Comments (19)
Hello,
Please provide more details. Do you have an error?
Also we need at least content of you CSV file or at least first line.
Then which SMC version, and which SMC API version?
BR,
/Greg
from fp-ngfw-smc-python.
This is the file " https://drive.google.com/file/d/1zvroXbExeJm9iB1dVAYZ645YzZbdOb4r/view?usp=sharing "
and this is the error
"
File "c:/Users/Amr/Desktop/policyCreate.py", line 78, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 49, in main
createrule()
File "c:/Users/Amr/Desktop/policyCreate.py", line 66, in createrule
policy.fw_ipv4_access_rules.create(name=line[0], sources=line[1], destinations=line[2], services=line[3], action=line[4])
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 413, in update_targets
service.add_many(services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
"
from fp-ngfw-smc-python.
The error seems to be related to services. You have TCPService('SSH') but it is read a string. So it does not resolve the service.
At least I guess it is the problem.
If you remove this line can you confirm that others rules are created?
TIA.
BR,
/Greg
from fp-ngfw-smc-python.
I changed the service to any and there was a new error
"
File "c:/Users/Amr/Desktop/policyCreate.py", line 78, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 49, in main
createrule()
File "c:/Users/Amr/Desktop/policyCreate.py", line 66, in createrule
policy.fw_ipv4_access_rules.create(name=line[0], sources=line[1], destinations=line[2], services=line[3], action=line[4])
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 578, in create
rule_action = self._get_action(action)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 463, in _get_action
raise CreateRuleFailed('Action specified is not valid for this '
smc.api.exceptions.CreateRuleFailed: Action specified is not valid for this rule type; action: permit
"
from fp-ngfw-smc-python.
In order to create element from CSV file I found this on google:
Then please make sure permit is an action available in GUI. For Firewall Policy there is 'allow' but not 'permit'
BR,
/Greg
from fp-ngfw-smc-python.
I did all off these before and they are all working, I need to create rules in an ipv4 access policy
from fp-ngfw-smc-python.
Please if it is working can you help me with the code!
from fp-ngfw-smc-python.
So permit is not allowed for L3 Firewall policy. So it means you are working with Inpsection policy right?
Then there is a not needed space in you CSV with make an issue since any is not recognized. And TCPService cannot be recognized since it needs to be the object and not a string.
['222', 'any', 'any', 'any', 'allow']
['223', 'any', 'any', 'any', 'allow']
['224', 'any', 'any', 'any', 'allow']
['221', 'any', 'any', "TCPService('SSH')", 'discard']
Traceback (most recent call last):
File "/home/gregory/clone/staging_fixes/qaet/lib/python/customer_scripts_python/fake.py", line 30, in <module>
policy.fw_ipv4_access_rules.create(name=line[0],
File "/usr/local/lib/python3.8/dist-packages/smc/policy/rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "/usr/local/lib/python3.8/dist-packages/smc/policy/rule.py", line 413, in update_targets
service.add_many(services)
File "/usr/local/lib/python3.8/dist-packages/smc/policy/rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
from fp-ngfw-smc-python.
Here is an example about how to resolve TCPService
for line in csv_reader:
# row variable is a list that represents a row in csv
print(line)
services=line[3]
if services.__contains__('TCPService'):
service = TCPService(re.search('\\((.*)\\)',
services).group(1))
services = [service]
policy.fw_ipv4_access_rules.create(name=line[0],
sources=line[1],
destinations=line[2],
services=services,
action=line[4])
But example from last web site looks much more better.
from fp-ngfw-smc-python.
I tried the code and this is the new error
"
['221', 'any', 'any', "TCPService('SSH')", 'discard']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/policyCreate.py", line 93, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 52, in main
createrule()
File "c:/Users/Amr/Desktop/policyCreate.py", line 83, in createrule
service = TCPService(re.search('\((.*)\)',
NameError: name 'TCPService' is not defined
"
from fp-ngfw-smc-python.
did you added the corresponding import?
- from smc.elements.service import TCPService
BR,
/Greg
from fp-ngfw-smc-python.
I tried the import and got a new error
"
['221', 'any', 'any', 'any', 'discard']
['222', 'any', 'any', "TCPService('SSH')", 'allow']
['223', 'any', 'any ', 'any', 'allow']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/policyCreate.py", line 95, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 54, in main
File "c:/Users/Amr/Desktop/policyCreate.py", line 88, in createrule
policy.fw_ipv4_access_rules.create(name=line[0],
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 405, in update_targets
destination.add_many(destinations)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
PS C:\Users\Amr> & python c:/Users/Amr/Desktop/policyCreate.py
Connected
!!! You must choose a file to continue !!!
Explorer Window will open in 2 seconds
['221', 'any', 'any', 'any', 'discard']
['222', 'any', 'any', "TCPService('SSH')", 'allow']
['223', 'any', 'any ', 'any', 'allow']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/policyCreate.py", line 95, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 54, in main
File "c:/Users/Amr/Desktop/policyCreate.py", line 88, in createrule
policy.fw_ipv4_access_rules.create(name=line[0],
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 405, in update_targets
destination.add_many(destinations)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
PS C:\Users\Amr> & python c:/Users/Amr/Desktop/policyCreate.py
Connected
!!! You must choose a file to continue !!!
Explorer Window will open in 2 seconds
['221', 'any', 'any', 'any', 'discard']
['222', 'any', 'any', '"TCPService('SSH')"', 'allow']
['223', 'any', 'any ', 'any', 'allow']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/policyCreate.py", line 95, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 54, in main
PS C:\Users\Amr> & python c:/Users/Amr/Desktop/policyCreate.py
Connected
!!! You must choose a file to continue !!!
