Kuv paub tseeb tias txhua tus uas tau ua haujlwm nrog , muaj kev tsis txaus siab txog impossibility ntawm kho cov configuration los ntawm kab hais kom ua. Qhov no yog qhov txawv txav tshwj xeeb rau cov uas yav dhau los ua haujlwm nrog Cisco ASA, qhov twg txhua yam tuaj yeem teeb tsa hauv CLI. Nrog Check Point nws yog lwm txoj hauv kev - txhua qhov chaw ruaj ntseg tau ua tshwj xeeb los ntawm cov duab kos duab. Txawm li cas los xij, qee yam tsis yooj yim ua los ntawm GUI (txawm tias ib qho yooj yim li Check Point's). Piv txwv li, txoj haujlwm ntawm kev ntxiv 100 tus tswv tsev tshiab lossis kev sib koom tes hloov mus rau hauv cov txheej txheem ntev thiab tedious. Rau txhua yam khoom koj yuav tau nyem tus nas ob peb zaug thiab nkag mus rau IP chaw nyob. Ib yam mus rau kev tsim ib pab pawg ntawm cov chaw lossis loj ua kom / tsis ua haujlwm IPS kos npe. Nyob rau hauv cov ntaub ntawv no, muaj feem ntau yuav ua yuam kev.
Ib qho "miracle" tau tshwm sim tsis ntev los no. Nrog rau kev tso tawm ntawm qhov tshiab version Gaia R80 lub sijhawm tau tshaj tawm Kev siv API, uas qhib lub sijhawm dav rau kev teeb tsa automating, kev tswj hwm, kev saib xyuas, thiab lwm yam. Tam sim no koj tuaj yeem:
- tsim khoom;
- ntxiv lossis kho cov npe nkag;
- pab / lov tes taw;
- configure network interfaces;
- nruab cov cai;
- thiab ntau ntxiv.
Ua ncaj ncees, kuv tsis nkag siab li cas cov xov xwm no dhau los ntawm Habr. Hauv tsab xov xwm no peb yuav piav qhia luv luv txog kev siv API thiab muab ntau yam piv txwv. CheckPoint nqis siv scripts.
Kuv xav ua qhov tshwj xeeb tam sim ntawd tias API tsuas yog siv rau Kev Tswj Xyuas server. Cov. Nws tseem tsis tuaj yeem tswj cov rooj vag tsis muaj Management server.
Leej twg tuaj yeem siv qhov API no hauv txoj cai?
- Cov thawj tswj hwm uas xav ua kom yooj yim lossis ua kom cov haujlwm niaj hnub txheeb xyuas qhov teeb tsa;
- Cov tuam txhab uas xav koom nrog Check Point nrog lwm cov kev daws teeb meem (virtualization systems, daim pib tshuab, configuration tswj systems, thiab lwm yam);
- Cov neeg sib koom ua ke uas xav ua tus qauv teeb tsa lossis tsim cov khoom lag luam ntxiv ntsig txog Check Point.
Hom tswvyim
Yog li, cia peb xav txog ib lub tswv yim zoo nrog Check Point:
Raws li niaj zaus peb muaj lub rooj vag (SG), tswj server (SMS) thiab admin console (SmartConsole). Hauv qhov no, txheej txheem kev teeb tsa rooj vag ib txwm zoo li no:
Cov. Ua ntej koj yuav tsum khiav ntawm tus thawj tswj lub computer SmartConsole, uas peb txuas mus rau Management server (SMS). Kev ruaj ntseg teeb tsa tau ua rau ntawm SMS, thiab tsuas yog tom qab ntawd thov (nruab txoj cai) mus rau qhov rooj (SG).
Thaum siv Management API, peb tuaj yeem hla thawj lub ntsiab lus (launch SmartConsole) thiab siv API cov lus txib ncaj qha mus rau Management server (SMS).
