ืืขืืฆืื ืืืืื ืฉื ืืื ืืจืืงืฆืื ืขื ืืืฉืงื API ืืชืืื ืืฉืืืืฉ ืืื ืขื ืงืื ืชืืื ืืช, ืืืฉืจ ื ืืชื ืืืฆืืจ ืืืืคื ืืื ืื ืืงืฉืืช API ืืืืื ืื ืืชืื ืชืืืืืช API. ืขื ืืืช, ืื ืขืืืื ืื ืืืจืืฉ ืขืจืืช ืคืืชืื ืชืืื ื ืฉื Python (ืืืื ืืืื ื Python SDK) ืขืืืจ API ืื ืืืื ื ืงืืืืช ืฆ'ืง, ืื ืืฉืืื. ืื ืืคืฉื ืืฉืืขืืชืืช ืืช ืืืืื ืฉื ืืคืชืืื ืืืืืื ืืืืืืฆืื. ืคืืืชืื ืฆืืจื ืคืืคืืืจืืืช ืขืฆืืื ืืืืจืื ื ืืืืืืชื ืืืื ืืช ืืืกืจ ืืืกืงืืจ ืืช ืืืืคืืื ืื ืืขืืงืจืืื.
ืฆ'ืง ืคืืื ื ืืคืชืืช ืืืืคื ืคืขืื ืืช ื-API, ืืืจืืข ืฉืืืจืจื ืืืืจืื ืืืืื:
ืืืฉืง API ืื ืืืื ื ืงืืืืช (ืืจืกื ื ืืืืืช 1.6) - ืขืืืื ืขื ืฉืจืช ืืืงืจื ืืืืฆืขืืช API (ืืืืืืืช ืืืคืขืื ืกืงืจืืคืืื ืืฉืขืจืื ืื ืฉืืืื ืขื ืืื ืฉืจืช ืืืงืจื)Check Point GAIA API (ืืจืกื ื ืืืืืช 1.4) - ืขืืืื ืขื ืฉืขืจื ืืืืืAPI ืืื ืืขืช ืืืืืื 1.0 - ืขืืืื ืขื ืืจืื ืืื ืืขื ื ืฆ'ืง ืคืืื ืAPI ืฉื ืืืืขืืช ืืืืืช - ืขืืืื ืขื Identity Awareness Blade ืขื ืฉืขืจืืAPI ืฉื ืคืืจืื ื ืืืื ืืืืื - ืขืืืื ืขื ืคืืจืื ื ืืืื ืฉืขืจ SMB (ืขืื ืขื ืฉืขืจื SMB )IoT API - ืืื ืืจืืงืฆืื ืขื ืืงืจื IoTCloudGuard Connect API - ืืขืืื ืขืCloudGuard Connect (ืคืชืจืื ืืืืื SD-WAN)Dome9 API - ืืขืืื ืขืDome9
ื-SDK ืฉื Python ืชืืื ืืจืืข ืจืง ืืืื ืืจืืงืฆืื ืขื ื-API ืื ืืืื ื Gaia API. ื ืกืชืื ืขื ืืืืืงืืช, ืืฉืืืืช ืืืืฉืชื ืื ืืืฉืืืื ืืืืชืจ ืืืืืื ืื.
ืืชืงื ืช ืืืืืื
ะะพะดัะปั cpapi ืืืชืงื ืืืืืจืืช ืืืงืืืช ื
ืชืืืืช ืืขืืืื
ืขื ืื ืช ืฉื ืืื ืืขืืื ืขื ืืจืืืืื ืฉื ืืืืื ื-cpapi, ืขืืื ื ืืืืื ืืืืืืื cpapi ืืคืืืช ืฉื ื ืฉืืขืืจื ืืืื:
APIClient ะธ APIClientArgs
from cpapi import APIClient, APIClientArgs
ืืืืชื APIClientArgs ืืืจืื ืขื ืคืจืืืจื ืืืืืจ ืืฉืจืช ื-API, ืืืืืืงื APIClient ืืืจืื ืขื ืืืื ืืจืืงืฆืื ืขื ื-API.
