def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
primary_mgt=True,
primary_heartbeat=True,
outgoing=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
master_type,
macaddress,
nodes,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_interface_on_master_engine(mgmt_interface,
macaddress,
nodes,
is_mgmt=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
cluster_virtual,
cluster_mask,
macaddress,
cluster_nic,
nodes,
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False):
"""
Create a layer 3 firewall cluster with management interface and any number
of nodes
:param str name: name of firewall engine
:param cluster_virtual: ip of cluster CVI
:param cluster_mask: ip netmask of cluster CVI
:param macaddress: macaddress for packet dispatch clustering
:param cluster_nic: nic id to use for primary interface
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_virtual_interface(cluster_nic,
cluster_virtual,
cluster_mask,
macaddress,
nodes,
is_mgmt=True,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat)
href = search.element_entry_point('fw_cluster')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='fw_cluster'))
else:
raise CreateEngineFailed('Could not create the firewall, '
'reason: {}'.format(result.msg))
def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
**kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param boolean default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
:py:class:`smc.api.exceptions.LoadEngineFailed`: master engine not found
"""
virt_resource_href = None #need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
'Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
physical = VirtualPhysicalInterface()
physical.add_single_node_interface(
interface.get('interface_id'),
interface.get('address'),
interface.get('network_value'),
zone_ref=interface.get('zone_ref'))
#set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = _interface_helper(physical.data)
intf.outgoing = True
intf.auth_request = True
new_interfaces.append(physical())
engine = Engine.create(
name=name,
node_type=cls.node_type,
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, #Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
engine.pop('log_server_ref',
None) #Master Engine provides this service
href = search.element_entry_point('virtual_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='virtual_fw'))
else:
raise CreateEngineFailed('Could not create the virtual engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
default_nat=False,
reverse_connection=False,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
location_ref=None,
enable_ospf=False,
ospf_profile=None):
"""
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param str log_server_ref: (optional) href to log_server instance for fw
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean reverse_connection: should the NGFW be the mgmt initiator (used when behind NAT)
:param boolean default_nat: (optional) Whether to enable default NAT for outbound
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_single_node_interface(
mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
reverse_connection=reverse_connection,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
href = search.element_entry_point('single_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_fw'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}.'.format(result.msg, engine))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface='0',
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: (optional) logical_interface reference
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
interfaces = []
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
zone_ref=zone_ref)
intf_href = logical_intf_helper(logical_interface)
inline = PhysicalInterface()
inline.add_inline_interface(inline_interface, intf_href)
interfaces.append(physical())
interfaces.append(inline())
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
href = search.element_entry_point('single_ips')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_ips'))
else:
raise CreateEngineFailed(
'Could not create the engine, reason: {}'.format(result.msg))