def transform_rules_from_vlan_to_subnet(self): """ Transforms all the firewall rules """ # Using deep copy to avoid future stepping into fw references. self.fwNewRules = deepcopy(self.fwRules) for rule in self.fwNewRules: rule["destCidr"] = self.vlans_to_subnet(rule["destCidr"]) rule["srcCidr"] = self.vlans_to_subnet(rule["srcCidr"]) """ Syslog enabled is breaking the api so we force it to disabled. 2018-04-19 ["Cannot enable s yslog on rules - a syslog server must be configured"]} """ #rule["syslogEnabled"] = False rules=[] """ Don't apply default rules """ for rule in self.fwNewRules: if rule["comment"] == "Default rule": continue rules.append(rule) json.writer(self.firewallOutputFile, rules) self.fwRules=deepcopy(rules) l.logger.debug("created {}".format(self.firewallOutputFile))
def createVlanDefs(self, storeNumber): self.NetX = netx.NetX() self.validSubnets = self.NetX.validSubNetList self.netxFile = config.netxFile storeDevice="{}{}{}".format(config.devicePrefix, storeNumber, config.devicePostfix) self.netx, picknet = self.NetX.getAll(None, storeDevice, None) json.writer(self.netxFile, self.netx) l.logger.debug("created {}".format(self.netxFile))
def create_funnel_vlan_table(self): self.funnel_vlan_table = {} for entry in self.funnel: vlan = entry["Vlan"] self.funnel_vlan_table[vlan] = entry["Subnet"] json.writer(self.funnelVlanFile, self.funnel_vlan_table) l.logger.debug("created {}".format(self.funnelVlanFile))
def transformFunnelToNetx(self): for entry in self.funnel: subnet = entry["Subnet"].split(".") # if there is an x than we need to replace otherwise skip if subnet[1]=='x': if (subnet[2]>='a' and subnet[2]<='h'): entry["Subnet"]=subnet[2]+"."+subnet[3] json.writer(self.funnelNetxFile, self.funnel) l.logger.debug("created {}".format(self.funnelNetxFile))
def transformFunnelToSubnet(self): for entry in self.funnel: subnet = entry["Subnet"].split(".") netxIndex = subnet[0] if netxIndex in self.validSubnets: subnet[0] = self.netx[netxIndex] elem=entry["Subnet"].split(".") entry["Subnet"] = "{}.{}".format(subnet[0],elem[1]) json.writer(self.funnelSubnetFile, self.funnel) l.logger.debug("created {}".format(self.funnelSubnetFile))
def create_vlan_defs(self): self.netx = netx.Netx() self.valid_subnets = self.netx.valid_subnet_list self.netxFile = settings["CONFIG"]["netx-file"] device = "{}{}{}".format(settings["CONFIG"]["device-prefix"], settings["store-number"], settings["CONFIG"]["device-postfix"]) self.netx = self.netx.get_netx(device) json.writer(self.netxFile, self.netx) l.logger.debug("created {}".format(self.netxFile))
def get(self, netid): self.firewalls = None try: success, self.firewalls = meraki.getmxl3fwrules(config.apikey, netid) if not success: l.logger.error("failed netid:{} {}".format(netid, self.firewalls)) fname = "firewall_{}".format(netid) json.writer(fname, self.firewalls) except Exception as err: l.logger.error("exception failure netid:{}".format(netid)) traceback.print_tb(err.__traceback__)
def get(self, netid): self.vlans = None try: success, self.vlans = meraki.getvlans(config.apikey, netid) if not success: l.logger.error("failed netid:{} {}".format(netid, self.vlans)) fname = "vlans_{}".format(netid) json.writer(fname, self.vlans) l.logger.info("netid:{} {}".format(netid, json.make_pretty(self.vlans))) except Exception as err: l.logger.error("exception failure netid:{}".format(netid)) traceback.print_tb(err.__traceback__)
def createFunnelVlanTable(self): self.funnelVlanTable={} for entry in self.funnel: vlan = entry["Vlan"] self.funnelVlanTable[vlan]=entry["Subnet"] # # Adding fixed in the VlanTable (Guest WIFI, Cache VPN Cache Internet) self.funnelVlanTable["995"] = "192.168.1.0/24" self.funnelVlanTable["996"] = "192.168.100.0/24" self.funnelVlanTable["997"] = "192.168.101.0/24" json.writer(self.funnelVlanFile, self.funnelVlanTable) l.logger.debug("created {}".format(self.funnelVlanFile))
def remove_serials(): # Convert meraki template firewall to subnet firewall fname = "firewall_serials" data = Csv.transform_to_json(fname) json.writer(fname, data[0]) for item in range(len(data)): netid = data[item]["id"] serial1 = data[item]["serial1"] serial2 = data[item]["serial2"] devices.removedevice(netid, serial1) devices.removedevice(netid, serial2) # Does physical VLAN creation on meraki device l.logger.info("success")
