How to use the fmcapi.SecurityZones function in fmcapi

To help you get started, we’ve selected a few fmcapi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github daxm / fmcapi / unit_tests / autonat.py View on Github external
# PAT Pool must be a range, not a subnet
    obj5 = fmcapi.Ranges(fmc=fmc)
    obj5.name = "_net_xlate_pool"
    obj5.value = "192.0.2.128-192.0.2.254"
    obj5.post()
    time.sleep(1)

    # Create interface PAT object
    obj6 = fmcapi.Networks(fmc=fmc)
    obj6.name = "_net_original_intf"
    obj6.value = "192.168.1.0/24"
    obj6.post()
    time.sleep(1)

    # Create Security Zones
    sz1 = fmcapi.SecurityZones(fmc=fmc, name="IG-INSIDE")
    sz1.post()
    sz2 = fmcapi.SecurityZones(fmc=fmc, name="SZ-OUTSIDE1")
    sz2.post()

    # Autonat a network object to a host
    autonat1 = fmcapi.AutoNatRules(fmc=fmc)
    autonat1.original_network(name="_net_original")
    autonat1.translated_network(name="_net_xlate")
    autonat1.natType = "STATIC"
    # Source and destination interface can be either an interface group or security zone
    autonat1.source_intf(name="IG-INSIDE")
    autonat1.destination_intf(name="SZ-OUTSIDE1")
    autonat1.nat_policy(name=namer)

    # Autonat identity nat
    autonat2 = fmcapi.AutoNatRules(fmc=fmc)
github daxm / fmcapi / unit_tests / interfaces_etherchannel.py View on Github external
def test__etherchannel_interfaces(fmc):
    logging.info(
        "Test EtherchannelInterfaces.  get, post, put, delete EtherchannelInterfaces Objects. "
        "Requires registered physical device"
    )

    starttime = str(int(time.time()))
    namer = f"_fmcapi_test_{starttime}"

    sz1 = fmcapi.SecurityZones(fmc=fmc)
    sz1.name = "_sz1" + namer
    sz1.post()
    time.sleep(1)
    sz2 = fmcapi.SecurityZones(fmc=fmc)
    sz2.name = "_sz2" + namer
    sz2.post()
    time.sleep(1)

    eth1 = fmcapi.EtherchannelInterfaces(fmc=fmc, device_name="device_name")
    eth1.p_interfaces(
        p_interfaces=["GigabitEthernet0/3", "GigabitEthernet0/5"],
        device_name="device_name",
    )
    eth1.enabled = True
    eth1.ifname = "_eth1" + namer
    eth1.etherChannelId = "1"
github daxm / fmcapi / unit_tests / interfaces_physical.py View on Github external
def test__phys_interfaces(fmc):
    logging.info(
        "Test PhysicalInterface.  get, put PhysicalInterface Objects. Requires registered device"
    )

    sz1 = fmcapi.SecurityZones(fmc=fmc)
    sz1.name = "SZ-OUTSIDE1"
    sz1.post()
    time.sleep(1)
    sz2 = fmcapi.SecurityZones(fmc=fmc)
    sz2.name = "SZ-OUTSIDE2"
    sz2.post()
    time.sleep(1)

    intf1 = fmcapi.PhysicalInterfaces(fmc=fmc, device_name="device_name")
    intf1.get(name="GigabitEthernet0/0")
    intf1.enabled = True
    intf1.ifname = "OUTSIDE1"
    intf1.activeMACAddress = "0050.5686.718f"
    intf1.standbyMACAddress = "0050.5686.0c2e"
    intf1.static(ipv4addr="10.254.0.3", ipv4mask=24)
    intf1.sz(name=sz1.name)
    intf2 = fmcapi.PhysicalInterfaces(fmc=fmc, device_name="device_name")
    intf2.get(name="GigabitEthernet0/1")
    intf2.enabled = True
    intf2.ifname = "OUTSIDE2"
github daxm / fmcapi / unit_tests / interfaces_redundant.py View on Github external
def test__redundant_interfaces(fmc):
    logging.info(
        "Test RedundantInterfaces.  get, post, put, delete RedundantInterfaces Objects. Requires registered device"
    )

    starttime = str(int(time.time()))
    namer = f"_fmcapi_test_{starttime}"

    sz1 = fmcapi.SecurityZones(fmc=fmc)
    sz1.name = "_sz1" + namer
    sz1.post()
    time.sleep(1)
    sz2 = fmcapi.SecurityZones(fmc=fmc)
    sz2.name = "_sz2" + namer
    sz2.post()
    time.sleep(1)

