A quick introduction to Forcepoint API, with the SMC-Python which is a Python based library to provide the ability to interact with the Forcepoint NGFW Management Center API. Provides automation capabilities for any environment that interact with the SMC remotely.
1 / Prerequisites
Install the python package after having installed Python3, & pip
1 | pip install fp-ngfw-smc-python |
Then, Activate the API feature on the SMC :
- Go to Configuration, Network Elements, Server, Click on your SMC, Properties
- in SMC API, click “Enable” :
- then, jump in Administration, Access Right, API Clients
- Right click on the page, en click on “New API Client”
Now, to can create your first python script, you’ve reach the SMC with your SMC url + configured port & the api_key
1 2 3 4 5 6 7 | from smc import session import smc.elements import smc.core.engine import smc.core.engines import smc.policy import smc.elements.system session.login(url='http://SMC-IP:8082', api_key='API-KEY') |
2 / Some scripts examples
Then, I created 2 scripts to automatize some creations tasks. The first script is to imports Hosts from CSV file to the SMC.
Create the csv file network.csv, and add the following data :
1 2 3 4 5 6 7 | Networks,Subnet net1,10.111.111.0/24 net2,10.111.112.0/24 net3,10.111.113.0/24 net4,10.111.114.0/24 net5,10.111.115.0/24 net6,10.111.116.0/24 |
Then, create the script below & execute it.
1 2 3 4 5 6 | from smc.elements.network import Network from csv import DictReader with open('network.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Network.create(data['Networks'], data['Subnet']) |
An other example, a script to import from a CSV to the SMC, somes services.
Create the csv file services.csv, and add the following data :
1 2 3 4 5 6 7 | Protocol,Name,Min_dst_port,Max_dst_port,Comment TCP,TCP1,8001,,test1 TCP,TCP2,8002,,test2 TCP,TCP3,8003,8015,test3 UDP,UDP1,8001,,test1 UDP,UDP2,8002,,test2 UDP,UDP3,8003,8015,test3 |
Then, create the script below & execute it.
1 2 3 4 5 6 7 8 9 10 | from smc.elements.service import TCPService from smc.elements.service import UDPService def str_to_class(str): return getattr(sys.modules[__name__], str) from csv import DictReader with open('services.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Prot = data['Protocol'].upper() + 'Service' str_to_class(Prot).create(data['Name'], data['Min_dst_port'], data['Max_dst_port'], comment=data['Comment']) |
:) That’s all. You can create your own script easily by reading the official doc smc-python
I’m preparing a script to automatize the firewall creation, with the script, you’ll be able to :
- Create a Cluster firewall
- Declare all the interfaces & vlan
- Set the DHCP relay
- Set the DNS
- Create the policy package
- Declare the Firewall in the Policy VPN.
Should be available soon ;)
One comment
Pingback: Forcepoint NGFW Massive licences import to SMC with API