def main(): """ Migrate policy objects from one FMC to another. This is useful when FMC needs to be re-imaged. """ logging.basicConfig( # filename='/path/to/python-fmc/output.txt', stream=sys.stderr, level=logging.DEBUG, # DEBUG, INFO, WARNING, ERROR, CRITICAL # format="[%(levelname)8s]: %(message)s", format='[%(asctime)s-%(levelname)s]: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') # Get server, username and password from CLI username = '******' if len(sys.argv) > 1: username = sys.argv[1] password = '******' if len(sys.argv) > 2: password = sys.argv[2] server_from = 'https://fmc1.example.com' if len(sys.argv) > 3: server_from = sys.argv[3] server_to = 'https://fmc2.example.com' if len(sys.argv) > 4: server_to = sys.argv[4] obj_types = [ 'hosts', 'networks', 'ranges', # Network 'networkgroups', # Network 'vlantags', 'vlangrouptags', # VLAN Tag 'urls', 'urlgroups', # URL 'protocolportobjects', # Service # 'icmpv4objects', # DEFECT: ICMPv4Objects is not working 'icmpv6objects', # Service 'portobjectgroups', # Service ] # Port DEFECT: ICMPv4Objects is not working # There is incomplete JSON response when individual IPMPv4Object is requested via GET # There is incomplete JSON response when all IPMPv4Objects are requested via GET with 'expanded=true' with fmc.FMC(url=server_from, username=username, password=password) as fmc_old: with fmc.FMC(url=server_to, username=username, password=password) as fmc_new: for obj_type in obj_types: # Build the names dictionary for new FMC fmc_old.obj_tables[obj_type].build() # child first order fmc_new.obj_tables[obj_type].build() # child first order names_dict = fmc_old.obj_tables[obj_type].names # Migrate objects from old FMC VM to new FMC VM for obj_name, obj_id in names_dict.items(): print "{}: old_id {}".format(obj_name, obj_id) obj_old = fmc.FPObject(fmc_old, type=obj_type, oid=obj_id) obj_new = fmc.FPObject(fmc_new, obj=obj_old) print "{}: new_id {}".format(obj_new.name, obj_new.id) # End of with block print("Done running...")
def main(): logging.basicConfig( stream=sys.stdout, # filename='csm_policy_output.log', level=logging.INFO, # INFO, INFO, WARNING, ERROR, CRITICAL format='[%(asctime)s-%(levelname)s]: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p', encoding="UTF-8") # Get server, username and password from CLI csm_user = '******' if len(sys.argv) > 1: csm_user = sys.argv[1] csm_pswd = 'password' if len(sys.argv) > 2: csm_pswd = sys.argv[2] csm_url = 'https://csm.example.com' if len(sys.argv) > 3: csm_url = sys.argv[3] fmc_user = '******' if len(sys.argv) > 4: fmc_user = sys.argv[4] fmc_pswd = 'password' if len(sys.argv) > 5: fmc_pswd = sys.argv[5] fmc_url = 'https://fmc.example.com' if len(sys.argv) > 6: fmc_url = sys.argv[6] with csm.CSM(csm_url, csm_user, csm_pswd) as lab_csm: lab_csm.getServiceInfo() # Validate communication with CSM with fmc.FMC(fmc_url, fmc_user, fmc_pswd) as lab_fmc: for obj_type in lab_fmc.NETWORK_OBJECT_TYPES: # ['hosts', 'networks', 'ranges', 'networkgroups'] lab_fmc.obj_tables[obj_type].build() migrate_network_objects(lab_csm, lab_fmc, action='CREATE') return
