APIs ááŸáá·áº API áá¯á¶á·ááŒááºááŸá¯áá»á¬ážááᯠááá¯ááºážááŒá¬ážá
áááºááŒá¬ááẠáááááá¬áá»á¬ážááᯠááá¯ááºážááá
áºááŒáá·áº áááºáá®ážááá¯ááºáá±á¬á¡áá«ááœáẠáááá¯ááááºáá¯ááºáá»á¬ážááŸáá·áº ááœá²áá¯á¶ážááá·áºá¡áá« API áá»á¬ážááŸáá·áº á¡ááŒááºá¡ááŸááºáá¯á¶á·ááŒááºááŸá¯á á
áœááºážá¡á¬ážááᯠáá¯ááºáá±á¬áºááŒááá«áááºá ááá¯á·áá±á¬áº áááºážááẠááááááŒá¯áááá±ážáá±á Python Software Development Kit (áá±á¬ááºááœáẠPython SDK áᯠáááºááœáŸááºážáááº) Point Management API ááᯠá
á
áºáá±ážáá«ááá«áá±ááá·áº á¡ááá¬ážáá²á áááºážááẠdeveloper áá»á¬ážááŸáá·áº automation áá«ááá¬á¡áá¯ážáá»á¬ážáááááᯠáááááá¬áá¬ááá¯ážááŸááºážá
á±áááºá Python ááẠáááŒá¬áá±ážáá®á áá°ááŒáá¯ááºáá»á¬ážáá¬áá²á·ááŒá®áž ááœááºáááºááᯠááŒáá·áºá
áœááºááŒá®áž áááºáá¡ááºá¹áá«áááºáá»á¬ážááᯠááŒááºáááºáá¯á¶ážáááºááẠáá¯á¶ážááŒááºáá²á·áááºá
Check Point ááẠAPI ááᯠáááºááŒáœá
áœá¬ áá®ááœááºáá±ááŒá®áž ááá¯á¡áá»áááºááœáẠá¡á±á¬ááºáá«ááá¯á·ááᯠáá¯ááºááŒááºááá¯ááºáááº-
Check Point Management API (áááºááŸááá¬ážááŸááºáž 1.6) â API ááŸáá áºááá·áº ááááºážáá»á¯ááºáá¬áá¬ááŸáá·áº á¡áá¯ááºáá¯ááºáá« (ááŸáá·áº control server á០ááááºážáá»á¯ááºáá¬ážáá±á¬ ááááºááá»á¬ážáá±á«áºááœáẠscripts áá»á¬ážááᯠáá¯ááºáá±á¬ááºááá¯ááºááŸá¯)Check Point GAIA API (áááºááŸááá¬ážááŸááºáž 1.4) - áá¯á¶ááŒá¯á¶áá±ážáá¶áá«ážáá±á«ááºáá»á¬ážááŸáá·áºá¡áá¯ááºáá¯ááºáá«áááŒáááºážááŒá±á¬ááºááŸá¯áá¬ááœááºááŒááºáž API 1.0 â Check Point cloud ááŸá sandbox ááŸáá·áºá¡áá¯ááºáá¯ááºááŒááºážáIdentity Awareness API â ááááºááá»á¬ážááœáẠIdentity Awareness blade ááŒáá·áº áá¯ááºáá±á¬ááºááŒááºážááá¯á¶ááŒá¯á¶áá±ážá á®áá¶ááá·áºááœá²ááŸá¯ Portal API - SMB áá¶áá«ážáá±á«áẠá á®áá¶ááá·áºááœá²ááŸá¯ áá±á«áºáááºááŸáá·áº á¡áá¯ááºáá¯ááºáá« (SMB gateways á¡ááŒá±á¬ááºáž áá±á¬ááºááẠ)IoT API - IoT ááááºážáá»á¯ááºáá°áá»á¬ážááŸáá·áº á¡ááŒááºá¡ááŸááºáááºáá¶ááŒááºážáCloudGuard áá»áááºáááºááŸá¯ API - á¡áá°á¡áá¯ááºáá¯ááºCloudGuard áá»áááºáááºááŸá¯ (SD-WAN áá¯á¶ááŒá¯á¶áá±ážááŒá±ááŸááºážáá»ááº)Dome9 API - á¡áá°á¡áá¯ááºáá¯ááºá¡ááá¯ážáá¯á¶áž á
Python SDK ááẠáááºááŸáááœáẠManagement API ááŸáá·áº á¡ááŒááºá¡ááŸááºáááºááœááºááŸá¯ááá¯áᬠáá¶á·ááá¯ážáá±ážáá«áááºá Gaia API. ဠmodule ááŸá á¡áá±ážááŒá®ážáá¯á¶áž á¡áááºážáá»á¬ážá áááºážáááºážáá»á¬ážááŸáá·áº ááááºážááŸááºáá»á¬ážááᯠááŒáá·áºáá«áááºá