def addtonet(self, networkid, serial): success = False str = None try: success, str = meraki.adddevtonet(config.apikey, networkid, serial) if success: l.logger.debug("success") json.writer("addtonet_{}".format(serial), str) else: l.logger.error("failed.") l.logger.error("{}".format(str)) except Exception as err: l.logger.error("networkid: {} serial:{}".format(networkid, serial)) traceback.print_tb(err.__traceback__) return success, str
def transformRulesFromVlanToSubnet(self): # Using deep copy to avoid future stepping into fw references. self.fwNewRules = deepcopy(self.fwRules) for rule in self.fwNewRules: rule["destCidr"] = self.vlansToSubnet(rule["destCidr"]) rule["srcCidr"] = self.vlansToSubnet(rule["srcCidr"]) rule["syslogEnabled"] = False rules = [] for rule in self.fwNewRules: if rule["comment"] == "Default rule": continue rules.append(rule) json.writer(self.firewallOutputFile, rules) self.fwRules = deepcopy(rules) l.logger.debug("created {}".format(self.firewallOutputFile))
def removeSerials(): print("DONE") exit(0) # Convert meraki template firewall to subnet firewall fname = "firewall_serials" data = json.convert(fname) json.writer(fname, data[0]) for item in range(len(data)): netid = data[item]["id"] serial1 = data[item]["serial1"] serial2 = data[item]["serial2"] # print (netid, serial1, serial2) devices.removedevice(netid, serial1) devices.removedevice(netid, serial2) # Does physical VLAN creation on meraki device l.logger.info("success")
def claim(self, serial, licensekey=None, licensemode=None, orderid=None): success = False str = None try: success, self.claim = meraki.claim(config.apikey, config.orgid, serial, licensekey, licensemode, orderid) if not success: l.logger.error("orgid: {} serial:{} claim:{}".format( orgid, serial, self.claim)) json.writer("claim_{}".format(serial), self.claim) json.writer("claim_{}".format(serial), self.claim) except Exception as err: l.logger.error("serial:{}".format(serial)) traceback.print_tb(err.__traceback__) return success, self.claim
def updateVpnSettings(self, networkid, hubnetworks, defaultroute, subnets, usevpn): success = False str = None try: mode = 'spoke' success, str = meraki.updatevpnsettings(config.apikey, networkid, mode, subnets, usevpn, hubnetworks, defaultroute) if success: l.logger.debug("success") json.writer("vpn_updatevpnsettings_{}".format(networkid), str) else: l.logger.error("failed.") l.logger.error("{}".format(str)) except Exception as err: l.logger.error("networkid: {} str:{}".format(networkid, str)) traceback.print_tb(err.__traceback__) return success, str
def add(self, orgid, name, nettype): success = False self.network = None try: clone_id = config.get_clone_id() success, self.network = meraki.addnetwork(config.api_key, orgid, name, nettype, tags=None, tz="US/Pacific", cloneid=clone_id, suppressprint=False) store_number = settings["store-number"] fname = "network_{}".format(store_number) data = dict() data["store-name"] = settings["store-name"] data["netid"] = settings["netid"] data["clone-source"] = settings["CLI"]["networks-clone-source"] json.writer(fname, data, path="data", header=None, logPath=False) if success: logger.info("success org-id {} {} {} {}".format( orgid, name, nettype, self.network)) else: logger.error("failed org-id {} {} {} {}".format( orgid, name, nettype, self.network)) runlogs_logger.error("failed org-id {} {} {}".format( orgid, name, nettype, self.network)) gv.fake_assert() logger.debug("cloned network, {} {} {}".format( name, nettype, self.network)) except Exception as err: logger.error("orgid {} name {} nettype {}".format( orgid, name, nettype)) runlogs_logger.error("orgid {} name {} nettype {}".format( orgid, name, nettype)) gv.fake_assert() assert (0) return success, self.network
def add(self, orgid, name, nettype): # nettype : wireless, Switch, "Security appliance" success = False self.network = None try: success, self.network = meraki.addnetwork(config.apikey, orgid, name, nettype, tags=None, tz="US/Pacific") json.writer("network_{}".format(name), self.network) if not success: l.logger.warning("failed, {} {}: {}".format( name, nettype, self.network)) except Exception as err: l.logger.error("orgid:{} name:{} nettype:{}".format( orgid, name, nettype)) traceback.print_tb(err.__traceback__) return success, self.network
