How to use the fmcapi.AccessRules function in fmcapi
To help you get started, we’ve selected a few fmcapi examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
daxm / fmcapi / unit_tests / hit_counts.py View on Github 
def test__hitcounts(fmc, device_name="", prefilter_id=""):
if not device_name and not prefilter_id:
return f"Name of an actual device or prefilter ID is required for the HitCounts test to work... skipping test."
logging.info(
"In preparation for testing HitCounts method, set up some known objects in the FMC."
)
starttime = str(int(time.time()))
namer = f"test__hitcounts_{starttime}"
# Get the device
device1 = fmcapi.DeviceRecords(fmc=fmc, name=device_name)
device1.get()
# In case there is no ACP Rule build a temp one.
acprule1 = fmcapi.AccessRules(fmc=fmc, acp_id=device1.accessPolicy["id"])
# acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=device1.accessPolicy['name'])
acprule1.name = namer
acprule1.action = "ALLOW"
acprule1.post()
time.sleep(1)
acprule1.get()
hitcounter1 = None
if prefilter_id:
hitcounter1 = fmcapi.HitCounts(
fmc=fmc, prefilter_id=prefilter_id, device_name=device_name
)
else:
hitcounter1 = fmcapi.HitCounts(
fmc=fmc, acp_id=device1.accessPolicy["id"], device_name=device_name
)obj2.post()
# Build a Security Zone object
sz1 = fmcapi.SecurityZones(fmc=fmc, name="_sz1", interfaceMode="ROUTED")
sz1.post()
# Build an ACP Object
acp1 = fmcapi.AccessPolicies(fmc=fmc, name=namer)
acp1.post()
# Get a file_policy
# fp = fmcapi.FilePolicies(fmc=fmc1, name='daxm_test')
time.sleep(1)
logging.info("Setup of objects for ACPRule test done.\n")
logging.info(
"Test ACPRule. Try to test all features of all methods of the ACPRule class."
)
acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=acp1.name)
acprule1.name = namer
acprule1.action = "ALLOW"
acprule1.enabled = False
acprule1.sendEventsToFMC = True
acprule1.logFiles = False
acprule1.logBegin = True
acprule1.logEnd = True
acprule1.variable_set(action="set", name="Default-Set")
acprule1.source_zone(action="add", name=sz1.name)
acprule1.destination_zone(action="add", name=sz1.name)
acprule1.intrusion_policy(action="set", name="Security Over Connectivity")
acprule1.vlan_tags(action="add", name=vlantag1.name)
acprule1.source_port(action="add", name=pport1.name)
acprule1.destination_port(action="add", name=pport1.name)
acprule1.destination_port(action="add", name=obj2.name)
acprule1.source_network(action="add", name=iphost1.name)def create_access_policies(fmc, acp_list):
"""Create Access Policies and their associated AccessRules"""
for acp in acp_list:
policy = fmcapi.AccessPolicies(
fmc=fmc, name=acp["name"], defaultAction=acp["default_action"]
)
policy.post()
# Build access_rules associated with this acp.
if "rules" in acp:
for rule in acp["rules"]:
acp_rule = fmcapi.AccessRules(
fmc=fmc, acp_name=policy.name, name=rule["name"]
)
if "log_begin" in rule:
acp_rule.logBegin = rule["log_begin"]
if "log_end" in rule:
acp_rule.logEnd = rule["log_end"]
if "send_events_to_fmc" in rule:
acp_rule.sendEventsToFMC = rule["send_events_to_fmc"]
if "enabled" in rule:
acp_rule.enabled = rule["enabled"]
if "action" in rule:
acp_rule.action = rule["action"]
if "source_networks" in rule:
for sn in rule["source_networks"]:
acp_rule.source_network(action="add", name=sn["name"])
if "destination_networks" in rule:# Create Network Objects
hq_dfgw_gateway = fmcapi.Hosts(
fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
)
hq_dfgw_gateway.post()
hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")
hq_lan.post()
all_lans = fmcapi.Networks(fmc=fmc1, name="all-lans", value="10.0.0.0/8")
all_lans.post()
hq_fmc = fmcapi.Hosts(fmc=fmc1, name="hq_fmc", value="10.0.0.10")
hq_fmc.post()
fmc_public = fmcapi.Hosts(fmc=fmc1, name="fmc_public_ip", value="100.64.0.10")
fmc_public.post()
# Create ACP Rule to permit hq_lan traffic inside to outside.
hq_acprule = fmcapi.AccessRules(
fmc=fmc1,
acp_name=acp.name,
name="Permit HQ LAN",
action="ALLOW",
enabled=True,
)
hq_acprule.source_zone(action="add", name=sz_inside.name)
hq_acprule.destination_zone(action="add", name=sz_outside.name)
hq_acprule.source_network(action="add", name=hq_lan.name)
hq_acprule.destination_network(action="add", name="any-ipv4")
# hq_acprule.logBegin = True
# hq_acprule.logEnd = True
hq_acprule.post()
# Build NAT Policy
nat = fmcapi.FTDNatPolicies(fmc=fmc1, name="NAT Policy")fmcapi
Easier interface to Cisco's FMC API than writing your own way.
Package Health Score
74 / 100Popular fmcapi functions
- fmcapi.AccessPolicies
- fmcapi.AccessRules
- fmcapi.api_objects.AccessRules
- fmcapi.api_objects.api_template.APIClassTemplate
- fmcapi.api_objects.APIClassTemplate
- fmcapi.api_objects.apiclasstemplate.APIClassTemplate
- fmcapi.api_objects.device_ha_pair_services.ftddevicehapairs.FTDDeviceHAPairs
- fmcapi.api_objects.device_services.devicerecords.DeviceRecords
- fmcapi.api_objects.object_services.networkaddresses.NetworkAddresses
- fmcapi.api_objects.object_services.networkgroups.NetworkGroups
- fmcapi.api_objects.object_services.securityzones.SecurityZones
- fmcapi.api_objects.policy_services.accesspolicies.AccessPolicies
- fmcapi.AutoNatRules
- fmcapi.Hosts
- fmcapi.IPv4StaticRoutes
- fmcapi.ManualNatRules
- fmcapi.Networks
- fmcapi.PhysicalInterfaces
- fmcapi.ProtocolPortObjects
- fmcapi.SecurityZones