Skip to content

SmartMove adding an option to run from the CLI #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jun 15, 2021
Merged

SmartMove adding an option to run from the CLI #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b4690aa
cherry-pick commit baaedb1e48f3f26da0494b08b5cff943b063cc57 from the …
AnastasiaIBA Jul 2, 2020
ca52093
cherry-pick the commit f5910e37c0a5f321cc04660fabf98dee00a034a4 from …
AnastasiaIBA Jul 2, 2020
8f94dd6
add duplicates for flags to console for source, target, vendor, nat, …
ShibalovRoman Jun 8, 2021
d4c77b1
decorations for Command line (fix 5 spaces)
ShibalovRoman Jun 8, 2021
0583f84
* changed help page for console
ShibalovRoman Jun 11, 2021
41c9049
add json output to the console with err codes
ShibalovRoman Jun 14, 2021
d5d83aa
*added checking for value ldap at the console
ShibalovRoman Jun 15, 2021
f88ab82
Panorama and FortiNet now calculate common errors and warnings during…
ShibalovRoman Jun 15, 2021
d3b7e86
fix bug with ckipping NAT rules
ShibalovRoman Jun 15, 2021
206b14a
remove console logs from vendors (ConversionIncidents)
ShibalovRoman Jun 15, 2021
3f685f2
remove ConversionIncident message from console
ShibalovRoman Jun 15, 2021
7256b71
fix bugs with empty flags -k, -f, -d
ShibalovRoman Jun 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 0 additions & 23 deletions CiscoMigration/CiscoCommands.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,6 @@ private void ParseNetworks()
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "An Object (network) can only hold one fqdn, host, range or subnet";
Console.WriteLine(ConversionIncidentMessage);
}
}

Expand Down Expand Up @@ -502,7 +501,6 @@ private void ParseServices()
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Unrecognized service protocol (" + ServiceProtocol + ")";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand All @@ -513,7 +511,6 @@ private void ParseServices()
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "An Object (service) can only hold one service";
Console.WriteLine(ConversionIncidentMessage);
}
}
}
Expand Down Expand Up @@ -546,7 +543,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid host IP address (" + HostAddress + "). Using IP 1.1.1.1.";
Console.WriteLine(ConversionIncidentMessage);

HostAddress = "1.1.1.1";
}
Expand Down Expand Up @@ -578,7 +574,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid IP subnet (" + Network + "/" + Netmask + "). Using IP subnet 1.1.1.0/255.255.255.0.";
Console.WriteLine(ConversionIncidentMessage);

Network = "1.1.1.0";
Netmask = "255.255.255.0";
Expand All @@ -602,7 +597,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid range starting IP address (" + RangeFrom + "). Using IP 0.0.0.0.";
Console.WriteLine(ConversionIncidentMessage);

RangeFrom = "0.0.0.0";
}
Expand All @@ -612,7 +606,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid range ending IP address (" + RangeTo + "). Using IP 255.255.255.255.";
Console.WriteLine(ConversionIncidentMessage);

RangeTo = "255.255.255.255";
}
Expand Down Expand Up @@ -685,7 +678,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
// "service tcp source eq ssh destination eq ssh" ---> wrong!!! ---> ignore source!!!
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Cannot convert a service defined as both source service and destination service. Ignoring source service.";
Console.WriteLine(ConversionIncidentMessage);

IsDestination = true;
Operator = command.GetParam(nextParamId + 1);
Expand Down Expand Up @@ -724,7 +716,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Unrecognized service protocol (" + Protocol + ")";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand Down Expand Up @@ -767,7 +758,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid IP address (" + IpAddress + "). Using IP 1.1.1.1.";
Console.WriteLine(ConversionIncidentMessage);

IpAddress = "1.1.1.1";
}
Expand Down Expand Up @@ -796,7 +786,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid IP subnet (" + IpAddress + "/" + Netmask + "). Using IP subnet 1.1.1.0/255.255.255.0.";
Console.WriteLine(ConversionIncidentMessage);

IpAddress = "1.1.1.0";
Netmask = "255.255.255.0";
Expand Down Expand Up @@ -921,7 +910,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
// "service-object tcp source eq ssh destination eq ssh" ---> wrong!!! ---> ignore source!!!
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Cannot convert a service defined as both source service and destination service. Ignoring source service.";
Console.WriteLine(ConversionIncidentMessage);

IsDestination = true;
Operator = command.GetParam(nextParamId + 1);
Expand Down Expand Up @@ -960,7 +948,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Unrecognized service protocol (" + Protocol + ")";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand Down Expand Up @@ -1456,7 +1443,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid IP subnet (" + IpAddress + "/" + Netmask + ").";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand Down Expand Up @@ -1520,7 +1506,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Cannot resolve route destination IP address (" + command.GetParam(2) + "). Using IP 1.1.1.1.";
Console.WriteLine(ConversionIncidentMessage);