Txoj kev siv API
Muaj plaub txoj hauv kev los hloov kho qhov teeb tsa siv API:
1) Siv cov khoom siv mgmt_cli
Piv txwv - # mgmt_cli ntxiv lub npe host1 ip-chaw nyob 192.168.2.100
Cov lus txib no yog khiav los ntawm Management Server (SMS) hais kom ua kab. Kuv xav tias cov syntax ntawm cov lus txib yog qhov tseeb - host1 yog tsim nrog qhov chaw nyob 192.168.2.100.
2) Nkag mus rau API cov lus txib ntawm clish (hauv hom kws tshaj lij)
Yeej, txhua yam koj yuav tsum tau ua yog nkag mus rau hauv kab hais kom ua (mgmt kev) nyob rau hauv tus account uas yog siv thaum txuas ntawm SmartConsole (los yog hauv paus account). Tom qab ntawd koj tuaj yeem nkag mus API cov lus txib (hauv qhov no tsis tas yuav tsum siv cov khoom siv hluav taws xob ua ntej txhua qhov lus txib mgmt_cli). Koj muaj peev xwm tsim tag nrho-fledged BASH scripts. Ib qho piv txwv ntawm tsab ntawv uas tus tswv tsev tsim:
Bash tsab ntawv
#!/bin/bash
main() {
clear
#LOGIN (don't ask for username and password, user is already logged in to Management server as 'root' user)
mgmt_cli login --root true > id_add_host.txt
on_error_print_and_exit "Error: Failed to login, check that the server is up and running (run 'api status')"
#READ HOST NAME
printf "Enter host name:n"
read -e host_name
on_empty_input_print_and_exit "$host_name" "Error: The host's name cannot be empty."
#READ IP ADDRESS
printf "nEnter host IP address:n"
read -e ip
on_empty_input_print_and_exit "$ip" "Error: The host's IP address cannot be empty."
#CREATE HOST
printf "Creating new host: $host_name with IP address: $ipn"
new_host_response=$(mgmt_cli add host name $host_name ip-address $ip -s id_add_host.txt 2> /dev/null)
on_error_print_and_exit "Error: Failed to create host object. n$new_host_response"
#PUBLISH THE CHANGES
printf "nPublishing the changesn"
mgmt_cli publish --root true -s id_add_host.txt &> /dev/null
on_error_print_and_exit "Error: Failed to publish the changes."
#LOGOUT
logout
printf "Done.n"
}
logout(){
mgmt_cli logout --root true -s id_add_host.txt &> /dev/null
}
on_error_print_and_exit(){
if [ $? -ne 0 ]; then
handle_error "$1"
fi
}
handle_error(){
printf "n$1n" #print error message
mgmt_cli discard --root true -s id_add_host.txt &> /dev/null
logout
exit 1
}
on_empty_input_print_and_exit(){
if [ -z "$1" ]; then
printf "$2n" #print error message
logout
exit 0
fi
}
# Script starts here. Call function "main".
main
Yog tias koj txaus siab, koj tuaj yeem saib cov yees duab sib xws:
3) Ntawm SmartConsole los ntawm qhib lub qhov rais CLI
Txhua yam koj yuav tau ua yog qhib qhov rais CLI ncaj los ntawm SmartConsole, raws li pom hauv daim duab hauv qab no.
Hauv qhov rai no, koj tuaj yeem pib nkag mus rau API cov lus txib tam sim.
4) Web Services. Siv HTTPS Post thov (REST API)
Hauv peb lub tswv yim, qhov no yog ib txoj hauv kev zoo tshaj plaws, vim tias tso cai rau koj "tsim" tag nrho cov ntawv thov raws li tswj server tswj ( thov txim rau tus tautology). Hauv qab no peb yuav saib cov qauv no hauv kev nthuav dav me ntsis.
Los xaus:
- API + cli tsim nyog rau cov neeg uas siv Cisco;
- API + plhaub siv cov ntawv sau thiab ua cov haujlwm niaj hnub ua;
- QIV API rau automation.