module ááá¯áááºáááºááŒááºážá
á¡ááá¯ááºáž cpapi á០áá»ááºááŒááºááœááºáá°á
áœá¬ install áá¯ááºáá«á
á áááº
áá»áœááºá¯ááºááá¯á·ááẠcpapi module áá¡á áááºá¡ááá¯ááºážáá»á¬ážááŸáá·áºá¡áá¯ááºáá¯ááºááá¯ááºá á±áááºá¡ááœááºá áá»áœááºá¯ááºááá¯á·ááẠmodule ááŸáááºááœááºážáááºááá¯á¡ááºáá«áááºá cpapi á¡áááºážáá¯á¶ážááá¯á¡ááºáá±á¬á¡áááºážááŸá áºáá¯
APIClient О APIClientArgs
from cpapi import APIClient, APIClientArgs
á¡áááºážá¡á á¬áž APIClientArgs API server ááŸáá·áº class ááá¯á·á¡á¬áž áá»áááºáááºááŸá¯ parameters áá»á¬ážá¡ááœáẠáá¬áááºááŸááááºá APIClient API ááŸáá·áºá¡ááŒááºá¡ááŸááºáááºáá¶áá±ážá¡ááœáẠáá¬áááºááŸááááºá
áá»áááºáááºááŸá¯áá±á¬ááºáá»á¬ážááᯠáááºááŸááºááŒááºážá
API ááá¯á· áá»áááºáááºáááºá¡ááœáẠá¡áá»áá¯ážáá»áá¯ážáá±á¬ ááá·áºáááºáá±á¬ááºáá»á¬ážááᯠáááºááŸááºáááºá class á á¥ááá¬áá áºáᯠáááºáá®ážááẠááá¯á¡ááºáááºá APIClientArgs. áá°á¡áá áááºážá parameters áá»á¬ážááᯠááŒáá¯áááºáááºááŸááºáá¬ážááŒá®áž control server ááœáẠscript ááᯠrun áá±á¬á¡áá«ááœáẠáááºážááá¯á·á¡á¬áž áááºááŸááºáááºáááá¯á¡ááºáá«á
client_args = APIClientArgs()
ááá¯á·áá±á¬áº ááŒááºáá¡ááœá²á·á¡á ááºážáá áºáá¯á០áááºáá¶áá±á¬ááºááœááºáá±ážááá·áºá¡áá«ááœááºá áááºááẠá¡áááºážáá¯á¶áž API áá¬áᬠááá¯á·ááá¯áẠáááºáá¶áá±á¬ááºááœááºáá±ážáá°á¡ááẠ(á á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬áá¯áááºáž áá±á«áºáááº) ááᯠáááºááŸááºááẠááá¯á¡ááºáááºá á¡á±á¬ááºáá±á¬áºááŒáá« á¥ááá¬ááœááºá áá»áœááºá¯ááºááá¯á·ááẠáá¬áá¬áá»áááºáááºááŸá¯ ááá·áºáááºáá±á¬ááºááᯠáááºááŸááºááŒá®áž áááºážá¡á¬áž á á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬á IP ááááºá á¬ááᯠá á¬ááŒá±á¬ááºážáá áºáá¯á¡ááŒá ẠáááºááŸááºáá±ážáááºá
client_args = APIClientArgs(server='192.168.47.241')
API áá¬áá¬ááá¯á· áá»áááºáááºáá¬ááœáẠá¡áá¯á¶ážááŒá¯ááá¯ááºááá·áº ááá·áºáááºáá±á¬ááºáá»á¬ážááŸáá·áº áááºážááá¯á·á áá°áááºážáááºááá¯ážáá»á¬ážááᯠááŒáá·áºááŒáá«á áá¯á·á
APIClientArgs á¡áááºážá __init__ áááºážáááºážá á¡ááŒá±á¬ááºážááŒáá»ááºáá»á¬áž
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = context
APIClientArgs á¡áááºážá áá¬áááá»á¬ážááœáẠá¡áá¯á¶ážááŒá¯ááá¯ááºááá·áº á¡ááŒá±á¬ááºážááŒáá»ááºáá»á¬ážááẠCheck Point á á®áá¶ááá·áºááœá²áá°áá»á¬ážá¡ááœáẠá¡ááá¯ááá¯ááááá¯ááºááŒá®áž á¡ááá¯ááŸááºáá»ááºáá»á¬áž áááá¯á¡ááºááŒá±á¬ááºáž áá»áœááºá¯ááºáá¯á¶ááŒááºáá«áááºá
