System Settings & Tasks

General system settings.

Config Import/Export

class firepyer.Fdm
apply_config_import(remote_filename: str, auto_deploy: bool = True) → dict

Apply a JSON config file that has already been imported

Parameters
  • remote_filename (str) – Filename of the config within the FTD system

  • auto_deploy (bool) – If the imported config should be deployed to the device or just sit in pending

Returns

Config import job object

Return type

dict

delete_config_file(filename: str) → bool

Deletes an exported/imported config file stored in FTD

Parameters

filename (str) – Name of the config file object - “diskFileName”

Raises

FirepyerResourceNotFound – If a config with the given filename does not exist

Returns

True if the file is successfully deleted

Return type

bool

download_config_file(remote_filename: str, local_filename: str = None) → bool

Downloads a config file that has been exported (stored within FTD)

Parameters
  • remote_filename (str) – Name of the config file on the FTD (diskFileName) or the export job ID

  • local_filename (str, optional) – Filename to save to the config file to locally, defaults to the remote filename

Raises

FirepyerError – If unable to download the config file e.g. the filename does not exist or another error occurs

Returns

True if the config is successfully downloaded

Return type

bool

export_config(config_name: str = None) → dict

Creates a job to save the current config as a JSON file in the FTD appliance. Once the job is complete the saved file can be downloaded

Parameters

config_name (str, optional) – Optional name to store the config file as, defaults to “Exported-at-YYYY-MM-DD-HH-MM-SSZ.zip”

Returns

Config export job object

Return type

dict

>>> fdm.export_config('config-with-ospf.zip')
{'configExportType': 'FULL_EXPORT',
 'deployedObjectsOnly': True,
 'diskFileName': 'config-with-ospf.zip',
 'doNotEncrypt': True,
 'encryptionKey': None,
 'entityIds': None,
 'forceOperation': False,
 'id': '264f7ef6-8431-11eb-ab2b-31e0e0bf5eef',
 'ipAddress': '192.168.133.100',
 'jobHistoryUuid': '266020c7-8431-11eb-ab2b-41e10f130001',
 'jobName': 'Config Export',
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configexport/264f7ef6-8431-11eb-ab2b-31e0e0bf5eef'},
 'scheduleType': 'IMMEDIATE',
 'type': 'scheduleconfigexport',
 'user': 'admin',
 'version': 'i7flijevvkqzu'}
get_config_files() → List[dict]

Gets the imported/exported config objects stored in FTD

Returns

List of each config file object

Return type

List[dict]

>>> fdm.get_config_files()
[{'dateModified': '2021-03-13 19:20:26Z',
  'diskFileName': 'config-with-ospf.zip',
  'id': 'default',
  'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configfiles/default'},
  'sizeBytes': 11374,
  'type': 'configimportexportfileinfo'},
 {'dateModified': '2021-03-13 16:24:10Z',
  'diskFileName': 'full_config-1.txt',
  'id': 'default',
  'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/configfiles/default'},
  'sizeBytes': 69658,
  'type': 'configimportexportfileinfo'}]
upload_config(filename: str) → dict

Upload a JSON config file, usually a .txt or .zip previously exported from an FTD appliance

Parameters

filename (str) – Relative filepath and name of the config file to upload

Returns

Uploaded file object

Return type

dict

>>> fdm.upload_config('full_config-1.txt')
{'dateModified': '2021-03-13 16:24:10Z',
 'diskFileName': 'full_config-1.txt',
 'id': 'default',
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/uploadconfigfile/default'},
 'sizeBytes': 69658,
 'type': 'configimportexportfileinfo'}

General

class firepyer.Fdm
create_syslog_server(ip, protocol='UDP', port='514', interface=None) → dict

Creates a SyslogServer to be able to send access rule and system logs to

Parameters
  • ip (str) – IP address of the syslog server

  • protocol (str, optional) – Protocol used to send syslog messages, must be one of [‘TCP’, ‘UDP’], defaults to ‘UDP’

