def create(cls, name, cluster_virtual, cluster_mask,
macaddress, cluster_nic, nodes,
cluster_mode='balancing',
log_server_ref=None,
domain_server_address=None,
zone_ref=None, default_nat=False,
enable_antivirus=False, enable_gti=False):
"""
Create a layer 3 firewall cluster with management interface and any number
of nodes
:param str name: name of firewall engine
:param cluster_virtual: ip of cluster CVI
:param cluster_mask: ip netmask of cluster CVI
:param macaddress: macaddress for packet dispatch clustering
:param cluster_nic: nic id to use for primary interface
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str cluster_mode: 'balancing' or 'standby' mode (default: balancing)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
Example nodes parameter input::
[{'address':'5.5.5.2', 'network_value':'5.5.5.0/24', 'nodeid':1},
{'address':'5.5.5.3', 'network_value':'5.5.5.0/24', 'nodeid':2},
{'address':'5.5.5.4', 'network_value':'5.5.5.0/24', 'nodeid':3}]
"""
builder = InterfaceBuilder()
builder.interface_id = cluster_nic
builder.macaddress = macaddress
builder.cvi_mode = 'packetdispatch'
builder.zone = zone_ref
builder.add_cvi_only(cluster_virtual, cluster_mask, is_mgmt=True)
for node in nodes:
node.update(is_mgmt=True)
builder.add_ndi_only(**node)
engine = super(FirewallCluster, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes), enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat)
engine.update(cluster_mode=cluster_mode)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls, name, mgmt_ip, mgmt_network,
mgmt_interface=0,
log_server_ref=None,
default_nat=False,
reverse_connection=False,
domain_server_address=None, zone_ref=None,
enable_antivirus=False, enable_gti=False,
location_ref=None, enable_ospf=False,
sidewinder_proxy_enabled=False,
ospf_profile=None):
"""
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param str log_server_ref: (optional) href to log_server instance for fw
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool reverse_connection: should the NGFW be the mgmt initiator (used when behind NAT)
:param bool default_nat: (optional) Whether to enable default NAT for outbound
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:param bool sidewinder_proxy_enabled: Enable Sidewinder proxy functionality
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
builder = InterfaceBuilder()
builder.interface_id = mgmt_interface
builder.add_sni_only(
mgmt_ip,
mgmt_network,
is_mgmt=True,
reverse_connection=reverse_connection)
builder.zone = zone_ref
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls, name, master_type, macaddress,
nodes, mgmt_interface=0, log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
builder = InterfaceBuilder()
builder.interface_id = mgmt_interface
builder.macaddress = macaddress
for node in nodes:
node.update(is_mgmt=True)
builder.add_ndi_only(**node)
engine = super(MasterEngineCluster, cls)._create(
name=name,
node_type='master_node',
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes), enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type,
cluster_mode='standby')
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls, name, mgmt_ip, mgmt_network,
mgmt_interface='0',
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None, zone_ref=None,
enable_antivirus=False, enable_gti=False):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: name, str href or LogicalInterface (created if it
doesn't exist)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interfaces = []
mgmt = InterfaceBuilder()
mgmt.interface_id = mgmt_interface
mgmt.add_ndi_only(mgmt_ip, mgmt_network, is_mgmt=True)
mgmt.zone = zone_ref
inline = InterfaceBuilder()
inline.interface_id = inline_interface.split('-')[0]
inline.add_inline(inline_interface, logical_interface_ref=logical_interface)
interfaces.append({'physical_interface': mgmt.data})
interfaces.append({'physical_interface': inline.data})
engine = super(IPS, cls)._create(
name=name,
node_type='ips_node',
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
primary_mgt=True,
primary_heartbeat=True,
outgoing=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create_dynamic(cls, name, interface_id,
dynamic_index=1,
primary_mgt=True,
reverse_connection=True,
automatic_default_route=True,
domain_server_address=None,
loopback_ndi='127.0.0.1',
loopback_ndi_network='127.0.0.1/32',
location_ref=None,
log_server_ref=None,
zone_ref=None,
enable_gti=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
default_nat=False):
"""
Create a single layer 3 firewall with only a single DHCP interface. Useful
when creating virtualized FW's such as in Microsoft Azure.