def main(): """ Test FMC Object Manager API. """ logging.basicConfig( # filename='/path/to/python-fmc/output.txt', stream=sys.stdout, level=logging.INFO, # DEBUG, INFO, WARNING, ERROR, CRITICAL # format="[%(levelname)8s]: %(message)s", format='[%(asctime)s-%(levelname)s]: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') # Get server, username and password from CLI username = '******' if len(sys.argv) > 1: username = sys.argv[1] password = '******' if len(sys.argv) > 2: password = sys.argv[2] server_url = 'https://fmc.example.com' if len(sys.argv) > 3: server_url = sys.argv[3] with fmc.FMC(url=server_url, username=username, password=password) as lab_fmc: # Build the object names dictionary for the FMC for obj_type in lab_fmc.NETWORK_OBJECT_TYPES: # ['hosts', 'networks', 'ranges', 'networkgroups'] lab_fmc.obj_tables[obj_type].build() for obj in lab_fmc.obj_tables[ 'networkgroups']: # Current list of objects in FMC print(obj.name) test_host = { "description": "Testing Python API | Chetan", "name": "TEST.HOST.OBJECT", "overridable": True, "type": "Host", "value": "8.8.8.8" } test_range = { "description": "Testing Python API | Chetan", "name": "TEST.RANGE.OBJECT", "overridable": True, "type": "Range", "value": "8.8.8.8-8.8.8.10" } test_nw = { "description": "Testing Python API | Chetan", "name": "TEST.NETWORK.OBJECT", "overridable": True, "type": "Network", "value": "8.8.8.0/24" } test_ch_group = OrderedDict([ ("description", "Testing Python API | Chetan"), ("name", "TEST.CHGROUP.OBJECT"), ("overridable", True), ("type", "NetworkGroup"), ("literals", [OrderedDict([("type", "Network"), ("value", "8.8.8.0/24")])]) ]) test_nw_group = { "description": "Testing Python API | Chetan", "name": "TEST.GROUP.OBJECT", "overridable": True, "type": "NetworkGroup" } # Create Objects logging.info("CREATING OBJECTS") obj_host = fmc.FPObject(lab_fmc, data=test_host) obj_range = fmc.FPObject(lab_fmc, data=test_range) obj_nw = fmc.FPObject(lab_fmc, data=test_nw) obj_ch_group = fmc.FPObject(lab_fmc, data=test_ch_group) # Create Group object with no children and overridable = True obj_nw_group = fmc.FPObject(lab_fmc, data=test_nw_group) logging.info('Child method: Add child object to Parent') obj_ch_group.add_to_parent('TEST.GROUP.OBJECT') logging.info('Child method: Add child object to Parent') obj_host.add_to_parent('TEST.GROUP.OBJECT') logging.info('Parent method: Add multiple children objects to Parent') obj_nw_group.add_children('TEST.RANGE.OBJECT', 'TEST.NETWORK.OBJECT') logging.info('Rename Object') obj_range.rename('TEST.RENAME.OBJECT') logging.info('Child method: Remove child object from Parent') obj_nw.remove_from_parent('TEST.GROUP.OBJECT') logging.info('Parent method: Remove child object') obj_nw_group.remove_child('TEST.RENAME.OBJECT') logging.info('Test script clean up') obj_nw.delete() obj_nw_group.delete() obj_range.delete() obj_host.delete() obj_ch_group.delete() # End of with block print("Done running...") return
def main(): """ Delete all non-default network objects from FMC. This is useful for API testing. """ logging.basicConfig( # filename='/path/to/python-fmc/output.txt', stream=sys.stdout, level=logging.INFO, # DEBUG, INFO, WARNING, ERROR, CRITICAL # format="[%(levelname)8s]: %(message)s", format='[%(asctime)s-%(levelname)s]: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') # Get server, username and password from CLI username = '******' if len(sys.argv) > 1: username = sys.argv[1] password = '******' if len(sys.argv) > 2: password = sys.argv[2] server_url = 'https://fmc.example.com' if len(sys.argv) > 3: server_url = sys.argv[3] DEFAULT_OBJECTS = {} DEFAULT_OBJECTS['ranges'] = [] DEFAULT_OBJECTS['hosts'] = ['any-ipv6'] DEFAULT_OBJECTS['networkgroups'] = ['IPv4-Private-All-RFC1918'] DEFAULT_OBJECTS['networks'] = [ "any", "any-ipv4", "IPv4-Benchmark-Tests", "IPv4-Link-Local", "IPv4-Multicast", "IPv4-Private-10.0.0.0-8", "IPv4-Private-172.16.0.0-12", "IPv4-Private-192.168.0.0-16", "IPv6-IPv4-Mapped", "IPv6-Link-Local", "IPv6-Private-Unique-Local-Addresses", "IPv6-to-IPv4-Relay-Anycast" ] DEFAULT_OBJECTS['portobjectgroups'] = [] DEFAULT_OBJECTS['protocolportobjects'] = [ 