  • port (str, optional) – Port number used to send syslog messages, defaults to ‘514’

  • interface (str, optional) – Name of a data interface to use as the source to reach the syslog server IP, otherwise mgmt will be used, defaults to None

Returns

The new SyslogServer object

Return type

dict

>>> fdm.create_syslog_server(ip='10.1.5.14')
{'deviceInterface': None,
 'host': '10.1.5.14',
 'id': '0fe4932c-794e-11eb-b948-27bb3f4588ef',
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/syslogalerts/0fe4932c-794e-11eb-b948-27bb3f4588ef'},
 'name': '10.1.5.14:514',
 'port': '514',
 'protocol': 'UDP',
 'type': 'syslogserver',
 'useManagementInterface': True,
 'version': 'buzrvvrcvt6ly'}
get_dhcp_servers() → dict

Gets the DHCP server configuration, including any pools

Returns

The DHCP server container object for all DHCP settings

Return type

dict

>>> fdm.get_dhcp_servers()
{'autoConfig': True,
 'id': 'a47ce00c-fe55-11e4-8e99-f73968181bfd',
 'interface': {'hardwareName': 'GigabitEthernet0/0',
               'id': '8d6c41df-3e5f-465b-8e5a-d336b282f93f',
               'name': 'outside',
               'type': 'physicalinterface',
               'version': 'h4kqp4iu2yvff'},
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/devicesettings/default/dhcpservercontainers/a47ce00c-fe55-11e4-8e99-f73968181bfd'},
 'name': 'DHCP-Server-Container',
 'primaryDNS': None,
 'primaryWINS': None,
 'secondaryDNS': None,
 'secondaryWINS': None,
 'servers': [{'addressPool': '192.168.45.46-192.168.45.254',
              'enableDHCP': True,
              'interface': {'hardwareName': 'GigabitEthernet0/1',
                            'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967',
                            'name': 'inside',
                            'type': 'physicalinterface',
                            'version': 'eqotynhtlcuyf'},
              'type': 'dhcpserver'},
             {'addressPool': '192.168.133.8-192.168.133.100',
              'enableDHCP': False,
              'interface': {'hardwareName': 'GigabitEthernet0/2',
                            'id': 'aeb5b238-4d44-11eb-9e04-cd44159d2943',
                            'name': 'dmz',
                            'type': 'physicalinterface',
                            'version': 'ojwiwyovklamk'},
              'type': 'dhcpserver'}],
 'type': 'dhcpservercontainer',
 'version': 'eb6ciywtkaqs4'}
get_hostname() → str

Get the hostname of the system

Returns

The hostname

Return type

str

get_syslog_servers(name='')

Gets all SyslogServers or a single SyslogServer if a name is provided

Parameters

name (str, optional) – The name of the SyslogServer to find. The name is stored in the format IP:PORT, defaults to ‘’

Returns

A list of all SyslogServers if no name is provided, or a dict of the single SyslogServer with the given name

Return type

list|dict

>>> fdm.get_syslog_servers()
[{'deviceInterface': {'hardwareName': 'GigabitEthernet0/1',
                      'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967',
                      'name': 'inside',
                      'type': 'physicalinterface',
                      'version': 'eqotynhtlcuyf'},
  'host': '192.168.0.53',
  'id': '00f2c4e0-52cf-11eb-aab5-55a503dce30e',
  'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/syslogalerts/00f2c4e0-52cf-11eb-aab5-55a503dce30e'},
  'name': '192.168.0.53:514',
  'port': '514',
  'protocol': 'UDP',
  'type': 'syslogserver',
  'useManagementInterface': False,
  'version': 'gz7i7ht2njk6r'}]
get_system_info() → dict

Gets system information such as software versions, device model, serial number and management details

