fmc-tools
fmc-tools copied to clipboard
rnwolfe
Domain's not working
Hi,
Trying to use the update-all-rules script. Works great on the Global domain (After modifying fireREST to include functions for Intrusion + File policies which aren't there) however on child domains I get thrown an error:
Trackback (most recent call last):
File "test.py", line 59, in
Any ideas?
Thanks
Hey @Insomnia1305 - check issue: https://github.com/rnwolfe/fmc-tools/issues/1#issuecomment-482350532
The scripts should handle domains other than Global correctly; however, the issue is that the way Firepower API formats them is weird. I tested this with the export to CSV script. You have to ensure that you include a space after the / between Global and your domain.
Try that out and let me know if it works.
Hi,
I tried that and every which way I could think of, that didn't work at all. A friend suggested I modify the following:
api = FireREST(hostname=device, username=username, password=password) change to: api = FireREST(hostname=device, username=username, password=password, domain=domain)
I haven't had a chance to test it yet however.
On another note, i've had to heavily modify fireREST to get your scripts to work...it doesn't include API GET's for intrusion policy, file policy at all etc...your script errors out loads but I managed to resolve most of these myself. I wonder if fireREST was modified after you released this.
The domain would have to be provided to the FireREST object, so that suggestion should help.
I forked this from fireREST, so you can check it out there: https://github.com/kaisero/fireREST. Though, it hasn't been updated for a while. I added some stuff to it, but mostly just made the scripts (and only needed them for the default Global domain).
This was kind of a simple script for a particular need I had, so I'm not incredibly surprised it had some issues for a policy that had some different objects than mine did.
Yes but what i'm saying is none of your API calls work: if intrusion_policy: intrusion_policy_id = api.get_intrusion_policy_id_by_name(intrusion_policy) else: intrusion_policy_id = "Not defined"
if file_policy: file_policy_id = api.get_file_policy_id_by_name(file_policy) else: file_policy_id = "Not defined"
if variable_set: variable_set_id = api.get_variable_set_id_by_name(variable_set) else: variable_set_id = "Not defined"
All 3 of these don't exist in fireREST, i had to create them myself. There is no 'get_variable_set_id_by_name' for example.
Yes, they do:
-
get_variable_set_id_by_name: https://github.com/rnwolfe/fmc-tools/blob/master/fireREST/init.py#L534 -
get_file_policy_id_by_name: https://github.com/rnwolfe/fmc-tools/blob/master/fireREST/init.py#L552 -
get_intrusion_policy_id_by_name: https://github.com/rnwolfe/fmc-tools/blob/master/fireREST/init.py#L516
Are you sure you're using the fireREST in my repo and not the original repo I forked it from (kaseiro/fireREST)?
I had to add those in myself from the original fork which did not have them (just as your saying).
There actually is no fireREST in your repo or am I blind? So I took it from the original (had it already)
https://puu.sh/DvJt3/fc12a57c7e.png
The folder being empty also.
Yes, it's in the fireREST directory. The code is in __init__.py (to be honest I have no idea why I moved it - it was too long ago).
If you just cloned the repo, the imports should have worked unless you overwrote them with the other repo.
The domains do work. It is important to not add a space in the domain variable content. I tested the below config successfully:
## Lab FMC and user
device = '10.16.1.100'
username = 'user'
password = 'password'
## Lab Domain Test
domain = 'Global/Lab'
ac_policy = 'my-acp'
api = FireREST(hostname=device, username=username, password=password, domain=domain)