Enabling API
Los ntawm lub neej ntawd, API tau qhib rau ntawm kev tswj hwm servers nrog ntau dua 4GB ntawm RAM thiab kev teeb tsa ib leeg nrog ntau dua 8GB ntawm RAM. Koj tuaj yeem tshawb xyuas cov xwm txheej uas siv cov lus txib: api xwm
Yog tias nws hloov tawm tias api yog neeg xiam, ces nws yooj yim heev los pab nws ntawm SmartConsole: Tswj & Chaw> Hniav> Tswj API> Advanced Chaw
Tom qab ntawd luam tawm (luam tawm) hloov thiab khiav cov lus txib api rov pib dua.
Web thov + Python
Txhawm rau ua tiav API cov lus txib, koj tuaj yeem siv Web thov siv Nab hab sej thiab tsev qiv ntawv thov, json. Feem ntau, cov qauv ntawm kev thov lub vev xaib muaj peb ntu:
1) Chaw nyob
(https://<managemenet server>:<port>/web_api/<command>)
2) HTTP Headers
content-Type: application/json
x-chkp-sid: <session ID token as returned by the login command>
3) Thov payload
Cov ntawv hauv JSON uas muaj qhov sib txawv
Piv txwv rau hu ntau yam commands:
def api_call(ip_addr, port, command, json_payload, sid):
url = 'https://' + ip_addr + ':' + str(port) + '/web_api/' + command
if sid == ββ:
request_headers = {'Content-Type' : 'application/json'}
else:
request_headers = {'Content-Type' : 'application/json', 'X-chkp-sid' : sid}
r = requests.post(url,data=json.dumps(json_payload), headers=request_headers,verify=False)
return r.json()
'xxx.xxx.xxx.xxx' -> Ip address GAIA
Nov yog ob peb yam haujlwm uas koj feem ntau ntsib thaum tswj xyuas Check Point.
1) Piv txwv ntawm kev tso cai thiab tawm haujlwm ua haujlwm:
Tsab ntawv
payload = {βuserβ: βyour_userβ, βpasswordβ : βyour_passwordβ}
response = api_call('xxx.xxx.xxx.xxx', 443, 'login',payload, '')
return response["sid"]
response = api_call('xxx.xxx.xxx.xxx', 443,'logout', {} ,sid)
return response["message"]
2) Tig rau ntawm cov hniav thiab teeb tsa lub network:
Tsab ntawv
new_gateway_data = {'name':'CPGleb','anti-bot':True,'anti-virus' : True,'application-control':True,'ips':True,'url-filtering':True,'interfaces':
[{'name':"eth0",'topology':'external','ipv4-address': 'xxx.xxx.xxx.xxx',"ipv4-network-mask": "255.255.255.0"},
{'name':"eth1",'topology':'internal','ipv4-address': 'xxx.xxx.xxx.xxx',"ipv4-network-mask": "255.255.255.0"}]}
new_gateway_result = api_call('xxx.xxx.xxx.xxx', 443,'set-simple-gateway', new_gateway_data ,sid)
print(json.dumps(new_gateway_result))
3) Hloov cov cai ntawm firewall:
Tsab ntawv
new_access_data={'name':'Cleanup rule','layer':'Network','action':'Accept'}
new_access_result = api_call('xxx.xxx.xxx.xxx', 443,'set-access-rule', new_access_data ,sid)
print(json.dumps(new_access_result))
4) Ntxiv daim ntawv thov txheej:
Tsab ntawv
add_access_layer_application={ 'name' : 'application123',"applications-and-url-filtering" : True,"firewall" : False}
add_access_layer_application_result = api_call('xxx.xxx.xxx.xxx', 443,'add-access-layer', add_access_layer_application ,sid)
print(json.dumps(add_access_layer_application_result))
set_package_layer={"name" : "Standard","access":True,"access-layers" : {"add" : [ { "name" : "application123","position" :2}]} ,"installation-targets" : "CPGleb"}
set_package_layer_result = api_call('xxx.xxx.xxx.xxx', 443,'set-package', set_package_layer ,sid)
print(json.dumps(set_package_layer_result))
