def main():
"""
Migrate policy objects from one FMC to another. This is useful when FMC needs to be re-imaged.
"""
logging.basicConfig(
# filename='/path/to/python-fmc/output.txt',
stream=sys.stderr,
level=logging.DEBUG, # DEBUG, INFO, WARNING, ERROR, CRITICAL
# format="[%(levelname)8s]: %(message)s",
format='[%(asctime)s-%(levelname)s]: %(message)s',
datefmt='%m/%d/%Y %I:%M:%S %p')
# Get server, username and password from CLI
username = '******'
if len(sys.argv) > 1:
username = sys.argv[1]
password = '******'
if len(sys.argv) > 2:
password = sys.argv[2]
server_from = 'https://fmc1.example.com'
if len(sys.argv) > 3:
server_from = sys.argv[3]
server_to = 'https://fmc2.example.com'
if len(sys.argv) > 4:
server_to = sys.argv[4]
obj_types = [
'hosts', 'networks', 'ranges', # Network
'networkgroups', # Network
'vlantags', 'vlangrouptags', # VLAN Tag
'urls', 'urlgroups', # URL
'protocolportobjects', # Service
# 'icmpv4objects', # DEFECT: ICMPv4Objects is not working
'icmpv6objects', # Service
'portobjectgroups', # Service
]
# Port DEFECT: ICMPv4Objects is not working
# There is incomplete JSON response when individual IPMPv4Object is requested via GET
# There is incomplete JSON response when all IPMPv4Objects are requested via GET with 'expanded=true'
with fmc.FMC(url=server_from, username=username, password=password) as fmc_old:
with fmc.FMC(url=server_to, username=username, password=password) as fmc_new:
for obj_type in obj_types:
# Build the names dictionary for new FMC
fmc_old.obj_tables[obj_type].build() # child first order
fmc_new.obj_tables[obj_type].build() # child first order
names_dict = fmc_old.obj_tables[obj_type].names
# Migrate objects from old FMC VM to new FMC VM
for obj_name, obj_id in names_dict.items():
print "{}: old_id {}".format(obj_name, obj_id)
obj_old = fmc.FPObject(fmc_old, type=obj_type, oid=obj_id)
obj_new = fmc.FPObject(fmc_new, obj=obj_old)
print "{}: new_id {}".format(obj_new.name, obj_new.id)
# End of with block
print("Done running...")
def migrate_network_objects(csm_obj, fmc_obj, action='CREATE'):
"""
Read network policy objects used in firewall rules from CSM and create them in FMC.
:param csm_obj: CSM class object
:param fmc_obj: FMC class
:param action: Create objects or delete objects
"""
policy_type = 'DeviceAccessRuleUnifiedFirewallPolicy'
policy_list = csm_obj.getSharedPolicyListByType(policy_type)
for po in policy_list.policy:
# if not (po.policyName.startswith('.') or po.policyName.endswith('QUARANTINE')):
# print(po.policyName)
if 'BC-OOB' in po.policyName:
for policy_obj in csm_obj.getPolicyConfigByName(po.policyName, policy_type):
# csm_obj.write_file(policy_obj, 'bc-oob.xml')
csm_obj.print_rules(policy_obj)
csm_obj.order_tables(obj_type='network') # Child first order
if action is 'CREATE':
for nwog_data in csm_obj.fmc_nw_objects(fmc_obj):
print(nwog_data)
logging.info("Creating Network Group Object {}".format(nwog_data['name']))
obj_nw_group = fmc.FPObject(fmc_obj, type='networkgroups', data=nwog_data)
elif action is 'DELETE': # This helps in testing the script multiple times
net_objs = csm_obj.ordered_tables['network']
fmc_names_dict = fmc_obj.obj_tables['networkgroups'].names
for gid, net_obj in net_objs.items()[::-1]: # Delete with parents first order
nwog_name = net_obj.name
if nwog_name in fmc_names_dict.keys():
obj_nw_group = fmc.FPObject(fmc_obj, type='networkgroups', name=nwog_name)
logging.info("Deleting Network Group Object {}".format(nwog_name))
obj_nw_group.delete()
else:
print "Object Group {} NOT Found".format(nwog_name)
def main():
"""
Test FMC Object Manager API.
