How to use the fmcapi.AccessRules function in fmcapi

To help you get started, we’ve selected a few fmcapi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github daxm / fmcapi / unit_tests / hit_counts.py View on Github external
def test__hitcounts(fmc, device_name="", prefilter_id=""):
    if not device_name and not prefilter_id:
        return f"Name of an actual device or prefilter ID is required for the HitCounts test to work... skipping test."

    logging.info(
        "In preparation for testing HitCounts method, set up some known objects in the FMC."
    )
    starttime = str(int(time.time()))
    namer = f"test__hitcounts_{starttime}"

    # Get the device
    device1 = fmcapi.DeviceRecords(fmc=fmc, name=device_name)
    device1.get()

    # In case there is no ACP Rule build a temp one.
    acprule1 = fmcapi.AccessRules(fmc=fmc, acp_id=device1.accessPolicy["id"])
    # acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=device1.accessPolicy['name'])
    acprule1.name = namer
    acprule1.action = "ALLOW"
    acprule1.post()
    time.sleep(1)
    acprule1.get()

    hitcounter1 = None
    if prefilter_id:
        hitcounter1 = fmcapi.HitCounts(
            fmc=fmc, prefilter_id=prefilter_id, device_name=device_name
        )
    else:
        hitcounter1 = fmcapi.HitCounts(
            fmc=fmc, acp_id=device1.accessPolicy["id"], device_name=device_name
        )
github daxm / fmcapi / unit_tests / acprule.py View on Github external
obj2.post()
    # Build a Security Zone object
    sz1 = fmcapi.SecurityZones(fmc=fmc, name="_sz1", interfaceMode="ROUTED")
    sz1.post()
    # Build an ACP Object
    acp1 = fmcapi.AccessPolicies(fmc=fmc, name=namer)
    acp1.post()
    # Get a file_policy
    # fp = fmcapi.FilePolicies(fmc=fmc1, name='daxm_test')
    time.sleep(1)
    logging.info("Setup of objects for ACPRule test done.\n")

    logging.info(
        "Test ACPRule.  Try to test all features of all methods of the ACPRule class."
    )
    acprule1 = fmcapi.AccessRules(fmc=fmc, acp_name=acp1.name)
    acprule1.name = namer
    acprule1.action = "ALLOW"
    acprule1.enabled = False
    acprule1.sendEventsToFMC = True
    acprule1.logFiles = False
    acprule1.logBegin = True
    acprule1.logEnd = True
    acprule1.variable_set(action="set", name="Default-Set")
    acprule1.source_zone(action="add", name=sz1.name)
    acprule1.destination_zone(action="add", name=sz1.name)
    acprule1.intrusion_policy(action="set", name="Security Over Connectivity")
    acprule1.vlan_tags(action="add", name=vlantag1.name)
    acprule1.source_port(action="add", name=pport1.name)
    acprule1.destination_port(action="add", name=pport1.name)
    acprule1.destination_port(action="add", name=obj2.name)
    acprule1.source_network(action="add", name=iphost1.name)
github daxm / fmcapi / example / logic_separate_from_data / program_logic.py View on Github external
def create_access_policies(fmc, acp_list):
    """Create Access Policies and their associated AccessRules"""
    for acp in acp_list:
        policy = fmcapi.AccessPolicies(
            fmc=fmc, name=acp["name"], defaultAction=acp["default_action"]
        )
        policy.post()

        # Build access_rules associated with this acp.
        if "rules" in acp:
            for rule in acp["rules"]:
                acp_rule = fmcapi.AccessRules(
                    fmc=fmc, acp_name=policy.name, name=rule["name"]
                )
                if "log_begin" in rule:
                    acp_rule.logBegin = rule["log_begin"]
                if "log_end" in rule:
                    acp_rule.logEnd = rule["log_end"]
                if "send_events_to_fmc" in rule:
                    acp_rule.sendEventsToFMC = rule["send_events_to_fmc"]
                if "enabled" in rule:
                    acp_rule.enabled = rule["enabled"]
                if "action" in rule:
                    acp_rule.action = rule["action"]
                if "source_networks" in rule:
                    for sn in rule["source_networks"]:
                        acp_rule.source_network(action="add", name=sn["name"])
                if "destination_networks" in rule:
github daxm / fmcapi / example / mixed_logic_and_data / hq-ftd.py View on Github external
# Create Network Objects
        hq_dfgw_gateway = fmcapi.Hosts(
            fmc=fmc1, name="hq-default-gateway", value="100.64.0.1"
        )
        hq_dfgw_gateway.post()
        hq_lan = fmcapi.Networks(fmc=fmc1, name="hq-lan", value="10.0.0.0/24")
        hq_lan.post()
        all_lans = fmcapi.Networks(fmc=fmc1, name="all-lans", value="10.0.0.0/8")
        all_lans.post()
        hq_fmc = fmcapi.Hosts(fmc=fmc1, name="hq_fmc", value="10.0.0.10")
        hq_fmc.post()
        fmc_public = fmcapi.Hosts(fmc=fmc1, name="fmc_public_ip", value="100.64.0.10")
        fmc_public.post()

        # Create ACP Rule to permit hq_lan traffic inside to outside.
        hq_acprule = fmcapi.AccessRules(
            fmc=fmc1,
            acp_name=acp.name,
            name="Permit HQ LAN",
            action="ALLOW",
            enabled=True,
        )
        hq_acprule.source_zone(action="add", name=sz_inside.name)
        hq_acprule.destination_zone(action="add", name=sz_outside.name)
        hq_acprule.source_network(action="add", name=hq_lan.name)
        hq_acprule.destination_network(action="add", name="any-ipv4")
        # hq_acprule.logBegin = True
        # hq_acprule.logEnd = True
        hq_acprule.post()

        # Build NAT Policy
        nat = fmcapi.FTDNatPolicies(fmc=fmc1, name="NAT Policy")