APIClient ááŸáá·áº áááºá ááºáááºáá±áá»á¬ááŸáá áºááá·áº áá»áááºáááºáá±áááºá
á¡áááºážá¡á á¬áž APIClient á¡áá¯á¶ážááŒá¯ááẠá¡áááºááŒá±áá¯á¶ážáááºážáááºážááŸá¬ context manager ááŸáááá·áºááŒá áºáááºá APIClient á¡áááºážá á á¶ááá°áá¬áá áºáá¯ááá¯á· áá±ážááá¯á·áááá·áºá¡áá¬á¡á¬ážáá¯á¶ážááẠááááºá¡ááá·áºááœáẠáááºááŸááºáá¬ážááá·áº áá»áááºáááºááŸá¯áá±á¬ááºáá»á¬ážááŒá áºáááºá
with APIClient(client_args) as client:
áááºá ááºáááºáá±áá»á¬ááẠAPI áá¬áá¬ááá¯á· á¡áá±á¬áá·áºáááºááẠáá±á«áºááá¯ááŸá¯ááᯠá¡ááá¯á¡áá»á±á¬áẠááŒá¯áá¯ááºáááºááá¯ááºáá±á¬áºáááºáž áááºážá០ááœááºááá·áºá¡áá«ááœáẠá¡áá±á¬áá·áºááœááºááẠáá±á«áºááá¯áááºááŒá áºáááºá API áá±á«áºááá¯ááŸá¯áá»á¬ážááŸáá·áº áá¯ááºáá±á¬ááºááŒá®ážáá±á¬áẠá¡ááŒá±á¬ááºážááŒáá»ááºá¡áá»áá¯á·ááŒá±á¬áá·áº ááœááºáááºáááá¯á¡ááºáá«áá áááºááẠáááºá ááºáááºáá±áá»á¬ááᯠá¡áá¯á¶ážáááŒá¯áá² á áááºáá¯ááºáá±á¬ááºááẠááá¯á¡ááºáááº-
client = APIClient(clieng_args)
áá»áááºáááºááŸá¯á ááºážáááºááŸá¯
áá»áááºáááºááŸá¯ááẠáááºááŸááºáá¬ážáá±á¬ ááá·áºáááºáá±á¬ááºáá»á¬ážááŸáá·áº ááá¯ááºáá®ááŸá¯ááŸááááŸá á á áºáá±ážááẠá¡ááœááºáá¯á¶ážáááºážáááºážááŸá¬ á¡ááá¯áá«áááºážáááºážááᯠá¡áá¯á¶ážááŒá¯áá±áááºá check_fingerprint. áá¬áᬠAPI áááºááŸááºá áááºááœá±á¡ááœáẠsha1 hash sum ááᯠá¡áááºááŒá¯ááŒááºáž áá¡á±á¬ááºááŒááºáá«á (áááºážáááºážááᯠááŒááºáá±ážááẠááŸá¬ážáá±á¬) ááá¯á·ááŒá áºáá»áŸáẠáááºážááẠá¡áá»á¬ážá¡á¬ážááŒáá·áº áá»áááºáááºááŸá¯ááŒá¿áá¬áá»á¬ážááŒá±á¬áá·áºááŒá áºááŒá®áž áá»áœááºá¯ááºááá¯á·ááẠáááá¯ááááºááá¯ááºáá±á¬ááºááŸá¯ááᯠáááºááá·áºááá¯ááºááẠ(ááá¯á·ááá¯áẠáá¯á¶ážá áœá²áá°á¡á¬áž áá»áááºáááºááŸá¯áá±áá¬ááᯠááŒá¯ááŒááºááẠá¡ááœáá·áºá¡áá±ážáá±ážáááº)á
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
áá±á¬ááºááœáẠá¡áááºážááᯠáááááŒá¯áá«á APIClient API áá±á«áºááá¯ááŸá¯ááá¯ááºáž (áááºážáááºážáá»á¬áž api_áá±á«áºááá¯ááŸá¯ О api_queryáááºážááá¯á·á¡ááŒá±á¬ááºáž á¡áááºážááẠáááºááŒá±á¬áá«áŠážáááº) API áá¬áá¬ááŸá sha1 áááºááœá± áááºááŸááºá á¡áááºá API áá¬áᬠáááºááŸááºá sha1 áááºááœá±ááᯠá á áºáá±ážáá±á¬á¡áá« á¡ááŸá¬ážá¡ááœááºážáá áºáᯠááœá±á·ááŸááá²á·áá«á (á¡ááá¡ááŸááºááŒá¯áááºááŸááºááᯠáááá ááá¯á·ááá¯áẠááŒá±á¬ááºážáá²áá¬ážáááº) áááºážáááºážá check_fingerprint áááºážááŸáá·áºáááºáááºááá·áº á¡áá»ááºá¡áááºáá»á¬ážááᯠá ááºááœááºážá