"""
logging.basicConfig(
# filename='/path/to/python-fmc/output.txt',
stream=sys.stdout,
level=logging.INFO, # DEBUG, INFO, WARNING, ERROR, CRITICAL
# format="[%(levelname)8s]: %(message)s",
format='[%(asctime)s-%(levelname)s]: %(message)s',
datefmt='%m/%d/%Y %I:%M:%S %p')
# Get server, username and password from CLI
username = '******'
if len(sys.argv) > 1:
username = sys.argv[1]
password = '******'
if len(sys.argv) > 2:
password = sys.argv[2]
server_url = 'https://fmc.example.com'
if len(sys.argv) > 3:
server_url = sys.argv[3]
with fmc.FMC(url=server_url, username=username,
password=password) as lab_fmc:
# Build the object names dictionary for the FMC
for obj_type in lab_fmc.NETWORK_OBJECT_TYPES:
# ['hosts', 'networks', 'ranges', 'networkgroups']
lab_fmc.obj_tables[obj_type].build()
for obj in lab_fmc.obj_tables[
'networkgroups']: # Current list of objects in FMC
print(obj.name)
test_host = {
"description": "Testing Python API | Chetan",
"name": "TEST.HOST.OBJECT",
"overridable": True,
"type": "Host",
"value": "8.8.8.8"
}
test_range = {
"description": "Testing Python API | Chetan",
"name": "TEST.RANGE.OBJECT",
"overridable": True,
"type": "Range",
"value": "8.8.8.8-8.8.8.10"
}
test_nw = {
"description": "Testing Python API | Chetan",
"name": "TEST.NETWORK.OBJECT",
"overridable": True,
"type": "Network",
"value": "8.8.8.0/24"
}
test_ch_group = OrderedDict([
("description", "Testing Python API | Chetan"),
("name", "TEST.CHGROUP.OBJECT"), ("overridable", True),
("type", "NetworkGroup"),
("literals",
[OrderedDict([("type", "Network"), ("value", "8.8.8.0/24")])])
])
test_nw_group = {
"description": "Testing Python API | Chetan",
"name": "TEST.GROUP.OBJECT",
"overridable": True,
"type": "NetworkGroup"
}
# Create Objects
logging.info("CREATING OBJECTS")
obj_host = fmc.FPObject(lab_fmc, data=test_host)
obj_range = fmc.FPObject(lab_fmc, data=test_range)
obj_nw = fmc.FPObject(lab_fmc, data=test_nw)
obj_ch_group = fmc.FPObject(lab_fmc, data=test_ch_group)
# Create Group object with no children and overridable = True
obj_nw_group = fmc.FPObject(lab_fmc, data=test_nw_group)
logging.info('Child method: Add child object to Parent')
obj_ch_group.add_to_parent('TEST.GROUP.OBJECT')
logging.info('Child method: Add child object to Parent')
obj_host.add_to_parent('TEST.GROUP.OBJECT')
logging.info('Parent method: Add multiple children objects to Parent')
obj_nw_group.add_children('TEST.RANGE.OBJECT', 'TEST.NETWORK.OBJECT')
logging.info('Rename Object')
obj_range.rename('TEST.RENAME.OBJECT')
logging.info('Child method: Remove child object from Parent')
obj_nw.remove_from_parent('TEST.GROUP.OBJECT')
logging.info('Parent method: Remove child object')
obj_nw_group.remove_child('TEST.RENAME.OBJECT')
logging.info('Test script clean up')
obj_nw.delete()
obj_nw_group.delete()
obj_range.delete()
obj_host.delete()
obj_ch_group.delete()
# End of with block
print("Done running...")
return
def main():
"""
Delete all non-default network objects from FMC. This is useful for API testing.
"""
logging.basicConfig(
# filename='/path/to/python-fmc/output.txt',
stream=sys.stdout,
level=logging.INFO, # DEBUG, INFO, WARNING, ERROR, CRITICAL
# format="[%(levelname)8s]: %(message)s",
format='[%(asctime)s-%(levelname)s]: %(message)s',
datefmt='%m/%d/%Y %I:%M:%S %p')
# Get server, username and password from CLI
username = '******'
if len(sys.argv) > 1:
username = sys.argv[1]
password = '******'
if len(sys.argv) > 2:
password = sys.argv[2]
server_url = 'https://fmc.example.com'
if len(sys.argv) > 3:
server_url = sys.argv[3]
DEFAULT_OBJECTS = {}
DEFAULT_OBJECTS['ranges'] = []
DEFAULT_OBJECTS['hosts'] = ['any-ipv6']
DEFAULT_OBJECTS['networkgroups'] = ['IPv4-Private-All-RFC1918']
DEFAULT_OBJECTS['networks'] = [
"any", "any-ipv4", "IPv4-Benchmark-Tests", "IPv4-Link-Local",
