Giter Club home page Giter Club logo

Comments (11)

shibumi avatar shibumi commented on June 26, 2024

Hi @EtienneMILON can you show the full stacktrace or the error message?

from fp-ngfw-smc-python.

EtienneMILON avatar EtienneMILON commented on June 26, 2024

Hello @shibumi ,

I had the exception : "smc.api.exceptions.UpdateElementFailed: Impossible to store the element mycluster_test. Element appears invalid: mycluster_test Firewall Cluster has an invalid Physical Interface configuration: Interface 0. One relayed by DHCP CVI belongs to this Physical Interface but it has no defined enabled DHCP relay."

I use the following code:

engine = FirewallCluster.create(
    name="mycluster_test",
    cluster_virtual="1.1.1.1",
    network_value="1.1.1.0/24",
    interface_id=0,
    macaddress="02:02:02:02:02:02",
    nodes=[
        {"address": "1.1.1.2", "network_value": "1.1.1.0/24", "nodeid": 1},
        {"address": "1.1.1.3", "network_value": "1.1.1.0/24", "nodeid": 2},
    ],
    domain_server_address=["1.1.1.1"],
    is_cert_auto_renewal=True,
)

interface = engine.interface.get("0")
interface.dhcp_relay = {'element': ['dhcp_server_href'], 'enabled': True, 'max_packet_size': 576, 'trusted_circuit': False}
interface.save()

for one in interface.interfaces:
    if one.typeof.lower() == "cluster_virtual_interface":
        one.relayed_by_dhcp = True
        one.save
        break

engine.update()

I don't have error with this code but in the SMC the interface has no DHCP relay configured.
I use SMC 6.5.14.

Etienne

from fp-ngfw-smc-python.

ggrimaux avatar ggrimaux commented on June 26, 2024

Hello,

I do not know if it can helps you but here it is what I've done to make it works

        """
        Add DHCP Relay on two vlan interface
        Then it is mandatory to get again engine in order to have 
        most recent etag and engine details. 
        """
        engine_to_update = Layer3Firewall(engine_name_to_update)
        intf = engine_to_update.interface.get(4)
        # Get interface JSON
        interface_details = SMCRequest(intf.href).read()
        for vlan in interface_details.json['vlanInterfaces']:
            if '4.20' in vlan['name'] \
               or '4.25' in vlan['name']:
                vlan['dhcp_relay'] = {"element": [dhcp_server_href],
                                      "enabled": True,
                                      "max_packet_size": 576,
                                      "trusted_circuit": False
                                      }
                vlan['interfaces'][0]['single_node_interface']['relayed_by_dhcp'] = True

        SMCRequest(intf.href,
                   interface_details.json,
                   etag=intf.etag).update()

BR,
/Greg.

from fp-ngfw-smc-python.

EtienneMILON avatar EtienneMILON commented on June 26, 2024

Hello Greg,

You were right, it works with interface.update():

engine = Engine(name="engine_name")
interface = engine.interface.get("interface_id")
interface.update(
    dhcp_relay={
        "element": ["DHCP_server_href"],
        "enabled": True,
        "max_packet_size": 576,
        "trusted_circuit": False,
    }
)
# And for the subinterface
sub_interface.update(relayed_by_dhcp=True)

I sometimes have exception but it works.
Could Forcepoint add it into fp-NGFW-SMC-python?

Best regards,
Etienne

from fp-ngfw-smc-python.

alexnogard avatar alexnogard commented on June 26, 2024

Hello @EtienneMILON ,
How do you get the DHCPServer href ?

I can get an Host Elements href, but I couldn't find how to get a Server Element href

Thanks
Regards

from fp-ngfw-smc-python.

ggrimaux avatar ggrimaux commented on June 26, 2024

Hello @alexnogard ,

Here is an example:

dhcp_server = DHCPServer.create(
            name="My DHCP Server,
            address="10.1.1.22")
dhcp_server_href = dhcp_server.href

BR,
/Greg

from fp-ngfw-smc-python.

alexnogard avatar alexnogard commented on June 26, 2024

Thanks @ggrimaux
It worked. The most complicate was to find the class :D.

Regards

from fp-ngfw-smc-python.

alexnogard avatar alexnogard commented on June 26, 2024

@ggrimaux Last question :

When I try to set the DHCP Relay on VLAN Int :

interface = engine.interface.get('0.10')
interface.update(
dhcp_relay={
"element": ["http://xxx:8082/6.5/elements/dhcp_server/3033","http://xxx:8082/6.5/elements/dhcp_server/3034"],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": Fal se,
}
)

I've this error :
smc.api.exceptions.UpdateElementFailed: Impossible to update the specified interface for the target FWESTCL. An element is invalid: There must be one and only one relayed IPv4 Address to support the DHCPv4 Relay settings of the VLAN 0.10 Physical Interface.

I made a test, I created a cluster Interface (id 10) and a vlan (id 10), empty, and it worked.

imagen

So I dont understand what it's not working on my vlan 0.10

Thanks for your help

from fp-ngfw-smc-python.

EtienneMILON avatar EtienneMILON commented on June 26, 2024

Hello,

As I understand, when there is a CVI for the interface you have to enable the "relayed_by_dhcp" option for the CVI.
For example:

interface = engine.interface.get('0.10')
for sub_interface in interface.interfaces:
    if sub_interface.typeof.lower() == "cluster_virtual_interface":
        sub_interface.update(relayed_by_dhcp=True)
        break

I also have exceptions sometimes but it looks to work. I think these exceptions are more warning than error.

Best regards,
Etienne

from fp-ngfw-smc-python.

ggrimaux avatar ggrimaux commented on June 26, 2024

Hello,

Sorry for my late answer.

@EtienneMILON is right.
Here is what I just tested (just combined your code and @EtienneMILON one :))

my_engine = FirewallCluster("Greg-Test")

interface = my_engine.interface.get('1.10')
for sub_interface in interface.interfaces:
    if sub_interface.typeof.lower() == "cluster_virtual_interface":
        sub_interface.update(relayed_by_dhcp=True)
        break
interface.update(
    dhcp_relay={
        "element": [DHCPServer("Greg DHCP 1").href,
                    DHCPServer("Greg DHCP 2").href],
        "enabled": True,
        "max_packet_size": 576,
        "trusted_circuit": False,
    }
)

image

I hope this will help you.

BR,
/Greg.

from fp-ngfw-smc-python.

alexnogard avatar alexnogard commented on June 26, 2024

Hello guys,
Sorry for late reply
Worked like a charm, many thanks :)

from fp-ngfw-smc-python.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.