def update_settings_single(self, org_id, vpn_rules=[]): api_key = config.api_key success = False str = None try: single_rule = [] count = 1100 start = count for rule in vpn_rules[start:]: l.runlogs_logger.info( "deploying rule number: {} ==> rule: {}".format( count, str)) single_rule.append(rule) success, str = meraki.updatemxvpnfwrules( api_key, org_id, single_rule, syslogDefaultRule=False, suppressprint=False) single_rule.pop() count += 1 str = Json.make_pretty(rule) l.logger.info( "deployed org-id {} count {} rule number {}".format( org_id, count, str)) l.runlogs_logger.info( "deployed org-di {} rule number {}".format(org_id, count)) Json.writer("s2svpnrules_deploy", single_rule) if not success: l.logger.error("failed count {} {}".format(count, str)) l.runlogs_logger.error("failed count {} {}".format( count, str)) l.runlogs_logger.error("{}".format(str)) gv.fake_assert() except Exception as err: l.runlogs_logger.error("org_id: {} str:{}".format(org_id, str)) l.logger.error("org_id: {} str:{}".format(org_id, str)) gv.fake_assert() return success, str
def update_settings(self, networkid, hubnetworks, defaultroute, subnets, usevpn): success = False str = None try: mode = 'spoke' success, str = meraki.updatevpnsettings(config.api_key, networkid, mode, subnets, usevpn, hubnetworks, defaultroute) if success: l.logger.debug("success netid {}") json.writer("vpn_updatevpnsettings_{}".format(networkid), str) else: l.logger.error("failure netid {} {}".format(networkid, str)) l.runlogs_logger.error("{}".format(str)) gv.fake_assert() except Exception as err: l.logger.error("exception failure networkid: {} str:{}".format( networkid, str)) l.runlogs_logger.error("exception failure str:{}".format(str)) gv.fake_assert() return success, str
def get_settings(self, org_id): api_key = config.api_key vpn_rules_str = "" success = False try: success, vpn_rules = meraki.getmxvpnfwrules(api_key, org_id) if success: l.logger.debug("success") Json.writer("s2svpnrules_get", vpn_rules, path="ORG", header=None, logPath=True) else: l.runlogs_logger.error("failed: {}".format(str)) l.logger.error("failed: {}".format(str)) gv.fake_assert() except Exception as err: l.logger.error("org_id: {} str:{}".format(org_id, str)) l.runlogs_logger.error("org_id: {} str:{}".format(org_id, str)) gv.fake_assert() return success, str
def addtonet(self, networkid, serial): success = False try: success, _str = meraki.adddevtonet(config.api_key, networkid, serial) if success: logger.debug("success {}".format(networkid)) json.writer("addtonet {}".format(serial), _str) else: logger.error("failed.") logger.error("{}".format(str)) except (meraki.EmailFormatError, meraki.OrgPermissionError, meraki.ListError) as err: logger.error("failed {}".format(err.default)) runlogs_logger.error("failed {}".format(err.default)) exit(-1) except Exception as err: runlogs_logger.error("failed {} serial:{}".format(err, serial)) logger.error("failed {} networkid: {} serial:{}".format( err, networkid, serial)) gv.fake_assert() return success, _str
def get(self, netid, store_number): self.firewalls = None try: success, self.firewalls = meraki.getmxl3fwrules( config.api_key, netid) if not success: log.logger.error("failed netid {} {}".format( netid, self.firewalls)) log.runlogs_logger.error("failed netid {}".format( netid, self.firewalls)) gv.fake_assert() fname = "l3fwrules_get_{}".format(store_number) json.writer(fname, data=self.firewalls, path="data", header=None, logPath=True) except Exception as err: log.logger.error("exception failure {} netid {}\n{}".format( err, netid, self.firewalls)) log.runlogs_logger.error("exception {} failure netid \n{}".format( err, self.firewalls)) gv.fake_assert()
def update_settings(self, org_id, vpn_rules=[]): api_key = config.api_key try: success, str = meraki.updatemxvpnfwrules(api_key, org_id, vpn_rules, syslogDefaultRule=False, suppressprint=False) l.logger.info("updatemxvpnfwrules {} {}".format(success, str)) import json as _json aux = _json.dumps(str)[0:160] Json.writer("s2svpnrules_deploy", vpn_rules, path="ORG") l.runlogs_logger.info("updatemxvpnfwrules {}".format(success)) l.logger.debug("updatemxvpnfwrules {} {}".format(success, str)) if success: return True, None if success: l.logger.info("success org-id {}".format(org_id)) l.runlogs_logger.info("success org-id {}".format(org_id)) Json.writer("vpn_updatevpnfwrules_{}".format(org_id), str) else: l.logger.error("failed org-id {} {}".format(org_id, str)) l.runlogs_logger.error("failed org-id {} {}".format( org_id, aux)) gv.fake_assert() except Exception as err: l.logger.error("{}".format(str)) l.logger.error("exception failure org_id: {}".format(org_id)) l.runlogs_logger.error("{}".format(str)) l.runlogs_logger.error( "exception failure org_id: {}".format(org_id)) gv.fake_assert() return success, str