Returns

The target FTD system information

Return type

dict

>>> fdm.get_system_info()
{'applianceUuid': '12345678-1234-1234-1234-123456789abc',
 'currentTime': 1610202358116,
 'databaseInfo': {'buildVersion': '6.6.1',
                  'configDBVersion': 'itrncf35kvb2q',
                  'firewallConfigChecksum': 'kptuzmstdl7ve',
                  'id': '00000001-0000-0000-0000-000000000001',
                  'isBootstrapSuccessFul': True,
                  'restoredFromBackup': 'NONE',
                  'schemaVersion': '91',
                  'softwareVersion': '6.6.1-91',
                  'type': 'databaseinfo'},
 'geolocationVersion': {'geolocationDbVersion': None,
                        'id': 'e2822936-b3ff-11e5-b2b0-75809939b187',
                        'lastSuccessGeolocationDate': None,
                        'name': None,
                        'type': 'geolocationversion'},
 'id': 'default',
 'ipv4': '192.168.133.7',
 'ipv6': None,
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/operational/systeminfo/default'},
 'managementInterfaceName': 'br1',
 'modelId': 'B',
 'modelNumber': '75',
 'platformModel': 'Cisco Firepower Threat Defense for KVM',
 'securityIntelligenceFeedsInfo': {'id': 'f78b4875-4d43-11eb-9e04-838d9f38aad2',
                                   'lastFeedsUpdateDate': None,
                                   'type': 'securityintelligencefeedsinfo'},
 'serialNumber': '123ABC123AB',
 'snortVersion': {'id': '00000003-0000-0000-0000-000000000003',
                  'name': '2.9.16-1025',
                  'snortPackage': '/ngfw/var/sf/snort-2.9.16-1025/snort-75-2.9.16-1025-daq11.tar.bz2',
                  'snortVersion': '2.9.16-1025',
                  'type': 'snortversion'},
 'softwareVersion': '6.6.1-91',
 'sruVersion': {'id': '00000003-0000-0000-0000-000000000001',
                'lastSuccessSRUDate': '2021-01-02 23:12:33Z',
                'name': '2020-08-18-001-vrt',
                'soMd5Checksum': 'f49e3ed1bfe85316b8b050ebfa99e52b',
                'sruVersion': '2020-08-18-001-vrt',
                'type': 'sruversion'},
 'systemUptime': 1609628582697,
 'type': 'systeminformation',
 'vdbVersion': {'appIDRevision': '74',
                'id': '00000003-0000-0000-0000-000000000002',
                'lastSuccessVDBDate': None,
                'name': '336',
                'navlRevision': '98',
                'type': 'vdbversion',
                'vdbCurrentBuild': '0',
                'vdbCurrentVersion': '336',
                'vdbReleaseDate': '2020-06-15 16:38:24'}}
send_command(cmd: str)

Send a CLI command to the FTD device and return the output

Parameters

cmd (str) – The full command to be sent to the CLI, abbreviations aren’t supported

Returns

The output from entering the command or None if the command failed

Return type

str

>>> fdm.send_command('show interface ip brief')
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES DHCP   up                    up
GigabitEthernet0/1         192.168.45.1    YES manual up                    up
GigabitEthernet0/2         unassigned      YES unset  administratively down up
GigabitEthernet0/3         unassigned      YES unset  administratively down up
Internal-Control0/0        127.0.1.1       YES unset  up                    up
Internal-Control0/1        unassigned      YES unset  up                    up
Internal-Data0/0           unassigned      YES unset  down                  up
Internal-Data0/0           unassigned      YES unset  up                    up
Internal-Data0/1           169.254.1.1     YES unset  up                    up
Internal-Data0/2           unassigned      YES unset  up                    up
Management0/0              unassigned      YES unset  up                    up
set_hostname(hostname)