"""
builder = InterfaceBuilder()
builder.interface_id = interface_id
builder.add_dhcp(dynamic_index, is_mgmt=primary_mgt)
builder.zone = zone_ref
loopback = LoopbackInterface.create(
address=loopback_ndi,
nodeid=1,
auth_request=True,
rank=1)
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
loopback_ndi=[loopback.data],
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls, name, master_type, mgmt_ip, mgmt_network,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None, enable_gti=False,
enable_antivirus=False):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
builder = InterfaceBuilder()
builder.interface_id = mgmt_interface
builder.add_ndi_only(mgmt_ip, mgmt_network,
is_mgmt=True,
primary_heartbeat=True,
outgoing=True)
engine = super(MasterEngine, cls)._create(
name=name,
node_type='master_node',
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type,
cluster_mode='standby')
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
inline_interface="1-2",
logical_interface="default_eth",
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
comment=None,
extra_opts=None,
**kw):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to engine
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: name, str href or LogicalInterface (created if it
doesn't exist)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interfaces = []
interface_id, second_interface_id = inline_interface.split("-")
l2 = {
"interface_id": interface_id,
"interface": "inline_interface",
"second_interface_id": second_interface_id,
"logical_interface_ref": logical_interface,
}
interfaces.append(
{"physical_interface": Layer2PhysicalInterface(**l2)})
layer3 = {
"interface_id":
mgmt_interface,
"zone_ref":
zone_ref,
"interfaces": [{
"nodes": [{
"address": mgmt_ip,
"network_value": mgmt_network,
"nodeid": 1
}]
}],
}
interfaces.append({
"physical_interface":
Layer3PhysicalInterface(primary_mgt=mgmt_interface, **layer3)
})
engine = super(IPS, cls)._create(
name=name,
node_type="ips_node",
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
enable_gti=enable_gti,
nodes=1,
enable_antivirus=enable_antivirus,
comment=comment,
**extra_opts if extra_opts else {})
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
auth_request=None,
log_server_ref=None,
domain_server_address=None,
nodes=1,
node_type="firewall_node",
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
extra_opts=None,
engine_type=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1',
'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
Sample of creating a simple two interface firewall::
firewall_def = {
'name': 'firewall',
'domain_server_address': ['192.168.122.1'],
'primary_mgt': 0,
'interfaces': [
{'interface_id': 0,
'interfaces': [{'nodes': [{'address': '192.168.122.100',
'network_value': '192.168.122.0/24', 'auth_request': False}]}
]
},
{'interface_id': 1,
'interfaces': [{'nodes': [{'address': '10.0.0.254',
'network_value': '10.0.0.0/24', 'auth_request': True}]}
]
}
]
}
fw = Layer3Firewall.create_bulk(**firewall_def)
.. note:: You can set primary_mgt, backup_mgt, outgoing, and auth_request within the
interface definition itself to specify interface options. If provided in the constructor,
this will be passed to the interface creation factory. You should use one or the other
method, not both.
See :class:`smc.core.interfaces.Layer3PhysicalInterface` for more advanced examples
"""
physical_interfaces = []
for interface in interfaces:
if "interface_id" not in interface:
raise CreateEngineFailed(
"Interface definitions must contain the interface_id "
"field. Failed to create engine: %s" % name)
if interface.get("type", None) == "tunnel_interface":
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{"tunnel_interface": tunnel_interface})
elif interface.get("type", None) == "switch_physical_interface":
physical_interfaces.append({
"switch_physical_interface":
SwitchPhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
})
else:
interface.update(interface="single_node_interface")
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
physical_interfaces.append({"physical_interface": interface})
if snmp:
snmp_agent = dict(
snmp_agent_ref=snmp.get("snmp_agent", ""),
snmp_location=snmp.get("snmp_location", ""),
)
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get("snmp_interface", [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type=node_type,
physical_interfaces=physical_interfaces,
loopback_ndi=kw.pop("loopback_ndi", []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=nodes,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment,
**extra_opts if extra_opts else {})
return ElementCreator(engine_type if engine_type else cls,
json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
macaddress,
nodes,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False,
comment=None,
extra_opts=None,
**kw):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
primary_mgt = primary_heartbeat = mgmt_interface
interface = {
"interface_id": mgmt_interface,
"interfaces": [{
"nodes": nodes
}],
"macaddress": macaddress,
}
