search

gabstopper / smc-python

Forcepoint Security Management Center python library:(Moved to official Forcepoint repo)
https://github.com/Forcepoint/fp-NGFW-SMC-python
Apache License 2.0
29 stars 13 forks source link

Edit Internal endpoint do nothing #50

Closed ad1rie1 closed 5 years ago

ad1rie1 commented 5 years ago

Hello, I want to edit the Internal endpoint of an engine but engine.update() do nothing...

i have try to use InternalEndpoint.update() but it do nothing too .

I want to modify the name of internat endpoint but nothing in the doc to do that, do you know how to do that ?

Sample code : engine = Engine('NAME FIREWALL') for ie in engine.vpn.internal_endpoint:

print(ie)

        ie.ipsec_vpn = True
        ie.ssl_vpn_portal = False
        ie.ssl_vpn_tunnel = False
        if(ie.name == '192.168.1.248'):
            #ie.name = 'PDV-INTERNET-BOX'
            ie.enabled = True
            ie.nat_t = True
            ie.balancing_mode = 'active'
        elif(ie.name == '192.168.196.8'):
            #ie.name = 'PDV-INTERNET-4G'
            ie.enabled = True
            ie.nat_t = True
            ie.balancing_mode = 'active'
        ie.update()

    engine.update()

In the documentation it say : If I want to enable VPN on interface 0, you can obtain the right endpoint and enable:

for ie in engine.vpn.internal_endpoint: ... if ie.interface_id == '0': ... ie.ipsec_vpn = True Note Once you've enabled the interface for VPN, you must also call engine.update() to commit the change

gabstopper commented 5 years ago

Hi, There are seveeral ways to update (i.e. enable) the internal VPN endpoint on an interface. You can iterate:

engine = Engine('ospfengine')
for internal_endpoint in engine.vpn.internal_endpoint:
    print(internal_endpoint)
    internal_endpoint.update(enabled=True)

Or optionally fetch the interface directly. The naming of an internal endpoint is the same as what you would see in the SMC:

image

Then to operate on the internal endpoint of '1.1.1.1':

engine = Engine('ospfengine')
my_interface = engine.vpn.internal_endpoint.get_exact('1.1.1.1')
print(my_interface)
my_interface.update(enabled=True)

image

If you want to operate on multiple attributes of the internal endpoint, set them in the update command:

engine = Engine('ospfengine')
my_interface = engine.vpn.internal_endpoint.get_exact('1.1.1.1')
pprint(vars(my_interface.data))

my_interface.update(enabled=True,ipsec_vpn=True,force_nat_t=True,ssl_vpn_portal=False,ssl_vpn_tunnel=False)
ad1rie1 commented 5 years ago

Thank you it's working like charm :) it can be good to update the documentation with this ;)

gabstopper commented 5 years ago

Done. Thanks for the feedback!