Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test__prefiler_rule(fmc):
logging.info("Testing prefilter rules on FMC")
logging.info("Creating objects for testing on FMC")
namer = f"fmcapi_test_{str(int(time.time()))}"
ip_host_1 = Hosts(fmc=fmc, name=f"test_host_1_{namer}", value="7.7.7.7")
ip_host_1.post()
ip_net_1 = Networks(fmc=fmc, name=f"test_net_1_{namer}", value="10.0.0.0/8")
ip_net_1.post()
ip_range_1 = Ranges(
fmc=fmc, name=f"test_range_1_{namer}", value="10.1.1.1-10.1.1.10"
)
ip_range_1.post()
fqdn_1 = FQDNS(fmc=fmc, name=f"test_fqdn_1_{namer}", value="www.cisco.com")
fqdn_1.post()
net_group_1 = NetworkGroups(fmc=fmc, name=f"net_group_1_{namer}")
net_group_1.named_networks(action="add", name=f"test_net_1_{namer}")
net_group_1.post()
sec_zone_1 = SecurityZones(
fmc=fmc, name=f"test_zone_1_{namer}", interfaceMode="ROUTED"
)
sec_zone_1.post()
sec_zone_2 = SecurityZones(
fmc=fmc, name=f"test_zone_2_{namer}", interfaceMode="ROUTED"
# Create original and translate objects
obj1 = fmcapi.Networks(fmc=fmc)
obj1.name = "_net_original"
obj1.value = "10.0.0.0/8"
obj1.post()
time.sleep(1)
obj2 = fmcapi.Hosts(fmc=fmc)
obj2.name = "_net_xlate"
obj2.value = "192.0.2.1"
obj2.post()
time.sleep(1)
# Create identity nat object
obj3 = fmcapi.Networks(fmc=fmc)
obj3.name = "_net_identity"
obj3.value = "192.168.0.0/24"
obj3.post()
time.sleep(1)
# Create nat pool objects
obj4 = fmcapi.Networks(fmc=fmc)
obj4.name = "_net_original_pool"
obj4.value = "172.16.0.0/24"
obj4.post()
time.sleep(1)
# PAT Pool must be a range, not a subnet
obj5 = fmcapi.Ranges(fmc=fmc)
obj5.name = "_net_xlate_pool"
obj5.value = "192.0.2.128-192.0.2.254"
)
starttime = str(int(time.time()))
namer = f"_fmcapi_test_{starttime}"
# Build an IP host object
iphost1 = fmcapi.Hosts(fmc=fmc, name="_iphost1", value="7.7.7.7")
iphost1.post()
# Build an IP Network object
ipnet1 = fmcapi.Networks(fmc=fmc, name="_ipnet1", value="1.2.3.0/24")
ipnet1.post()
# Build an IP range object
iprange1 = fmcapi.Ranges(fmc=fmc, name="_iprange1", value="6.6.6.6-7.7.7.7")
iprange1.post()
# Build a Network Group object
ipnet2 = fmcapi.Networks(fmc=fmc, name="_ipnet2", value="5.5.5.0/24")
ipnet2.post()
time.sleep(1)
# Build an FQDNS object
fqdns1 = fmcapi.FQDNS(fmc=fmc, name="_fqdns1", value="www.cisco.com")
fqdns1.post()
obj1 = fmcapi.NetworkGroups(fmc=fmc, name="_fmcapi_test_networkgroup")
obj1.named_networks(action="add", name=ipnet2.name)
obj1.unnamed_networks(action="add", value="4.4.4.4/32")
obj1.post()
# Build a URL object
url1 = fmcapi.URLs(fmc=fmc, name="_url1", url="asdf.org")
url1.post()
url1.get()
# lists = [{"type": url1.type, "id": url1.id, "name": url1.name}]
# Build a VLAN Tag object
def test__manualnat(fmc):
logging.info("Testing ManualNatRules class.")
