E tino mohio ana ahau ko nga tangata katoa kua mahi tahi me , i puta he amuamu mo te kore e taea te whakatika i te whirihoranga mai i te raina whakahau. He mea rereke tenei mo te hunga i mahi i mua me Cisco ASA, ka taea te whirihora i nga mea katoa ki te CLI. Ma te Tohu Tiro he rereke - ko nga tautuhinga haumarutanga katoa i mahia mai i te atanga kauwhata. Heoi, ko etahi mea he tino uaua ki te mahi na roto i te GUI (ahakoa tetahi e watea ana ki a Check Point's). Hei tauira, ko te mahi ki te taapiri i te 100 nga kaihautu hou, i nga whatunga ranei ka huri hei tikanga roa me te hoha. Mo ia ahanoa me paato koe i te kiore kia maha nga wa ka uru ki te wahitau IP. He pera ano mo te hanga i tetahi roopu waahi, papatipu whakahoa/whakakore i nga waitohu IPS. I roto i tenei take, he nui te tupono o te he.
He "merekara" i tupu tata nei. Na te tukunga o te putanga hou Gaia R80 i panuitia te whai waahi te whakamahi API, e whakatuwhera ana i nga waahi whanui mo te whakaaunoa i nga tautuhinga, te whakahaere, te aroturuki, me era atu. Inaianei ka taea e koe:
- hanga taonga;
- te taapiri, te whakatika ranei i nga rarangi uru;
- Whakahohe/whakakorea nga matatahi;
- whirihora atanga whatunga;
- tāuta kaupapa here;
- me te nui atu.
Ki te korero pono, kaore au i te mohio me pehea tenei korero i paahihia e Habr. I roto i tenei tuhinga ka whakaahua poto matou me pehea te whakamahi i te API me te whakarato i nga tauira maha. Tautuhinga Takitaki ma te whakamahi i nga tuhinga.
Kei te pirangi au ki te rahui i tenei wa tonu ka whakamahia te API mo te tūmau Whakahaere anake. Ko era. Kaore e taea te whakahaere i nga kuaha kaore he tūmau Whakahaere.
Ko wai ka taea te whakamahi i tenei API i runga i te kaupapa?
- Ko nga kaiwhakahaere o te punaha e hiahia ana ki te whakangawari, ki te whakaaunoa ranei i nga mahi whirihoranga Tiro Tiro;
- Ko nga kamupene e hiahia ana ki te whakauru i te Takitaki ki etahi atu otinga (nga punaha virtualization, nga punaha tikiti, nga punaha whakahaere whirihoranga, me etahi atu);
- Ko nga kaiwhakauru o te punaha e hiahia ana ki te whakataurite i nga tautuhinga, ki te hanga ranei i etahi atu hua e pa ana ki te Tohu Tirohanga.
Kaupapa angamaheni
Na, me whakaaro he kaupapa angamaheni me te Tohu Taki:
Ka rite ki o mua he kuaha ta matou (SG), tūmau whakahaere (SMS) me te papatohu kaiwhakahaere (SmartConsole). I roto i tenei take, ko te ahua o te tukanga whirihoranga kuaha o mua:
Ko era. Tuatahi me rere koe i runga i te rorohiko a te kaiwhakahaere SmartConsole, ka hono atu matou ki te tūmau Whakahaere (SMS). Ka mahia nga tautuhinga haumarutanga i runga i te SMS, katahi ka tukuna (tāuta kaupapa here) ki te kuwaha (SG).
A, no te whakamahi API Whakahaere, ka taea e tatou te peke i te waahi tuatahi (whakarewa SmartConsole) me te whakamahi Nga whakahau API tika ki te tūmau Whakahaere (SMS).
