search

gabstopper / smc-python

Forcepoint Security Management Center python library:(Moved to official Forcepoint repo)
https://github.com/Forcepoint/fp-NGFW-SMC-python
Apache License 2.0
29 stars 13 forks source link

add_bgp_peering & TunnelInterface #38

Closed meandus closed 6 years ago

meandus commented 6 years ago

Hi David,

Impossible to add a BGP Peering & ExternalBGPPeer to a Tunnel Interface

Could you implement this option on TunnelInterface ?

image

[‎18/‎10/‎2018 11:46] ETIENNE MILON:
Sans titre

engine.tunnel_interface.get(1021) TunnelInterface(name=Tunnel Interface 1021)

tunnelInt1021 = engine.tunnel_interface.get(1021)

tunnelInt1021.add_bgp_peering( BGPPeering(name=BGP_Peering_Name) , ExternalBGPPeer(name=ExternalBGPPeer_Name) ) Traceback (most recent call last): File "", line 1, in File "C:\Users\Toto\AppData\Roaming\Python\Python27\site-packages\smc\base\model.py", line 372, in getattr % (self.class, key)) AttributeError: <class 'smc.core.interfaces.TunnelInterface'> object has no attribute 'add_bgp_peering'

engine.interface.get(1021) TunnelInterface(name=Tunnel Interface 1021)

int = engine.interface.get(1021) int.add_bgp_peering( BGPPeering(name=BGP_Peering_Name) , ExternalBGPPeer(name=ExternalBGPPeer_Name) ) Traceback (most recent call last): File "", line 1, in File "C:\Users\Toto\AppData\Roaming\Python\Python27\site-packages\smc\base\model.py", line 372, in getattr % (self.class, key)) AttributeError: <class 'smc.core.interfaces.TunnelInterface'> object has no attribute 'add_bgp_peering'

gabstopper commented 6 years ago

Hi Remy, BGP is implemented already, although it's bound to the routing node, like in the SMC. Here are some examples: https://smc-python.readthedocs.io/en/latest/pages/reference.html#module-smc.routing.bgp

interface = engine.routing.get(0)
interface.add_bgp_peering(
    BGPPeering('mypeer'), 
    ExternalBGPPeer('neighbor'))
meandus commented 6 years ago

Not for tunnel interface...

Le 18 octobre 2018 16:01:08 GMT+02:00, David LePage notifications@github.com a écrit :

Hi Remy, BGP is implemented already, although it's bound to the routing node, like in the SMC. Here are some examples: https://smc-python.readthedocs.io/en/latest/pages/reference.html#module-smc.routing.bgp

interface = engine.routing.get(0)
interface.add_bgp_peering(
   BGPPeering('mypeer'), 
   ExternalBGPPeer('neighbor'))

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/smc-python/issues/38#issuecomment-431020213

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Notice the above is grabbing a reference to the routing table interface (engine.routing, not engine.interface). The add_bgp_peering method is only attached to the interface routing node. If you are on the current smc-python version, you can do:

engine = Engine('engine1')

peering = BGPPeering.get_or_create(name='MyPeering')
ext_gw = ExternalGateway.get_or_create(name='MyexternalGW')

engine.tunnel_interface.add_layer3_interface(
    interface_id=1020, address='120.120.120.1', network_value='120.120.120.0/24')

routing = engine.routing.get(1020)
routing.add_bgp_peering(peering, ext_gw)

image

meandus commented 6 years ago

works like a charm !

meandus commented 6 years ago

if i'm using this specific command, i receive: EngineCommandFailed('Impossible to add the specified interface to the target XXXFWXXX . Element appears invalid: XXXFWXXX All Nodes in the Engine Cluster must have the same number of Interfaces.',)

gabstopper commented 6 years ago

Hi Remy, You are using the method that adds a single layer 3 interface, but you are running this on a cluster. To do that, you must use engine.tunnel_interface.add_cluster_virtual_interface. Like this:

engine = Engine('foo')

peering = BGPPeering.get_or_create(name='MyPeering')
ext_gw = ExternalGateway.get_or_create(name='MyexternalGW')

nodes=[{'address':'4.4.4.2', 'network_value':'4.4.4.0/24', 'nodeid':1}, 
       {'address':'4.4.4.3', 'network_value':'4.4.4.0/24', 'nodeid':2}]

engine.tunnel_interface.add_cluster_virtual_interface(
    interface_id=1020,
    cluster_virtual='4.4.4.1',
    network_value='4.4.4.0/24', 
    nodes=nodes) 

routing = engine.routing.get(1020)
routing.add_bgp_peering(peering, ext_gw)
meandus commented 6 years ago

Hi exactly what i did.

Regards, Rémy

Le 30 octobre 2018 18:31:51 GMT+01:00, David LePage notifications@github.com a écrit :

Hi Remy, You are using the method that adds a single layer 3 interface, but you are running this on a cluster. To do that, you must use engine.tunnel_interface.add_cluster_virtual_interface. Like this:

engine = Engine('foo')

peering = BGPPeering.get_or_create(name='MyPeering')
ext_gw = ExternalGateway.get_or_create(name='MyexternalGW')

nodes=[{'address':'4.4.4.2', 'network_value':'4.4.4.0/24', 'nodeid':1},

      {'address':'4.4.4.3', 'network_value':'4.4.4.0/24', 'nodeid':2}]

engine.tunnel_interface.add_cluster_virtual_interface(
   interface_id=1020,
   cluster_virtual='4.4.4.1',
   network_value='4.4.4.0/24', 
   nodes=nodes) 

routing = engine.routing.get(1020)
routing.add_bgp_peering(peering, ext_gw)

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/smc-python/issues/38#issuecomment-434394663

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

meandus commented 6 years ago

Yes on 6.4.3 seems works.

I have to upgrade soon on 6.4.6 do you have try this version ?

Le 30 octobre 2018 18:31:51 GMT+01:00, David LePage notifications@github.com a écrit :

Hi Remy, You are using the method that adds a single layer 3 interface, but you are running this on a cluster. To do that, you must use engine.tunnel_interface.add_cluster_virtual_interface. Like this:

engine = Engine('foo')

peering = BGPPeering.get_or_create(name='MyPeering')
ext_gw = ExternalGateway.get_or_create(name='MyexternalGW')

nodes=[{'address':'4.4.4.2', 'network_value':'4.4.4.0/24', 'nodeid':1},

      {'address':'4.4.4.3', 'network_value':'4.4.4.0/24', 'nodeid':2}]

engine.tunnel_interface.add_cluster_virtual_interface(
   interface_id=1020,
   cluster_virtual='4.4.4.1',
   network_value='4.4.4.0/24', 
   nodes=nodes) 

routing = engine.routing.get(1020)
routing.add_bgp_peering(peering, ext_gw)

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/smc-python/issues/38#issuecomment-434394663

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Yes, this works with >= 6.4.2. smc-python will also be validated against 6.5 officially in the next week.

meandus commented 6 years ago

Good news !

Le 30 octobre 2018 19:56:03 GMT+01:00, David LePage notifications@github.com a écrit :

Yes, this works with >= 6.4.2. smc-python will also be validated against 6.5 officially in the next week.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/smc-python/issues/38#issuecomment-434423940

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.