ืงืืืขืช ืคืจืืืจื ืืืืืจ
ืืื ืืืืืืจ ืคืจืืืจืื ืฉืื ืื ืืืืืืจ ื-API, ืขืืื ืืืฆืืจ ืืืคืข ืฉื ืืืืืงื APIClientArgs. ืืืืคื ืขืงืจืื ื, ืืคืจืืืจืื ืฉืื ืืืืืจืื ืืจืืฉ ืืืืฉืจ ืืคืขืืืื ืืช ืืกืงืจืืคื ืืฉืจืช ืืืงืจื, ืืื ืฆืืจื ืืฆืืื ืืืชื.
client_args = APIClientArgs()
ืืื ืืืฉืจ ืคืืขื ืขื ืืืจื ืฆื ืฉืืืฉื, ืขืืื ืืฆืืื ืืคืืืช ืืช ืืชืืืช ื-IP ืื ืฉื ืืืืจื ืฉื ืฉืจืช ื-API (ืืืืื ื ืื ืฉืจืช ืื ืืืื). ืืืืืื ืืืื, ืื ื ืืืืืจืื ืืช ืคืจืืืจ ืืืืืจ ืืฉืจืช ืืืงืฆืื ืื ืืช ืืชืืืช ื-IP ืฉื ืฉืจืช ืื ืืืื ืืืืจืืืช.
client_args = APIClientArgs(server='192.168.47.241')
ืืืื ื ืกืชืื ืขื ืื ืืคืจืืืจืื ืืขืจืื ืืจืืจืช ืืืืื ืฉืืื ืฉื ืืชื ืืืฉืชืืฉ ืืื ืืขืช ืืืืืจ ืืฉืจืช ื-API:
ืืจืืืื ืืื ืฉื ืฉืืืช __init__ ืฉื ืืืืืงื APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = context
ืื ื ืืืืื ืฉืืืจืืืื ืืื ืฉื ืืชื ืืืฉืชืืฉ ืืื ืืืืคืขืื ืฉื ืืืืงืช APIClientArgs ืื ืืื ืืืืืืืืืื ืืื ืืื ืฆ'ืง ืคืืื ื ืืืื ื ืืืจืฉืื ืืขืจืืช ื ืืกืคืืช.
ืืชืืืจืืช ืืจื APIClient ืืื ืื ืืงืฉืจ
ืืืืชื APIClient ืืืจื ืื ืืื ืืืืชืจ ืืืฉืชืืฉ ืื ืืื ืืจื ืื ืื ืืืงืฉืจืื. ืื ืื ืฉืฆืจืื ืืืขืืืจ ืืืืคืข ืฉื ืืืืงืช APIClient ืืื ืคืจืืืจื ืืืืืืจ ืฉืืืืืจื ืืฉืื ืืงืืื.
with APIClient(client_args) as client:
ืื ืื ืืืงืฉืจ ืื ืืืฆืข ืงืจืืืช ืืชืืืจืืช ืืืืืืืืช ืืฉืจืช ื-API, ืื ืืื ืืืฆืข ืงืจืืืช ืืชื ืชืง ืืขืช ืืฆืืื ืืื ื. ืื ืืกืืื ืืืฉืื ืื ื ืืจืฉืช ืืชื ืชืงืืช ืืืืจ ืกืืื ืืขืืืื ืขื ืงืจืืืืช API, ืขืืื ืืืชืืื ืืขืืื ืืืื ืืืฉืชืืฉ ืืื ืื ืืืงืฉืจืื:
client = APIClient(clieng_args)
ืืืืงืช ืืืืืจ
ืืืจื ืืงืื ืืืืชืจ ืืืืืง ืื ืืืืืืจ ืขืืื ืืคืจืืืจืื ืฉืฆืืื ื ืืื ืืืืฆืขืืช ืืฉืืื check_fingerprint. ืื ืืืืืืช ืฉื ืกืืื ื-hash sha1 ืขืืืจ ืืืืขืช ืืืฆืืข ืฉื ืืืฉืืจ ื-API ืฉื ืืฉืจืช ื ืืฉื (ืืฉืืื ืืืืืจื ืื ื ืืื), ืื ืื ื ืืจื ืืืจื ืืื ืืืขืืืช ืืืืืจ ืืื ื ืืืืืื ืืขืฆืืจ ืืช ืืคืขืืช ืืชืืื ืืช (ืื ืืชืช ืืืฉืชืืฉ ืืช ืืืืืื ืืช ืืชืงื ืืช ื ืชืื ื ืืืืืืจ):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
