1.0.6

.gitignore

@@ -12,3 +12,4 @@ smc-monitoring/fp_NGFW_SMC_python_monitoring.egg-info/*
 qa/results/*
 qa/test_suites/examples/*
 venv*
+/smc_info/

smc/__version__.py

@@ -1,4 +1,4 @@
-__version__ = '1.0.5'
+__version__ = '1.0.6'
 __author__ = 'Forcepoint'
 __description__ = 'Python based API to Forcepoint NGFW Management Center'
 __url__ = 'http://github.com/Forcepoint/fp-NGFW-SMC-python'

smc/core/contact_address.py

@@ -191,7 +191,12 @@ def interface_id(self):
 
         :rtype: str
         """
-        return self._name.split(" ")[-1]
+        # Aggregated Interfaces case
+        if self._name.endswith("(Aggregated)"):
+            interface_id_to_return = self._name.split(" ")[1]
+        else:
+            interface_id_to_return = self._name.split(" ")[-1]
+        return interface_id_to_return
 
     @property
     def interface_ip(self):

smc/examples/aggregated_interface.py

@@ -0,0 +1,53 @@
+"""
+Example of creating an aggregated interface
+"""
+
+
+from smc.core.engines import Layer3Firewall
+from smc import session
+from smc_info import *
+
+if __name__ == "__main__":
+    session.login(url=SMC_URL, api_key=API_KEY, verify=False, timeout=120, api_version=API_VERSION)
+    print("session OK")
+
+try:
+    engine = Layer3Firewall.create(
+        name="myEngine",
+        mgmt_ip="172.18.1.1",
+        mgmt_network="172.18.1.0/24",
+        mgmt_interface=0,
+    )
+    engine.physical_interface.add_layer3_interface(interface_id=1,
+                                                   address="172.18.2.10",
+                                                   network_value="172.18.2.0/24",
+                                                   comment="My aggregate interface",
+                                                   aggregate_mode="ha",
+                                                   second_interface_id=2)
+
+    # retrieve interface id
+    for interface in engine.physical_interface.all():
+        print("Interfaced created:{}:{}".format(interface.interface_id, interface))
+
+    interface_keys = ['id', 'contact_addresse_ip']
+    engine = Layer3Firewall("myEngine")
+    # Contact Address information
+    interface_inventory = []
+    list_itf = []
+    for ca in engine.contact_addresses:
+        list_itf.append(ca.interface_id)
+    uniq_list_itf = list(set(list_itf))
+    for itf_id in uniq_list_itf:
+        contact = engine.interface.get(itf_id).contact_addresses
+        ip = contact[0].interface_ip
+        interface_values = [itf_id, ip]
+        interface_inventory.append(dict(zip(interface_keys, interface_values)))
+
+    print("interface_inventory={}".format(interface_inventory))
+except BaseException as e:
+    print("Exception:{}".format(e))
+    exit(-1)
+
+finally:
+    engine = Layer3Firewall("myEngine")
+    engine.delete()

smc/examples/cloud_engine.py

@@ -1,32 +1,13 @@
 #!/usr/bin/python
-
-
-################################################
-#    Customize these variable                  #
-################################################
-
 from smc.core.engine import Engine
 from smc.core.engines import CloudSGSingleFW
 from smc import session
+from smc_info import *
 
-smc_url = "http://localhost:8082"
-smc_key = "HuphG4Uwg4dN6TyvorTR0001"
-
-smc_domain = ""
-api_version = "6.9"
-timeout = 180
-
-################################################
-# Login the api
+if __name__ == '__main__':
 
-session.login(
-    url=smc_url,
-    domain=smc_domain,
-    api_key=smc_key,
-    api_version=api_version,
-    timeout=timeout,
-    verify=False,
-)
+    session.login(url=SMC_URL, api_key=API_KEY, verify=False, timeout=120, api_version=API_VERSION)
+    print("session OK")
 
 
 try:
@@ -60,14 +41,11 @@
     for node in engine.nodes:
         print("Firewall node %s status: %s" % (node.name, str(node.status())))
 
-    # Delete Engine
-    engine.delete()
-
 except Exception as e:
     print("Example failed:" + str(e))
-    engine = Engine("Cloud Single firewall 1")
+    exit(-1)
+
+finally:
+    engine = CloudSGSingleFW("Cloud Single firewall 1")
     engine.delete()
     session.logout()
-    exit(1)
-
-session.logout()

smc/examples/sub_policies.py

@@ -1,13 +1,14 @@
 """
 Example script
 -create SubPolicy and IPv6SubPolicy
+-update a rule
 -return all FirewallSubPolicy and FirewallIPv6SubPolicy.
 
