def ips_syslog_server(host, port, user, passwd):
"""
End to end example of code that assigns an intrusion rule syslog server.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
syslog_server = {
"host": "192.168.100.1",
"useManagementInterface": True,
"port": "514",
"protocol": "UDP",
"type": "syslogserver"
}
syslog_server = post_syslog_server(host, port, access_token, syslog_server)
if not syslog_server:
print('Unable to post syslog server')
return False
intrusion_settings = get_intrusion_settings(host, port, access_token)
intrusion_settings["syslogServer"] = syslog_server
intrusion_settings = update_intrusion_settings(host, port, access_token,
intrusion_settings)
if not intrusion_settings:
print('Unable to update intrusion settings')
return False
else:
return True
def ha_reset(host, port, user, passwd):
"""
End to end example of code that performs an HA reset.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return
result = reset_HA(host, port, access_token)
if not result:
print('Unable to reset device')
return
for _ in range(80):
(node_state, _, _) = get_ha_status(host=host,
port=port,
access_token=access_token)
if not node_state:
print('Unable to obtain ha status')
elif node_state == 'HA_ACTIVE_NODE' or node_state == 'HA_STANDBY_NODE':
print("FTD device reset successfully")
return
print("sleep 15 seconds")
time.sleep(15)
else:
print('Unable to reset HA device')
return
def ha_suspend(host, port, user, passwd):
"""
End to end example of code that suspends a device in a HA pair.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
result = suspend_HA(host, port, access_token)
if not result:
print('Unable to suspend device')
return False
for _ in range(80):
(node_state, _, _) = get_ha_status(host=host, port=port, access_token=access_token)
if not node_state:
# should never happen
print('Unable to obtain ha status')
return False
if node_state == 'HA_SUSPENDED_NODE':
print("FTD device suspended successfully")
return True
print("sleep 15 seconds")
time.sleep(15)
else:
print('Never reached suspended state')
return False
def ha_resume(host, port, user, passwd):
"""
End to end example of code that performs an HA resume and waits for the device to rejoin the HA pair.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return
result = resume_HA(host, port, access_token)
if not result:
print('Unable to suspend device')
return
for _ in range(80):
(node_state, _, _) = get_ha_status(host=host,
port=port,
access_token=access_token)
if not node_state:
# This is expected if the FTD device was in standby state before being suspended
print('Unable to obtain ha status')
elif node_state == 'HA_ACTIVE_NODE' or node_state == 'HA_STANDBY_NODE':
print("FTD device resumed successfully")
return
print("sleep 15 seconds")
time.sleep(15)
else:
print('Unable to restore HA pair')
return
def ips_access_rule(host, port, user, passwd, policy_name):
"""
End to end example of code that creates an access rule with an intrusion policy.
The access rule is added to the start of the access rule list.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:param policy_name: intrusion policy to include in access rule
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return
smart_licenses = get_smart_licenses(host, port, access_token)
for smart_license in smart_licenses:
if smart_license['licenseType'] == 'THREAT':
print('threat license found')
break
else:
threat_license = {
'type': 'license',
'count': 1,
'licenseType': 'THREAT'
}
result = post_smart_license(host, port, access_token, threat_license)
if not result:
print('Unable to post threat license')
if not smart_licenses:
print('Unable to get smart licenses')
return False
intrusion_policy = get_intrusion_policy(host, port, access_token,
policy_name)
if not intrusion_policy:
print('Unable to get intrusion policy')
return False
access_rule = {
"type": "accessrule",
"name": "myName",
"ruleAction": "PERMIT",
"eventLogAction": "LOG_BOTH",
"intrusionPolicy": {
"type": "intrusionpolicy",
"id": intrusion_policy['id']
}
}
result = post_access_rule(host, port, access_token, access_rule)
if not result:
print('Unable to post access rule')
return False
else:
return True
def ips_update_rule(host, port, user, passwd, policy_name, gid, sid, state):
"""
End to end example of code that updates an intrusion rule for an intrusion policy.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:param policy_name: name of the policy to update
:param gid: group id of the rule to update
:param sid: signature id of the rule to update
:param state: override state of the rule to update
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
intrusion_policy = get_intrusion_policy(host, port, access_token,
policy_name)
if not intrusion_policy:
print('Unable to get intrusion policy')
return False
intrusion_rule = get_intrusion_rule(host, port, access_token,
intrusion_policy['id'], gid, sid)
if not intrusion_rule:
print('Unable to get intrusion rule')