starttime = str(int(time.time()))
namer = f"_fmcapi_test_{starttime}"
# Create a container policy for FTD NAT rules
natpol1 = fmcapi.FTDNatPolicies(fmc=fmc, name=namer)
natpol1.post()
natpol1.get()
# Create original and translate objects
obj1 = fmcapi.Networks(fmc=fmc)
obj1.name = "_net_original"
obj1.value = "10.0.0.0/8"
obj1.post()
time.sleep(1)
obj2 = fmcapi.Hosts(fmc=fmc)
obj2.name = "_net_xlate"
obj2.value = "192.0.2.1"
obj2.post()
time.sleep(1)
# Create identity nat object
obj3 = fmcapi.Networks(fmc=fmc)
obj3.name = "_net_identity"
obj3.value = "192.168.0.0/24"
obj3.post()
vpnpol1 = fmcapi.FTDS2SVPNs(fmc=fmc, name=namer)
vpnpol1.topologyType = "POINT_TO_POINT"
vpnpol1.ikeV1Enabled = True
vpnpol1.ikeV2Enabled = False
vpnpol1.post()
vpnpol1.get()
# Create some network objects for the encryption domains
obj1 = fmcapi.Networks(fmc=fmc)
obj1.name = "_net1_site1"
obj1.value = "10.255.0.0/24"
obj1.post()
time.sleep(1)
obj2 = fmcapi.Networks(fmc=fmc)
obj2.name = "_net2_site1"
obj2.value = "10.255.1.0/24"
obj2.post()
time.sleep(1)
obj3 = fmcapi.Networks(fmc=fmc)
obj3.name = "_net1_site2"
obj3.value = "10.255.2.0/24"
obj3.post()
time.sleep(1)
# Create Phase 1 settings
# There is no way to search by name, so we just find the iksettings object inside the vpn policy
ike1_json = fmcapi.IKESettings(fmc=fmc)
ike1_json.vpn_policy(pol_name=namer)
items = ike1_json.get()["items"][0]
def create_networks(fmc, network_list):
"""Create Networks Objects"""
for net in network_list:
if "name" in net and "value" in net:
netaddr = fmcapi.Networks(fmc=fmc, name=net["name"], value=net["value"])
netaddr.post()
fmc=fmc1, name="inside", interfaceMode="ROUTED"
)
sz_inside.post()
sz_outside = fmcapi.SecurityZones(
fmc=fmc1, name="outside", interfaceMode="ROUTED"
)
sz_outside.post()
sz_dmz = fmcapi.SecurityZones(fmc=fmc1, name="dmz", interfaceMode="ROUTED")
sz_dmz.post()
# Create Network Objects
hq_dfgw_gateway = fmcapi.Hosts(
fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
)
hq_dfgw_gateway.post()
hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")
hq_lan.post()
all_lans = fmcapi.Networks(fmc=fmc1, name="all-lans", value="10.0.0.0/8")
all_lans.post()
hq_fmc = fmcapi.Hosts(fmc=fmc1, name="hq_fmc", value="10.0.0.10")
hq_fmc.post()
fmc_public = fmcapi.Hosts(fmc=fmc1, name="fmc_public_ip", value="100.64.0.10")
fmc_public.post()
# Create ACP Rule to permit hq_lan traffic inside to outside.
hq_acprule = fmcapi.AccessRules(
fmc=fmc1,
acp_name=acp.name,
name="Permit HQ LAN",
action="ALLOW",
enabled=True,
)
sz_inside.post()
sz_outside = fmcapi.SecurityZones(
fmc=fmc1, name="outside", interfaceMode="ROUTED"
)
sz_outside.post()
sz_dmz = fmcapi.SecurityZones(fmc=fmc1, name="dmz", interfaceMode="ROUTED")
sz_dmz.post()
# Create Network Objects
hq_dfgw_gateway = fmcapi.Hosts(
fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
)
hq_dfgw_gateway.post()
hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")
hq_lan.post()
all_lans = fmcapi.Networks(fmc=fmc1, name="all-lans", value="10.0.0.0/8")
all_lans.post()
hq_fmc = fmcapi.Hosts(fmc=fmc1, name="hq_fmc", value="10.0.0.10")
hq_fmc.post()
fmc_public = fmcapi.Hosts(fmc=fmc1, name="fmc_public_ip", value="100.64.0.10")
fmc_public.post()
# Create ACP Rule to permit hq_lan traffic inside to outside.
hq_acprule = fmcapi.AccessRules(
fmc=fmc1,
acp_name=acp.name,
name="Permit HQ LAN",
action="ALLOW",
enabled=True,
)
hq_acprule.source_zone(action="add", name=sz_inside.name)
hq_acprule.destination_zone(action="add", name=sz_outside.name)