ááºááœáẠá¡ááá¯á¡áá»á±á¬áẠááá·áºáááº/ááŒá±á¬ááºážáá²ááẠá¡ááœáá·áºá¡áááºážááᯠáá±ážáááºááŒá áºáááºá á€á á áºáá±ážááŸá¯ááᯠáá¯á¶ážáááááºáá¬ážááá¯ááºááẠ(ááá¯á·áá±á¬áº 127.0.0.1 ááá¯á·áá»áááºáááºáá±á¬á¡áá«ááœáẠscripts áá»á¬ážááᯠAPI áá¬áá¬ááá¯ááºááá¯ááºáá¯ááºáá±á¬ááºááŸáᬠá¡ááŒá¶ááŒá¯ááá¯ááºáááº)á APIClientArgs á¡ááŒá±á¬ááºážááŒáá»ááºááᯠá¡áá¯á¶ážááŒá¯á - unsafe_auto_accept (âáá»áááºáááºááŸá¯ááá·áºáááºáá»ááºáá»á¬ážáááºááŸááºááŒááºážâ ááœááºá¡á á±á¬ááá¯ááºáž APIClientArgs á¡ááŒá±á¬ááºážááá¯ááá¯ááŒáá·áºááŸá¯áá«á)
client_args = APIClientArgs(unsafe_auto_accept=True)
API áá¬áá¬ááá¯á· áááºáá±á¬ááºáá«á
У APIClient API áá¬áá¬ááá¯á· áá±á¬á·ááºá¡ááºáááºááẠáááºážáááºáž 3 áá¯á¡ááááŸáááŒá®áž áááºážááá¯á·áá áºáá¯á á®ááẠá¡áááá¹áá«ááºááᯠáá¬ážáááºáááºá Sidáá±á«ááºážá á®ážááŸá áá±á¬ááºáááºááœá² API áá±á«áºááá¯ááŸá¯ááá¯ááºážááœáẠá¡ááá¯á¡áá»á±á¬ááºá¡áá¯á¶ážááŒá¯ááá·áº (session-id) (á€ááá·áºáááºáá»ááºá áá±á«ááºážá á®ážááœáẠá¡áááºááẠX-chkp-sid) ááá¯á·ááŒá±á¬áá·áº á€áááºááŸááºáá»ááºááᯠáááºáá¶áá¯ááºáá±á¬ááºááẠáááá¯á¡ááºáá«á
á¡áá±á¬áá·áºáááºáááºáž
áá±á¬á·ááºá¡ááºááŸáá·áº á áá¬ážááŸááºááᯠá¡áá¯á¶ážááŒá¯ááá·áº ááœá±ážáá»ááºááŸá¯ (á¥ááá¬ááœááºá á¡áá¯á¶ážááŒá¯áá°á¡ááẠá á®áá¶ááá·áºááœá²áá°ááŸáá·áº á áá¬ážááŸáẠ1q2w3e ááᯠáá±áá¬áá»áá¬ážáá±á¬ á¡ááŒá±á¬ááºážááŒáá»ááºáá»á¬ážá¡ááŒá Ạáá»á±á¬áºááŒááºáááº)
login = client.login('admin', '1q2w3e')
áááºáá±á¬ááºážááœá±ážáá»ááºááá¯ááºáá±á¬ ááá·áºáááºáá±á¬ááºáá»á¬ážááᯠáá±á¬á·ááºá¡ááºáááºážáááºážááœááºáááºáž áááá¯ááºáááºá á€áááºááŸá¬ áááºážááá¯á·áá¡áááºáá»á¬ážááŸáá·áº áá°áááºážáááºááá¯ážáá»á¬ážááŒá áºáááº-
continue_last_session=False, domain=None, read_only=False, payload=None
Login_with_api_key áááºážáááºáž
api áá±á¬á·ááᯠá¡áá¯á¶ážááŒá¯á ááœá±ážáá»ááºááŸá¯ (á á®áá¶ááá·áºááœá²ááŸá¯áá¬ážááŸááºáž R80.40/Management API v1.6á "3TsbPJ8ZKjaJGvFyoFqHFA==" á€áááºááŸá¬ API áá±á¬á·ááœáá·áºááŒá¯áá»ááºáááºážáááºážááŒáá·áº á á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬ááŸá áá¯á¶ážá áœá²áá°áá áºáŠážá¡ááœáẠAPI áá±á¬á·áááºááá¯ážááŒá áºáááº)á
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
áááºážáááºáž login_with_api_key method ááœááºáá²á·ááá¯á·áá°áá®áá±á¬ááœá±ážáá»ááºááœáá·áºáá±á¬ááºáá»á¬ážááá¯áááá¯ááºáááºá áá±á¬á·ááºá¡ááº.