interface = Layer3PhysicalInterface(
primary_mgt=primary_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
engine = super(MasterEngineCluster, cls)._create(
name=name,
node_type="master_node",
physical_interfaces=[{
"physical_interface": interface
}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
enable_gti=enable_gti,
nodes=len(nodes),
enable_antivirus=enable_antivirus,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(master_type=master_type, cluster_mode="standby")
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
zone_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False,
comment=None,
extra_opts=None,
**kw):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interface = {
"interface_id":
mgmt_interface,
"interfaces": [{
"nodes": [{
"address": mgmt_ip,
"network_value": mgmt_network
}]
}],
"zone_ref":
zone_ref,
"comment":
comment,
}
interface = Layer3PhysicalInterface(primary_mgt=mgmt_interface,
primary_heartbeat=mgmt_interface,
**interface)
engine = super(MasterEngine, cls)._create(
name=name,
node_type="master_node",
physical_interfaces=[{
"physical_interface": interface
}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
enable_gti=enable_gti,
nodes=1,
enable_antivirus=enable_antivirus,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(master_type=master_type, cluster_mode="standby")
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
zone_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False,
comment=None):
"""
Create a Master Engine with management interface
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_network: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interface = {
'interface_id':
mgmt_interface,
'interfaces': [{
'nodes': [{
'address': mgmt_ip,
'network_value': mgmt_network
}]
}],
'zone_ref':
zone_ref,
'comment':
comment
}
interface = Layer3PhysicalInterface(primary_mgt=mgmt_interface,
primary_heartbeat=mgmt_interface,
**interface)
engine = super(MasterEngine, cls)._create(
name=name,
node_type='master_node',
physical_interfaces=[{
'physical_interface': interface
}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
comment=comment)
engine.update(master_type=master_type, cluster_mode='standby')
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
nodes=2,
cluster_mode='balancing',
primary_mgt=None,
backup_mgt=None,
primary_heartbeat=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
comment=None,
snmp=None,
**kw):
"""
:param dict snmp: SNMP dict should have keys `snmp_agent` str defining name of SNMPAgent,
`snmp_interface` which is a list of interface IDs, and optionally `snmp_location` which
is a string with the SNMP location name.
"""
primary_heartbeat = primary_mgt if not primary_heartbeat else primary_heartbeat
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
else:
cluster_interface = ClusterPhysicalInterface(
primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
physical_interfaces.append(
{'physical_interface': cluster_interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(FirewallCluster, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=physical_interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
location_ref=location_ref,
nodes=nodes,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
snmp_agent=snmp_agent if snmp else None,
comment=comment)
engine.update(cluster_mode=cluster_mode)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create_with_many(cls, name, interfaces, mgmt_interface=0,
log_server_ref=None,
default_nat=False,
domain_server_address=None,
enable_antivirus=False, enable_gti=False,
location_ref=None, enable_ospf=False,
sidewinder_proxy_enabled=False,
ospf_profile=None):
"""
Create a firewall with multiple interfaces. Provide the interfaces as a list
of interfaces. Interfaces can be one of any valid interface for a layer 3
firewall. Unless the interface type is specified, physical_interface is assumed.
Valid interface types:
- physical_interface (default if not specified)
- tunnel_interface
Example interfaces format::
{'interface_id': 1},
{'interface_id': 2, 'address': '1.1.1.1', 'network_value': '1.1.1.0/24', 'zone_ref': 'myzone'},
{'interface_id': 1000, 'address': '10.10.10.1', 'network_value': '10.10.10.0/24', 'type': 'tunnel_interface'}
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param int mgmt_interface: management interface id (default: 0)
:param list interfaces: list of interface definitions
:param str log_server_ref: (optional) href to log_server instance for fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool default_nat: (optional) Whether to enable default NAT for outbound
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:param bool sidewinder_proxy_enabled: Enable Sidewinder proxy functionality
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:raises ValueError: Failed to provide required parameters
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interface_list = []
for interface in interfaces:
if 'interface_id' not in interface:
raise ValueError('Interface_id is a required field when defining interfaces.')
