Home / Security / Forcepoint / Introduction to Forcepoint API & SMC-Python

Introduction to Forcepoint API & SMC-Python

A quick introduction to Forcepoint API, with the SMC-Python which is a Python based library to provide the ability to interact with the Forcepoint NGFW Management Center API. Provides automation capabilities for any environment that interact with the SMC remotely.

1 / Prerequisites

Install the python package after having installed Python3, & pip

pip install fp-ngfw-smc-python

Then, Activate the API feature on the SMC :

  • Go to Configuration, Network Elements, Server, Click on your SMC, Properties
  • in SMC API, click “Enable” :
  • then, jump in Administration, Access Right, API Clients
  • Right click on the page, en click on “New API Client”

Now, to can create your first python script, you’ve reach the SMC with your SMC url + configured port & the api_key

from smc import session
import smc.elements
import smc.core.engine
import smc.core.engines
import smc.policy
import smc.elements.system
session.login(url='http://SMC-IP:8082', api_key='API-KEY')

2 / Some scripts examples

Then, I created 2 scripts to automatize some creations tasks. The first script is to imports Hosts from CSV file to the SMC.

Create the csv file network.csv, and add the following data :

Networks,Subnet
net1,10.111.111.0/24
net2,10.111.112.0/24
net3,10.111.113.0/24
net4,10.111.114.0/24
net5,10.111.115.0/24
net6,10.111.116.0/24

Then, create the script below & execute it.

from smc.elements.network import Network
from csv import DictReader
with open('network.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Network.create(data['Networks'], data['Subnet'])

An other example, a script to import from a CSV to the SMC, somes services.

Create the csv file services.csv, and add the following data :

Protocol,Name,Min_dst_port,Max_dst_port,Comment
TCP,TCP1,8001,,test1
TCP,TCP2,8002,,test2
TCP,TCP3,8003,8015,test3
UDP,UDP1,8001,,test1
UDP,UDP2,8002,,test2
UDP,UDP3,8003,8015,test3

Then, create the script below & execute it.

from smc.elements.service import TCPService
from smc.elements.service import UDPService
def str_to_class(str): return getattr(sys.modules[__name__], str)
from csv import DictReader
with open('services.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Prot = data['Protocol'].upper() + 'Service' str_to_class(Prot).create(data['Name'], data['Min_dst_port'], data['Max_dst_port'], comment=data['Comment'])

:) That’s all. You can create your own script easily by reading the official doc smc-python

I’m preparing a script to automatize the firewall creation, with the script, you’ll be able to :

  • Create a Cluster firewall
  • Declare all the interfaces & vlan
  • Set the DHCP relay
  • Set the DNS
  • Create the policy package
  • Declare the Firewall in the Policy VPN.

Should be available soon ;)

About Alexandre Nogard

Check Also

Forcepoint : Deploy the SMC on AWS | Part III

Learn how to deploy the Forcepoint SMC & Log Server on AWS behind a NGFW Firewall with a VPC, in a public & private subnet and an Elastic IP

Forcepoint : Deploy the SMC on AWS | Part II

In the first Howto Forcepoint : Deploy the SMC on AWS | Part I, we …

Forcepoint : Deploy the SMC on AWS | Part I

How to deploy Forcepoint SMC (Security Management Center) on AWS ? This is a good …

4 comments

  1. Hi Alex,

    Great article!

    I have followed your steps.
    But I’m stuck on imported csv.
    Where to put the csv file? in the same python directory or where?

  2. Hi Alex!

    Thanks for sharing!

    Do you know there is already some lab or image for us to test?

Leave a Reply

Your email address will not be published. Required fields are marked *