Nga huarahi hei whakamahi i te API
E wha nga huarahi matua hei whakatika i te whirihoranga ma te whakamahi i te API:
1) Ma te whakamahi i te whaipainga mgmt_cli
Tauira - # mgmt_cli tāpiri ingoa ope host1 ip-wāhitau 192.168.2.100
Kei te whakahaeretia tenei tono mai i te raina whakahau a te Kaiwhakahaere Whakahaere (SMS). Ki taku whakaaro he maamaa te wetereo o te whakahau - ka hangaia te host1 me te wahitau 192.168.2.100.
2) Whakauruhia nga whakahau API ma te clish (i roto i te aratau tohunga)
Ko te tikanga, ko nga mea katoa e hiahia ana koe kia uru ki te raina whakahau (takiuru mgmt) i raro i te kaute ka whakamahia i te wa e hono ana ma te SmartConsole (te putea pakiaka ranei). Na ka taea e koe te whakauru Nga whakahau API (i tenei keehi kaore he take ki te whakamahi i te whaipainga i mua i ia whakahau mgmt_cli). Ka taea e koe te hanga i nga mea katoa Tuhinga BASH. He tauira o te tuhinga ka hangaia e te kaihautu:
Tuhituhi Bash
#!/bin/bash
main() {
clear
#LOGIN (don't ask for username and password, user is already logged in to Management server as 'root' user)
mgmt_cli login --root true > id_add_host.txt
on_error_print_and_exit "Error: Failed to login, check that the server is up and running (run 'api status')"
#READ HOST NAME
printf "Enter host name:n"
read -e host_name
on_empty_input_print_and_exit "$host_name" "Error: The host's name cannot be empty."
#READ IP ADDRESS
printf "nEnter host IP address:n"
read -e ip
on_empty_input_print_and_exit "$ip" "Error: The host's IP address cannot be empty."
#CREATE HOST
printf "Creating new host: $host_name with IP address: $ipn"
new_host_response=$(mgmt_cli add host name $host_name ip-address $ip -s id_add_host.txt 2> /dev/null)
on_error_print_and_exit "Error: Failed to create host object. n$new_host_response"
#PUBLISH THE CHANGES
printf "nPublishing the changesn"
mgmt_cli publish --root true -s id_add_host.txt &> /dev/null
on_error_print_and_exit "Error: Failed to publish the changes."
#LOGOUT
logout
printf "Done.n"
}
logout(){
mgmt_cli logout --root true -s id_add_host.txt &> /dev/null
}
on_error_print_and_exit(){
if [ $? -ne 0 ]; then
handle_error "$1"
fi
}
handle_error(){
printf "n$1n" #print error message
mgmt_cli discard --root true -s id_add_host.txt &> /dev/null
logout
exit 1
}
on_empty_input_print_and_exit(){
if [ -z "$1" ]; then
printf "$2n" #print error message
logout
exit 0
fi
}
# Script starts here. Call function "main".
main
Mena kei te pirangi koe, ka taea e koe te maataki i te ataata e pa ana:
3) Ma te SmartConsole ma te whakatuwhera i te matapihi CLI
Ko nga mea katoa me mahi koe ko te whakatuwhera i te matapihi CLI tika mai SmartConsole, e whakaatuhia ana i te pikitia i raro nei.
I tenei matapihi, ka taea e koe te timata tonu ki te whakauru i nga whakahau API.
4) Ratonga Tukutuku. Whakamahia te tono Tukunga HTTPS (REST API)
Ki ta matou whakaaro, koinei tetahi o nga tikanga tino pai, na te mea ka taea e koe te "hanga" i nga tono katoa i runga whakahaere whakahaere tūmau (pouri mo te tautology). Kei raro ka titiro tatou ki tenei tikanga i roto i nga korero iti.
Hei whakarāpopoto:
- API + cli he pai ake mo nga tangata kua mohio ki a Cisco;
- API + anga mo te tono tuhinga me te mahi i nga mahi o ia ra;
- API REST mo te aunoatanga.