if interface.get('type', None) == 'tunnel_interface':
if 'address' not in interface or 'network_value' not in interface:
raise ValueError('Tunnel interfaces require an address and network_value')
builder = InterfaceBuilder(None)
builder.interface_id = interface['interface_id']
builder.zone = interface.get('zone_ref', None)
builder.add_sni_only(
address=interface['address'],
network_value=interface['network_value'])
interface_list.append({'tunnel_interface': builder.data})
else:
if 'address' in interface and 'network_value' in interface:
builder = InterfaceBuilder()
builder.interface_id = interface['interface_id']
builder.zone = interface.get('zone_ref', None)
builder.add_sni_only(
address=interface['address'],
network_value=interface['network_value'],
is_mgmt=True if interface['interface_id'] == mgmt_interface else False,
reverse_connection=interface.get('reverse_connection', False))
else:
builder = InterfaceBuilder()
builder.interface_id = interface['interface_id']
builder.zone = interface.get('zone_ref', None)
interface_list.append({'physical_interface': builder.data})
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=interface_list,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1', 'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
"""
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
else:
interface.update(interface='single_node_interface')
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
**interface)
physical_interfaces.append({'physical_interface': interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=physical_interfaces,
loopback_ndi=kw.get('loopback_ndi', []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create(cls,
name,
master_type,
macaddress,
nodes,
mgmt_interface=0,
log_server_ref=None,
domain_server_address=None,
enable_gti=False,
enable_antivirus=False):
"""
Create Master Engine Cluster
:param str name: name of master engine engine
:param str master_type: firewall|
:param str mgmt_ip: ip address for management interface
:param str mgmt_netmask: full netmask for management
:param str mgmt_interface: interface to use for mgmt (default: 0)
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_interface_on_master_engine(mgmt_interface,
macaddress,
nodes,
is_mgmt=True)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
engine.update(master_type=master_type, cluster_mode='standby')
href = search.element_entry_point('master_engine')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='master_engine'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}'.format(result.msg))
def create(cls, name, master_engine, virtual_resource,
interfaces, default_nat=False, outgoing_intf=0,
domain_server_address=None, enable_ospf=False,
ospf_profile=None, **kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param bool default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:raises CreateEngineFailed: Failure to create with reason
:raises LoadEngineFailed: master engine not found
:return: :py:class:`smc.core.engine.Engine`
"""
virt_resource_href = None # need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed('Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
builder = InterfaceBuilder()
builder.interface_id = interface.get('interface_id')
builder.add_sni_only(interface.get('address'),
interface.get('network_value'))
builder.zone_ref = interface.get('zone_ref')
# set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = extract_sub_interface(builder.data)
intf.update(outgoing=True, auth_request=True)
new_interfaces.append({'virtual_physical_interface': builder.data})
engine = super(Layer3VirtualEngine, cls)._create(
name=name,
node_type='virtual_fw_node',
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, # Isn't used in VE
nodes=1, default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
# Master Engine provides this service
engine.pop('log_server_ref', None)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create(cls,
name,
cluster_virtual,
cluster_mask,
macaddress,
cluster_nic,
nodes,
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False):
"""
Create a layer 3 firewall cluster with management interface and any number
of nodes
:param str name: name of firewall engine
:param cluster_virtual: ip of cluster CVI
:param cluster_mask: ip netmask of cluster CVI
:param macaddress: macaddress for packet dispatch clustering
:param cluster_nic: nic id to use for primary interface
:param list nodes: address/network_value/nodeid combination for cluster nodes
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
Example nodes parameter input::
[{'address':'5.5.5.2',
'network_value':'5.5.5.0/24',
'nodeid':1},
{'address':'5.5.5.3',
'network_value':'5.5.5.0/24',
'nodeid':2},
{'address':'5.5.5.4',
'network_value':'5.5.5.0/24',
'nodeid':3}]
"""
physical = PhysicalInterface()
physical.add_cluster_virtual_interface(cluster_nic,
cluster_virtual,
cluster_mask,
macaddress,
nodes,
is_mgmt=True,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=len(nodes),
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat)
href = search.element_entry_point('fw_cluster')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='fw_cluster'))
else:
raise CreateEngineFailed('Could not create the firewall, '
'reason: {}'.format(result.msg))
def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
**kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param boolean default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
:py:class:`smc.api.exceptions.LoadEngineFailed`: master engine not found
"""
virt_resource_href = None #need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
'Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
physical = VirtualPhysicalInterface()
physical.add_single_node_interface(
interface.get('interface_id'),
interface.get('address'),
interface.get('network_value'),
zone_ref=interface.get('zone_ref'))
#set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = _interface_helper(physical.data)
intf.outgoing = True
intf.auth_request = True
new_interfaces.append(physical())
engine = Engine.create(
name=name,
node_type=cls.node_type,
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, #Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
engine.pop('log_server_ref',
None) #Master Engine provides this service
href = search.element_entry_point('virtual_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='virtual_fw'))
else:
raise CreateEngineFailed('Could not create the virtual engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
default_nat=False,
reverse_connection=False,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
