Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
# PAT Pool must be a range, not a subnet
obj5 = fmcapi.Ranges(fmc=fmc)
obj5.name = "_net_xlate_pool"
obj5.value = "192.0.2.128-192.0.2.254"
obj5.post()
time.sleep(1)
# Create interface PAT object
obj6 = fmcapi.Networks(fmc=fmc)
obj6.name = "_net_original_intf"
obj6.value = "192.168.1.0/24"
obj6.post()
time.sleep(1)
# Create Security Zones
sz1 = fmcapi.SecurityZones(fmc=fmc, name="IG-INSIDE")
sz1.post()
sz2 = fmcapi.SecurityZones(fmc=fmc, name="SZ-OUTSIDE1")
sz2.post()
# Autonat a network object to a host
autonat1 = fmcapi.AutoNatRules(fmc=fmc)
autonat1.original_network(name="_net_original")
autonat1.translated_network(name="_net_xlate")
autonat1.natType = "STATIC"
# Source and destination interface can be either an interface group or security zone
autonat1.source_intf(name="IG-INSIDE")
autonat1.destination_intf(name="SZ-OUTSIDE1")
autonat1.nat_policy(name=namer)
# Autonat identity nat
autonat2 = fmcapi.AutoNatRules(fmc=fmc)
def test__etherchannel_interfaces(fmc):
logging.info(
"Test EtherchannelInterfaces. get, post, put, delete EtherchannelInterfaces Objects. "
"Requires registered physical device"
)
starttime = str(int(time.time()))
namer = f"_fmcapi_test_{starttime}"
sz1 = fmcapi.SecurityZones(fmc=fmc)
sz1.name = "_sz1" + namer
sz1.post()
time.sleep(1)
sz2 = fmcapi.SecurityZones(fmc=fmc)
sz2.name = "_sz2" + namer
sz2.post()
time.sleep(1)
eth1 = fmcapi.EtherchannelInterfaces(fmc=fmc, device_name="device_name")
eth1.p_interfaces(
p_interfaces=["GigabitEthernet0/3", "GigabitEthernet0/5"],
device_name="device_name",
)
eth1.enabled = True
eth1.ifname = "_eth1" + namer
eth1.etherChannelId = "1"
def test__phys_interfaces(fmc):
logging.info(
"Test PhysicalInterface. get, put PhysicalInterface Objects. Requires registered device"
)
sz1 = fmcapi.SecurityZones(fmc=fmc)
sz1.name = "SZ-OUTSIDE1"
sz1.post()
time.sleep(1)
sz2 = fmcapi.SecurityZones(fmc=fmc)
sz2.name = "SZ-OUTSIDE2"
sz2.post()
time.sleep(1)
intf1 = fmcapi.PhysicalInterfaces(fmc=fmc, device_name="device_name")
intf1.get(name="GigabitEthernet0/0")
intf1.enabled = True
intf1.ifname = "OUTSIDE1"
intf1.activeMACAddress = "0050.5686.718f"
intf1.standbyMACAddress = "0050.5686.0c2e"
intf1.static(ipv4addr="10.254.0.3", ipv4mask=24)
intf1.sz(name=sz1.name)
intf2 = fmcapi.PhysicalInterfaces(fmc=fmc, device_name="device_name")
intf2.get(name="GigabitEthernet0/1")
intf2.enabled = True
intf2.ifname = "OUTSIDE2"
def test__redundant_interfaces(fmc):
logging.info(
"Test RedundantInterfaces. get, post, put, delete RedundantInterfaces Objects. Requires registered device"
)
starttime = str(int(time.time()))
namer = f"_fmcapi_test_{starttime}"
sz1 = fmcapi.SecurityZones(fmc=fmc)
sz1.name = "_sz1" + namer
sz1.post()
time.sleep(1)
sz2 = fmcapi.SecurityZones(fmc=fmc)
sz2.name = "_sz2" + namer
sz2.post()
time.sleep(1)
red1 = fmcapi.RedundantInterfaces(fmc=fmc, device_name="device_name")
red1.primary(p_interface="GigabitEthernet0/3", device_name="device_name")
red1.secondary(p_interface="GigabitEthernet0/5", device_name="device_name")
red1.enabled = "True"
red1.ifname = "_red1" + namer