login_as_root áááºážáááºáž
API áá¬áá¬ááŒáá·áº áá±áááœááºážá ááºááá¯á· á¡áá±á¬áá·áºáááºááẠááœá±ážáá»ááºááŸá¯-
login = client.login_as_root()
á€áááºážáááºážá¡ááœáẠááœá±ážáá»ááºááá¯ááºáá±á¬ ááá·áºáááºáá±á¬ááºááŸá áºáá¯áᬠááŸááá«áááºá
domain=None, payload=None
áá±á¬ááºáá¯á¶ážáá±á¬á· API á áá°ááá¯á·ááá¯ááºáá°ááá¯á· áá±á«áºáááºá
áááºážáááºážáá»á¬ážááŒáá·áº API áá±á«áºááá¯ááŸá¯áá»á¬ážááŒá¯áá¯ááºááẠáá»áœááºá¯ááºááá¯á·ááœáẠááœá±ážáá»ááºá áá¬ááŸá áºáá¯ááŸááááºá api_áá±á«áºááá¯ááŸá¯ О api_query. áá°ááá¯á·ááŒá¬ážá áá¬ááœá¬ááŒá¬ážáá² ááá¯áᬠá¡ááŒá±ááŸá¬ááŒáá·áºáá¡á±á¬ááºá
api_áá±á«áºááá¯ááŸá¯
á€áááºážáááºážááẠáááºááá·áºáá±á«áºááá¯ááŸá¯áá»á¬ážá¡ááœááºáááᯠá¡áá¯á¶ážááŒá¯ááá¯ááºáááºá ááá¯á¡ááºáá«á áá±á¬ááºážááá¯áá»ááºááá¯ááºáááºááœáẠapi áá±á«áºááá¯ááŸá¯ááŸáá·áº payload á¡ááœáẠáá±á¬ááºáá¯á¶ážá¡ááá¯ááºážááᯠáá»á±á¬áºááœá¬ážáááºááá¯á¡ááºáá«áááºá áááºáá±á¬ááºáááẠááá¬ááŒá áºáá±áá«áá áááºážááᯠáá¯á¶ážáááœáŸá²ááŒá±á¬ááºážááááá«á
api_versions = client.api_call('show-api-versions')
ááŒááºáá±á¬ááºááŸá¯á¡á±á¬ááºááœáẠá€áá±á¬ááºážááá¯áá»ááºá¡ááœáẠá¡ááœááº-
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})
ááŒááºáá±á¬ááºááŸá¯á¡á±á¬ááºááœáẠá€áá±á¬ááºážááá¯áá»ááºá¡ááœáẠá¡ááœááº-
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
á€áááºážáááºážááẠá¡ááœááºááŸá¯ááºážááœáẠá¡á±á¬á·ááºáááºáá«áááºáá±á¬ áá±á«áºááá¯ááŸá¯áá»á¬ážá¡ááœááºáᬠá¡áá¯á¶ážááŒá¯ááá¯ááºááŒá±á¬ááºáž áá»ááºáá»ááºáž ááŒáá¯áááºá á¬áááºážáá±ážáá«áá á±á ááá¯áá²á·ááá¯á· áá±á¬ááºáá»ááºáá»ááŒááºážááẠáááºážááœáẠá¡áá»ááºá¡áááºáá»á¬áž á¡áá»á¬ážá¡ááŒá¬áž áá«áááºáá±áá±á¬á¡áá«ááœáẠááŒá áºáá±á«áºáááºá á¥ááá¬á¡á¬ážááŒáá·áºá áááºážááẠá á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬ááŸá áááºáá®ážáá¬ážáá±á¬ á¡áá¬ááá¹áá¯á¡á¬ážáá¯á¶ážá á á¬áááºážáá áºáá¯á¡ááœáẠáá±á¬ááºážááá¯ááŸá¯áá áºáᯠááŒá áºááá¯ááºáááºá ááá¯ááá¯á·áá±á¬áá±á¬ááºážááá¯ááŸá¯áá»á¬ážá¡ááœááºá API ááẠáá¯á¶ááŸááºá¡á¬ážááŒáá·áº á¡áá¬ááá¹áᯠ50 áá á¬áááºážááᯠááŒááºáá±ážááẠ(áá¯á¶á·ááŒááºááŸá¯ááœáẠá¡áá¬ááá¹áᯠ500 á¡áá ááá·áºáááºáá»ááºááᯠáááºááá¯ážááŒáŸáá·áºááá¯ááºáááº)á á¡áá»ááºá¡áááºááᯠá¡ááŒáááºáá±á«ááºážáá»á¬ážá áœá¬ ááœá²áá¯ááºááŒááºážáááŒá¯ááẠAPI áá±á¬ááºážááá¯ááŸá¯ááœáẠá¡á±á¬á·ááºáááºáá«áá¬áá®áá¬ááᯠááŒá±á¬ááºážáá²áááºá¡ááœááºá áááºážááᯠá¡ááá¯á¡áá»á±á¬áẠáá¯ááºáá±á¬ááºáá±ážááá·áº api_query áááºážáááºážáá áºáᯠááŸááá«áááºá á€áááºážáááºážááá¯á¡ááºááá·áº áá±á«áºááá¯ááŸá¯áá»á¬ážá á¥ááá¬áá»á¬áž- show-sessionsá show-hostsá show-networksá show-wildcardsá show-groupsá show-address- rangesá show-simple-gatewaysá show-simple-clustersá show-access-rolesá show-trusted-clientsá show-packages áá»á¬áž. á¡ááŸááºááŸá¬á ဠAPI áá±á«áºááá¯ááŸá¯áá»á¬ážáá¡áááºááœáẠá¡áá»á¬ážááááºážá áá¬ážáá¯á¶ážáá»á¬ážááᯠáá»áœááºá¯ááºááá¯á·ááœá±á·ááŒááºááá±á¬ááŒá±á¬áá·áº á€áá±á«áºááá¯ááŸá¯áá»á¬ážááᯠááá¯ááºááœááºáááá¯ááá¯ááœááºáá°á á±áááºááŒá áºáááºá api_query