Explorer Window will open in 2 seconds
['221', 'any', 'any', 'any', 'discard']
['222', 'any', 'any', "TCPService('SSH')", 'allow']
['223', 'any', 'any ', 'any', 'allow']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/policyCreate.py", line 95, in
main()
File "c:/Users/Amr/Desktop/policyCreate.py", line 54, in main
createrule()
File "c:/Users/Amr/Desktop/policyCreate.py", line 88, in createrule
policy.fw_ipv4_access_rules.create(name=line[0],
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 405, in update_targets
destination.add_many(destinations)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
"
from fp-ngfw-smc-python.
Did you removed the additional space in the CSV file?
Otherwise any is not resolved properly.
BR,
/Greg.
from fp-ngfw-smc-python.
Yes I checked that the csv file doesn't have any spaces
from fp-ngfw-smc-python.
Well strange for me this code works fine.
from smc.policy.layer3 import FirewallPolicy
from smc.elements.service import TCPService
from csv import reader
from smc import session
import re
policy_test_name = "Test - Greg"
session.login(url=SMCURL,
login=SMC_USER,
pwd=SMC_PWD,
api_version='6.5',
timeout=380)
if not FirewallPolicy.objects.filter(policy_test_name):
policy = FirewallPolicy.create(name=policy_test_name)
else:
policy = FirewallPolicy(policy_test_name)
print("policy already exist")
with open('/home/gregory/Downloads/policy1.csv', 'r') as read_obj:
# pass the file object to reader() to get the reader object
csv_reader = reader(read_obj)
header = next(csv_reader)
# Iterate over each row in the csv using reader object
if header != None:
# Iterate over each row after the header in the csv
for line in csv_reader:
# row variable is a list that represents a row in csv
print(line)
services=line[3]
if services.__contains__('TCPService'):
service = TCPService(re.search('\\(\'(.*)\'\\)',
services).group(1))
services = [service]
policy.fw_ipv4_access_rules.create(name=line[0],
sources=line[1],
destinations=line[2],
services=services,
action=line[4])
session.logout()
CSV file:
rule_name,source,dest,service,action
222,any,any,any,allow
223,any,any,any,allow
224,any,any,any,allow
221,any,any,TCPService('SSH'),discard
BR,
/Greg
from fp-ngfw-smc-python.
it worked but whenever I change source or destination or use UDP service, an error happens
from fp-ngfw-smc-python.
Did you added UDPService resolving? As I said the code I've shared with you is not optimal.
Please take a look at
BR,
/Greg
from fp-ngfw-smc-python.
I have a new error
"
policy already exist
['221', 'any', 'any', "TCPService('HTTP')", 'allow']
['222', 'any', 'any', "UDPService('LDAP (UDP)')", 'allow']
['223', 'any', 'any', "UDPService('TFTP')", 'allow']
['224', '192.168.1.122', 'any', "TCPService('HTTPS')", 'discard']
Traceback (most recent call last):
File "c:/Users/Amr/Desktop/tryGITHub.py", line 47, in
policy.fw_ipv4_access_rules.create(name=line[0],
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 576, in create
rule_values = self.update_targets(sources, destinations, services)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule.py", line 397, in update_targets
source.add_many(sources)
File "C:\Program Files (x86)\Python38-32\lib\site-packages\smc\policy\rule_elements.py", line 99, in add_many
assert isinstance(data, list), "Incorrect format. Expecting list."
AssertionError: Incorrect format. Expecting list.
"
CSV File
rule_name | source | dest | service | action |
---|---|---|---|---|
221 | any | any | TCPService('HTTP') | allow |
222 | any | any | UDPService('LDAP (UDP)') | allow |
223 | any | any | UDPService('TFTP') | allow |
224 | 192.168.1.122 | any | TCPService('HTTPS') | discard |
225 | any | any | ICMPService('ICMP') | allow |
from fp-ngfw-smc-python.
Well we need to find a way to search element you are expecting as source.
For me you have to define element in CSV differently:
- Object:name example: TCPServer:HTTP OR Host:host_1 OR Network:network_1
So when you read the column you can check if it is any. If not then resolve the element with something similar as https://alexnogard.com/playing-with-forcepoint-api-smc-python/. Having the name of element truly simplify things. Of course it should be possible to search by IP.
BR,
/Greg
from fp-ngfw-smc-python.
Related Issues (20)
- Lock an smc element HOT 1
- Create users with password in InternalDomain HOT 11
- Wrong version number in "smc/__version__" HOT 1
- certificate verification warnings using the INI file for session creation HOT 2
- add an IP configuration on a tunnel interface without IP HOT 1
- ServerBackupTask fails HOT 2
- Viewing an Alias' references does not show the element referenced in the Alias, only the address. HOT 1
- Setting standby mode on a TunnelInterface HOT 5
- AttributeError when importing smc module HOT 9
- smc_monitoring: SessionNotFound HOT 13
- AttributeError: 'NoneType' object has no attribute 'href' HOT 4
- session.login: Failed to get username HOT 4
- role 'Manage Administrator' mandatory for read only API clients HOT 1
- How add Exceptions on Phase-1ID in Engine Endpoints HOT 1
- How change tunnel Mode in PolicyVPN HOT 3
- Error with 'interface_id' from InternalEndpoint element HOT 10
- Search a firewall policy similarly to "Search Rules" function in SMC GUI HOT 1
- Route-Based VPN Creation Error HOT 7
- multiples sessions HOT 2
- engine.routing_monitoring Error HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fp-ngfw-smc-python.