ืฉืืื ืื ืฉืืขืชืื ืืฉืืขืืจ APIClient ืืืืืง ืื ืงืจืืืช API (ืฉืืืืช api_call ะธ api_query, ื ืืืจ ืขืืืื ืขืื ืงืฆืช) sha1 ืืืฉืืจ ืืืืขืช ืืฆืืข ืืฉืจืช ื-API. ืืื ืื, ืืขืช ืืืืงืช ืืืืขืช ืืืฆืืข sha1 ืฉื ืืืฉืืจ ืฉืจืช ื-API, ืืืืชื ืฉืืืื (ืืืืฉืืจ ืืื ื ืืืืข ืื ืฉืื ื), ืืฉืืื check_fingerprint ืืกืคืง ืืช ืืืืืื ืืช ืืืืกืืฃ/ืืฉื ืืช ืืืืข ืืืืืชืื ืืืืฉื ืืืงืืื ืืืืคื ืืืืืืื. ื ืืชื ืืืื ืืช ืืกืืืื ืืื ืืืืืืื (ืื ื ืืชื ืืืืืืฅ โโืขื ืื ืจืง ืื ืกืงืจืืคืืื ืืืคืขืืื ืขื ืฉืจืช ื-API ืขืฆืื, ืืขืช ืืืืืจ ื-127.0.0.1), ืืืืฆืขืืช ืืืจืืืื ื APIClientArgs - unsafe_auto_accept (ืจืื ืขืื ืขื APIClientArgs ืงืืื ืืื ื"ืืืืจืช ืคืจืืืจื ืืืืืจ").
client_args = APIClientArgs(unsafe_auto_accept=True)
ืื ืืกื ืืฉืจืช API
ะฃ APIClient ืืฉ ืขื 3 ืฉืืืืช ืืื ืืกื ืืฉืจืช ื-API, ืืื ืืืช ืืื ืืืื ื ืืช ืืืฉืืขืืช ืกืื(Session-id), ืืืฉืืฉ ืืืืืืืืช ืืื ืงืจืืืช API ืขืืงื ืืืืชืจืช (ืืฉื ืืืืชืจืช ืฉื ืคืจืืืจ ืื ืืื X-chkp-sid), ืื ืฉืืื ืฆืืจื ืืืืฉืื ืืขืื ืืช ืืคืจืืืจ ืืื.
ืฉืืืช ืืื ืืกื
ืืคืฉืจืืช ืืืืฆืขืืช ืื ืืกื ืืกืืกืื (ืืืืืื, ืฉื ืืืฉืชืืฉ admin ืืืกืืกืื 1q2w3e ืืืขืืจืืช ืืืจืืืื ืืื ืืืงืืืืื):
login = client.login('admin', '1q2w3e')
ืคืจืืืจืื ืืืคืฆืืื ืืืื ื ืืกืคืื ืืืื ืื ืื ืืฉืืืช ืืื ืืกื; ืืืื ืฉืืืชืืื ืืขืจืื ืืจืืจืช ืืืืื ืฉืืื:
continue_last_session=False, domain=None, read_only=False, payload=None
ืฉืืื login_with_api_key
ืืคืฉืจืืช ืืืืฆืขืืช ืืคืชื API (ื ืชืื ืืื ืืืจืกืช ื ืืืื R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" ืืื ืขืจื ืืคืชื ื-API ืขืืืจ ืืื ืืืืฉืชืืฉืื ืืฉืจืช ืื ืืืื ืขื ืฉืืืช ืืจืฉืืช ืืคืชื ื-API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
ืืฉืืื login_with_api_key ืืืชื ืคืจืืืจืื ืืืคืฆืืื ืืืื ืืืื ืื ืืื ืืฉืืื ืืชืืืจ.
