def add_layer3_interface(self,
interface_id,
address,
network_value,
zone_ref=None,
comment=None):
"""
Creates a tunnel interface with sub-type single_node_interface. This is
to be used for single layer 3 firewall instances.
:param str,int interface_id: the tunnel id for the interface, used as nicid also
:param str address: ip address of interface
:param str network_value: network cidr for interface; format: 1.1.1.0/24
:param str zone_ref: zone reference for interface can be name, href or Zone
:param str comment: optional comment
:raises EngineCommandFailed: failure during creation
:return: None
"""
interfaces = [{
'nodes': [{
'address': address,
'network_value': network_value
}]
}]
interface = {
'interface_id': interface_id,
'interfaces': interfaces,
'zone_ref': zone_ref,
'comment': comment
}
tunnel_interface = TunnelInterface(**interface)
self._engine.add_interface(tunnel_interface)
def add_tunnel_interface(self,
interface_id,
address,
network_value,
zone_ref=None,
comment=None):
"""
Creates a tunnel interface for a virtual engine.
:param str,int interface_id: the tunnel id for the interface, used as nicid also
:param str address: ip address of interface
:param str network_value: network cidr for interface; format: 1.1.1.0/24
:param str zone_ref: zone reference for interface can be name, href or Zone
:raises EngineCommandFailed: failure during creation
:return: None
"""
interfaces = [{
'nodes': [{
'address': address,
'network_value': network_value
}]
}]
interface = {
'interface_id': interface_id,
'interfaces': interfaces,
'zone_ref': zone_ref,
'comment': comment
}
tunnel_interface = TunnelInterface(**interface)
self._engine.add_interface(tunnel_interface)
def tunnel_interface(self):
"""
Show the tunnel interface for this TunnelEndpoint.
:return: interface for this endpoint
:rtype: TunnelInterface
"""
if self.tunnel_interface_ref:
return TunnelInterface(href=self.tunnel_interface_ref)
def add_cluster_virtual_interface(self,
interface_id,
cluster_virtual=None,
network_value=None,
nodes=None,
zone_ref=None,
comment=None):
"""
Add a tunnel interface on a clustered engine. For tunnel interfaces
on a cluster, you can specify a CVI only, NDI interfaces, or both.
This interface type is only supported on layer 3 firewall engines.
::
Add a tunnel CVI and NDI:
engine.tunnel_interface.add_cluster_virtual_interface(
interface_id_id=3000,
cluster_virtual='4.4.4.1',
network_value='4.4.4.0/24',
nodes=nodes)
Add tunnel NDI's only:
engine.tunnel_interface.add_cluster_virtual_interface(
interface_id=3000,
nodes=nodes)
Add tunnel CVI only:
engine.tunnel_interface.add_cluster_virtual_interface(
interface_id=3000,
cluster_virtual='31.31.31.31',
network_value='31.31.31.0/24',
zone_ref='myzone')
:param str,int interface_id: tunnel identifier (akin to interface_id)
:param str cluster_virtual: CVI ipaddress (optional)
:param str network_value: CVI network; required if ``cluster_virtual`` set
:param list nodes: nodes for clustered engine with address,network_value,nodeid
:param str zone_ref: zone reference, can be name, href or Zone
:param str comment: optional comment
"""
interfaces = [{
'cluster_virtual': cluster_virtual,
'network_value': network_value,
'nodes': nodes if nodes else []
}]
interface = {
'interface_id': interface_id,
'interfaces': interfaces,
'zone_ref': zone_ref,
'comment': comment
}
tunnel_interface = TunnelInterface(**interface)
self._engine.add_interface(tunnel_interface)
def tunnel_interface(self):
"""
Get only tunnel interfaces for this engine node.