"IPv4-Multicast", "IPv4-Private-10.0.0.0-8",
"IPv4-Private-172.16.0.0-12", "IPv4-Private-192.168.0.0-16",
"IPv6-IPv4-Mapped", "IPv6-Link-Local",
"IPv6-Private-Unique-Local-Addresses", "IPv6-to-IPv4-Relay-Anycast"
]
DEFAULT_OBJECTS['portobjectgroups'] = []
DEFAULT_OBJECTS['protocolportobjects'] = [
'AOL', 'Bittorrent', 'DNS_over_TCP', 'DNS_over_UDP', 'FTP', 'HTTP',
'HTTPS', 'IMAP', 'LDAP', 'NFSD-TCP', 'NFSD-UDP', 'NTP-TCP', 'NTP-UDP',
'POP-2', 'POP-3', 'RADIUS', 'RIP', 'SIP', 'SMTP', 'SMTPS', 'SNMP',
'SSH', 'SYSLOG', 'TCP_high_ports', 'TELNET', 'TFTP',
'Yahoo_Messenger_Messages', 'YahooMessenger_Voice_Chat_TCP',
'YahooMessenger_Voice_Chat_UDP'
]
DEFAULT_OBJECTS['icmpv4objects'] = []
DEFAULT_OBJECTS['icmpv6objects'] = []
with fmc.FMC(url=server_url, username=username,
password=password) as lab_fmc:
# Build the object names dictionary for the FMC
for obj_type in [
'networkgroups', 'hosts', 'networks', 'ranges',
'portobjectgroups', 'protocolportobjects', 'icmpv6objects'
]: # Groups first order
lab_fmc.obj_tables[obj_type].build(
) # List of objects with child first order
names_dict = lab_fmc.obj_tables[obj_type].names
for obj_name, obj_id in names_dict.items(
)[::-1]: # Delete with parents first order
if obj_name in DEFAULT_OBJECTS[obj_type]:
continue
else:
# obj_id = names_dict[obj_name]
fp_obj = fmc.FPObject(lab_fmc, type=obj_type, oid=obj_id)
fp_obj.delete()
# End of with block
print("Done running...")
return
def main():
"""
Create network objects in FMC as per information in CSV file.
"""
logging.basicConfig(
# filename='/path/to/python-fmc/output.txt',
stream=sys.stdout,
level=logging.DEBUG, # DEBUG, INFO, WARNING, ERROR, CRITICAL
# format="[%(levelname)8s]: %(message)s",
format='[%(asctime)s-%(levelname)s]: %(message)s',
datefmt='%m/%d/%Y %I:%M:%S %p')
# Get server, username and password from CLI
username = '******'
if len(sys.argv) > 1:
username = sys.argv[1]
password = '******'
if len(sys.argv) > 2:
password = sys.argv[2]
server_url = 'https://fmc.example.com'
if len(sys.argv) > 3:
server_url = sys.argv[3]
# Read CSV file and create JSON data to be POST'd to FMC
# "subnet_cidr", "subnet_nwog"
# "192.168.10.0/23", "TEST.NETWORK-GROUP_1"
# "192.168.0.0/23", "TEST.NETWORK-GROUP_1"
# "10.10.10.0/28", "TEST.NETWORK-GROUP_2"
# "10.48.0.0/20", "TEST.NETWORK-GROUP_3"
# "192.168.64.0/20", "TEST.NETWORK-GROUP_1"
nwog_dicts = {}
with open('workstation_subnets.csv') as csvfile:
reader = csv.DictReader(csvfile)
for row in reader:
subnet_nwog = row['subnet_nwog']
# If we have not seen this key before, create a new dictionary for it
if subnet_nwog not in nwog_dicts.keys():
nwog_dicts[subnet_nwog] = {
"name": subnet_nwog,
"overridable": True,
"type": "NetworkGroup",
"literals": []
}
d = {"type": "Network", "value": row['subnet_cidr']}
nwog_dicts[subnet_nwog]["literals"].append(d)
action = 'DELETE' # or 'DELETE'
with fmc.FMC(url=server_url, username=username,
password=password) as lab_fmc:
# Build the object names dictionary for the FMC
# This is required for data validation before making changes in FMC.
for obj_type in lab_fmc.NETWORK_OBJECT_TYPES:
# ['hosts', 'networks', 'ranges', 'networkgroups']
lab_fmc.obj_tables[obj_type].build()
for nwog_name, nwog_data in nwog_dicts.items():
if action is 'CREATE':
logging.info("Creating object-group {}".format(nwog_name))
obj_nw_group = fmc.FPObject(lab_fmc,
type='networkgroups',
data=nwog_data)
elif action is 'DELETE': # This helps in testing the script multiple times
if nwog_name in lab_fmc.obj_tables['networkgroups'].names.keys(
):
obj_nw_group = fmc.FPObject(lab_fmc,
type='networkgroups',
name=nwog_name)
logging.info("Deleting object-group {}".format(nwog_name))
obj_nw_group.delete()
else:
print "Object Group {} NOT Found".format(nwog_name)
# End of with block
print("Done running...")
return