ืฉืืืช login_as_root
ืืคืฉืจืืช ืืืชืืืจ ืืืืฉื ืืงืืื ืขื ืฉืจืช API:
login = client.login_as_root()
ืืฉื ื ืจืง ืฉื ื ืคืจืืืจืื ืืืคืฆืืื ืืืื ืืืื ืื ืขืืืจ ืฉืืื ืื:
domain=None, payload=None
ืืืืกืืฃ ื-API ืงืืจื ืืขืฆืื
ืืฉ ืื ื ืฉืชื ืืคืฉืจืืืืช ืืืฆืข ืงืจืืืืช API ืืืืฆืขืืช ืฉืืืืช api_call ะธ api_query. ืืืื ื ืืื ืื ืืืืื ืืื ืืื.
api_call
ืฉืืื ืื ืืชืืืื ืืื ืฉืืืืช. ืื ืื ื ืฆืจืืืื ืืืขืืืจ ืืช ืืืืง ืืืืจืื ืฉื ืงืจืืืช ื-API ืืืืืขื ืืืืฃ ืืืงืฉื ืืืืืช ืืฆืืจื. ืื ืืืืขื ืจืืง, ืื ื ืืชื ืืฉืืจ ืืืชื ืืื:
api_versions = client.api_call('show-api-versions')
ืคืื ืขืืืจ ืืงืฉื ืื ืืชืืช ืืืืจื:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})
ืคืื ืขืืืจ ืืงืฉื ืื ืืชืืช ืืืืจื:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
ืืจืฉื ืื ืืืกืชืืื ืืื ืฉืฉืืื ืื ืืชืืืื ืจืง ืืฉืืืืช ืฉืืคืื ืฉืืื ืืจืื ืืืืกื. ืืกืงื ืืื ืืชืจืืฉืช ืืืฉืจ ืืื ืืืืื ืื ืขืฉืืื ืืืืื ืืืืช ืืืืื ืฉื ืืืืข. ืืืืืื, ืื ืืืืื ืืืืืช ืืงืฉื ืืจืฉืืื ืฉื ืื ืืืืืืืงืืื ืืืืจื ืฉื ืืฆืจื ืืฉืจืช ืื ืืืื. ืขืืืจ ืืงืฉืืช ืืืื, ื-API ืืืืืจ ืจืฉืืื ืฉื 50 ืืืืืืงืืื ืืืจืืจืช ืืืื (ื ืืชื ืืืืืื ืืช ืืืืืื ื-500 ืืืืืืงืืื ืืชืืืื). ืืืื ืื ืืืฉืื ืืช ืืืืืข ืืกืคืจ ืคืขืืื, ืฉืื ืื ืคืจืืืจ ื-offset ืืืงืฉืช ื-API, ืืฉ ืฉืืื api_query ืฉืขืืฉื ืืช ืื ืืฆืืจื ืืืืืืืืช. ืืืืืืืช ืืฉืืืืช ืฉืืื ื ืืจืฉืช ืฉืืื ืื: ืืืคืขื ืืืคืขืื, ืืืจืื ืืืคืขืื, ืจืฉืชืืช ืืืคืขืื, ืชืืืื ืืืืืื ืืืืคืขืื, ืงืืืฆืืช ืืืคืขืื, ืืืืื ืืชืืืืช ืืืคืขืื, ืฉืขืจื ืืืคืขืื ืคืฉืืืื, ืงืืฆื ืชืฆืืื ืคืฉืืืื, ืืฆืืช ืืืฉื ืืชืคืงืืืื, ืืงืืืืช ืืืืื ืื, ืืืืืืช ืืฆืื. ืืืขืฉื, ืื ื ืจืืืื ืืืืื ืืจืืื ืืฉื ืงืจืืืืช ื-API ืืืื, ืื ืฉืืืื ืงื ืืืชืจ ืืืคื ืืื ืืืืฆืขืืช api_query
show_hosts = client.api_query('show-hosts')
ืคืื ืขืืืจ ืืงืฉื ืื ืืชืืช ืืืืจื:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
ืขืืืื ืชืืฆืืืช ืงืจืืืืช API
ืืืืจ ืืื ืชืืื ืืืฉืชืืฉ ืืืฉืชื ืื ืืืฉืืืืช ืฉื ืืืืืงื APIResponse(ืื ืืชืื ืื ืื ืืืงืฉืจ ืืื ืืืืฆื ืื). ืืืืชื APIResponse 4 ืฉืืืืช ื-5 ืืฉืชื ืื ืืืืืจืื ืืจืืฉ; ื ืชืขืื ืขื ืืืฉืืืื ืืืืชืจ ืืคืืจืื ืจื ืืืชืจ.
