System Settings & Tasks¶
General system settings.
Config Import/Export¶
-
class
firepyer.Fdm -
apply_config_import(remote_filename: str, auto_deploy: bool = True) → dict¶ Apply a JSON config file that has already been imported
- Parameters
remote_filename (str) – Filename of the config within the FTD system
auto_deploy (bool) – If the imported config should be deployed to the device or just sit in pending
- Returns
Config import job object
- Return type
dict
-
delete_config_file(filename: str) → bool¶ Deletes an exported/imported config file stored in FTD
- Parameters
filename (str) – Name of the config file object - “diskFileName”
- Raises
FirepyerResourceNotFound – If a config with the given filename does not exist
- Returns
True if the file is successfully deleted
- Return type
bool
-
download_config_file(remote_filename: str, local_filename: str = None) → bool¶ Downloads a config file that has been exported (stored within FTD)
- Parameters
remote_filename (str) – Name of the config file on the FTD (diskFileName) or the export job ID
local_filename (str, optional) – Filename to save to the config file to locally, defaults to the remote filename
- Raises
FirepyerError – If unable to download the config file e.g. the filename does not exist or another error occurs
- Returns
True if the config is successfully downloaded
- Return type
bool
-
export_config(config_name: str = None) → dict¶ Creates a job to save the current config as a JSON file in the FTD appliance. Once the job is complete the saved file can be downloaded
- Parameters
config_name (str, optional) – Optional name to store the config file as, defaults to “Exported-at-YYYY-MM-DD-HH-MM-SSZ.zip”
- Returns
Config export job object
- Return type
dict
>>> fdm.export_config('config-with-ospf.zip') {'configExportType': 'FULL_EXPORT', 'deployedObjectsOnly': True, 'diskFileName': 'config-with-ospf.zip', 'doNotEncrypt': True, 'encryptionKey': None, 'entityIds': None, 'forceOperation': False, 'id': '264f7ef6-8431-11eb-ab2b-31e0e0bf5eef', 'ipAddress': '192.168.133.100', 'jobHistoryUuid': '266020c7-8431-11eb-ab2b-41e10f130001', 'jobName': 'Config Export', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configexport/264f7ef6-8431-11eb-ab2b-31e0e0bf5eef'}, 'scheduleType': 'IMMEDIATE', 'type': 'scheduleconfigexport', 'user': 'admin', 'version': 'i7flijevvkqzu'}
-
get_config_files() → List[dict]¶ Gets the imported/exported config objects stored in FTD
- Returns
List of each config file object
- Return type
List[dict]
>>> fdm.get_config_files() [{'dateModified': '2021-03-13 19:20:26Z', 'diskFileName': 'config-with-ospf.zip', 'id': 'default', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configfiles/default'}, 'sizeBytes': 11374, 'type': 'configimportexportfileinfo'}, {'dateModified': '2021-03-13 16:24:10Z', 'diskFileName': 'full_config-1.txt', 'id': 'default', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configfiles/default'}, 'sizeBytes': 69658, 'type': 'configimportexportfileinfo'}]
-
upload_config(filename: str) → dict¶ Upload a JSON config file, usually a .txt or .zip previously exported from an FTD appliance
- Parameters
filename (str) – Relative filepath and name of the config file to upload
- Returns
Uploaded file object
- Return type
dict
>>> fdm.upload_config('full_config-1.txt') {'dateModified': '2021-03-13 16:24:10Z', 'diskFileName': 'full_config-1.txt', 'id': 'default', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/uploadconfigfile/default'}, 'sizeBytes': 69658, 'type': 'configimportexportfileinfo'}
-
General¶
-
class
firepyer.Fdm -
create_syslog_server(ip, protocol='UDP', port='514', interface=None) → dict¶ Creates a SyslogServer to be able to send access rule and system logs to
- Parameters
ip (str) – IP address of the syslog server
protocol (str, optional) – Protocol used to send syslog messages, must be one of [‘TCP’, ‘UDP’], defaults to ‘UDP’
port (str, optional) – Port number used to send syslog messages, defaults to ‘514’
interface (str, optional) – Name of a data interface to use as the source to reach the syslog server IP, otherwise mgmt will be used, defaults to None
- Returns
The new SyslogServer object
- Return type
dict
>>> fdm.create_syslog_server(ip='10.1.5.14') {'deviceInterface': None, 'host': '10.1.5.14', 'id': '0fe4932c-794e-11eb-b948-27bb3f4588ef', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/syslogalerts/0fe4932c-794e-11eb-b948-27bb3f4588ef'}, 'name': '10.1.5.14:514', 'port': '514', 'protocol': 'UDP', 'type': 'syslogserver', 'useManagementInterface': True, 'version': 'buzrvvrcvt6ly'}
