def firewall_import(import_fw, import_dict, import_username, import_password, commit): pushing_fw = Firewall(import_fw, import_username, import_password) AddressObject.refreshall( pushing_fw) #pulls down the address objects in the firewall AddressGroup.refreshall( pushing_fw, add=True) # pulls down the address groups in the firewall for i in import_dict['addresses']: addr = AddressObject(name=i['name'], value=i['value'], description=i['description'], type=i['type'], tag=i['tag']) pushing_fw.add(addr) start = datetime.datetime.now() addr.create_similar() for i in import_dict['groups']: group = AddressGroup(i['name'], i['static_value'], i['dynamic_value'], i['tag']) pushing_fw.add(group) start = datetime.datetime.now() group.create_similar() print( f"Imported { len(import_dict['addresses']) } addresses and {len(import_dict['groups'])} groups to { import_fw }" ) print(f"which took: {datetime.datetime.now() - start}") if commit is True: print(f"As requested, commiting to firewall {import_fw}") pushing_fw.commit() return import_dict
def main(): # Create a connection to a firewall and a rulebase to work inside fw = Firewall(HOSTNAME, USERNAME, PASSWORD) rulebase = fw.add(Rulebase()) # Fetch all the security rules from the firewall into a list rules = SecurityRule.refreshall(rulebase, add=False) print(f"Checking {len(rules)} rules...") # Iterate over the list and collect names of rules that are # missing the log forwarding profile for rule in rules: if rule.log_setting != LOG_PROFILE: print(f"Found rule to configure: {rule.name}") rulebase.add(SecurityRule(rule.name, log_setting=LOG_PROFILE)) # At this point, we've added SecurityRule objects to the Firewall # for each rule that doesn't have the right log forwarding profile. # The next step is to push all that configuration to the live device # at once using the 'create_similar()' method. # This takes the first SecurityRule to change and calls 'create_similar()'. # When 'create_similar()' is called, all the SecurityRules are pushed # to the firewall at once. The method is additive, so the existing security # rules will not change, except for the 'log_setting' parameter which # contains the log forwarding profile name. if len(rulebase.children) == 0: print("No changes needed") return rulebase.children[0].create_similar() # Now, trigger a commit # In this case, we'll wait for the commit to finish and trigger an exception # if the commit finished with any errors. print("Starting commit") fw.commit(sync=True, exception=True) print("Commit finished successfully")