def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
comment=None,
**kw):
"""
Create a Layer3Virtual engine for a Master Engine. Provide interfaces
as a list of dict items specifying the interface details in format::
{'interface_id': 1, 'address': '1.1.1.1', 'network_value': '1.1.1.0/24',
'zone_ref': zone_by_name,href, 'comment': 'my interface comment'}
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param bool default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:raises CreateEngineFailed: Failure to create with reason
:raises LoadEngineFailed: master engine not found
:return: :py:class:`smc.core.engine.Engine`
"""
virt_resource_href = None # need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
'Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual resource for the '
'master engine before you can associate a virtual engine. Cannot '
'add VE'.format(name))
virtual_interfaces = []
for interface in interfaces:
nodes = {
'address': interface.get('address'),
'network_value': interface.get('network_value')
}
layer3 = {
'interface_id': interface.get('interface_id'),
'interface': 'single_node_interface',
'comment': interface.get('comment', None),
'zone_ref': interface.get('zone_ref')
}
if interface.get('interface_id') == outgoing_intf:
nodes.update(outgoing=True, auth_request=True)
layer3['interfaces'] = [{'nodes': [nodes]}]
virtual_interfaces.append({
'virtual_physical_interface':
Layer3PhysicalInterface(**layer3).data.data
})
engine = super(Layer3VirtualEngine, cls)._create(
name=name,
node_type='virtual_fw_node',
physical_interfaces=virtual_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, # Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
comment=comment)
engine.update(virtual_resource=virt_resource_href)
# Master Engine provides this service
engine.pop('log_server_ref', None)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
zone_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False,
comment=None):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interface = {
'interface_id':
mgmt_interface,
'interfaces': [{
'nodes': [{
'address': mgmt_ip,
'network_value': mgmt_network
}]
}],
'zone_ref':
zone_ref,
'comment':
comment
}
interface = Layer3PhysicalInterface(primary_mgt=mgmt_interface,
primary_heartbeat=mgmt_interface,
**interface)
engine = super(MasterEngine, cls)._create(
name=name,
node_type='master_node',
physical_interfaces=[{
'physical_interface': interface
}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
comment=comment)
engine.update(master_type=master_type, cluster_mode='standby')
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
comment=None):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: name, str href or LogicalInterface (created if it
doesn't exist)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interfaces = []
interface_id, second_interface_id = inline_interface.split('-')
l2 = {
'interface_id': interface_id,
'interface': 'inline_interface',
'second_interface_id': second_interface_id,
'logical_interface_ref': logical_interface
}
interfaces.append(
{'physical_interface': Layer2PhysicalInterface(**l2)})
layer3 = {
'interface_id':
mgmt_interface,
'zone_ref':
zone_ref,
'interfaces': [{
'nodes': [{
'address': mgmt_ip,
'network_value': mgmt_network,
'nodeid': 1
}]
}]
}
interfaces.append({
'physical_interface':
Layer3PhysicalInterface(primary_mgt=mgmt_interface, **layer3)
})
engine = super(IPS, cls)._create(
name=name,
node_type='ips_node',
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
comment=comment)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1', 'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
"""
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
else:
interface.update(interface='single_node_interface')
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
**interface)
physical_interfaces.append({'physical_interface': interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=physical_interfaces,
loopback_ndi=kw.get('loopback_ndi', []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def add_layer3_vlan_interface(self,
interface_id,
vlan_id,
address=None,
network_value=None,
virtual_mapping=None,
virtual_resource_name=None,
zone_ref=None,
comment=None,
**kw):
"""
Add a Layer 3 VLAN interface. Optionally specify an address and network if
assigning an IP to the VLAN. This method will also assign an IP address to
an existing VLAN, or add an additional address to an existing VLAN. This
method may commonly be used on a Master Engine to create VLANs for virtual
firewall engines.
Example of creating a VLAN and passing kwargs to define a DHCP server
service on the VLAN interface::
engine = Engine('engine1')
engine.physical_interface.add_layer3_vlan_interface(interface_id=20, vlan_id=20,
address='20.20.20.20', network_value='20.20.20.0/24', comment='foocomment',
dhcp_server_on_interface={
'default_gateway': '20.20.20.1',
'default_lease_time': 7200,
'dhcp_address_range': '20.20.20.101-20.20.20.120',
'dhcp_range_per_node': [],
'primary_dns_server': '8.8.8.8'})
:param str,int interface_id: interface identifier
:param int vlan_id: vlan identifier
:param str address: optional IP address to assign to VLAN
:param str network_value: network cidr if address is specified. In
format: 10.10.10.0/24.