Sets the hostname of the system

Parameters

hostname (str) – The hostname to set

Returns

The full requests response object or None if an error occurred

Return type

Response

Updates

Methods for updating various rule files

class firepyer.Fdm
update_intrusion_rules() → dict

Immediately update the intrusion ruleset (SRU)

Returns

Rule update job object

Return type

dict

>>> fdm.update_intrusion_rules()
{'deployAfterUpdate': False,
 'description': None,
 'forceOperation': False,
 'forceUpdate': False,
 'id': 'ddbc819d-840a-11eb-ab2b-479260419be4',
 'ipAddress': '192.168.133.100',
 'jobHistoryUuid': 'ddccfc5e-840a-11eb-ab2b-4dced09e21e1',
 'jobName': 'Rule Update',
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/updatesru/ddbc819d-840a-11eb-ab2b-479260419be4'},
 'name': None,
 'scheduleType': 'IMMEDIATE',
 'sruImmediateJobType': 'SRU_UPDATE',
 'type': 'sruupdateimmediate',
 'user': 'admin',
 'version': 'ivefnacxlum6b'}
update_vdb() → dict

Immediately update the Vulnerability Database (VDB)

Returns

VDB update job object

Return type

dict

update_geolocation() → dict

Immediately update the Geolocation Database (GeoDB)

Returns

GeoDB update job object

Return type

dict

upload_intrusion_rule_file(filename: str) → dict

Uploads an intrusion rule update (SRU) file

Parameters

filename (str) – Relative filepath and name of the SRU tar file to upload

Returns

Uploaded file object

Return type

dict

upload_geolocation_file(filename: str) → dict

Uploads a Geolocation Database (GeoDB) update file

Parameters

filename (str) – Relative filepath and name of the GeoDB tar file to upload

Returns

Uploaded file object

Return type

dict

upload_vdb_file(filename: str) → dict

Uploads a Vulnerability Database (VDB) update file

Parameters

filename (str) – Relative filepath and name of the VDB tar file to upload

Returns

Uploaded file object

Return type

dict

>>> fdm.upload_vdb_file('uploads/Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar')
{'checkSum': '231e053a4d9de54e7c03a6e64338c5039150a69c693907c6361a9f115f5e78a4f7f0f05ba98d1bd6f835f0d0b0504b582c70b0485b308b6095841e5de157b1bb',
 'fileName': 'Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar',
 'id': None,
 'links': {'self': 'https://192.168.133.7/api/fdm/latest/action/updatevdbfromfile/null'},
 'name': 'Cisco_VDB_Fingerprint_Database-4.5.0-337.sh.REL.tar',
 'type': 'vdbfileupload',
 'version': None}

Upgrades

Methods for performing system upgrades

class firepyer.Fdm
get_upgrade_files() → List[dict]

Gets upgrade files that have been uploaded to the FTD appliance

Returns

List of upgrade file objects in dict form

Return type

List[dict]

>>> fdm.get_upgrade_files()
[{'fileSize': 1288104,
  'id': 'dff28977-4d48-11eb-ad95-5dbe3d6f985f',
  'links': {'self': 'https://192.168.133.7/api/fdm/latest/managedentity/upgradefiles/dff28977-4d48-11eb-ad95-5dbe3d6f985f'},
  'rebootRequired': True,
  'type': 'upgradefile',
  'updateVersion': '6.6.1-91',
  'upgradeCancelOnFailureDefault': None,
  'upgradeFileName': 'Cisco_FTD_Upgrade-6.6.1-91.sh.REL.tar',
  'upgradeFrom': '6.2.3',
  'upgradeType': 'Cisco FTD Upgrade',
  'uploadDate': 'Sat Jan 02 22:21:35 UTC 2021',
  'user': 'admin',
  'version': 'eujn2nhpfebcl'}]
upload_upgrade(filename: str) → dict

Uploads an FTD Upgrade file

Parameters

filename (str) – Relative filepath and name of the FTD Upgrade tar file to upload

Returns

Uploaded file object

Return type

dict