on
:return: :py:class:`smc.elements.policy.FirewallPolicy`
:raises: :py:class:`smc.api.exceptions.LoadPolicyFailed`,
:py:class:`smc.api.exceptions.CreatePolicyFailed`
To use after successful creation, reference the policy to obtain
context::
FirewallPolicy('newpolicy')
"""
try:
fw_template = FirewallTemplatePolicy(template).href
except ElementNotFound:
raise LoadPolicyFailed(
'Cannot find specified firewall template: {}'.format(template))
cls.json = {'name': name, 'template': fw_template}
try:
result = ElementCreator(cls)
return FirewallPolicy(name, Meta(href=result))
except CreateElementFailed as err:
raise CreatePolicyFailed(
'Failed to create firewall policy: {}'.format(err))
def fw_ipv4_access_rules(self):
"""
IPv4 rule entry point
:return: :py:class:`smc.policy.rule.IPv4Rule`
"""
return IPv4Rule(meta=Meta(href=self._link('fw_ipv4_access_rules')))
def search_rule(self, search):
"""
Search a rule for a rule tag or name value
Result will be the meta data for rule (name, href, type)
Searching for a rule in specific policy::
f = FirewallPolicy(policy)
search = f.search_rule(searchable)
:param str search: search string
:return: list rule elements matching criteria
"""
result = prepared_request(
href=self._link('search_rule'),
params={'filter': search}).read()
if result.json:
results = []
for data in result.json:
if data.get('type') == 'ips_ethernet_rule':
klazz = Registry['ethernet_rule']
elif data.get('type') == 'ips_ipv4_access_rule':
klazz = Registry['layer2_ipv4_access_rule']
else:
klazz = Registry[data.get('type')]
results.append(klazz(meta=Meta(**data)))
return results
return []
def get(self, interface_id):
"""
Get the interface by id, if known. The interface is
retrieved from the top level Physical or Tunnel Interface.
If interface type is unknown, use engine.interface
for retrieving::
engine = Engine('testfw')
p = engine.physical_interface.get(0)
print(p.name, p.typeof, p.address, p.network_value)
.....
:param str|int interface_id: interface ID to retrieve
:raises: :py:class:`smc.api.exceptions.EngineCommandFailed` if interface not found
:return: interface object by type (Physical, Tunnel, PhysicalVlanInterface)
"""
interface_id = str(interface_id)
for interface in self._get_resource(self.meta.href):
intf_type = interface.get('type') #Keep type
intf = InterfaceFactory(intf_type)(meta=Meta(**interface),
engine=self._engine)
if intf.data.get('interface_id') == interface_id:
return intf
raise EngineCommandFailed(
'Interface id {} not found'.format(interface_id))
def ips_ethernet_rules(self):
"""
IPS Ethernet access rule
:param :py:class:`smc.policy.rule.EthernetRule`
"""
return EthernetRule(meta=Meta(href=self._link('ips_ethernet_rules')))
def satellite_gateway_node(self):
"""
Node level settings for configured satellite gateways
:return: list :class:`SatelliteGatewayNode`
"""
return SatelliteGatewayNode(
meta=Meta(href=self._link('satellite_gateway_node')))
def central_gateway_node(self):
"""
Central Gateway Node acts as the hub of a hub-spoke VPN.
:return: list :class:`CentralGatewayNode`
"""
return CentralGatewayNode(
meta=Meta(href=self._link('central_gateway_node')))
def all(self):
"""
Return all Gateways by type for this VPN Policy
:return: list CentralGatewayNode: gateway nodes on this vpn
"""
return [type(self)(meta=Meta(**node))
for node in self._get_resource(self.href)]
def all(self):
"""
Return all file filtering rules::
for rule in FileFiltering('mypolicy).
"""
return [type(self)(meta=Meta(**rule))
for rule in self._get_resource(self.href)]
def layer2_ipv4_access_rules(self):
"""
Layer2 Firewall access rule
:return: :py:class:`smc.policy.rule.IPv4Layer2Rule`
"""
return IPv4Layer2Rule(meta=Meta(
href=self._link('layer2_ipv4_access_rules')))
def ips_ipv4_access_rules(self):
"""
IPS ipv4 access rules
:return: :py:class:`smc.policy.rule.IPv4Layer2Rule`
"""
return IPv4Layer2Rule(meta=Meta(
href=self._link('ips_ipv4_access_rules')))
def all(self):
"""
Enumerate all rules for this rule type. Return instance
that has only meta data set (lazy loaded).
:return: class type based on rule type
"""
return [type(self)(meta=Meta(**rule))
for rule in search.element_by_href_as_json(self.href)]
def mobile_gateway_node(self):
"""
Mobile Gateway's are represented by client endpoints connecting
to the policy based VPN.