DestinationIp = "1.1.1.1";
DestinationNetmask = "255.255.255.255";
Expand All @@ -1530,7 +1515,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
{
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Invalid IP address (" + DestinationIp + "). Using IP 1.1.1.1.";
Console.WriteLine(ConversionIncidentMessage);

DestinationIp = "1.1.1.1";
DestinationNetmask = "255.255.255.255";
Expand Down Expand Up @@ -1717,7 +1701,6 @@ private void ParseObjectNatCommand(CiscoCommand command, CiscoCommand prevComman

ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Unrecognized service protocol (" + ServiceProtocol + ")";
Console.WriteLine(ConversionIncidentMessage);
}
}
break;
Expand All @@ -1738,7 +1721,6 @@ private void ParseObjectNatCommand(CiscoCommand command, CiscoCommand prevComman
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Interface fall-back for dynamic object NAT is not supported";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand Down Expand Up @@ -1786,7 +1768,6 @@ private void ParseRegularNatCommand(CiscoCommand command, CiscoCommand prevComma
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Not handling NAT with dynamic destination";
Console.WriteLine(ConversionIncidentMessage);
return;
}

Expand All @@ -1805,7 +1786,6 @@ private void ParseRegularNatCommand(CiscoCommand command, CiscoCommand prevComma
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Not handling NAT with dynamic source";
Console.WriteLine(ConversionIncidentMessage);
}
}
}
Expand Down Expand Up @@ -1847,15 +1827,13 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
break;

default:
Console.WriteLine("Error: unknown access-group traffic direction (" + command.GetParam(2) + ").");
break;
}

if (Direction != DirectionType.Inbound && Direction != DirectionType.Global)
{
ConversionIncidentType = ConversionIncidentType.Informative;
ConversionIncidentMessage = "Outbound ACLs will not be converted";
Console.WriteLine(ConversionIncidentMessage);
}
}
}
Expand Down Expand Up @@ -2343,7 +2321,6 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
ProtocolReference = strProtocol;
ConversionIncidentType = ConversionIncidentType.ManualActionRequired;
ConversionIncidentMessage = "Unrecognized service protocol (" + strProtocol + ")";
Console.WriteLine(ConversionIncidentMessage);
}
break;
}
Expand Down
88 changes: 64 additions & 24 deletions CiscoMigration/CiscoConverter.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ limitations under the License.
using Newtonsoft.Json;
using System.Diagnostics;
using System.Globalization;
using System.Threading;

namespace CiscoMigration
{
Expand Down Expand Up @@ -92,7 +93,6 @@ public string AutoGeneratedName()
return "network_" + IpAddress + "_" + MaskPrefix;
}

Console.WriteLine("Error: unrecognized network object - Ip={0}, Mask={1}", IpAddress, NetMask);
return "_Err_in_network-line_" + CiscoCommandId;
}

Expand All @@ -106,7 +106,6 @@ public string AutoGeneratedNetworkName()
return "network_" + IpAddress + "_" + MaskPrefix;
}

Console.WriteLine("Error: unrecognized network object - Ip={0}, Mask={1}, Prefix={2}", IpAddress, NetMask, MaskPrefix);
return "_Err_in_network-line_" + CiscoCommandId;
}

Expand Down Expand Up @@ -183,10 +182,6 @@ public static ProtocolType ProtocolStringToProtocolType(ref string sProtocol)
protocol = ProtocolType.KnownOtherIpProtocol;
sProtocol = serviceName;
}
else
{
Console.WriteLine("Error: Unrecognized service protocol '{0}'", sProtocol);
}
break;
}

Expand Down Expand Up @@ -221,10 +216,6 @@ public static string AutoGeneratedName(CheckPointObjectsRepository cpObjects, st
break;

default:
if (!string.IsNullOrEmpty(sPortOperator))
{
Console.WriteLine("Error: unsupported port operator '{0}'", sPortOperator);
}
break;
}

Expand Down Expand Up @@ -307,7 +298,6 @@ public static string AutoGeneratedName(CheckPointObjectsRepository cpObjects, Pr
}
else
{
Console.WriteLine("Error: unsupported port operator '{0}' for protocol IP", portOperator);
name = "_Err_in_service-line_" + ciscoCommandId;
}
return name;
Expand All @@ -318,7 +308,6 @@ public static string AutoGeneratedName(CheckPointObjectsRepository cpObjects, Pr
return serviceFound ? name : sPort;

case ProtocolType.NA:
Console.WriteLine("Error: Unrecognized service protocol");
return "_Err_in_service-line_" + ciscoCommandId;
}

Expand Down Expand Up @@ -427,10 +416,6 @@ public static CheckPointObject CreateServiceObj(CheckPointObjectsRepository cpOb
break;

case ProtocolType.Ip:
if (portOperator != TcpUdpPortOperatorType.All)
{
Console.WriteLine("Error: Service protocol is 'IP', but the service is not 'any'");
}
// Skip, a predefined "any" object is used!!!
break;