5) Tshaj tawm thiab teeb tsa txoj cai, tshawb xyuas qhov ua tiav ntawm cov lus txib (ua haujlwm-id):
Tsab ntawv
publish_result = api_call('xxx.xxx.xxx.xxx', 443,"publish", {},sid)
print("publish result: " + json.dumps(publish_result))
new_policy = {'policy-package':'Standard','access':True,'targets':['CPGleb']}
new_policy_result = api_call('xxx.xxx.xxx.xxx', 443,'install-policy', new_policy ,sid)
print(json.dumps(new_policy_result)
task_id=(json.dumps(new_policy_result ["task-id"]))
len_str=len(task_id)
task_id=task_id[1:(len_str-1)]
show_task_id ={'task-id':(task_id)}
show_task=api_call('xxx.xxx.xxx.xxx',443,'show-task',show_task_id,sid)
print(json.dumps(show_task))
6) Ntxiv host:
Tsab ntawv
new_host_data = {'name':'JohnDoePc', 'ip-address': '192.168.0.10'}
new_host_result = api_call('xxx.xxx.xxx.xxx', 443,'add-host', new_host_data ,sid)
print(json.dumps(new_host_result))
7) Ntxiv Kev Tiv Thaiv Kev Nyab Xeeb:
Tsab ntawv
set_package_layer={'name':'Standard','threat-prevention' :True,'installation-targets':'CPGleb'}
set_package_layer_result = api_call('xxx.xxx.xxx.xxx', 443,'set-package',set_package_layer,sid)
print(json.dumps(set_package_layer_result))
8) Saib cov npe ntawm cov ntu
Tsab ntawv
new_session_data = {'limit':'50', 'offset':'0','details-level' : 'standard'}
new_session_result = api_call('xxx.xxx.xxx.xxx', 443,'show-sessions', new_session_data ,sid)
print(json.dumps(new_session_result))
9) Tsim ib qhov profile tshiab:
Tsab ntawv
add_threat_profile={'name':'Apeiron', "active-protections-performance-impact" : "low","active-protections-severity" : "low or above","confidence-level-medium" : "prevent",
"confidence-level-high" : "prevent", "threat-emulation" : True,"anti-virus" : True,"anti-bot" : True,"ips" : True,
"ips-settings" : { "newly-updated-protections" : "staging","exclude-protection-with-performance-impact" : True,"exclude-protection-with-performance-impact-mode" : "High or lower"},
"overrides" : [ {"protection" : "3Com Network Supervisor Directory Traversal","capture-packets" : True,"action" : "Prevent","track" : "Log"},
{"protection" : "7-Zip ARJ Archive Handling Buffer Overflow", "capture-packets" : True,"action" : "Prevent","track" : "Log"} ]}
add_threat_profile_result=api_call('xxx.xxx.xxx.xxx',443,'add-threat-profile',add_threat_profile,sid)
print(json.dumps(add_threat_profile_result))
10) Hloov qhov kev txiav txim rau IPS kos npe:
Tsab ntawv
set_threat_protection={
"name" : "3Com Network Supervisor Directory Traversal",
"overrides" : [{ "profile" : "Apeiron","action" : "Detect","track" : "Log","capture-packets" : True},
{ "profile" : "Apeiron", "action" : "Detect", "track" : "Log", "capture-packets" : False} ]}
set_threat_protection_result=api_call('xxx.xxx.xxx.xxx',443,'set-threat-protection',set_threat_protection,sid)
print(json.dumps(set_threat_protection_result))
11) Ntxiv koj qhov kev pabcuam:
Tsab ntawv
add_service_udp={ "name" : "Dota2_udp", "port" : '27000-27030',
"keep-connections-open-after-policy-installation" : False,
"session-timeout" : 0, "match-for-any" : True,
"sync-connections-on-cluster" : True,
"aggressive-aging" : {"enable" : True, "timeout" : 360,"use-default-timeout" : False },
"accept-replies" : False}