-
get_dhcp_servers() → dict¶ Gets the DHCP server configuration, including any pools
- Returns
The DHCP server container object for all DHCP settings
- Return type
dict
>>> fdm.get_dhcp_servers() {'autoConfig': True, 'id': 'a47ce00c-fe55-11e4-8e99-f73968181bfd', 'interface': {'hardwareName': 'GigabitEthernet0/0', 'id': '8d6c41df-3e5f-465b-8e5a-d336b282f93f', 'name': 'outside', 'type': 'physicalinterface', 'version': 'h4kqp4iu2yvff'}, 'links': {'self': 'https://192.168.133.7/api/fdm/latest/devicesettings/default/dhcpservercontainers/a47ce00c-fe55-11e4-8e99-f73968181bfd'}, 'name': 'DHCP-Server-Container', 'primaryDNS': None, 'primaryWINS': None, 'secondaryDNS': None, 'secondaryWINS': None, 'servers': [{'addressPool': '192.168.45.46-192.168.45.254', 'enableDHCP': True, 'interface': {'hardwareName': 'GigabitEthernet0/1', 'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967', 'name': 'inside', 'type': 'physicalinterface', 'version': 'eqotynhtlcuyf'}, 'type': 'dhcpserver'}, {'addressPool': '192.168.133.8-192.168.133.100', 'enableDHCP': False, 'interface': {'hardwareName': 'GigabitEthernet0/2', 'id': 'aeb5b238-4d44-11eb-9e04-cd44159d2943', 'name': 'dmz', 'type': 'physicalinterface', 'version': 'ojwiwyovklamk'}, 'type': 'dhcpserver'}], 'type': 'dhcpservercontainer', 'version': 'eb6ciywtkaqs4'}
-
get_hostname() → str¶ Get the hostname of the system
- Returns
The hostname
- Return type
str
-
get_syslog_servers(name='')¶ Gets all SyslogServers or a single SyslogServer if a name is provided
- Parameters
name (str, optional) – The name of the SyslogServer to find. The name is stored in the format IP:PORT, defaults to ‘’
- Returns
A list of all SyslogServers if no name is provided, or a dict of the single SyslogServer with the given name
- Return type
list|dict
>>> fdm.get_syslog_servers() [{'deviceInterface': {'hardwareName': 'GigabitEthernet0/1', 'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967', 'name': 'inside', 'type': 'physicalinterface', 'version': 'eqotynhtlcuyf'}, 'host': '192.168.0.53', 'id': '00f2c4e0-52cf-11eb-aab5-55a503dce30e', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/syslogalerts/00f2c4e0-52cf-11eb-aab5-55a503dce30e'}, 'name': '192.168.0.53:514', 'port': '514', 'protocol': 'UDP', 'type': 'syslogserver', 'useManagementInterface': False, 'version': 'gz7i7ht2njk6r'}]
-
get_system_info() → dict¶ Gets system information such as software versions, device model, serial number and management details
- Returns
The target FTD system information
- Return type
dict
>>> fdm.get_system_info() {'applianceUuid': '12345678-1234-1234-1234-123456789abc', 'currentTime': 1610202358116, 'databaseInfo': {'buildVersion': '6.6.1', 'configDBVersion': 'itrncf35kvb2q', 'firewallConfigChecksum': 'kptuzmstdl7ve', 'id': '00000001-0000-0000-0000-000000000001', 'isBootstrapSuccessFul': True, 'restoredFromBackup': 'NONE', 'schemaVersion': '91', 'softwareVersion': '6.6.1-91', 'type': 'databaseinfo'}, 'geolocationVersion': {'geolocationDbVersion': None, 'id': 'e2822936-b3ff-11e5-b2b0-75809939b187', 'lastSuccessGeolocationDate': None, 'name': None, 'type': 'geolocationversion'}, 'id': 'default', 'ipv4': '192.168.133.7', 'ipv6': None, 'links': {'self': 'https://192.168.133.7/api/fdm/latest/operational/systeminfo/default'}, 'managementInterfaceName': 'br1', 'modelId': 'B', 'modelNumber': '75', 'platformModel': 'Cisco Firepower Threat Defense for KVM', 'securityIntelligenceFeedsInfo': {'id': 'f78b4875-4d43-11eb-9e04-838d9f38aad2', 'lastFeedsUpdateDate': None, 'type': 'securityintelligencefeedsinfo'}, 'serialNumber': '123ABC123AB', 'snortVersion': {'id': '00000003-0000-0000-0000-000000000003', 'name': '2.9.16-1025', 'snortPackage': '/ngfw/var/sf/snort-2.9.16-1025/snort-75-2.9.16-1025-daq11.tar.bz2', 'snortVersion': '2.9.16-1025', 'type': 'snortversion'}, 'softwareVersion': '6.6.1-91', 'sruVersion': {'id': '00000003-0000-0000-0000-000000000001', 'lastSuccessSRUDate': '2021-01-02 23:12:33Z', 'name': '2020-08-18-001-vrt', 'soMd5Checksum': 'f49e3ed1bfe85316b8b050ebfa99e52b', 'sruVersion': '2020-08-18-001-vrt', 'type': 'sruversion'}, 'systemUptime': 1609628582697, 'type': 'systeminformation', 'vdbVersion': {'appIDRevision': '74', 'id': '00000003-0000-0000-0000-000000000002', 'lastSuccessVDBDate': None, 'name': '336', 'navlRevision': '98', 'type': 'vdbversion', 'vdbCurrentBuild': '0', 'vdbCurrentVersion': '336', 'vdbReleaseDate': '2020-06-15 16:38:24'}}