show_hosts = client.api_query('show-hosts')
ááŒááºáá±á¬ááºááŸá¯á¡á±á¬ááºááœáẠá€áá±á¬ááºážááá¯áá»ááºá¡ááœáẠá¡ááœááº-
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
API áá±á«áºááá¯ááŸá¯áá»á¬ážá ááááºáá»á¬ážááᯠáá¯ááºáá±á¬ááºáá±áá«áááºá
á¡á²áá«ááŒá®ážáááºáá±á¬á· class áá²á· variable ááœá±áá²á· method ááœá±ááᯠáá¯á¶ážááá¯ááºáá«áááºá API áá¯á¶á·ááŒááºááŸá¯(áááºá ááºáááºáá±áá»á¬á¡ááœááºážááŸáá·áºá¡ááŒááº)á á¡áááºážáá²ááŸá¬ API áá¯á¶á·ááŒááºááŸá¯ áááºážáááºáž 4 áá¯ááŸáá·áº variable 5 áá¯ááᯠááŒáá¯áááºáááºááŸááºáá¬ážááŒá®ážá áá»áœááºá¯ááºááá¯á·ááẠááá¯ááá¯á¡áá±ážá áááºáá»áá±á¬ á¡áá±ážááŒá®ážáá¯á¶ážá¡áá¬áá»á¬ážááᯠáááºáááºáá±á¬áºááŒáá«áááºá
á¡á±á¬ááºááŒááºááŒááºáž
á¡á á¡á¬ážááŒáá·áºá API áá±á«áºááá¯ááŸá¯ á¡á±á¬ááºááŒááºááŒá®áž ááááºááᯠááŒááºáááŒá±á¬ááºáž áá±áá»á¬á¡á±á¬áẠááŒá¯áá¯ááºááẠá áááºáá°ážáá±á¬ááºážáá áºáᯠááŒá áºáááá·áºáááºá áá®á¡ááœáẠáááºážáááºážáá áºáá¯ááŸááá«áááºá á¡á±á¬ááºááŒááºááŒááºáž:
In [49]: api_versions.success
Out[49]: True
API áá±á«áºááá¯ááŸá¯ á¡á±á¬ááºááŒááºáá«á ááŸááºááẠ(áá¯á¶á·ááŒááºááŸá¯áá¯áẠ- 200) ááŸáá·áº áá¡á±á¬ááºááŒááºáá«á False (á¡ááŒá¬ážáá¯á¶á·ááŒááºááŸá¯áá¯ááºáá»á¬áž)á áá¯á¶á·ááŒááºáá¯ááºáá±á«áºáá°áááºá ááá°áá®áá±á¬á¡áá»ááºá¡áááºáá»á¬ážááá¯ááŒáááẠAPI áá±á«áºááá¯ááŒá®ážáá±á¬áẠáá»ááºáá»ááºážá¡áá¯á¶ážááŒá¯ááẠá¡áááºááŒá±áááºá
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message)
á¡ááŒá±á¡áá±áá¯ááº
API áá±á«áºááá¯ááŸá¯ ááŒá¯áá¯ááºááŒá®ážáá±á¬áẠáá¯á¶á·ááŒááºáá¯ááºááᯠááŒááºáá±ážáááºá
In [62]: api_versions.status_code
Out[62]: 400
ááŒá áºááá¯ááºáá±á¬ áá¯á¶á·ááŒááºááŸá¯áá¯ááºáá»á¬áž 200,400,401,403,404,409,500,501.
set_success_á¡ááŒá±á¡áá±
á€ááá á¹á ááœááºá á¡á±á¬ááºááŒááºááŸá¯á¡ááŒá±á¡áá±ááááºááá¯ážááᯠááŒá±á¬ááºážáá²ááẠááá¯á¡ááºáá±áááºá áááºážááá¬á¡áá áá¯á¶ááŸááºááŒáá¯ážáá áºáá»á±á¬ááºážáá±á¬áẠáááºá¡áá¬ááá¯áááᯠáá¬ážááá¯á·ááá«áááºá ááá¯á·áá±á¬áº áááá·áºá¥ááá¬áá áºáá¯ááẠá¡áá»áá¯á·áá±á¬á¡ááŒá±á¡áá±áá»á¬ážá¡á±á¬ááºááœáẠá€ááá·áºáááºáá±á¬ááºááᯠFalse ááá¯á· ááŒááºáááºáááºááŸááºáááºááŒá áºáááºá á á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬ááœáẠáá¯ááºáá±á¬ááºáá±áá±á¬ á¡áá¯ááºáá»á¬ážááŸááá±áá±á¬á¡áá« á¡á±á¬ááºááœáẠá¥ááá¬á¡á¬áž á¡á¬áá¯á¶á áá¯ááºáá«á ááá¯á·áá±á¬áº á€áá±á¬ááºážááá¯áá»áẠáá¡á±á¬ááºááŒááºáᯠáá»áœááºá¯ááºááá¯á·áá°ááá«ááẠ(á¡á±á¬ááºááŒááºááŸá¯áá¯á¶á á¶ááᯠáá»áœááºá¯ááºááá¯á· áááºááŸááºáá«áááºá ááŸá¬ážáá±á¬API áá±á«áºááá¯ááŸá¯ á¡á±á¬ááºááŒááºááŒá®áž áá¯áẠ200 ááᯠááŒááºáá±ážáá²á·áá±á¬áºáááºáž)á
