shibumi
commented
4 years ago Hi @EtienneMILON can you show the full stacktrace or the error message?
Closed EtienneMILON closed 2 years ago
shibumi
commented
4 years ago Hi @EtienneMILON can you show the full stacktrace or the error message?
EtienneMILON
commented
4 years ago Hello @shibumi ,
I had the exception : "smc.api.exceptions.UpdateElementFailed: Impossible to store the element mycluster_test. Element appears invalid: mycluster_test Firewall Cluster has an invalid Physical Interface configuration: Interface 0. One relayed by DHCP CVI belongs to this Physical Interface but it has no defined enabled DHCP relay."
I use the following code:
engine = FirewallCluster.create(
name="mycluster_test",
cluster_virtual="1.1.1.1",
network_value="1.1.1.0/24",
interface_id=0,
macaddress="02:02:02:02:02:02",
nodes=[
{"address": "1.1.1.2", "network_value": "1.1.1.0/24", "nodeid": 1},
{"address": "1.1.1.3", "network_value": "1.1.1.0/24", "nodeid": 2},
],
domain_server_address=["1.1.1.1"],
is_cert_auto_renewal=True,
)
interface = engine.interface.get("0")
interface.dhcp_relay = {'element': ['dhcp_server_href'], 'enabled': True, 'max_packet_size': 576, 'trusted_circuit': False}
interface.save()
for one in interface.interfaces:
if one.typeof.lower() == "cluster_virtual_interface":
one.relayed_by_dhcp = True
one.save
break
engine.update()I don't have error with this code but in the SMC the interface has no DHCP relay configured. I use SMC 6.5.14.
Etienne
ggrimaux
commented
4 years ago Hello,
I do not know if it can helps you but here it is what I've done to make it works
"""
Add DHCP Relay on two vlan interface
Then it is mandatory to get again engine in order to have
most recent etag and engine details.
"""
engine_to_update = Layer3Firewall(engine_name_to_update)
intf = engine_to_update.interface.get(4)
# Get interface JSON
interface_details = SMCRequest(intf.href).read()
for vlan in interface_details.json['vlanInterfaces']:
if '4.20' in vlan['name'] \
or '4.25' in vlan['name']:
vlan['dhcp_relay'] = {"element": [dhcp_server_href],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False
}
vlan['interfaces'][0]['single_node_interface']['relayed_by_dhcp'] = True
SMCRequest(intf.href,
interface_details.json,
etag=intf.etag).update()BR, /Greg.
EtienneMILON
commented
3 years ago Hello Greg,
You were right, it works with interface.update():
engine = Engine(name="engine_name")
interface = engine.interface.get("interface_id")
interface.update(
dhcp_relay={
"element": ["DHCP_server_href"],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False,
}
)
# And for the subinterface
sub_interface.update(relayed_by_dhcp=True)I sometimes have exception but it works. Could Forcepoint add it into fp-NGFW-SMC-python?
Best regards, Etienne
alexnogard
commented
3 years ago Hello @EtienneMILON , How do you get the DHCPServer href ?
I can get an Host Elements href, but I couldn't find how to get a Server Element href
Thanks Regards
ggrimaux
commented
3 years ago Hello @alexnogard ,
Here is an example:
dhcp_server = DHCPServer.create(
name="My DHCP Server,
address="10.1.1.22")
dhcp_server_href = dhcp_server.hrefBR, /Greg
alexnogard
commented
3 years ago Thanks @ggrimaux It worked. The most complicate was to find the class :D.
Regards
alexnogard
commented
3 years ago @ggrimaux Last question :
When I try to set the DHCP Relay on VLAN Int :
interface = engine.interface.get('0.10') interface.update( dhcp_relay={ "element": ["http://xxx:8082/6.5/elements/dhcp_server/3033","http://xxx:8082/6.5/elements/dhcp_server/3034"], "enabled": True, "max_packet_size": 576, "trusted_circuit": Fal se, } )
I've this error : smc.api.exceptions.UpdateElementFailed: Impossible to update the specified interface for the target FWESTCL. An element is invalid: There must be one and only one relayed IPv4 Address to support the DHCPv4 Relay settings of the VLAN 0.10 Physical Interface.
I made a test, I created a cluster Interface (id 10) and a vlan (id 10), empty, and it worked.
So I dont understand what it's not working on my vlan 0.10
Thanks for your help
EtienneMILON
commented
3 years ago Hello,
As I understand, when there is a CVI for the interface you have to enable the "relayed_by_dhcp" option for the CVI. For example:
interface = engine.interface.get('0.10')
for sub_interface in interface.interfaces:
if sub_interface.typeof.lower() == "cluster_virtual_interface":
sub_interface.update(relayed_by_dhcp=True)
breakI also have exceptions sometimes but it looks to work. I think these exceptions are more warning than error.
Best regards, Etienne
ggrimaux
commented
3 years ago Hello,
Sorry for my late answer.
@EtienneMILON is right. Here is what I just tested (just combined your code and @EtienneMILON one :))
my_engine = FirewallCluster("Greg-Test")
interface = my_engine.interface.get('1.10')
for sub_interface in interface.interfaces:
if sub_interface.typeof.lower() == "cluster_virtual_interface":
sub_interface.update(relayed_by_dhcp=True)
break
interface.update(
dhcp_relay={
"element": [DHCPServer("Greg DHCP 1").href,
DHCPServer("Greg DHCP 2").href],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False,
}
)
I hope this will help you.
BR, /Greg.
alexnogard
commented
3 years ago Hello guys, Sorry for late reply Worked like a charm, many thanks :)
Hello,
I try to configure a DHCP relay on an interface. I tried with following parameters but it doesn't work :
Is there a possibility to do this? I use fp-NGFW-SMC-python 0.7.0b23.
Best regards, Etienne