 """
 
 # Python Base Import
-import sys
 from smc import session
+from smc.elements.network import Host
 from smc.policy.layer3 import FirewallSubPolicy, FirewallIPv6SubPolicy
 from smc.elements.service import TCPService
 from smc_info import *
@@ -17,37 +18,100 @@
     session.login(url=SMC_URL, api_key=API_KEY, verify=False, timeout=120, api_version=API_VERSION)
 
     print("session OK")
+    try:
 
-    # Create a Sub Policy
-    p = FirewallSubPolicy()
-    p.create("mySubPolicy1")
-
-    # add rule to a Sub Policy
-    p = FirewallSubPolicy("mySubPolicy1")
-    p.fw_ipv4_access_rules.create(
-        name="newule",
-        sources="any",
-        destinations="any",
-        services=[TCPService("SSH")],
-        action="discard",
-    )
-
-    print(list(FirewallSubPolicy.objects.all()))
-
-    # Create a IPv6 Sub Policy
-    p = FirewallIPv6SubPolicy()
-    p.create("myIPv6SubPolicy1")
-
-    # add rule to a IPv6 Sub Policy
-    p = FirewallIPv6SubPolicy("myIPv6SubPolicy1")
-    p.fw_ipv6_access_rules.create(
-        name="newule",
-        sources="any",
-        destinations="any",
-        services=[TCPService("SSH")],
-        action="discard",
-    )
-
-    print(list(FirewallIPv6SubPolicy.objects.all()))
-
-    session.logout()
+        # Create hosts
+        host1 = Host.create("myHost1", "192.168.1.1")
+        host2 = Host.create("myHost2", "192.168.1.2")
+        host3 = Host.create("myHost3", "192.168.1.3")
+
+        # Create a Sub Policy
+        p = FirewallSubPolicy().create("mySubPolicy1")
+
+        # add rule to a Sub Policy
+        p = FirewallSubPolicy("mySubPolicy1")
+        rule1 = p.fw_ipv4_access_rules.create(
+            name="newrule",
+            sources="any",
+            destinations="any",
+            services=[TCPService("SSH")],
+            action="discard",
+        )
+
+        # update the rule
+        # can mix element and element.href
+        # like for create, to be compatible with 6.5, we can set action as a String
+        # it will be converted to a list of String for api > 6.5
+        rule1.update(sources=[host1, host2.href],
+                     destinations=[host3],
+                     services=[TCPService("FTP")],
+                     action="allow")
+        print("After update {} src={} dst={}".format(rule1, rule1.sources, rule1.destinations))
+
+        # Need to keep backward compatibility and let user inject json code or Elements or href
+        # action can also be a list since Api 6.6
+        rule1.update(sources={"src": [host1.href]},
+                     destinations=[host3],
+                     services=[TCPService("FTP").href],
+                     action=["allow"])
+        print("After update {} src={} dst={} action={}".format(rule1,
+                                                               rule1.sources,
+                                                               rule1.destinations,
+                                                               rule1.action.action))
+
+        # action can also be json injection both str and list are accepted
+        rule1.update(sources={"src": [host1.href]},
+                     destinations=[host3],
+                     services=[TCPService("FTP").href],
+                     action={"action": "deny"})
+        print("After update {} src={} dst={} action={}".format(rule1,
+                                                               rule1.sources,
+                                                               rule1.destinations,
+                                                               rule1.action.action))
+        # action can also be json injection both str and list are accepted
+        rule1.update(sources={"src": [host1.href]},
+                     destinations=[host3],
+                     services=[TCPService("FTP").href],
+                     action={"action": ["deny"]})
+        print("After update {} src={} dst={} action={}".format(rule1,
+                                                               rule1.sources,
+                                                               rule1.destinations,
+                                                               rule1.action.action))
+
+        # search for the rule
+        rule1 = p.search_rule("newrule")
+        print("Search 'newrule': {} src={} dst={} action={}".format(rule1[0],
+                                                                    rule1[0].sources,
+                                                                    rule1[0].destinations,
+                                                                    rule1[0].action.action))
+
+        print("All sub-policies:")
+        print(list(FirewallSubPolicy.objects.all()))
+
+        print("Add myIPv6SubPolicy1:")
+        # Create a IPv6 Sub Policy
+        p = FirewallIPv6SubPolicy()
+        p.create("myIPv6SubPolicy1")
+
+        # add rule to a IPv6 Sub Policy
+        p = FirewallIPv6SubPolicy("myIPv6SubPolicy1")
+        p.fw_ipv6_access_rules.create(
+            name="newule",
+            sources="any",
+            destinations="any",
+            services=[TCPService("SSH")],
+            action="discard",
+        )
+
+        print(list(FirewallIPv6SubPolicy.objects.all()))
+
+    except BaseException as e:
+        print("ex={}".format(e))
+        exit(-1)
+    finally:
+        FirewallSubPolicy("mySubPolicy1").delete()
+        Host("myHost1").delete()
+        Host("myHost2").delete()
+        Host("myHost3").delete()
+        FirewallIPv6SubPolicy("myIPv6SubPolicy1").delete()
+        session.logout()