Home / Security / Forcepoint / Introduction to Forcepoint API & SMC-Python

Introduction to Forcepoint API & SMC-Python

Alexandre Nogard 17 December 2020Forcepoint, Security3 Comments0 Views

A quick introduction to Forcepoint API, with the SMC-Python which is a Python based library to provide the ability to interact with the Forcepoint NGFW Management Center API. Provides automation capabilities for any environment that interact with the SMC remotely.

1 / Prerequisites

Install the python package after having installed Python3, & pip

pip install fp-ngfw-smc-python

Then, Activate the API feature on the SMC :

  • Go to Configuration, Network Elements, Server, Click on your SMC, Properties
  • in SMC API, click “Enable” :
  • then, jump in Administration, Access Right, API Clients
  • Right click on the page, en click on “New API Client”

Now, to can create your first python script, you’ve reach the SMC with your SMC url + configured port & the api_key

from smc import session
import smc.elements
import smc.core.engine
import smc.core.engines
import smc.policy
import smc.elements.system
session.login(url='http://SMC-IP:8082', api_key='API-KEY')

2 / Some scripts examples

Then, I created 2 scripts to automatize some creations tasks. The first script is to imports Hosts from CSV file to the SMC.

Create the csv file network.csv, and add the following data :

Networks,Subnet
net1,10.111.111.0/24
net2,10.111.112.0/24
net3,10.111.113.0/24
net4,10.111.114.0/24
net5,10.111.115.0/24
net6,10.111.116.0/24

Then, create the script below & execute it.

from smc.elements.network import Network
from csv import DictReader
with open('network.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Network.create(data['Networks'], data['Subnet'])

An other example, a script to import from a CSV to the SMC, somes services.

Create the csv file services.csv, and add the following data :

Protocol,Name,Min_dst_port,Max_dst_port,Comment
TCP,TCP1,8001,,test1
TCP,TCP2,8002,,test2
TCP,TCP3,8003,8015,test3
UDP,UDP1,8001,,test1
UDP,UDP2,8002,,test2
UDP,UDP3,8003,8015,test3

Then, create the script below & execute it.

from smc.elements.service import TCPService
from smc.elements.service import UDPService
def str_to_class(str): return getattr(sys.modules[__name__], str)
from csv import DictReader
with open('services.csv', 'r') as read_obj: csv_dict_reader = DictReader(read_obj) for data in csv_dict_reader: Prot = data['Protocol'].upper() + 'Service' str_to_class(Prot).create(data['Name'], data['Min_dst_port'], data['Max_dst_port'], comment=data['Comment'])

:) That’s all. You can create your own script easily by reading the official doc smc-python

I’m preparing a script to automatize the firewall creation, with the script, you’ll be able to :

  • Create a Cluster firewall
  • Declare all the interfaces & vlan
  • Set the DHCP relay
  • Set the DNS
  • Create the policy package
  • Declare the Firewall in the Policy VPN.

Should be available soon ;)

Tags

About Alexandre Nogard

Check Also

Forcepoint : Deploy the SMC on AWS | Part III

Learn how to deploy the Forcepoint SMC & Log Server on AWS behind a NGFW Firewall with a VPC, in a public & private subnet and an Elastic IP

Forcepoint : Deploy the SMC on AWS | Part II

In the first Howto Forcepoint : Deploy the SMC on AWS | Part I, we …

Forcepoint : Deploy the SMC on AWS | Part I

How to deploy Forcepoint SMC (Security Management Center) on AWS ? This is a good …

3 comments

  1. Anonymous
    6 January 2022 at 17 h 22 min

    Hi Alex,

    Great article!

    I have followed your steps.
    But I’m stuck on imported csv.
    Where to put the csv file? in the same python directory or where?

    Reply

Leave a Reply

Your email address will not be published.

Powered by WordPress | Designed by Retina Theme
© Copyright 2022, All Rights Reserved