-
send_command(cmd: str)¶ Send a CLI command to the FTD device and return the output
- Parameters
cmd (str) – The full command to be sent to the CLI, abbreviations aren’t supported
- Returns
The output from entering the command or None if the command failed
- Return type
str
>>> fdm.send_command('show interface ip brief') Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES DHCP up up GigabitEthernet0/1 192.168.45.1 YES manual up up GigabitEthernet0/2 unassigned YES unset administratively down up GigabitEthernet0/3 unassigned YES unset administratively down up Internal-Control0/0 127.0.1.1 YES unset up up Internal-Control0/1 unassigned YES unset up up Internal-Data0/0 unassigned YES unset down up Internal-Data0/0 unassigned YES unset up up Internal-Data0/1 169.254.1.1 YES unset up up Internal-Data0/2 unassigned YES unset up up Management0/0 unassigned YES unset up up
-
set_hostname(hostname)¶ Sets the hostname of the system
- Parameters
hostname (str) – The hostname to set
- Returns
The full requests response object or None if an error occurred
- Return type
Response
-
Updates¶
Methods for updating various rule files
-
class
firepyer.Fdm -
update_intrusion_rules() → dict¶ Immediately update the intrusion ruleset (SRU)
- Returns
Rule update job object
- Return type
dict
>>> fdm.update_intrusion_rules() {'deployAfterUpdate': False, 'description': None, 'forceOperation': False, 'forceUpdate': False, 'id': 'ddbc819d-840a-11eb-ab2b-479260419be4', 'ipAddress': '192.168.133.100', 'jobHistoryUuid': 'ddccfc5e-840a-11eb-ab2b-4dced09e21e1', 'jobName': 'Rule Update', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/updatesru/ddbc819d-840a-11eb-ab2b-479260419be4'}, 'name': None, 'scheduleType': 'IMMEDIATE', 'sruImmediateJobType': 'SRU_UPDATE', 'type': 'sruupdateimmediate', 'user': 'admin', 'version': 'ivefnacxlum6b'}
-
update_vdb() → dict¶ Immediately update the Vulnerability Database (VDB)
- Returns
VDB update job object
- Return type
dict
-
update_geolocation() → dict¶ Immediately update the Geolocation Database (GeoDB)
- Returns
GeoDB update job object
- Return type
dict
-
upload_intrusion_rule_file(filename: str) → dict¶ Uploads an intrusion rule update (SRU) file
- Parameters
filename (str) – Relative filepath and name of the SRU tar file to upload
- Returns
Uploaded file object
- Return type
dict
-
upload_geolocation_file(filename: str) → dict¶ Uploads a Geolocation Database (GeoDB) update file
- Parameters
filename (str) – Relative filepath and name of the GeoDB tar file to upload
- Returns
Uploaded file object
- Return type
dict
-
upload_vdb_file(filename: str) → dict¶ Uploads a Vulnerability Database (VDB) update file
- Parameters
filename (str) – Relative filepath and name of the VDB tar file to upload
- Returns
Uploaded file object
- Return type
dict
>>> fdm.upload_vdb_file('uploads/Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar') {'checkSum': '231e053a4d9de54e7c03a6e64338c5039150a69c693907c6361a9f115f5e78a4f7f0f05ba98d1bd6f835f0d0b0504b582c70b0485b308b6095841e5de157b1bb', 'fileName': 'Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar', 'id': None, 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/updatevdbfromfile/null'}, 'name': 'Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar', 'type': 'vdbfileupload', 'version': None}
-
Upgrades¶
Methods for performing system upgrades
-
class
firepyer.Fdm -
get_upgrade_files() → List[dict]¶ Gets upgrade files that have been uploaded to the FTD appliance
- Returns
List of upgrade file objects in dict form
- Return type
List[dict]
>>> fdm.get_upgrade_files() [{'fileSize': 1288104, 'id': 'dff28977-4d48-11eb-ad95-5dbe3d6f985f', 'links': {'self': 'https://192.168.133.7/api/fdm/latest/managedentity/upgradefiles/dff28977-4d48-11eb-ad95-5dbe3d6f985f'}, 'rebootRequired': True, 'type': 'upgradefile', 'updateVersion': '6.6.1-91', 'upgradeCancelOnFailureDefault': None, 'upgradeFileName': 'Cisco_FTD_Upgrade-6.6.1-91.sh.REL.tar', 'upgradeFrom': '6.2.3', 'upgradeType': 'Cisco FTD Upgrade', 'uploadDate': 'Sat Jan 02 22:21:35 UTC 2021', 'user': 'admin', 'version': 'eujn2nhpfebcl'}]
-
upload_upgrade(filename: str) → dict¶ Uploads an FTD Upgrade file
- Parameters
filename (str) – Relative filepath and name of the FTD Upgrade tar file to upload
- Returns
Uploaded file object
- Return type
dict
-