:raises: :py:class:`smc.api.exceptions.UnsupportedInterfaceType`
:return: :py:class:`smc.core.interfaces.TunnelInterface`
"""
try:
return TunnelInterface(
meta=Meta(href=self._link('tunnel_interface')), engine=self)
except ResourceNotFound:
raise UnsupportedInterfaceType(
'Tunnel interfaces are only supported on '
'layer 3 single engines or clusters; '
'Engine type is: {}'.format(self.type))
def as_obj(self):
if getattr(self, 'type', None) == 'tunnel_interface':
return TunnelInterface(**vars(self))
return ClusterPhysicalInterface(**vars(self))
def create_bulk(cls,
name,
interfaces=None,
nodes=2,
cluster_mode="balancing",
primary_mgt=None,
backup_mgt=None,
primary_heartbeat=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
comment=None,
snmp=None,
extra_opts=None,
**kw):
"""
Create bulk is called by the `create` constructor when creating a cluster engine.
This allows for multiple interfaces to be defined and passed in during element
creation.
:param dict snmp: SNMP dict should have keys `snmp_agent` str defining name of SNMPAgent,
`snmp_interface` which is a list of interface IDs, and optionally `snmp_location` which
is a string with the SNMP location name.
"""
primary_heartbeat = primary_mgt if not primary_heartbeat else primary_heartbeat
physical_interfaces = []
for interface in interfaces:
if "interface_id" not in interface:
raise CreateEngineFailed(
"Interface definitions must contain the interface_id "
"field. Failed to create engine: %s" % name)
if interface.get("type", None) == "tunnel_interface":
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{"tunnel_interface": tunnel_interface})
else:
cluster_interface = ClusterPhysicalInterface(
primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
physical_interfaces.append(
{"physical_interface": cluster_interface})
if snmp:
snmp_agent = dict(
snmp_agent_ref=snmp.get("snmp_agent", ""),
snmp_location=snmp.get("snmp_location", ""),
)
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get("snmp_interface", [])))
try:
engine = super(FirewallCluster, cls)._create(
name=name,
node_type="firewall_node",
physical_interfaces=physical_interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
location_ref=location_ref,
enable_gti=enable_gti,
nodes=nodes,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
snmp_agent=snmp_agent if snmp else None,
comment=comment,
**extra_opts if extra_opts else {})
engine.update(cluster_mode=cluster_mode)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
auth_request=None,
log_server_ref=None,
domain_server_address=None,
nodes=1,
node_type="firewall_node",
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
extra_opts=None,
engine_type=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1',
'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
Sample of creating a simple two interface firewall::
firewall_def = {
'name': 'firewall',
'domain_server_address': ['192.168.122.1'],
'primary_mgt': 0,
'interfaces': [
{'interface_id': 0,
'interfaces': [{'nodes': [{'address': '192.168.122.100',
'network_value': '192.168.122.0/24', 'auth_request': False}]}
]
},
{'interface_id': 1,
'interfaces': [{'nodes': [{'address': '10.0.0.254',
'network_value': '10.0.0.0/24', 'auth_request': True}]}
]
}
]
}
fw = Layer3Firewall.create_bulk(**firewall_def)
.. note:: You can set primary_mgt, backup_mgt, outgoing, and auth_request within the
interface definition itself to specify interface options. If provided in the constructor,
this will be passed to the interface creation factory. You should use one or the other
method, not both.
See :class:`smc.core.interfaces.Layer3PhysicalInterface` for more advanced examples
"""
physical_interfaces = []
for interface in interfaces:
if "interface_id" not in interface:
raise CreateEngineFailed(
"Interface definitions must contain the interface_id "
"field. Failed to create engine: %s" % name)
if interface.get("type", None) == "tunnel_interface":
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{"tunnel_interface": tunnel_interface})
elif interface.get("type", None) == "switch_physical_interface":
physical_interfaces.append({
"switch_physical_interface":
SwitchPhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
})
else:
interface.update(interface="single_node_interface")
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
auth_request=auth_request,
**interface)
physical_interfaces.append({"physical_interface": interface})
if snmp:
snmp_agent = dict(
snmp_agent_ref=snmp.get("snmp_agent", ""),
snmp_location=snmp.get("snmp_location", ""),
)
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get("snmp_interface", [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type=node_type,
physical_interfaces=physical_interfaces,
loopback_ndi=kw.pop("loopback_ndi", []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=nodes,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment,
**extra_opts if extra_opts else {})
return ElementCreator(engine_type if engine_type else cls,
json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
nodes=2,
cluster_mode='balancing',
primary_mgt=None,
backup_mgt=None,
primary_heartbeat=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
comment=None,
snmp=None,
**kw):
"""
:param dict snmp: SNMP dict should have keys `snmp_agent` str defining name of SNMPAgent,
`snmp_interface` which is a list of interface IDs, and optionally `snmp_location` which
is a string with the SNMP location name.
