Comments (5)
EtienneMILON
commented on July 25, 2024
Hello,
I don't use SMC 6.8 but in my opinion there is two things that may be "wrong" in your code:
- Action is in "rule.action.action"
- SubPolicy cannot have IPS rules, only FW rules (so rule.action.sub_policy.fw_ipv4_access_rules)
Does it help?
Etienne
from fp-ngfw-smc-python.
xschlef
commented on July 25, 2024
Sorry that you had to wait so long:
Action is in "rule.action.action"
action is a local variable in this case, that contains rule.action.action
SubPolicy cannot have IPS rules, only FW rules (so rule.action.sub_policy.fw_ipv4_access_rules)
<class 'smc.base.model.SubIpv4IpsPolicyDynamic'> object has no attribute 'fw_ipv4_access_rules'>
print(type(rule.action.sub_policy))
<class 'smc.base.model.SubIpv4IpsPolicyDynamic'>
print(vars(rule.action.sub_policy.data))
{
"_etag": '"OTY0MTM3MTE2MjE1MDYxNzA4NDU="',
"data": {
"key": 96,
"link": [
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96",
"rel": "self",
"type": "sub_ipv4_ips_policy",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/export",
"rel": "export",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/history",
"rel": "history",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/search_category_tags_from_element",
"rel": "search_category_tags_from_element",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/duplicate",
"rel": "duplicate",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/force_unlock",
"rel": "force_unlock",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/search_rule",
"rel": "search_rule",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/duplicate_as_l2_interface",
"rel": "duplicate_as_l2_interface",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/open",
"rel": "open",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/save",
"rel": "save",
},
{
"href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/ips_ipv4_access_rule",
"rel": "ips_ipv4_access_rules",
"type": "ips_ipv4_access_rule",
},
],
"name": "Land/Region",
"read_only": False,
"system": False,
"system_key": -1,
},
}
if I interpret the data correctly, there should be a list of access rules at rule.action.sub_policy.ips_ipv4_access_rules
or am I missing something important?
from fp-ngfw-smc-python.
thomasdevulder
commented on July 25, 2024
Sorry that you had to wait so long:
Action is in "rule.action.action"
action is a local variable in this case, that contains rule.action.actionSubPolicy cannot have IPS rules, only FW rules (so rule.action.sub_policy.fw_ipv4_access_rules)
<class 'smc.base.model.SubIpv4IpsPolicyDynamic'> object has no attribute 'fw_ipv4_access_rules'>
print(type(rule.action.sub_policy)) <class 'smc.base.model.SubIpv4IpsPolicyDynamic'> print(vars(rule.action.sub_policy.data)) { "_etag": '"OTY0MTM3MTE2MjE1MDYxNzA4NDU="', "data": { "key": 96, "link": [ { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96", "rel": "self", "type": "sub_ipv4_ips_policy", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/export", "rel": "export", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/history", "rel": "history", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/search_category_tags_from_element", "rel": "search_category_tags_from_element", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/duplicate", "rel": "duplicate", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/force_unlock", "rel": "force_unlock", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/search_rule", "rel": "search_rule", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/duplicate_as_l2_interface", "rel": "duplicate_as_l2_interface", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/open", "rel": "open", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/save", "rel": "save", }, { "href": "https://...:8082/6.5/elements/sub_ipv4_ips_policy/96/ips_ipv4_access_rule", "rel": "ips_ipv4_access_rules", "type": "ips_ipv4_access_rule", }, ], "name": "Land/Region", "read_only": False, "system": False, "system_key": -1, }, }if I interpret the data correctly, there should be a list of access rules at
rule.action.sub_policy.ips_ipv4_access_rules
or am I missing something important?
You are right, rule.action.sub_policy.ips_ipv4_access_rules should return a list of rules..
It seems due to SubIpv4IpsPolicyDynamic element is dynamically created and doesn't support ips_ipv4_access_rule..
I created an issue in Forcepoint Github Enterprise.
Thomas.
from fp-ngfw-smc-python.
thomasdevulder
commented on July 25, 2024
Issue is fixed and will be published in next release
you will be able to retrieve IPS sub rules using: (@see examples/sub_policies.py)
# retrieve rules for ips sub policy
jump_rule = ips_policy.search_rule("ips_jump_rule")
if jump_rule[0].action.action[0] == "jump":
for r in jump_rule[0].action.sub_policy.ips_ipv4_access_rules.all():
print("sub ips rule:{}".format(r))
from fp-ngfw-smc-python.
xschlef
commented on July 25, 2024
Thanks. I will close the issue once I am able to check.
from fp-ngfw-smc-python.
Related Issues (20)
- How to communicate HTTPS to SMC API using SMC-Python? HOT 1
- Enable/Disable sites in Policy Based VPN Topology HOT 8
- How to collect logs of specific access rule on SMC? HOT 1
- Unable to install other dependancy because of pytz fixed version HOT 4
- Library versioning HOT 1
- Create fw_ipv4_access_rules with "AND" combination in source HOT 2
- VPN Gateway expiration date HOT 3
- Lock an smc element HOT 1
- Create users with password in InternalDomain HOT 11
- Wrong version number in "smc/__version__" HOT 1
- certificate verification warnings using the INI file for session creation HOT 2
- add an IP configuration on a tunnel interface without IP HOT 1
- ServerBackupTask fails HOT 2
- Viewing an Alias' references does not show the element referenced in the Alias, only the address. HOT 1
- Setting standby mode on a TunnelInterface HOT 5
- AttributeError when importing smc module HOT 9
- smc_monitoring: SessionNotFound HOT 13
- AttributeError: 'NoneType' object has no attribute 'href' HOT 4
- session.login: Failed to get username HOT 4
- role 'Manage Administrator' mandatory for read only API clients HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fp-ngfw-smc-python.