add_service_udp_results=api_call('xxx.xxx.xxx.xxx',443,"add-service-udp",add_service_udp,sid)
print(json.dumps(add_service_udp_results))
12) Ntxiv ib qeb, qhov chaw lossis pab pawg:
Tsab ntawv
add_application_site_category={ "name" : "Valve","description" : "Valve Games"}
add_application_site_category_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site-category",add_application_site_category,sid)
print(json.dumps(add_application_site_category_results))
add_application_site={ "name" : "Dota2", "primary-category" : "Valve", "description" : "Dotka",
"url-list" : [ "www.dota2.ru" ], "urls-defined-as-regular-expression" : False}
add_application_site_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site " ,
add_application_site , sid)
print(json.dumps(add_application_site_results))
add_application_site_group={"name" : "Games","members" : [ "Dota2"]}
add_application_site_group_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site-group",add_application_site_group,sid)
print(json.dumps(add_application_site_group_results))
Ntxiv rau, nrog kev pab Lub Vev Xaib API koj tuaj yeem ntxiv thiab tshem tawm cov network, hosts, nkag mus rau lub luag haujlwm, thiab lwm yam. Cov hniav tuaj yeem kho tau Antivirus, Antibot, IPS, VPN. Nws tseem tuaj yeem txhim kho cov ntawv tso cai siv cov lus txib khiav-script. Tag nrho Check Point API cov lus txib tuaj yeem pom ntawm no .
Check Point API + Postman
Kuj yooj yim siv Check Point Web API ua ke nrog . Postman muaj desktop versions rau Windows, Linux thiab MacOS. Tsis tas li ntawd, muaj plugin rau Google Chrome. Nov yog qhov peb yuav siv. Ua ntej koj yuav tsum nrhiav Postman hauv Google Chrome Store thiab nruab:
Siv qhov kev pab cuam no, peb yuav muaj peev xwm tsim Web thov mus rau Check Point API. Yuav kom tsis txhob nco qab tag nrho cov lus txib API, nws muaj peev xwm import thiaj li hu ua collections (templates), uas twb muaj tag nrho cov lus txib tsim nyog:
koj yuav pom sau rau R80.10. Tom qab importing, API command templates yuav muaj rau peb:
Hauv kuv lub tswv yim, qhov no yooj yim heev. Koj tuaj yeem pib tsim cov ntawv thov sai sai siv Check Point API.
Check Point + Ansible
Kuv kuj xav hais tias muaj Ua tau zoo rau CheckPoint API. Lub module tso cai rau koj los tswj cov kev teeb tsa, tab sis nws tsis yooj yim rau kev daws teeb meem kab txawv. Kev sau ntawv hauv ib hom lus programming muab cov kev daws teeb meem yooj yim dua thiab yooj yim dua.
xaus
Qhov no yog qhov uas peb yuav zaum kawg peb qhov kev tshuaj xyuas luv luv ntawm Check Point API. Hauv kuv lub tswv yim, qhov tshwj xeeb no tau tos ntev heev thiab tsim nyog. Qhov tshwm sim ntawm API qhib rau ntau txoj hauv kev rau ob qho tib si cov thawj coj thiab cov neeg koom ua ke uas ua haujlwm nrog cov khoom Check Point. Orchestration, automation, SIEM tawm tswv yim ... nws yog tag nrho tam sim no.
P.S. Ntau cov lus hais txog raws li ib txwm koj tuaj yeem pom nws ntawm peb qhov blog los yog hauv blog ntawm .
P.S.S. Rau cov lus nug txog kev teeb tsa Check Point, koj tuaj yeem ua tau
Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. thov.
Koj puas npaj yuav siv API?
-
70,6%Yog 12
-
23,5%Nr 4
-
5,9%xa siv1
17 cov neeg siv pov npav. 3 cov neeg siv tau txwv.
Tau qhov twg los: www.hab.com