"""
primary_heartbeat = primary_mgt if not primary_heartbeat else primary_heartbeat
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
else:
cluster_interface = ClusterPhysicalInterface(
primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
primary_heartbeat=primary_heartbeat,
**interface)
physical_interfaces.append(
{'physical_interface': cluster_interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(FirewallCluster, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=physical_interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
location_ref=location_ref,
nodes=nodes,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
snmp_agent=snmp_agent if snmp else None,
comment=comment)
engine.update(cluster_mode=cluster_mode)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)
def create_bulk(cls,
name,
interfaces=None,
primary_mgt=None,
backup_mgt=None,
log_server_ref=None,
domain_server_address=None,
location_ref=None,
default_nat=False,
enable_antivirus=False,
enable_gti=False,
sidewinder_proxy_enabled=False,
enable_ospf=False,
ospf_profile=None,
comment=None,
snmp=None,
**kw):
"""
Create a Layer 3 Firewall providing all of the interface configuration.
This method provides a way to fully create the engine and all interfaces
at once versus using :py:meth:`~create` and creating each individual
interface after the engine exists.
Example interfaces format::
interfaces=[
{'interface_id': 1},
{'interface_id': 2,
'interfaces':[{'nodes': [{'address': '2.2.2.2', 'network_value': '2.2.2.0/24'}]}],
'zone_ref': 'myzone'},
{'interface_id': 3,
'interfaces': [{'nodes': [{'address': '3.3.3.3', 'network_value': '3.3.3.0/24'}],
'vlan_id': 3,
'zone_ref': 'myzone'},
{'nodes': [{'address': '4.4.4.4', 'network_value': '4.4.4.0/24'}],
'vlan_id': 4}]},
{'interface_id': 4,
'interfaces': [{'vlan_id': 4,
'zone_ref': 'myzone'}]},
{'interface_id': 5,
'interfaces': [{'vlan_id': 5}]},
{'interface_id': 1000,
'interfaces': [{'nodes': [{'address': '10.10.10.1', 'network_value': '10.10.10.0/24'}]}],
'type': 'tunnel_interface'}]
"""
physical_interfaces = []
for interface in interfaces:
if 'interface_id' not in interface:
raise CreateEngineFailed(
'Interface definitions must contain the interface_id '
'field. Failed to create engine: %s' % name)
if interface.get('type', None) == 'tunnel_interface':
tunnel_interface = TunnelInterface(**interface)
physical_interfaces.append(
{'tunnel_interface': tunnel_interface})
else:
interface.update(interface='single_node_interface')
interface = Layer3PhysicalInterface(primary_mgt=primary_mgt,
backup_mgt=backup_mgt,
**interface)
physical_interfaces.append({'physical_interface': interface})
if snmp:
snmp_agent = dict(snmp_agent_ref=snmp.get('snmp_agent', ''),
snmp_location=snmp.get('snmp_location', ''))
snmp_agent.update(snmp_interface=add_snmp(
interfaces, snmp.get('snmp_interface', [])))
try:
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
physical_interfaces=physical_interfaces,
loopback_ndi=kw.get('loopback_ndi', []),
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile,
snmp_agent=snmp_agent if snmp else None,
comment=comment)
return ElementCreator(cls, json=engine)
except (ElementNotFound, CreateElementFailed) as e:
raise CreateEngineFailed(e)