A quick introduction to Forcepoint API, with the SMC-Python which is a Python based library to provide the ability to interact with the Forcepoint NGFW Management Center API. Provides automation capabilities for any environment that interact with the SMC remotely.
1 / Prerequisites
Install the python package after having installed Python3, & pip
pip install fp-ngfw-smc-python
Then, Activate the API feature on the SMC :
- Go to Configuration, Network Elements, Server, Click on your SMC, Properties
- in SMC API, click “Enable” :
- then, jump in Administration, Access Right, API Clients
- Right click on the page, en click on “New API Client”
Now, to can create your first python script, you’ve reach the SMC with your SMC url + configured port & the api_key
from smc import session import smc.elements import smc.core.engine import smc.core.engines import smc.policy import smc.elements.system session.login(url='http://SMC-IP:8082', api_key='API-KEY')
2 / Some scripts examples
Then, I created 2 scripts to automatize some creations tasks. The first script is to imports Hosts from CSV file to the SMC.
Create the csv file network.csv, and add the following data :
Networks,Subnet net1,10.111.111.0/24 net2,10.111.112.0/24 net3,10.111.113.0/24 net4,10.111.114.0/24 net5,10.111.115.0/24 net6,10.111.116.0/24
Then, create the script below & execute it.
from smc.elements.network import Network
from csv import DictReader
with open('network.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Network.create(data['Networks'], data['Subnet'])An other example, a script to import from a CSV to the SMC, somes services.
Create the csv file services.csv, and add the following data :
Protocol,Name,Min_dst_port,Max_dst_port,Comment TCP,TCP1,8001,,test1 TCP,TCP2,8002,,test2 TCP,TCP3,8003,8015,test3 UDP,UDP1,8001,,test1 UDP,UDP2,8002,,test2 UDP,UDP3,8003,8015,test3
Then, create the script below & execute it.
from smc.elements.service import TCPService
from smc.elements.service import UDPService
def str_to_class(str): return getattr(sys.modules[__name__], str)
from csv import DictReader
with open('services.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Prot = data['Protocol'].upper() + 'Service' str_to_class(Prot).create(data['Name'], data['Min_dst_port'], data['Max_dst_port'], comment=data['Comment']):) That’s all. You can create your own script easily by reading the official doc smc-python
I’m preparing a script to automatize the firewall creation, with the script, you’ll be able to :
- Create a Cluster firewall
- Declare all the interfaces & vlan
- Set the DHCP relay
- Set the DNS
- Create the policy package
- Declare the Firewall in the Policy VPN.
Should be available soon ;)
Hi Alex,
Great article!
I have followed your steps.
But I’m stuck on imported csv.
Where to put the csv file? in the same python directory or where?
Hello,
All you need is to specify the directory path in the variable,
in my exemple : with open(‘network.csv’, ‘r’), means the csv is in the same directory yes.
Regards
Hi Alex!
Thanks for sharing!
Do you know there is already some lab or image for us to test?