location_ref=None,
enable_ospf=False,
ospf_profile=None):
"""
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param str log_server_ref: (optional) href to log_server instance for fw
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean reverse_connection: should the NGFW be the mgmt initiator (used when behind NAT)
:param boolean default_nat: (optional) Whether to enable default NAT for outbound
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_single_node_interface(
mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
reverse_connection=reverse_connection,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
href = search.element_entry_point('single_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_fw'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}.'.format(result.msg, engine))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface='0',
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: (optional) logical_interface reference
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
interfaces = []
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
zone_ref=zone_ref)
intf_href = logical_intf_helper(logical_interface)
inline = PhysicalInterface()
inline.add_inline_interface(inline_interface, intf_href)
interfaces.append(physical())
interfaces.append(inline())
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
href = search.element_entry_point('single_ips')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_ips'))
else:
raise CreateEngineFailed(
'Could not create the engine, reason: {}'.format(result.msg))
def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
comment=None,
extra_opts=None,
**kw):
"""
Create a Layer3Virtual engine for a Master Engine. Provide interfaces
as a list of dict items specifying the interface details in format::
{'interface_id': 1, 'address': '1.1.1.1', 'network_value': '1.1.1.0/24',
'zone_ref': zone_by_name,href, 'comment': 'my interface comment'}
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param bool default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateEngineFailed: Failure to create with reason
:raises LoadEngineFailed: master engine not found
:return: :py:class:`smc.core.engine.Engine`
"""
virt_resource_href = None # need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
"Cannot find associated virtual resource for "
"VE named: {}. You must first create a virtual resource for the "
"master engine before you can associate a virtual engine. Cannot "
"add VE".format(name))
virtual_interfaces = []
for interface in interfaces:
nodes = {
"address": interface.get("address"),
"network_value": interface.get("network_value"),
}
layer3 = {
"interface_id": interface.get("interface_id"),
"interface": "single_node_interface",
"comment": interface.get("comment", None),
"zone_ref": interface.get("zone_ref"),
}
if interface.get("interface_id") == outgoing_intf:
nodes.update(outgoing=True, auth_request=True)
layer3["interfaces"] = [{"nodes": [nodes]}]
virtual_interfaces.append({
"virtual_physical_interface":
Layer3PhysicalInterface(**layer3).data.data
})
engine = super(Layer3VirtualEngine, cls)._create(
name=name,
node_type="virtual_fw_node",
physical_interfaces=virtual_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, # Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(virtual_resource=virt_resource_href)
# Master Engine provides this service
engine.pop("log_server_ref", None)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
nodes=2,
cluster_mode="balancing",
primary_mgt=None,
backup_mgt=None,
primary_heartbeat=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
comment=None,
snmp=None,
extra_opts=None,
**kw):
"""
Create bulk is called by the `create` constructor when creating a cluster engine.
This allows for multiple interfaces to be defined and passed in during element
creation.
:param dict snmp: SNMP dict should have keys `snmp_agent` str defining name of SNMPAgent,
`snmp_interface` which is a list of interface IDs, and optionally `snmp_location` which
is a string with the SNMP location name.
"""
primary_heartbeat = primary_mgt if not primary_heartbeat else primary_heartbeat
physical_interfaces = []
for interface in interfaces:
if "interface_id" not in interface:
raise CreateEngineFailed(
"Interface definitions must contain the interface_id "
"field. Failed to create engine: %s" % name)
if interface.get("type", None) == "tunnel_interface":
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{"tunnel_interface": tunnel_interface})
else:
cluster_interface = ClusterPhysicalInterface(
primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
physical_interfaces.append(
{"physical_interface": cluster_interface})
if snmp:
snmp_agent = dict(
snmp_agent_ref=snmp.get("snmp_agent", ""),
snmp_location=snmp.get("snmp_location", ""),
)
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get("snmp_interface", [])))
try:
engine = super(FirewallCluster, cls)._create(
name=name,
node_type="firewall_node",
physical_interfaces=physical_interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
location_ref=location_ref,
enable_gti=enable_gti,
nodes=nodes,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
snmp_agent=snmp_agent if snmp else None,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(cluster_mode=cluster_mode)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
comment=None):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: name, str href or LogicalInterface (created if it
doesn't exist)
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: zone name, str href or Zone for management interface
(created if not found)
:param bool enable_antivirus: (optional) Enable antivirus (required DNS)
:param bool enable_gti: (optional) Enable GTI
:raises CreateEngineFailed: Failure to create with reason
:return: :py:class:`smc.core.engine.Engine`
"""
interfaces = []
interface_id, second_interface_id = inline_interface.split('-')
l2 = {
'interface_id': interface_id,
'interface': 'inline_interface',
'second_interface_id': second_interface_id,
'logical_interface_ref': logical_interface
}
interfaces.append(
{'physical_interface': Layer2PhysicalInterface(**l2)})
layer3 = {
'interface_id':
mgmt_interface,
'zone_ref':
zone_ref,
'interfaces': [{
'nodes': [{
'address': mgmt_ip,
'network_value': mgmt_network,
'nodeid': 1
}]
}]
}
interfaces.append({
'physical_interface':
Layer3PhysicalInterface(primary_mgt=mgmt_interface, **layer3)
})
engine = super(IPS, cls)._create(
name=name,
node_type='ips_node',
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
comment=comment)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)