Expand All @@ -448,7 +433,6 @@ public static CheckPointObject CreateServiceObj(CheckPointObjectsRepository cpOb
break;

case ProtocolType.NA:
Console.WriteLine("Error: Service protocol is 'NA'");
break;
}

Expand Down Expand Up @@ -522,6 +506,7 @@ private static void GetServicePortRanges(string servicePort, out int from, out i
private IList<CiscoCommand> _ciscoSshCommands;
private Cisco_Hostname _ciscoHostnameCommand;
private List<Cisco_AccessList> _ciscoGlobalAclCommands = new List<Cisco_AccessList>();
private string _outputFormat;

private List<CheckPoint_NAT_Rule> _cpPreorderedNatRules = new List<CheckPoint_NAT_Rule>();

Expand Down Expand Up @@ -4522,10 +4507,7 @@ private bool IsFirewallRuleMatchedByNATRule(CheckPoint_Zone parentLayerRuleZone,
return true;
}

if (fwRule.Service.Count == 0)
{
// TODO: ???
}
if (fwRule.Service.Count == 0) {}
else if (fwRule.Service.Count == 1 && fwRule.Service[0].Name == CheckPointObject.Any)
{
// There is only one service in FW rule and it is "any", no matter what NAT rule service is...
Expand Down Expand Up @@ -4683,19 +4665,29 @@ private string BuildInspectedRuleLinkTag(string ciscoClassMapName)

#region Public Methods

public override void Initialize(VendorParser vendorParser, string vendorFilePath, string toolVersion, string targetFolder, string domainName)
public override void Initialize(VendorParser vendorParser, string vendorFilePath, string toolVersion, string targetFolder, string domainName, string outputFormat = "json")
{
_ciscoParser = (CiscoParser)vendorParser;
if (_ciscoParser == null)
{
throw new InvalidDataException("Unexpected!!!");
}
this._outputFormat = outputFormat;

base.Initialize(vendorParser, vendorFilePath, toolVersion, targetFolder, domainName);
base.Initialize(vendorParser, vendorFilePath, toolVersion, targetFolder, domainName, outputFormat);
}

public override void Convert(bool convertNat)
public override Dictionary<string, int> Convert(bool convertNat)
{
if (IsConsoleRunning)
Progress = new ProgressBar();

if (IsConsoleRunning)
{
Console.WriteLine("Converting obects ...");
Progress.SetProgress(20);
Thread.Sleep(1000);
}
RaiseConversionProgress(20, "Converting obects ...");
_cpObjects.Initialize(); // must be first!!!

Expand All @@ -4715,25 +4707,65 @@ public override void Convert(bool convertNat)
Add_or_Modify_InterfaceNetworkGroups();
Add_ServicesAndServiceGroups();
Add_TimeRanges();

if (IsConsoleRunning)
{
Console.WriteLine("Converting rules ...");
Progress.SetProgress(30);
Thread.Sleep(1000);
}
RaiseConversionProgress(30, "Converting rules ...");
Add_Package();

if (convertNat)
{
if (IsConsoleRunning)
{
Console.WriteLine("Converting NAT rules ...");
Progress.SetProgress(40);
Thread.Sleep(1000);
}
RaiseConversionProgress(40, "Converting NAT rules ...");
Add_object_NAT();
Add_NAT_Rules();

if (IsConsoleRunning)
{
Console.WriteLine("Creating NAT rulebase ...");
Progress.SetProgress(50);
Thread.Sleep(1000);
}
RaiseConversionProgress(50, "Creating NAT rulebase ...");
CreateNATRulebase();

if (IsConsoleRunning)
{
Console.WriteLine("Creating Firewall rulebase ...");
Progress.SetProgress(60);
Thread.Sleep(1000);
}
RaiseConversionProgress(60, "Creating Firewall rulebase ...");
MatchNATRulesIntoFirewallPolicy();
}

// This should be done here, after all objects are converted!!!
EnforceObjectNameValidity();

if (IsConsoleRunning)
{
Console.WriteLine("Optimizing Firewall rulebase ...");
Progress.SetProgress(70);
Thread.Sleep(1000);
}
RaiseConversionProgress(70, "Optimizing Firewall rulebase ...");
Add_Optimized_Package();

if (IsConsoleRunning)
{
Console.WriteLine("Generating CLI scripts ...");
Progress.SetProgress(80);
Thread.Sleep(1000);
}
RaiseConversionProgress(80, "Generating CLI scripts ...");
CreateObjectsScript();
CreatePackagesScript();
Expand All @@ -4748,6 +4780,14 @@ public override void Convert(bool convertNat)
ConversionIncidentsCommandsCount = _conversionIncidents.GroupBy(error => error.LineNumber).Count();

CreateSmartConnector();


if (IsConsoleRunning)
{
Progress.SetProgress(100);
Progress.Dispose();
}
return new Dictionary<string, int>() { { "warnings", ConversionIncidentCategoriesCount } };
}

public override int RulesInConvertedPackage()
Expand Down
Loading