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
break
áá¯á¶á·ááŒááºááŸá¯()
áá¯á¶á·ááŒááºááŸá¯áááºážáááºážááẠáá¯á¶á·ááŒááºáá¯áẠ(status_code) ááŸáá·áº áá¯á¶á·ááŒááºááŸá¯ááá¯ááºááẠ(ááá¯ááºáááº) ááá¯á·ááŒáá·áº á¡áááá¬ááºááᯠááŒáá·áºááŸá¯ááá¯ááºá á±áá«áááºá
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
áá±áá¬
áááá¯á¡ááºáá±á¬ á¡áá»ááºá¡áááºááá«áá² áá¯á¶á·ááŒááºááŸá¯ (body) á ááá¹áá¬ááá¯ááºááá¯áᬠááŒááºááá¯ááºá á±áá«áááºá
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
á¡ááŸá¬ážááŒá á¬
API áá±á¬ááºážááá¯áá»áẠ(áá¯á¶á·ááŒááºááŸá¯áá¯ááºááᯠáá¯ááºáá±á¬ááºáá±á ááºááœáẠá¡ááŸá¬ážá¡ááœááºážáá áºáᯠááŒá áºááœá¬ážáá±á¬á¡áá«ááŸáᬠá€á¡áá»ááºá¡áááºááᯠáááŸáááá¯ááºáááºá ááá¯áẠááá)á ááá°áᬠá¡ááœááº
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
á¡áá¯á¶ážáááºáá±á¬ á¥ááá¬áá»á¬áž
á¡á±á¬ááºáá«ááá¯á·ááẠManagement API 1.6 ááœáẠááá·áºááœááºážáá¬ážááá·áº API áá±á«áºááá¯ááŸá¯áá»á¬ážááᯠá¡áá¯á¶ážááŒá¯ááá·áº á¥ááá¬áá»á¬ážááŒá áºáááºá
ááááŠážá áœá¬ áá¯ááºážáá±á«áºááá¯ááŸá¯áá»á¬áž áá¯ááºáá±á¬ááºáá¯á¶ááᯠáá±á·áá¬ááŒáá·áºááŒáá«á áá¯á· add-host О add-address-range. 192.168.0.0/24 á áá±á¬ááºáá¯á¶áž octet ááŒá áºááá·áº 5 á áá±á¬ááºáá¯á¶áž octet á IP ááááºá á¬áá»á¬ážá¡á¬ážáá¯á¶ážááᯠáááºáá®ážááẠááá¯á¡ááºááŒá®áž ááááºá ᬠá¡ááá¯ááºážá¡ááŒá¬áž á¡áá»áá¯ážá¡á á¬ážá á¡áá¬ááá¹áá¯áá»á¬ážá¡ááŒá Ạá¡ááŒá¬ážáá±á¬ IP ááááºá á¬áá»á¬ážááᯠáá±ážáá«ááá¯ááŒáá«á áá¯á·á á€ááá á¹á ááœááºá subnet ááááºá á¬ááŸáá·áº á¡áá¶ááœáŸáá·áºááááºá á¬ááᯠáááºáá¯ááºáá«á
ááá¯á·ááŒá±á¬áá·áºá á¡á±á¬ááºááœáẠá€ááŒá¿áá¬ááá¯ááŒá±ááŸááºážáá±ážááá·áº script áá áºáá¯ááŒá áºááŒá®áž host type á object 50 ááŸáá·áº address range type á object 51 áá¯ááᯠáááºáá®ážáá±ážáá«áááºá ááŒá¿áá¬ááá¯ááŒá±ááŸááºážáááºá 101 API áá±á«áºááá¯ááŸá¯áá»á¬áž ááá¯á¡ááºááẠ(áá±á¬ááºáá¯á¶ážáá¯ááºáá±ááá·áºáá±á«áºááá¯ááŸá¯á¡á¬áž ááá±ááœááºáá«)á ááá¯á·á¡ááŒááºá timeit module ááᯠá¡áá¯á¶ážááŒá¯á á¡ááŒá±á¬ááºážá¡áá²áá»á¬áž ááá¯ááºáá±ááá»ááºáž script ááᯠáá¯ááºáá±á¬ááºááẠá¡áá»áááºááᯠááœááºáá»ááºáá«áááºá
add-host ááŸáá·áº add-address-range ááá¯áá¯á¶ážá script
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
