Security Policies¶
-
class
firepyer.Fdm -
create_access_rule(name: str, action: str, src_zones: List[str] = [], src_networks: List[str] = [], src_ports: List[str] = [], dst_zones: List[str] = [], dst_networks: List[str] = [], dst_ports: List[str] = [], int_policy: str = None, syslog: str = None, log: str = '') → dict¶ Create an AccessRule to be used in the main Access Policy. If any optional src/dst values are not provided, they are treated as an ‘any’
- Parameters
name (str) – Name of the AccessRule
action (str) – The action the rule should take if matched, should be one of [‘PERMIT’, ‘TRUST’, ‘DENY’]
src_zones (list, optional) – List of names of source Security Zones, defaults to []
src_networks (list, optional) – List of names of source networks, names can be of either NetworkObject or NetworkGroup, defaults to []
src_ports (list, optional) – List of names of source ports, names can be of either tcp/udp PortObject or PortGroup, defaults to []
dst_zones (list, optional) – List of destination Security Zones, defaults to []
dst_networks (list, optional) – List of names of destination networks, names can be of either NetworkObject or NetworkGroup, defaults to []
dst_ports (list, optional) – List of names of destination ports, names can be of either tcp/udp PortObject or PortGroup, defaults to []
int_policy (str, optional) – Name of an IntrusionPolicy to apply to the rule, defaults to None
syslog (str, optional) – Name of a SyslogServer to log the rule to, in the format of IP:PORT, defaults to None
log (str, optional) – Log the rule at start and end of connection, end of connection, or no log, should be one of [‘BOTH’, ‘END’, ‘’], defaults to ‘’
- Raises
ResourceNotFound – If any of the object names passed in cannot be found e.g. a source network or dest port has not been created
- Returns
The AccessRule object that has been created
- Return type
dict
>>> fdm.create_access_rule('my-http-rule', 'PERMIT', src_zones=['inside_zone'], dst_zones=['outside_zone'], src_networks=['Host1-NIC1'], dst_networks=['GROUP-ALL-HOSTS'], dst_ports=['HTTP'], int_policy='Maximum Detection', log='both') {'destinationDynamicObjects': [], 'destinationNetworks': [{'id': '2904a9b9-4db6-11eb-aab5-93170f9c3b34', 'name': 'GROUP-ALL-HOSTS', 'type': 'networkobjectgroup', 'version': '3zkyarvfx3qx'}], 'destinationPorts': [{'id': '18312adc-38bb-11e2-86aa-62f0c593a59a', 'name': 'HTTP', 'type': 'tcpportobject', 'version': 'jfkuxugpghogc'}], 'destinationZones': [{'id': 'b1af33e1-b3e5-11e5-8db8-afdc0be5453e', 'name': 'outside_zone', 'type': 'securityzone', 'version': 'chx6737ygiktz'}], 'embeddedAppFilter': None, 'eventLogAction': 'LOG_BOTH', 'filePolicy': None, 'id': '8dfa08d4-7945-11eb-b948-03b19829b466', 'identitySources': [], 'intrusionPolicy': {'id': '80875699-4d44-11eb-9e04-190e1a7b8344', 'name': 'Maximum Detection', 'type': 'intrusionpolicy', 'version': 'nlypnji4gaseu'}, 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/accesspolicies/c78e66bc-cb57-43fe-bcbf-96b79b3475b3/accessrules/8dfa08d4-7945-11eb-b948-03b19829b466'}, 'logFiles': False, 'name': 'my-http-rule', 'ruleAction': 'PERMIT', 'ruleId': 268435507, 'sourceDynamicObjects': [], 'sourceNetworks': [{'id': '9f42dab3-4db5-11eb-aab5-19160f885ae8', 'name': 'Host1-NIC1', 'type': 'networkobject', 'version': 'jpfwstwwapru5'}], 'sourcePorts': [], 'sourceZones': [{'id': '90c377e0-b3e5-11e5-8db8-651556da7898', 'name': 'inside_zone', 'type': 'securityzone', 'version': 'm6c22ydlemewj'}], 'syslogServer': None, 'timeRangeObjects': [], 'type': 'accessrule', 'urlFilter': None, 'users': [], 'version': 'kazwzgi6htvr5'}
-
delete_access_rule(rule_id: str) → bool¶ Delete an AccessRule
- Parameters
rule_id (str) – AccessRule id
- Raises
FirepyerResourceNotFound – If an AccessRule with the given id does not exist
- Returns
True if the object is successfully deleted
- Return type
bool
-
get_access_rules(name='')¶ Gets all AccessRules or a single AccessRule if a name is provided