Whakahohe i te API
Ma te taunoa, ka taea te API ki runga i nga kaiwhakarato whakahaere neke atu i te 4GB o te RAM me nga whirihoranga motuhake me te neke atu i te 8GB o te RAM. Ka taea e koe te tirotiro i te mana ma te whakamahi i te whakahau: mana api
Mena ka kitea kua monokia te api, he ngawari noa ki te whakahohe ma te SmartConsole: Whakahaere & Tautuhinga> Matatahi> API Whakahaere> Tautuhinga Arā Atu Anō
Na ka whakaputa (Whakaputa) ka huri me te whakahaere i te whakahau api whakaara ano.
Tono Tukutuku + Python
Hei whakahaere i nga whakahau API, ka taea e koe te whakamahi i nga tono Tukutuku ma te whakamahi nānati me nga whare pukapuka Tono, json. Ko te tikanga, e toru nga wahanga o te hanganga o te tono paetukutuku:
1)Wāhitau
(https://<managemenet server>:<port>/web_api/<command>)
2) Nga Pane HTTP
content-Type: application/json
x-chkp-sid: <session ID token as returned by the login command>
3) Tono utu
Kuputuhi kei te hōputu JSON kei roto nga tawhā rereke
He tauira mo te karanga i nga momo whakahau:
def api_call(ip_addr, port, command, json_payload, sid):
url = 'https://' + ip_addr + ':' + str(port) + '/web_api/' + command
if sid == “”:
request_headers = {'Content-Type' : 'application/json'}
else:
request_headers = {'Content-Type' : 'application/json', 'X-chkp-sid' : sid}
r = requests.post(url,data=json.dumps(json_payload), headers=request_headers,verify=False)
return r.json()
'xxx.xxx.xxx.xxx' -> Ip address GAIA
Anei etahi o nga mahi angamaheni ka tino pa ki a koe i te wa e whakahaere ana i te Tohu Taki.
1) Tauira o nga mahi whakamana me te takiputa:
Hōtuhi
payload = {‘user’: ‘your_user’, ‘password’ : ‘your_password’}
response = api_call('xxx.xxx.xxx.xxx', 443, 'login',payload, '')
return response["sid"]
response = api_call('xxx.xxx.xxx.xxx', 443,'logout', {} ,sid)
return response["message"]
2) Te huri i nga matatahi me te whakarite i te whatunga:
Hōtuhi
new_gateway_data = {'name':'CPGleb','anti-bot':True,'anti-virus' : True,'application-control':True,'ips':True,'url-filtering':True,'interfaces':
[{'name':"eth0",'topology':'external','ipv4-address': 'xxx.xxx.xxx.xxx',"ipv4-network-mask": "255.255.255.0"},
{'name':"eth1",'topology':'internal','ipv4-address': 'xxx.xxx.xxx.xxx',"ipv4-network-mask": "255.255.255.0"}]}
new_gateway_result = api_call('xxx.xxx.xxx.xxx', 443,'set-simple-gateway', new_gateway_data ,sid)
print(json.dumps(new_gateway_result))
3) Te huri i nga ture pātūahi:
Hōtuhi
new_access_data={'name':'Cleanup rule','layer':'Network','action':'Accept'}
new_access_result = api_call('xxx.xxx.xxx.xxx', 443,'set-access-rule', new_access_data ,sid)
print(json.dumps(new_access_result))
4) Tāpiri apa Taupānga:
Hōtuhi
add_access_layer_application={ 'name' : 'application123',"applications-and-url-filtering" : True,"firewall" : False}
add_access_layer_application_result = api_call('xxx.xxx.xxx.xxx', 443,'add-access-layer', add_access_layer_application ,sid)
print(json.dumps(add_access_layer_application_result))
set_package_layer={"name" : "Standard","access":True,"access-layers" : {"add" : [ { "name" : "application123","position" :2}]} ,"installation-targets" : "CPGleb"}
set_package_layer_result = api_call('xxx.xxx.xxx.xxx', 443,'set-package', set_package_layer ,sid)