:return: list :class:`MobileGatewayNode`
"""
return MobileGatewayNode(
meta=Meta(href=self._link('mobile_gateway_node')))
def all(self):
"""
Return all internal endpoints
:return: list :py:class:`smc.core.engine.InternalEndpoint`
"""
return [
InternalEndpoint(meta=Meta(**ep))
for ep in self._get_resource(self.href)
]
def update_package(self):
"""
Show all update packages on SMC
:return: list :py:class:`smc.administration.updates.UpdatePackage`
"""
return [
UpdatePackage(meta=Meta(**update))
for update in self._get_resource_by_link('update_package')
]
def vpn_site(self):
"""
A VPN site defines a collection of IP's or networks that
identify address space that is defined on the other end of
the VPN tunnel.
:method: GET
:return: list :py:class:`smc.vpn.elements.VPNSite`
"""
return VPNSite(meta=Meta(href=self._link('vpn_site')))
def all(self):
"""
Return all sites for this engine
:return: list VPNSite
"""
return [
VPNSite(meta=Meta(**site))
for site in search.element_by_href_as_json(self.href)
]
def all(self):
"""
Show all defined test_external endpoints
:return: list :py:class:`smc.vpn.elements.ExternalEndpoint`
"""
return [
ExternalEndpoint(meta=Meta(**gw))
for gw in search.element_by_href_as_json(self.href)
]
def nodes(self):
"""
Return a list of child nodes of this engine. This can be
used to iterate to obtain access to node level operations
:return: list :py:class:`smc.core.node.Node`
"""
return [
Node(meta=Meta(**node))
for node in self._get_resource_by_link('nodes')
]
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
primary_mgt=True,
primary_heartbeat=True,
outgoing=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def snapshots(self):
"""
References to policy based snapshots for this engine, including
the date the snapshot was made
:return: list :py:class:`smc.core.engine.Snapshot`
:raises: :py:class:`smc.api.exceptions.EngineCommandFailed`
"""
return [
Snapshot(meta=Meta(**snapshot))
for snapshot in self._get_resource_by_link('snapshots')
]
def routing(self):
"""
Find all routing nodes within engine::
for routing_node in engine.routing.all():
for routes in routing_node:
print(routes)
:return: :py:class:`smc.core.route.Routing`
"""
href = self._link('routing')
return Routing(meta=Meta(href=href), data=self._get_resource(href))
def vpn_site(self):
"""
Retrieve VPN Site information for this internal gateway
Find all configured sites for engine::
for site in engine.internal_gateway.vpn_site.all():
print site
:return: :py:class:`smc.vpn.elements.VPNSite`
"""
return VPNSite(meta=Meta(href=self._link('vpn_site')))
def create(cls, name, template):
try:
fw_template = IPSTemplatePolicy(template).href
except ElementNotFound:
raise LoadPolicyFailed(
'Cannot find specified firewall template: {}'.format(template))
cls.json = {'name': name, 'template': fw_template}
try:
result = ElementCreator(cls)
return IPSPolicy(name, Meta(href=result))
except CreateElementFailed as err:
raise CreatePolicyFailed(
'Failed to create firewall policy: {}'.format(err))
def internal_endpoint(self):
"""
Internal Endpoint setting VPN settings to the interface
Find all internal endpoints for an engine::
for x in engine.internal_gateway.internal_endpoint.all():
print x
:return: list :py:class:`smc.vpn.elements.InternalEndpoint`
"""
return InternalEndpoint(meta=Meta(
href=self._link('internal_endpoint')))
def antispoofing(self):
"""
Antispoofing interface information. By default is based on routing
but can be modified.
::
for entry in engine.antispoofing.all():
print(entry)
:return: :py:class:`smc.core.route.Antispoofing`
"""
href = self._link('antispoofing')
return Antispoofing(meta=Meta(href=href),
data=self._get_resource(href))
def all(self):
"""
Return metadata for all virtual resources
for resource in engine.virtual_resource.all():
if resource.name == 've-6':
print resource.describe()
:return: list VirtualResource
"""
return [
VirtualResource(meta=Meta(**resource))
for resource in self._get_resource(self.href)
]
def interface(self):
"""
Get all interfaces, including non-physical interfaces such
as tunnel or capture interfaces. These are returned as Interface
objects and can be used to load specific interfaces to modify, etc.
::
for interfaces in engine.interface.all():
......
:return: :py:class:`smc.core.interfaces.Interface`
See :py:class:`smc.core.interfaces.Interface` for more info
"""
return Interface(meta=Meta(href=self._link('interfaces')), engine=self)
def tunnel_interface(self):
"""
Get only tunnel interfaces for this engine node.
:raises: :py:class:`smc.api.exceptions.UnsupportedInterfaceType`
:return: :py:class:`smc.core.interfaces.TunnelInterface`
"""
try:
return TunnelInterface(
meta=Meta(href=self._link('tunnel_interface')), engine=self)
except ResourceNotFound:
raise UnsupportedInterfaceType(
'Tunnel interfaces are only supported on '
'layer 3 single engines or clusters; '
'Engine type is: {}'.format(self.type))