'AOL', 'Bittorrent', 'DNS_over_TCP', 'DNS_over_UDP', 'FTP', 'HTTP', 'HTTPS', 'IMAP', 'LDAP', 'NFSD-TCP', 'NFSD-UDP', 'NTP-TCP', 'NTP-UDP', 'POP-2', 'POP-3', 'RADIUS', 'RIP', 'SIP', 'SMTP', 'SMTPS', 'SNMP', 'SSH', 'SYSLOG', 'TCP_high_ports', 'TELNET', 'TFTP', 'Yahoo_Messenger_Messages', 'YahooMessenger_Voice_Chat_TCP', 'YahooMessenger_Voice_Chat_UDP' ] DEFAULT_OBJECTS['icmpv4objects'] = [] DEFAULT_OBJECTS['icmpv6objects'] = [] with fmc.FMC(url=server_url, username=username, password=password) as lab_fmc: # Build the object names dictionary for the FMC for obj_type in [ 'networkgroups', 'hosts', 'networks', 'ranges', 'portobjectgroups', 'protocolportobjects', 'icmpv6objects' ]: # Groups first order lab_fmc.obj_tables[obj_type].build( ) # List of objects with child first order names_dict = lab_fmc.obj_tables[obj_type].names for obj_name, obj_id in names_dict.items( )[::-1]: # Delete with parents first order if obj_name in DEFAULT_OBJECTS[obj_type]: continue else: # obj_id = names_dict[obj_name] fp_obj = fmc.FPObject(lab_fmc, type=obj_type, oid=obj_id) fp_obj.delete() # End of with block print("Done running...") return
def main(): """ Create network objects in FMC as per information in CSV file. """ logging.basicConfig( # filename='/path/to/python-fmc/output.txt', stream=sys.stdout, level=logging.DEBUG, # DEBUG, INFO, WARNING, ERROR, CRITICAL # format="[%(levelname)8s]: %(message)s", format='[%(asctime)s-%(levelname)s]: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') # Get server, username and password from CLI username = '******' if len(sys.argv) > 1: username = sys.argv[1] password = '******' if len(sys.argv) > 2: password = sys.argv[2] server_url = 'https://fmc.example.com' if len(sys.argv) > 3: server_url = sys.argv[3] # Read CSV file and create JSON data to be POST'd to FMC # "subnet_cidr", "subnet_nwog" # "192.168.10.0/23", "TEST.NETWORK-GROUP_1" # "192.168.0.0/23", "TEST.NETWORK-GROUP_1" # "10.10.10.0/28", "TEST.NETWORK-GROUP_2" # "10.48.0.0/20", "TEST.NETWORK-GROUP_3" # "192.168.64.0/20", "TEST.NETWORK-GROUP_1" nwog_dicts = {} with open('workstation_subnets.csv') as csvfile: reader = csv.DictReader(csvfile) for row in reader: subnet_nwog = row['subnet_nwog'] # If we have not seen this key before, create a new dictionary for it if subnet_nwog not in nwog_dicts.keys(): nwog_dicts[subnet_nwog] = { "name": subnet_nwog, "overridable": True, "type": "NetworkGroup", "literals": [] } d = {"type": "Network", "value": row['subnet_cidr']} nwog_dicts[subnet_nwog]["literals"].append(d) action = 'DELETE' # or 'DELETE' with fmc.FMC(url=server_url, username=username, password=password) as lab_fmc: # Build the object names dictionary for the FMC # This is required for data validation before making changes in FMC. for obj_type in lab_fmc.NETWORK_OBJECT_TYPES: # ['hosts', 'networks', 'ranges', 'networkgroups'] lab_fmc.obj_tables[obj_type].build() for nwog_name, nwog_data in nwog_dicts.items(): if action is 'CREATE': logging.info("Creating object-group {}".format(nwog_name)) obj_nw_group = fmc.FPObject(lab_fmc, type='networkgroups', data=nwog_data) elif action is 'DELETE': # This helps in testing the script multiple times if nwog_name in lab_fmc.obj_tables['networkgroups'].names.keys( ): obj_nw_group = fmc.FPObject(lab_fmc, type='networkgroups', name=nwog_name) logging.info("Deleting object-group {}".format(nwog_name)) obj_nw_group.delete() else: print "Object Group {} NOT Found".format(nwog_name) # End of with block print("Done running...") return