search

gabstopper / ansible-stonesoft

Ansible libraries for automating Stonesoft FW Management
Apache License 2.0
10 stars 3 forks source link

Features requests #21

Closed meandus closed 6 years ago

meandus commented 6 years ago

Hi David,

Some Features requests to allow me to create a full ngfw by Ansible To allow you to see in SMC ... i provided you path as well:

- General ==> DNS IP Addresses Allow to add group or host

- General ==> Permissions Allow to add Access Controls Lists

- Interfaces ==> interface Options Backp Heartbeat interface is not set ... which options ? template (l3fw.j2) not updated ? Allow to add Route Map in a BGP Peerings ... how to ?

Routing: How to Add a BGP Peerings to Tunnel Interface ? How to Add External BGP Peer to BGP Peering (under a tunnel interface) ? How to Add a router ? How to Add routes /network or group under a router

Routing ==> Antispoofing: How to add static network to an Interface ?

VPN ==> End-Points: How to rename Endpoints ? How to enable NAT-T ? How to change Mode ?

VPN ==> Sites: How to disable Automatic Site ? How to add a site ?

Advanced Settings ==> Traffic Handler How to enable "Virtual Defragmenting" or other features ? checked by default in SMC, not through API

SMC Feature: Allow to empty trash ?

Error during NGFW creation _"msg": "Invalid JSON format: At line 1 and column 716, related_elementtype is not recognized as JSON attribute."

implement retries for Database Problem ?

gabstopper commented 6 years ago

Hi Remi, thanks for the feedback. Some of this is already implemented, but some can be added. I will look through and see what needs to be finished and get back on this soon.

gabstopper commented 6 years ago

Hi Remy, From the latest dev branch pushed last night, here are some comments:

This is now possible using the following syntax. The SMC allows you to add either IP address, host elements or DNS Server elements (documentation updated on engine module):

domain_server_address:
- name: 8.8.8.8
   type: ipaddress
- name: Localhost
   type: host

This is now an option on engine yaml:

backup_heartbeat: 10

Error during NGFW creation "msg": "Invalid JSON format: At line 1 and column 716, related_element_type is not recognized as JSON attribute."

This is addressed in latest development branch. This is related to the OSPF playbook error (same issue). I added backwards compatibility for SMC versions earlier than 6.3.x.

This requires you to update smc-python to version 0.6.1 (now on PIP):

pip install smc-python

implement retries for Database Problem ?

This has now been implemented in the backend smc-python library in version 0.6.1. You can add this capability for ansible runs by either adding to the environment:

export SMC_EXTRA_ARGS='{"retry_on_busy": "True"}'

or if you are using an .smcrc or alternate file to store SMC API credentials:

retry_on_busy: True

This will implement a retry with a backoff timer if the SMC returns with "Service Unavailable".

I will comment on others in separate thread.

Please confirm the above if you have a chance!

gabstopper commented 6 years ago

Hi, just checking on where you are at with testing? I have posted a couple develop pushes that should resolve some of these issues. I also have updated the examples to show how to create other configurations. In latest version:

The empty trash will be implemented under a new module (not yet posted) for system level modifications like updates/trash/upgrades.

meandus commented 6 years ago

Hi !

Im completly rewrite my app in flask and so in Smc-python ..its better than ansible and more efficient.

Le 30 juillet 2018 17:24:23 GMT+02:00, David LePage notifications@github.com a écrit :

Hi, just checking on where you are at with testing? I have posted a couple develop pushes that should resolve some of these issues. I also have updated the examples to show how to create other configurations. In latest version:

  • DNS can be added by single IP or element
  • All routing can be done using the new engine_routing module. You can also still add OSPF and BGP directly on the engine definition also
  • Backup heartbeat can be set on engine configuration
  • Retries for database timeout
  • "related_element_type is not recognized as JSON attribute." backwards compatibility bug resolved

The empty trash will be implemented under a new module (not yet posted) for system level modifications like updates/trash/upgrades.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/21#issuecomment-408903074

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

I really like Flask as well. So you have moved to a web based UI instead? Is everything working well with smc-python? The retry behavior you requested is part of smc-python as you might have noticed.

meandus commented 6 years ago

Yep flask is pretty good and indeed as api and webinterface. Currently i can deployed on infoblox paloalto cisco and also aci and start on smc 6.4.3 with 0.61

So far so good. I will update you.

Le 30 juillet 2018 17:56:30 GMT+02:00, David LePage notifications@github.com a écrit :

I really like Flask as well. So you have moved to a web based UI instead? Is everything working well with smc-python? The retry behavior you requested is part of smc-python as you might have noticed.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/21#issuecomment-408914579

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

ok sounds good. If you have any problems, just submit an issue at the smc-python repo. Thanks!

gabstopper commented 6 years ago

ok sounds good. If you have any problems, just submit an issue at the smc-python repo. Thanks!