ืืฆืืื
ืืืืชืืืื, ืืืื ืื ืจืขืืื ืืื ืืืืื ืฉืงืจืืืช ื-API ืืฆืืืื ืืืืืืจื ืชืืฆืื. ืืฉ ืฉืืื ืืื ืืฆืืื:
In [49]: api_versions.success
Out[49]: True
ืืืืืจื True ืื ืงืจืืืช ื-API ืืฆืืืื (ืงืื ืชืืืื - 200) ื-false ืื ืื ืืฆืืืื (ืื ืงืื ืชืืืื ืืืจ). ืื ื ืื ืืฉืืืืฉ ืืื ืืืืจ ืงืจืืืช API ืืื ืืืฆืื ืืืืข ืฉืื ื ืืืชืื ืืงืื ืืชืืืื.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message)
ืงืื ืกืืืืก
ืืืืืจื ืืช ืงืื ืืชืืืื ืืืืจ ืืืฆืืข ืงืจืืืช API.
In [62]: api_versions.status_code
Out[62]: 400
ืงืืื ืชืืืื ืืคืฉืจืืื: 200,400,401,403,404,409,500,501.
set_success_status
ืืืงืจื ืื, ืืืชืื ืฉืืืื ืฆืืจื ืืฉื ืืช ืืช ืืขืจื ืฉื ืกืืืืก ืืืฆืืื. ืืืืื ื ืืื ืืช, ืืชื ืืืื ืืฉืื ืฉื ืื ืืืจ, ืืคืืื ืืืจืืืช ืจืืืื. ืืื ืืืืื ืืืืชืืช ืชืืื ืืืคืืก ืืคืจืืืจ ืืื ื-False ืืชื ืืื ื ืืืืื ืืกืืืืื. ืืืื, ืฉืืื ืื ืืืืืื ืืืฉืจ ืืฉื ื ืืฉืืืืช ืฉืคืืขืืืช ืืฉืจืช ืื ืืืื, ืื ืื ื ื ืฉืงืื ืืช ืืืงืฉื ืืื ืืืฉืื (ืื ืื ื ื ืืืืจ ืืช ืืฉืชื ื ืืืฆืืื ื- ืื ื ืืื, ืืืจืืช ืฉืืงืจืืื ื-API ืืฆืืืื ืืืืืืจื ืงืื 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
break
ืชึฐืืึผืึธื()
ืฉืืืช ืืชืืืื ืืืคืฉืจืช ืืืฆืื ืืช ืืืืืื ืขื ืงืื ืืชืืืื (status_code) ืืืืฃ ืืชืืืื (body).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
ื ืชืื ืื
ืืืคืฉืจ ืืจืืืช ืจืง ืืช ืืืฃ ืืชืืืื (ืืืฃ) ืืื ืืืืข ืืืืชืจ.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
ืืืืขืช ืฉืืืื
ืืืืข ืื ืืืื ืจืง ืืืฉืจ ืืืจืขื ืฉืืืื ืืืืื ืขืืืื ืืงืฉืช ื-API (ืงืื ืชืืืื ืื 200). ืคืื ืืืืืื
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
ืืืืืืืช ืฉืืืืฉืืืช
ืืืื ืืืืืืืช ืืืฉืชืืฉืืช ืืงืจืืืืช API ืฉื ืืกืคื ื-Management API 1.6.
ะะปั ะฝะฐัะฐะปะฐ ัะฐััะผะพััะธะผ ัะฐะฑะพัั ะฒัะทะพะฒะพะฒ add-host ะธ add-address-range. ื ื ืื ืฉืขืืื ื ืืืฆืืจ ืืช ืื ืืชืืืืช ื-IP ืฉื ืจืฉืช ืืืฉื ื 192.168.0.0/24, ืฉืืืืงืืื ืืืืจืื ื ืฉืืื ืืื 5, ืืืืืืืงืืื ืืกืื ืืืืจื, ืืืืชืื ืืช ืื ืฉืืจ ืืชืืืืช ื-IP ืืืืืืืงืืื ืืกืื ืืืื ืืืชืืืืช. ืืืงืจื ืื, ืื ืชืืืื ืืช ืืชืืืช ืจืฉืช ืืืฉื ื ืืืช ืืชืืืช ืืฉืืืืจ.