red1.redundantId = "1"
red1.static(ipv4addr="192.0.2.1", ipv4mask=24)
red1.sz(name=sz1.name)
red1.post()
time.sleep(2)
red1.get()
obj10.post()
obj11 = fmcapi.ProtocolPortObjects(
fmc=fmc, name="_portudp1", port="161", protocol="UDP"
)
obj11.post()
obj12 = fmcapi.ProtocolPortObjects(
fmc=fmc, name="_portrangetcp1", port="0-1023", protocol="TCP"
)
obj12.post()
obj2 = fmcapi.PortObjectGroups(fmc=fmc, name="_fmcapi_test_portobjectgroup")
obj2.named_ports(action="add", name=obj10.name)
obj2.named_ports(action="add", name=obj11.name)
obj2.named_ports(action="add", name=obj12.name)
obj2.post()
# Build a Security Zone object
sz1 = fmcapi.SecurityZones(fmc=fmc, name="_sz1", interfaceMode="ROUTED")
sz1.post()
# Build an ACP Object
acp1 = fmcapi.AccessPolicies(fmc=fmc, name=namer)
acp1.post()
# Get a file_policy
# fp = fmcapi.FilePolicies(fmc=fmc1, name='daxm_test')
time.sleep(1)
logging.info("Setup of objects for ACPRule test done.\n")
logging.info(
"Test ACPRule. Try to test all features of all methods of the ACPRule class."
)
acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=acp1.name)
acprule1.name = namer
acprule1.action = "ALLOW"
acprule1.enabled = False
obj11.protocol = "TCP"
obj11.port = "443"
obj11.post()
time.sleep(1)
obj12 = fmcapi.ProtocolPortObjects(fmc=fmc)
obj12.name = "_port_xlate"
obj12.protocol = "TCP"
obj12.port = "8443"
obj12.post()
time.sleep(1)
# Create Security Zones
sz1 = fmcapi.SecurityZones(fmc=fmc, name="IG-INSIDE")
sz1.post()
sz2 = fmcapi.SecurityZones(fmc=fmc, name="SZ-OUTSIDE1")
sz2.post()
# Manualnat a network object to a host
manualnat1 = fmcapi.ManualNatRules(fmc=fmc)
manualnat1.original_source(name="_net_original")
manualnat1.translated_source(name="_net_xlate")
manualnat1.natType = "STATIC"
# Source and destination interface can be either an interface group or security zone
manualnat1.source_intf(name="IG-INSIDE")
manualnat1.destination_intf(name="SZ-OUTSIDE1")
manualnat1.enabled = True
manualnat1.nat_policy(name=namer)
# Manualnat identity nat
manualnat2 = fmcapi.ManualNatRules(fmc=fmc)
manualnat2.identity_nat(name="_net_identity")
def create_security_zones(fmc, sz_list):
"""Create Security Zones"""
for sz in sz_list:
if "name" in sz:
sz1 = fmcapi.SecurityZones(fmc=fmc, name=sz["name"])
sz1.post()
with fmcapi.FMC(
host=host,
username=username,
password=password,
autodeploy=True,
file_logging="hq-ftd.log",
) as fmc1:
# Create an ACP
acp = fmcapi.AccessPolicies(fmc=fmc1, name="ACP Policy")
acp.defaultAction = "BLOCK"
# I intentionally put a "space" in the ACP name to show that fmcapi will "fix" that for you.
acp.post()
# Create Security Zones
sz_inside = fmcapi.SecurityZones(
fmc=fmc1, name="inside", interfaceMode="ROUTED"
)
sz_inside.post()
sz_outside = fmcapi.SecurityZones(
fmc=fmc1, name="outside", interfaceMode="ROUTED"
)
sz_outside.post()
sz_dmz = fmcapi.SecurityZones(fmc=fmc1, name="dmz", interfaceMode="ROUTED")
sz_dmz.post()
# Create Network Objects
hq_dfgw_gateway = fmcapi.Hosts(
fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
)
hq_dfgw_gateway.post()
hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")