print(json.dumps(set_package_layer_result))
5) Whakaputahia me te whakarite i te kaupapa here, tirohia te mahi o te whakahau (task-id):
Hōtuhi
publish_result = api_call('xxx.xxx.xxx.xxx', 443,"publish", {},sid)
print("publish result: " + json.dumps(publish_result))
new_policy = {'policy-package':'Standard','access':True,'targets':['CPGleb']}
new_policy_result = api_call('xxx.xxx.xxx.xxx', 443,'install-policy', new_policy ,sid)
print(json.dumps(new_policy_result)
task_id=(json.dumps(new_policy_result ["task-id"]))
len_str=len(task_id)
task_id=task_id[1:(len_str-1)]
show_task_id ={'task-id':(task_id)}
show_task=api_call('xxx.xxx.xxx.xxx',443,'show-task',show_task_id,sid)
print(json.dumps(show_task))
6) Tāpiri kaihautū:
Hōtuhi
new_host_data = {'name':'JohnDoePc', 'ip-address': '192.168.0.10'}
new_host_result = api_call('xxx.xxx.xxx.xxx', 443,'add-host', new_host_data ,sid)
print(json.dumps(new_host_result))
7) Tāpirihia he āpure Ārai Whakawehi:
Hōtuhi
set_package_layer={'name':'Standard','threat-prevention' :True,'installation-targets':'CPGleb'}
set_package_layer_result = api_call('xxx.xxx.xxx.xxx', 443,'set-package',set_package_layer,sid)
print(json.dumps(set_package_layer_result))
8) Tirohia te rarangi o nga waahi
Hōtuhi
new_session_data = {'limit':'50', 'offset':'0','details-level' : 'standard'}
new_session_result = api_call('xxx.xxx.xxx.xxx', 443,'show-sessions', new_session_data ,sid)
print(json.dumps(new_session_result))
9) Waihangatia he kōtaha hōu:
Hōtuhi
add_threat_profile={'name':'Apeiron', "active-protections-performance-impact" : "low","active-protections-severity" : "low or above","confidence-level-medium" : "prevent",
"confidence-level-high" : "prevent", "threat-emulation" : True,"anti-virus" : True,"anti-bot" : True,"ips" : True,
"ips-settings" : { "newly-updated-protections" : "staging","exclude-protection-with-performance-impact" : True,"exclude-protection-with-performance-impact-mode" : "High or lower"},
"overrides" : [ {"protection" : "3Com Network Supervisor Directory Traversal","capture-packets" : True,"action" : "Prevent","track" : "Log"},
{"protection" : "7-Zip ARJ Archive Handling Buffer Overflow", "capture-packets" : True,"action" : "Prevent","track" : "Log"} ]}
add_threat_profile_result=api_call('xxx.xxx.xxx.xxx',443,'add-threat-profile',add_threat_profile,sid)
print(json.dumps(add_threat_profile_result))
10) Hurihia te mahi mo te waitohu IPS:
Hōtuhi
set_threat_protection={
"name" : "3Com Network Supervisor Directory Traversal",
"overrides" : [{ "profile" : "Apeiron","action" : "Detect","track" : "Log","capture-packets" : True},
{ "profile" : "Apeiron", "action" : "Detect", "track" : "Log", "capture-packets" : False} ]}
set_threat_protection_result=api_call('xxx.xxx.xxx.xxx',443,'set-threat-protection',set_threat_protection,sid)
print(json.dumps(set_threat_protection_result))
11) Tāpirihia to ratonga:
Hōtuhi
add_service_udp={ "name" : "Dota2_udp", "port" : '27000-27030',
"keep-connections-open-after-policy-installation" : False,
"session-timeout" : 0, "match-for-any" : True,
"sync-connections-on-cluster" : True,
"aggressive-aging" : {"enable" : True, "timeout" : 360,"use-default-timeout" : False },
"accept-replies" : False}
add_service_udp_results=api_call('xxx.xxx.xxx.xxx',443,"add-service-udp",add_service_udp,sid)