ืื, ืืืื ืกืงืจืืคื ืฉืคืืชืจ ืืขืื ืื ืืืืฆืจ 50 ืืืืืืงืืื ืืกืื ืืืืจื ื-51 ืืืืืืงืืื ืืกืื ืืืื ืืืชืืืืช. ืืื ืืคืชืืจ ืืช ืืืขืื, ื ืืจืฉืืช 101 ืงืจืืืืช API (ืื ืกืืคืจืื ืืช ืงืจืืืช ืืคืจืกืื ืืกืืคืืช). ืืื ืื, ืืืืฆืขืืช ืืืืื timeit, ืื ื ืืืฉืืื ืืช ืืืื ืฉืืืงื ืืืืฆืืข ืืกืงืจืืคื ืขื ืืคืจืกืื ืืฉืื ืืืื.
ืกืงืจืืคื ืืืืฆืขืืช add-host ื-add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
ืืกืืืืช ืืืขืืื ืฉืื, ืืกืงืจืืคื ืืื ืืืงื ืืื 30 ื-50 ืฉื ืืืช ืืืืฆืืข, ืชืืื ืืขืืืก ืขื ืฉืจืช ืื ืืืื.
ืืขืช ื ืจืื ืืืฆื ื ืืชื ืืคืชืืจ ืืช ืืืชื ืืขืื ืืืืฆืขืืช ืงืจืืืช API add-objects-batch, ืขืืืจื ื ืืกืคื ืชืืืื ืืืืจืกืช API 1.6. ืงืจืืื ืื ืืืคืฉืจืช ืื ืืืฆืืจ ืืืืืืงืืื ืจืืื ืื-ืืื ืืช ืืืงืฉืช API ืืืช. ืืชืจื ืืื, ืืื ืืืืืื ืืืืืช ืืืืืืงืืื ืืกืืืื ืฉืื ืื (ืืืืืื, ืืืจืืื, ืจืฉืชืืช ืืฉื ื ืืืืืื ืืชืืืืช). ืื, ื ืืชื ืืคืชืืจ ืืช ืืืฉืืื ืฉืื ื ืืืกืืจืช ืงืจืืืช API ืืืช.
ืกืงืจืืคื ืืืืฆืขืืช add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
ืืืคืขืืช ืืกืงืจืืคื ืืื ืืกืืืืช ืืืขืืื ืฉืื ื ืืฉืืช ืืื 3 ื-7 ืฉื ืืืช, ืชืืื ืืขืืืก ืขื ืฉืจืช ืื ืืืื. ืืืืืจ, ืืืืืฆืข, ืขื 101 ืืืืืืงืื API, ืงืจืืื ืืกืื ืืฆืืื ืคืืขืืช ืคื 10 ืืืจ ืืืชืจ. ืขื ืืกืคืจ ืืืื ืืืชืจ ืฉื ืืคืฆืื ืืืืื ืืืื ืืคืืื ืืืชืจ ืืจืฉืื.
ืขืืฉืื ืืืื ื ืจืื ืืื ืืขืืื ืขื set-objects-batch. ืืืืฆืขืืช ืงืจืืืช API ืื, ืื ื ืืืืืื ืืฉื ืืช ืืืืืช ืืืืื ืื ืคืจืืืจ. ืืืื ื ืืืืจ ืืช ืืืฆื ืืจืืฉืื ืฉื ืืืชืืืืช ืืืืืืื ืืงืืืืช (ืขื .124 ืืืจืืื, ืืื ืืืืืื) ืืฆืืข sienna, ืื ืงืฆื ืืช ืืฆืืข ืืืงื ืืืฆื ืืฉื ื ืฉื ืืืชืืืืช.