- Parameters
name (str, optional) – The name of the AccessRule to find, defaults to ‘’
- Returns
A list of all AccessRules if no name is provided, or a dict of the single AccessRules with the given name
- Return type
list|dict
>>> fdm.get_access_rules() [{'destinationDynamicObjects': [], 'destinationNetworks': [{'id': '2904a9b9-4db6-11eb-aab5-93170f9c3b34', 'name': 'GROUP-ALL-HOSTS', 'type': 'networkobjectgroup', 'version': 'i4oe7b4lpaxos'}], 'destinationPorts': [{'id': '18312adc-38bb-11e2-86aa-62f0c593a59a', 'name': 'HTTP', 'type': 'tcpportobject', 'version': 'jfkuxugpghogc'}], 'destinationZones': [{'id': 'b1af33e1-b3e5-11e5-8db8-afdc0be5453e', 'name': 'outside_zone', 'type': 'securityzone', 'version': 'chx6737ygiktz'}], 'embeddedAppFilter': None, 'eventLogAction': 'LOG_FLOW_END', 'filePolicy': None, 'id': '5c405b75-5105-11eb-aab5-0140ccd4feb7', 'identitySources': [], 'intrusionPolicy': {'id': '80875699-4d44-11eb-9e04-190e1a7b8344', 'name': 'Maximum Detection', 'type': 'intrusionpolicy', 'version': 'nlypnji4gaseu'}, 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/accesspolicies/c78e66bc-cb57-43fe-bcbf-96b79b3475b3/accessrules/5c405b75-5105-11eb-aab5-0140ccd4feb7'}, 'logFiles': False, 'name': 'very-secure-rule', 'ruleAction': 'PERMIT', 'ruleId': 268435505, 'sourceDynamicObjects': [], 'sourceNetworks': [{'id': '9f42dab3-4db5-11eb-aab5-19160f885ae8', 'name': 'Host1-NIC1', 'type': 'networkobject', 'version': 'jpfwstwwapru5'}], 'sourcePorts': [], 'sourceZones': [{'id': '90c377e0-b3e5-11e5-8db8-651556da7898', 'name': 'inside_zone', 'type': 'securityzone', 'version': 'm6c22ydlemewj'}], 'syslogServer': None, 'timeRangeObjects': [], 'type': 'accessrule', 'urlFilter': {'type': 'embeddedurlfilter', 'urlCategories': [], 'urlObjects': []}, 'users': [], 'version': 'hjxr5d7i3mg5s'}]
-
get_intrusion_policies(name='')¶ Gets all IntrusionPolicies or a single IntrusionPolicy if a name is provided
- Parameters
name (str, optional) – The name of the IntrusionPolicy to find, defaults to ‘’
- Returns
A list of all IntrusionPolicies if no name is provided, or a dict of the single IntrusionPolicy with the given name
- Return type
list|dict
>>> fdm.get_intrusion_policies() [{'description': 'Security Over Connectivity Layer', 'id': '6a75c525-4d44-11eb-9e04-6f0a2ca42b30', 'inspectionMode': 'PREVENTION', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/6a75c525-4d44-11eb-9e04-6f0a2ca42b30'}, 'name': 'Security Over Connectivity', 'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/6a75c525-4d44-11eb-9e04-6f0a2ca42b30/intrusionrules'}}, 'type': 'intrusionpolicy', 'version': 'm7z67ffrxabw'}, {'description': 'Balanced Security and Connectivity Layer', 'id': '7481ca70-4d44-11eb-9e04-af619bd5bf8e', 'inspectionMode': 'PREVENTION', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7481ca70-4d44-11eb-9e04-af619bd5bf8e'}, 'name': 'Balanced Security and Connectivity', 'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7481ca70-4d44-11eb-9e04-af619bd5bf8e/intrusionrules'}}, 'type': 'intrusionpolicy', 'version': 'j6fstu4h5qlna'}, {'description': 'Connectivity Over Security Layer', 'id': '7bce629b-4d44-11eb-9e04-77616a49e58c', 'inspectionMode': 'PREVENTION', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7bce629b-4d44-11eb-9e04-77616a49e58c'}, 'name': 'Connectivity Over Security', 'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7bce629b-4d44-11eb-9e04-77616a49e58c/intrusionrules'}}, 'type': 'intrusionpolicy', 'version': 'phs2e2tlvyhdn'}, {'description': 'Maximum Detection Layer', 'id': '80875699-4d44-11eb-9e04-190e1a7b8344', 'inspectionMode': 'PREVENTION', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/80875699-4d44-11eb-9e04-190e1a7b8344'}, 'name': 'Maximum Detection', 'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/80875699-4d44-11eb-9e04-190e1a7b8344/intrusionrules'}}, 'type': 'intrusionpolicy', 'version': 'nlypnji4gaseu'}
-