Comments (11)
Hi @EtienneMILON can you show the full stacktrace or the error message?
from fp-ngfw-smc-python.
Hello @shibumi ,
I had the exception : "smc.api.exceptions.UpdateElementFailed: Impossible to store the element mycluster_test. Element appears invalid: mycluster_test Firewall Cluster has an invalid Physical Interface configuration: Interface 0. One relayed by DHCP CVI belongs to this Physical Interface but it has no defined enabled DHCP relay."
I use the following code:
engine = FirewallCluster.create(
name="mycluster_test",
cluster_virtual="1.1.1.1",
network_value="1.1.1.0/24",
interface_id=0,
macaddress="02:02:02:02:02:02",
nodes=[
{"address": "1.1.1.2", "network_value": "1.1.1.0/24", "nodeid": 1},
{"address": "1.1.1.3", "network_value": "1.1.1.0/24", "nodeid": 2},
],
domain_server_address=["1.1.1.1"],
is_cert_auto_renewal=True,
)
interface = engine.interface.get("0")
interface.dhcp_relay = {'element': ['dhcp_server_href'], 'enabled': True, 'max_packet_size': 576, 'trusted_circuit': False}
interface.save()
for one in interface.interfaces:
if one.typeof.lower() == "cluster_virtual_interface":
one.relayed_by_dhcp = True
one.save
break
engine.update()
I don't have error with this code but in the SMC the interface has no DHCP relay configured.
I use SMC 6.5.14.
Etienne
from fp-ngfw-smc-python.
Hello,
I do not know if it can helps you but here it is what I've done to make it works
"""
Add DHCP Relay on two vlan interface
Then it is mandatory to get again engine in order to have
most recent etag and engine details.
"""
engine_to_update = Layer3Firewall(engine_name_to_update)
intf = engine_to_update.interface.get(4)
# Get interface JSON
interface_details = SMCRequest(intf.href).read()
for vlan in interface_details.json['vlanInterfaces']:
if '4.20' in vlan['name'] \
or '4.25' in vlan['name']:
vlan['dhcp_relay'] = {"element": [dhcp_server_href],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False
}
vlan['interfaces'][0]['single_node_interface']['relayed_by_dhcp'] = True
SMCRequest(intf.href,
interface_details.json,
etag=intf.etag).update()
BR,
/Greg.
from fp-ngfw-smc-python.
Hello Greg,
You were right, it works with interface.update():
engine = Engine(name="engine_name")
interface = engine.interface.get("interface_id")
interface.update(
dhcp_relay={
"element": ["DHCP_server_href"],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False,
}
)
# And for the subinterface
sub_interface.update(relayed_by_dhcp=True)
I sometimes have exception but it works.
Could Forcepoint add it into fp-NGFW-SMC-python?
Best regards,
Etienne
from fp-ngfw-smc-python.
Hello @EtienneMILON ,
How do you get the DHCPServer href ?
I can get an Host Elements href, but I couldn't find how to get a Server Element href
Thanks
Regards
from fp-ngfw-smc-python.
Hello @alexnogard ,
Here is an example:
dhcp_server = DHCPServer.create(
name="My DHCP Server,
address="10.1.1.22")
dhcp_server_href = dhcp_server.href
BR,
/Greg
from fp-ngfw-smc-python.
Thanks @ggrimaux
It worked. The most complicate was to find the class :D.
Regards
from fp-ngfw-smc-python.
@ggrimaux Last question :
When I try to set the DHCP Relay on VLAN Int :
interface = engine.interface.get('0.10')
interface.update(
dhcp_relay={
"element": ["http://xxx:8082/6.5/elements/dhcp_server/3033","http://xxx:8082/6.5/elements/dhcp_server/3034"],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": Fal se,
}
)
I've this error :
smc.api.exceptions.UpdateElementFailed: Impossible to update the specified interface for the target FWESTCL. An element is invalid: There must be one and only one relayed IPv4 Address to support the DHCPv4 Relay settings of the VLAN 0.10 Physical Interface.
I made a test, I created a cluster Interface (id 10) and a vlan (id 10), empty, and it worked.
So I dont understand what it's not working on my vlan 0.10
Thanks for your help
from fp-ngfw-smc-python.
Hello,
As I understand, when there is a CVI for the interface you have to enable the "relayed_by_dhcp" option for the CVI.
For example:
interface = engine.interface.get('0.10')
for sub_interface in interface.interfaces:
if sub_interface.typeof.lower() == "cluster_virtual_interface":
sub_interface.update(relayed_by_dhcp=True)
break
I also have exceptions sometimes but it looks to work. I think these exceptions are more warning than error.
Best regards,
Etienne
from fp-ngfw-smc-python.
Hello,
Sorry for my late answer.
@EtienneMILON is right.
Here is what I just tested (just combined your code and @EtienneMILON one :))
my_engine = FirewallCluster("Greg-Test")
interface = my_engine.interface.get('1.10')
for sub_interface in interface.interfaces:
if sub_interface.typeof.lower() == "cluster_virtual_interface":
sub_interface.update(relayed_by_dhcp=True)
break
interface.update(
dhcp_relay={
"element": [DHCPServer("Greg DHCP 1").href,
DHCPServer("Greg DHCP 2").href],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": False,
}
)
I hope this will help you.
BR,
/Greg.
from fp-ngfw-smc-python.
Hello guys,
Sorry for late reply
Worked like a charm, many thanks :)
from fp-ngfw-smc-python.
Related Issues (20)
- How to communicate HTTPS to SMC API using SMC-Python? HOT 1
- Enable/Disable sites in Policy Based VPN Topology HOT 3
- How to collect logs of specific access rule on SMC? HOT 1
- Unable to install other dependancy because of pytz fixed version HOT 4
- Library versioning HOT 1
- Create fw_ipv4_access_rules with "AND" combination in source HOT 2
- VPN Gateway expiration date HOT 3
- Lock an smc element HOT 1
- Create users with password in InternalDomain HOT 11
- Wrong version number in "smc/__version__" HOT 1
- certificate verification warnings using the INI file for session creation HOT 2
- add an IP configuration on a tunnel interface without IP HOT 1
- ServerBackupTask fails HOT 2
- Viewing an Alias' references does not show the element referenced in the Alias, only the address. HOT 1
- Setting standby mode on a TunnelInterface HOT 5
- AttributeError when importing smc module HOT 9
- smc_monitoring: SessionNotFound HOT 13
- AttributeError: 'NoneType' object has no attribute 'href' HOT 4
- session.login: Failed to get username HOT 4
- role 'Manage Administrator' mandatory for read only API clients HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fp-ngfw-smc-python.