ืฉืื ืื ืฆืืข ืืืืืืืงืืื ืฉื ืืฆืจื ืืืืืื ืืงืืืืช
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
ืืชื ืืืื ืืืืืง ืืืืืืงืืื ืืจืืืื ืืงืจืืืช API ืืืช ืืืืฆืขืืช ืืืง-ืืืืืืงืืื-ืืฆืืื. ืืขืช ื ืกืชืื ืขื ืืืืื ืืงืื ืฉืืืืงืช ืืช ืื ืืืืจืืื ืฉื ืืฆืจื ืืขืืจ ืืืืฆืขืืช add-objects-batch.
ืืืืงืช ืืืืืืงืืื ืืืืฆืขืืช delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
ืื ืืคืื ืงืฆืืืช ืืืืคืืขืืช ืืืืืืจืืช ืืืฉืืช ืฉื ืชืืื ืช ืฆ'ืง ืคืืื ื ืจืืืฉืืช ืืื ืงืจืืืืช API. ืืคืืื, ื-R80.40 ืืืคืืขื "ืชืืื ืืช" ืืืื Revert to revision ื-Smart Task, ืืงืจืืืืช API ืืชืืืืืช ืืืื ื ืืื ืืื. ืืชืจ ืขื ืื, ืื ืืคืื ืงืฆืืื ืืืืช ืืขืช ืืขืืจ ืืงืื ืกืืืืช ืืืืจ ืงืืื ืืืฆื Unified Policy ืืงืืืช ืื ืชืืืืช API. ืืืืืื, ืืขืืืื ืืืืืื ืืืจืกืช ืืชืืื ื R80.40 ืืื ืืืขืืจ ืฉื ืืืื ืืืช ื-HTTPS Inspection ืืืฆื Legacy ืืืฆื Unified Policy, ืืคืื ืงืฆืืื ืืืืช ืื ืงืืืื ืืื ืงืจืืืืช API. ืื ื ืืืืื ืืงืื ืฉืืืกืืฃ ืืื ืืืืงืื ืืขืืืื ืฉื ืืืื ืืืช ื-HTTPS Inspection ืืืืฆืืื 3 ืงืืืืจืืืช ืืืืืืงื (ืืจืืืืช, ืคืื ื ืกืื, ืฉืืจืืชื ืืืฉืืชืืื), ืืืกืืจืืช ืืืืืงื ืืืชืื ืืืืง ืืืกืคืจ ืืืื ืืช.
ืืืกืฃ ืืื ืืืืื ืืืช ืืืืงืช HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
ืืคืขืืช ืกืงืจืืคืืื ืฉื Python ืืฉืจืช ืื ืืืื ืฉื ืฆ'ืง ืคืืื ื
ืืื ืืืชื ืืืจ
ืกืงืจืืคื ืืืืืจื ืืืืจื ืฉื ืืืืงืช ืืืืื
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main()
ืงืืืฅ ืืืืืื ืขื ืืืืื ืกืืกืื additional_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","ะฟะฐัะพะปั","ะะฐัะพะปั","ะะปัั","ะบะปัั","ัะธัั","ะจะธัั"]
}
ืืกืงื ื
ืืืืจ ืื ืืืื ืจืง ืืช ืืืคืฉืจืืืืช ืืืกืืกืืืช ืฉื ืขืืืื ืคืืชืื SDK ืืืืืื cpapi(ืืคื ืฉืืืื ื ืืืฉืชื, ืืื ืืืขืฉื ืืืืื ื ืจืืคืืช), ืืขื ืืื ืืืืื ืืงืื ืืืืืื ืื ืชืืื ืขืื ืืืชืจ ืืืืื ืืืืช ืืขืืื ืืืชื. ืืืชืื ืฉืชืจืฆื ืืืฉืืื ืืืชื ืขื ืืืืงืืช, ืคืื ืงืฆืืืช, ืฉืืืืช ืืืฉืชื ืื ืืฉืื. ืืชื ืชืืื ืืืื ืืฉืชืฃ ืืช ืืขืืืื ืฉืื ืืืืฆืื ืกืงืจืืคืืื ืืืจืื ืขืืืจ ืฆ'ืง ืคืืื ื ืืงืืข
ืงืืืื ืฉืื ืืชืืื ืฉืงืจืืชื ืขื ืืกืืฃ!
ืืงืืจ: www.habr.com