return False
rule_update = {
'version': intrusion_policy['version'],
'id': intrusion_policy['id'],
'ruleConfigs': [{
'id': intrusion_rule['id'],
'state': state
}],
'type': 'intrusionpolicyruleupdate'
}
result = update_intrusion_rule(host, port, access_token,
intrusion_policy['id'], rule_update)
if not result:
print('Unable to update intrusion rule')
return False
intrusion_rule = get_intrusion_rule(host, port, access_token,
intrusion_policy['id'], gid, sid)
if not intrusion_rule:
print('Unable to get intrusion rule')
return False
print('rule action is {}'.format(intrusion_rule['overrideState']))
return True
def troubleshoot(host, port, user, passwd):
"""
End to end example of code that creates and downloads a troubleshoot file.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
job_id = schedule_troubleshoot(host=host, port=port, access_token=access_token)
if not job_id:
# should never happen
print('Unable to obtain a job id')
return False
# wait for a reasonable period of time (about 20 minutes) for the job to complete
status = None
filename = None
for _ in range(80):
(status, filename) = get_troubleshoot_job(host=host, port=port, access_token=access_token, job_id=job_id)
if not status:
# should never happen
print('Unable to obtain the troubleshoot job status')
return False
elif status == 'SUCCESS':
print('Completed troubleshoot job successfully {}'.format(filename))
break
elif status == 'FAILED':
# should never happen
print('Troubleshoot job failed')
return False
print("sleep 15 seconds")
time.sleep(15)
else:
print('Unable to complete the troubleshoot')
return False
try:
download_troubleshoot(host=host, port=port, access_token=access_token, filename=filename)
return True
except Exception as e:
print('Error when downloading troubleshoot file {}'.format(str(e)))
return False
def deploy(host, port, user, passwd):
"""
End to end example of code that performs an FTD deployment and waits for the deploy task to complete.
A deployment will be performed only if the user has made changes on the FTD device and those changes
are pending at run-time.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
if get_pending_changes(host, port, access_token):
deploy_id = post_deployment(host, port, access_token)
if not deploy_id:
# should never happen
print('Unable to obtain a deployment id')
return False
# wait for a reasonable period of time (about 20 minutes) for the deployment to complete
for _ in range(80):
state = get_deployment_status(host, port, access_token, deploy_id)
if not state:
# should never happen
print('Unable to obtain the deployment state')
return False
elif state == 'DEPLOYED':
print('Completed deployment successfully')
return True
elif state == 'DEPLOY_FAILED':
print('Deployment failed')
return False
print("sleep 15 seconds")
time.sleep(15)
print('Unable to complete the deployment')
return False
else:
print("There was nothing to deploy.")
return True
def ha_break(host, port, user, passwd):
"""
End to end example of code that performs an HA break break task to complete.
Requires Python v3.0 or greater and the reqeusts library.
:param host: ftd host address
:param port: ftd host port
:param user: login username
:param passwd: login password
:return: True if successful, otherwise False
"""
access_token = get_access_token(host, port, user, passwd)
if not access_token:
print("Unable to obtain an access token.")
return False
ha_status = get_ha_status(host=host, port=port, access_token=access_token)
node_state = ha_status.get('node_state')
peer_node_state = ha_status.get('peer_node_state')
config_status = ha_status.get('config_status')
if not node_state or not peer_node_state or not config_status:
# should never happen
print('Unable to obtain ha status')
return False
if node_state == 'HA_CONFIGURATION_SYNC' or peer_node_state == 'HA_CONFIGURATION_SYNC' or \
config_status == 'PRIMARY_IMPORTING_CONFIG' or config_status == 'SECONDARY_IMPORTING_CONFIG':
print('Invalid ha status for break: node {} peer {} configStatus {}'.format(node_state, peer_node_state,
config_status))
return False
break_ha_id = post_break_ha(host=host, port=port, access_token=access_token, interface_option='DISABLE_INTERFACES')
if not break_ha_id:
print('Unable to obtain break id')
return False
for _ in range(80):
state = get_break_ha(host=host, port=port, access_token=access_token, break_ha_id=break_ha_id)
if state == 'DEPLOYED':
break
elif state == 'FAILED':
print('Unable to complete break deployment')
return False
else:
print("sleep 15 seconds")
time.sleep(15)
else:
print('Unable to complete break')
return False
for _ in range(80):
(node_state, _, _) = get_ha_status(host=host, port=port, access_token=access_token)
if not node_state:
# should never happen
print('Unable to obtain ha status')
return False
if node_state == 'SINGLE_NODE':
print("HA break completed successfully")
return True
print("sleep 15 seconds")
time.sleep(15)
else:
print('Unable to complete break')
return False