:param str zone_ref: zone to use, by name, href, or Zone
:param str comment: optional comment for VLAN level of interface
:param int virtual_mapping: virtual engine mapping id
See :class:`smc.core.engine.VirtualResource.vfw_id`
:param str virtual_resource_name: name of virtual resource
See :class:`smc.core.engine.VirtualResource.name`
:param dict kw: keyword arguments are passed to top level of VLAN interface,
not the base level physical interface. This is useful if you want to
pass in a configuration that enables the DHCP server on a VLAN for example.
:raises EngineCommandFailed: failure creating interface
:return: None
"""
interfaces = {
'nodes': [{
'address': address,
'network_value': network_value
}] if address and network_value else [],
'zone_ref':
zone_ref,
'virtual_mapping':
virtual_mapping,
'virtual_resource_name':
virtual_resource_name,
'comment':
comment
}
interfaces.update(**kw)
_interface = {'interface_id': interface_id, 'interfaces': [interfaces]}
if 'single_fw' in self._engine.type: # L2FW / IPS
_interface.update(interface='single_node_interface')
try:
interface = self._engine.interface.get(interface_id)
vlan = interface.vlan_interface.get(vlan_id)
# Interface exists, so we need to update but check if VLAN already exists
if vlan is None:
interfaces.update(vlan_id=vlan_id)
interface._add_interface(**_interface)
else:
_interface.update(
interface_id='{}.{}'.format(interface_id, vlan_id))
vlan._add_interface(**_interface)
return interface.update()
except InterfaceNotFound:
interfaces.update(vlan_id=vlan_id)
interface = Layer3PhysicalInterface(**_interface)
return self._engine.add_interface(interface)
def create(cls,
name,
master_type,
macaddress,
nodes,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_antivirus=False,
comment=None,
extra_opts=None,
**kw):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
primary_mgt = primary_heartbeat = mgmt_interface
interface = {
'interface_id': mgmt_interface,
'interfaces': [{
'nodes': nodes
}],
'macaddress': macaddress,
}
interface = Layer3PhysicalInterface(
primary_mgt=primary_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
engine = super(MasterEngineCluster, cls)._create(
name=name,
node_type='master_node',
physical_interfaces=[{
'physical_interface': interface
}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_antivirus=enable_antivirus,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(master_type=master_type, cluster_mode='standby')
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
auth_request=None,
log_server_ref=None,
domain_server_address=None,
nodes=1,
node_type='firewall_node',
location_ref=None,
default_nat=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
extra_opts=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1', 'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
Sample of creating a simple two interface firewall::
firewall_def = {
'name': 'firewall',
'domain_server_address': ['192.168.122.1'],
'primary_mgt': 0,
'interfaces': [
{'interface_id': 0,
'interfaces': [{'nodes': [{'address': '192.168.122.100', 'network_value': '192.168.122.0/24', 'auth_request': False}]}
]
},
{'interface_id': 1,
'interfaces': [{'nodes': [{'address': '10.0.0.254', 'network_value': '10.0.0.0/24', 'auth_request': True}]}
]
}
]
}
fw = Layer3Firewall.create_bulk(**firewall_def)
.. note:: You can set primary_mgt, backup_mgt, outgoing, and auth_request within the
interface definition itself to specify interface options. If provided in the constructor,
this will be passed to the interface creation factory. You should use one or the other
method, not both.
See :class:`smc.core.interfaces.Layer3PhysicalInterface` for more advanced examples
"""
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
elif interface.get('type', None) == 'switch_physical_interface':
physical_interfaces.append({
'switch_physical_interface':
SwitchPhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
})
else:
interface.update(interface='single_node_interface')
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
physical_interfaces.append({'physical_interface': interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type=node_type,
physical_interfaces=physical_interfaces,
loopback_ndi=kw.pop('loopback_ndi', []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=nodes,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment,
**extra_opts if extra_opts else {})
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)