Node initiated connection

gabstopper / smc-python

Forcepoint Security Management Center python library:(Moved to official Forcepoint repo)

https://github.com/Forcepoint/fp-NGFW-SMC-python

Apache License 2.0

29 stars 13 forks source link

Node initiated connection #51

Closed ad1rie1 closed 5 years ago

ad1rie1 commented 5 years ago

Hello,

I want to set node to initiate connection ,

i have find : reverse_connection="false" on node connection interface but nothing in DATA of node for an engine.

Do you know where this flag is ?

<firewall_node activate_test="true" db_key="5661" disabled="false" guid="{e57780dd-c256-48bd-978d-88443247525c}" name="PDV-1184 node 2" nodeid="2">

        <node_interface auth_request_source="false" automatic_default_route="false" backup_for_web_access="false" backup_heartbeat="false" backup_mgt="false" db_key="2330" domain_specific_dns_queries_source="false" dynamic_ip="false" igmp_mode="none" name="NDI-0.9-10.66.29.246" network_value="10.66.29.0/24" nicid="0.9" nodeid="2" outgoing="true" pppoa="false" pppoe="false" primary_for_web_access="false" primary_heartbeat="false" primary_mgt="true" rank="0" reverse_connection="false" vrrp="false">
            <mvia_address address="10.66.29.246"/>
        </node_interface>`

gabstopper commented 5 years ago

Reverse connection is present on the properties of the interface. I see it in the above output. If you want to set reverse connection, you need to first grab the interface that is set for primary management, and set reverse_connection=True on the sub interfaces.

This will affect this setting:

For example:

firewall = Layer3Firewall('myfw')
primary_mgt_interface = firewall.interface_options.primary_mgt # <- get the primary mgt intf id
interface = firewall.interface.get(primary_mgt_interface) # <- retrieve the interface
for node in interface.interfaces: # <- iterate the nodes of that interface and set value/s
    node.update(reverse_connection=True)
interface.update() # <- call update on the interface directly

Results in:

ad1rie1 commented 5 years ago

my hero ! 💃, thank you i have try to Browse all sub interface and alle sub interface VLAN but your code is mush more clean :)

ad1rie1 commented 5 years ago

Hello, i have test ans i have some issue :

smc.api.exceptions.UpdateElementFailed: Invalid JSON format: At line 1 and column 524, reverse_connection is not recognized as JSON attribute.

With the code : engine.interface_options.set_primary_mgt('4') engine.interface_options.set_backup_mgt('0.9') primary_mgt_interface = engine.interface_options.primary_mgt # <- get the primary mgt intf id interface = engine.interface.get(primary_mgt_interface) # <- retrieve the interface for node in interface.interfaces: # <- iterate the nodes of that interface and set value/s node.update(reverse_connection=True) interface.update()

ad1rie1 commented 5 years ago

I have addes something like this for make an exection on non node interfaces: for node in interface.interfaces: # <- iterate the nodes of that interface and set value/s if node.typeof != 'cluster_virtual_interface': node.update(reverse_connection=True)

But after that, Initiate connection is not ticked in the SMC :/

if i reload the engine in script, i see reverse_connection=True on node interface

i miss something ?