    red1 = fmcapi.RedundantInterfaces(fmc=fmc, device_name="device_name")
    red1.primary(p_interface="GigabitEthernet0/3", device_name="device_name")
    red1.secondary(p_interface="GigabitEthernet0/5", device_name="device_name")
    red1.enabled = "True"
    red1.ifname = "_red1" + namer
    red1.redundantId = "1"
    red1.static(ipv4addr="192.0.2.1", ipv4mask=24)
    red1.sz(name=sz1.name)
    red1.post()
    time.sleep(2)

    red1.get()
github daxm / fmcapi / unit_tests / acprule.py View on Github external
obj10.post()
    obj11 = fmcapi.ProtocolPortObjects(
        fmc=fmc, name="_portudp1", port="161", protocol="UDP"
    )
    obj11.post()
    obj12 = fmcapi.ProtocolPortObjects(
        fmc=fmc, name="_portrangetcp1", port="0-1023", protocol="TCP"
    )
    obj12.post()
    obj2 = fmcapi.PortObjectGroups(fmc=fmc, name="_fmcapi_test_portobjectgroup")
    obj2.named_ports(action="add", name=obj10.name)
    obj2.named_ports(action="add", name=obj11.name)
    obj2.named_ports(action="add", name=obj12.name)
    obj2.post()
    # Build a Security Zone object
    sz1 = fmcapi.SecurityZones(fmc=fmc, name="_sz1", interfaceMode="ROUTED")
    sz1.post()
    # Build an ACP Object
    acp1 = fmcapi.AccessPolicies(fmc=fmc, name=namer)
    acp1.post()
    # Get a file_policy
    # fp = fmcapi.FilePolicies(fmc=fmc1, name='daxm_test')
    time.sleep(1)
    logging.info("Setup of objects for ACPRule test done.\n")

    logging.info(
        "Test ACPRule.  Try to test all features of all methods of the ACPRule class."
    )
    acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=acp1.name)
    acprule1.name = namer
    acprule1.action = "ALLOW"
    acprule1.enabled = False
github daxm / fmcapi / unit_tests / manualnat.py View on Github external
obj11.protocol = "TCP"
    obj11.port = "443"
    obj11.post()
    time.sleep(1)

    obj12 = fmcapi.ProtocolPortObjects(fmc=fmc)
    obj12.name = "_port_xlate"
    obj12.protocol = "TCP"
    obj12.port = "8443"
    obj12.post()
    time.sleep(1)

    # Create Security Zones
    sz1 = fmcapi.SecurityZones(fmc=fmc, name="IG-INSIDE")
    sz1.post()
    sz2 = fmcapi.SecurityZones(fmc=fmc, name="SZ-OUTSIDE1")
    sz2.post()

    # Manualnat a network object to a host
    manualnat1 = fmcapi.ManualNatRules(fmc=fmc)
    manualnat1.original_source(name="_net_original")
    manualnat1.translated_source(name="_net_xlate")
    manualnat1.natType = "STATIC"
    # Source and destination interface can be either an interface group or security zone
    manualnat1.source_intf(name="IG-INSIDE")
    manualnat1.destination_intf(name="SZ-OUTSIDE1")
    manualnat1.enabled = True
    manualnat1.nat_policy(name=namer)

    # Manualnat identity nat
    manualnat2 = fmcapi.ManualNatRules(fmc=fmc)
    manualnat2.identity_nat(name="_net_identity")
github daxm / fmcapi / example / logic_separate_from_data / program_logic.py View on Github external
def create_security_zones(fmc, sz_list):
    """Create Security Zones"""
    for sz in sz_list:
        if "name" in sz:
            sz1 = fmcapi.SecurityZones(fmc=fmc, name=sz["name"])
            sz1.post()
github daxm / fmcapi / example / mixed_logic_and_data / hq-ftd.py View on Github external
with fmcapi.FMC(
        host=host,
        username=username,
        password=password,
        autodeploy=True,
        file_logging="hq-ftd.log",
    ) as fmc1:

        # Create an ACP
        acp = fmcapi.AccessPolicies(fmc=fmc1, name="ACP Policy")
        acp.defaultAction = "BLOCK"
        # I intentionally put a "space" in the ACP name to show that fmcapi will "fix" that for you.
        acp.post()

        # Create Security Zones
        sz_inside = fmcapi.SecurityZones(
            fmc=fmc1, name="inside", interfaceMode="ROUTED"
        )
        sz_inside.post()
        sz_outside = fmcapi.SecurityZones(
            fmc=fmc1, name="outside", interfaceMode="ROUTED"
        )
        sz_outside.post()
        sz_dmz = fmcapi.SecurityZones(fmc=fmc1, name="dmz", interfaceMode="ROUTED")
        sz_dmz.post()

        # Create Network Objects
        hq_dfgw_gateway = fmcapi.Hosts(
            fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
        )
        hq_dfgw_gateway.post()
        hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")