print(json.dumps(add_service_udp_results))
12) Tāpirihia he kāwai, pae, rōpū rānei:
Hōtuhi
add_application_site_category={ "name" : "Valve","description" : "Valve Games"}
add_application_site_category_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site-category",add_application_site_category,sid)
print(json.dumps(add_application_site_category_results))
add_application_site={ "name" : "Dota2", "primary-category" : "Valve", "description" : "Dotka",
"url-list" : [ "www.dota2.ru" ], "urls-defined-as-regular-expression" : False}
add_application_site_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site " ,
add_application_site , sid)
print(json.dumps(add_application_site_results))
add_application_site_group={"name" : "Games","members" : [ "Dota2"]}
add_application_site_group_results=api_call('xxx.xxx.xxx.xxx',443,"add-application-site-group",add_application_site_group,sid)
print(json.dumps(add_application_site_group_results))
I tua atu, me te awhina API Tukutuku ka taea e koe te taapiri me te tango i nga whatunga, nga kaihautu, nga waahi uru, aha atu. Ka taea te whakarite i nga mata Antivirus, Antibot, IPS, VPN. Ka taea hoki te whakauru raihana ma te whakamahi i te whakahau run-script. Ka kitea nga whakahau API Takitaki katoa i konei .
Tirotiro API + Kaituku Poutāpeta
He watea hoki ki te whakamahi Tirohia Point API Tukutuku i te taha o . He putanga papamahi a Postman mo Windows, Linux me MacOS. I tua atu, he mono mo Google Chrome. Ko tenei ka whakamahia e matou. Tuatahi me rapu koe i te Kaitiaki i te Toa Google Chrome me te whakauru:
Ma te whakamahi i tenei taputapu, ka taea e matou te whakaputa tono Tukutuku ki te API Takitaki. Kia kore ai e maharatia nga whakahau API katoa, ka taea te kawemai i nga kohinga e kiia nei ko nga kohinga (tauira), kei roto katoa nga whakahau e tika ana:
ka kitea e koutou kohinga ki R80.10. Whai muri i te kawemai, ka waatea mai nga tauira whakahau API ki a matou:
Ki taku whakaaro, he tino watea tenei. Ka taea e koe te timata wawe ki te whakawhanake i nga tono ma te whakamahi i te API Tohu Tirohanga.
Tohu Tirohanga + Ansible
E hiahia ana hoki ahau ki te tuhi kei reira Ka taea mo CheckPoint API. Ko te kōwae ka taea e koe te whakahaere i nga whirihoranga, engari kaore i te watea mo te whakaoti rapanga o waho. Ko te tuhi i nga tuhinga i roto i tetahi reo whakamaoritanga ka nui ake te ngawari me te waatea.
mutunga
Koinei te waahi ka mutu pea ta maatau arotake poto mo te API Takitaki. Ki taku whakaaro, ko tenei ahuatanga kua roa te tatari me te tika. Ko te putanga o te API ka whakatuwhera i nga huarahi tino whanui mo nga kaiwhakahaere punaha me nga kaiwhakauru punaha e mahi tahi ana me nga hua Tirotiro. Ko te whakahiato, te mahi aunoa, te urupare a te SIEM... ka taea katoa inaianei.
PS Ētahi atu tuhinga mo i nga wa katoa ka kitea e koe i runga i ta maatau blog ranei i runga i te rangitaki i .
PSS Mo nga patai hangarau e pa ana ki te whakaturanga Takitaki, ka taea e koe
Ko nga kaiwhakamahi kua rehita anake ka uru ki te rangahau. tēnā.
Kei te whakamahere koe ki te whakamahi i te API?
-
70,6 orauAe12
-
23,5 orauNo4
-
5,9 orauKua whakamahi kē1
17 nga kaiwhakamahi i pooti. 3 nga kaiwhakamahi i aukati.
Source: will.com