search

ktbyers / netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
MIT License
3.56k stars 1.3k forks source link

pfSense connector #2426

Closed Toxic-Waste- closed 8 months ago

Toxic-Waste- commented 3 years ago

Hi all,

Since there is a module for Palo Alto firewalls (and a big thanks for that, it works really well :)), I was wondering if there is a possibility to use netmiko to connect to pfSense firewalls aswell?

Since sshing into a pfSense allows you to update from the console, we would be able to use this for bulk upgrades on our pfSense firewalls.

Is there any possibility to use netmiko for this? Or does this require a whole lot of coding?

vimrichie commented 3 years ago

Hi,

Not sure if you were able to get your question answered elsewhere but I don't think this should be a problem using Netmiko. Kirk would have to confirm but with Netmiko you should be able to use the following:

net_connect.send_command( command_string=command, expect_string=r"EXPECTED OUTPUT", strip_prompt=False, strip_command=False )

Using expect_string till help out with scraping what is in the output and if you are expecting a specific output, you can then send another command etc.

Here is where you can do handling: https://github.com/ktbyers/netmiko/blob/develop/EXAMPLES.md#handling-commands-that-prompt-expect_string

Hope this helps. If anything you can turn on logging or use a debugger like ipdb to walk your code.

ktbyers commented 3 years ago

@Toxic-Waste- Can you show me what the CLI interaction for a pfSense device would look like (for what you are looking to do)?

Toxic-Waste- commented 3 years ago

@Toxic-Waste- Can you show me what the CLI interaction for a pfSense device would look like (for what you are looking to do)?

Of course :) Basically if you ssh to a pfSense, you get the following output:

PS > ssh admin@ Password for admin@: VMware Virtual Machine - Netgate Device ID:

Welcome to pfSense 2.5.1-RELEASE (amd64) on

WAN (wan) -> vmx0 -> v4: LAN (lan) -> vmx1 -> v4: MGMT (opt1) -> vmx2 -> v4:

0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell

Enter an option:

Basically the idea would be to actually trigger certain of the options (for example, 13, update from console) to be able to do mass upgrade on our pfSense base.

Is this something that could use a seperate class, or is it better to use generic connector?

youmansk commented 1 year ago

Was there ever a resolution for this? I guess the prompt could be "Enter an Option:"

ktbyers commented 1 year ago

You probably can do this from the generic SSH driver and then use read_channel() to read in the data that is present and use write_channel() with some logic to make your choice.

That should work.

@youmansk