áá»áœááºá¯ááºááá¬ááºááœá²áááºážáááºáááºážáá»ááºááœááºá á€áá¬ááºááœáŸááºážááẠá á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬áá±á«áºááŸá áááºáá±á«áº áá°áááºá áá¯ááºáá±á¬ááºááẠá áá¹ááá·áº 30 á០50 ááŒá¬ážááŒá¬ááŒáá·áºáááºá
ááᯠAPI áá±á«áºááá¯ááŸá¯ááᯠá¡áá¯á¶ážááŒá¯á á¡áá¬ážáá°ááŒá¿áá¬ááᯠáááºááá¯á·ááŒá±ááŸááºážááááºááᯠááŒáá·áºááŒáá«á áá¯á· add-objects-batchAPI áá¬ážááŸááºáž 1.6 ááœáẠááá·áºááœááºážáá¬ážááá·áº áá¶á·ááá¯ážááŸá¯á á€áá±á«áºááá¯ááŸá¯ááẠAPI áá±á¬ááºážááá¯áá»ááºáá áºáá¯ááœáẠá¡áá¬áá»á¬ážá áœá¬ááᯠáá áºááŒáá¯ááºáááºáááºáá®ážááá¯ááºá á±áá«áááºá ááá¯á·á¡ááŒááºá áááºážááá¯á·ááẠááá°áá®áá±á¬á¡áá»áá¯ážá¡á á¬ážáá»á¬áž (á¥ááá¬á hostsá subnets ááŸáá·áº address ranges) áá»á¬ážááŒá áºááá¯ááºáááºá ááá¯á·ááŒá±á¬áá·áºá áá»áœááºá¯ááºááá¯á·ááá¬áááºááᯠAPI áá±á«áºááá¯ááŸá¯áá áºáá¯ááá±á¬ááºá¡ááœááºáž ááŒá±ááŸááºážááá¯ááºáááºá
add-objects-batch ááᯠá¡áá¯á¶ážááŒá¯á Script
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
áá»áœááºá¯ááºááá¬ááºááœá²áááºážáááºáááºážáá»ááºááœáẠá€áá¬ááºááœáŸááºážááá¯á¡áá¯á¶ážááŒá¯ááŒááºážááẠá á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬áá±á«áºááŸááááºáá±á«áº áá°áááºá 3 á០7 á áá¹ááá·áºá¡áá ááŒá¬áá«áááºá ááá¯ááá¯áááºááŸá¬ áá»ááºážáá»áŸá¡á¬ážááŒáá·áºá 101 API á¡áá¬ááá¹áá¯áá»á¬ážááœáẠbatch type call ááẠ10 á ááá¯ááŒááºáááºá ááá¯ááŒá®ážáá²á· á¡áá¬ááá¹áá¯ááœá±ááŸá¬ ááœá¬ááŒá¬ážáá»ááºá ááá¯ááá¯á·áá±á¬áẠá¡áááºááŒá®ážá áᬠááŒá áºáá«áááá·áºáááºá
áá² áááºááá¯á¡áá¯ááºáá¯ááºáá² ááŒáá·áºáá¡á±á¬áẠset-objects-batch. ဠAPI áá±á«áºááá¯ááŸá¯ááᯠá¡áá¯á¶ážááŒá¯ááŒááºážááŒáá·áº áá»áœááºá¯ááºááá¯á·ááẠáááºááá·áº parameter ááá¯áááᯠá¡á á¯ááá¯ááºááŒá±á¬ááºážáá²ááá¯ááºáá«áááºá ááááºááá°áá¬á០ááááºá á¬áá»á¬ážá ááááá áºáááºááᯠ(.124 hosts á¡ááá á¡ááá¯ááºážá¡ááŒá¬ážáá»á¬ážá¡áá) ááᯠcolor sienna ááá¯á· áááºááŸááºááŒá®áž ááááºá á¬áá»á¬ážá áá¯ááááá áºáááºááœáẠá¡áá±á¬áẠkhaki ááᯠáááºááŸááºááŒáá«á áá¯á·á
ááááºá¥ááá¬ááœáẠáááºáá®ážáá¬ážáá±á¬ á¡áá¬ááá¹áá¯áá»á¬ážá á¡áá±á¬ááºááᯠááŒá±á¬ááºážáá²ááŒááºážá
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
API áá±á«áºááá¯ááŸá¯áá áºáá¯áááºážááœáẠá¡áá¬áá»á¬ážá áœá¬ááᯠáááºáá»ááºááá¯ááºáááºá delete-objects-batch. á¡áᯠáá¯ááºááá°áá¬ááᯠááŒáá·áºáá¡á±á¬áẠadd-objects-batch.
delete-objects-batch ááᯠá¡áá¯á¶ážááŒá¯á á¡áá¬ááá¹áá¯áá»á¬ážááᯠáá»ááºááŒááºážá
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Check Point áá±á¬á·ááºáá²ááºá á¡áá áºááœááºááŸááá¬ážáá±á¬ áá¯ááºáá±á¬ááºáá»ááºáá»á¬ážá¡á¬ážáá¯á¶ážááẠAPI áá±á«áºááá¯ááŸá¯áá»á¬ážááᯠáá»ááºáá»ááºážáááŸááááºááŒá áºáááºá ááá¯á·ááŒá±á¬áá·áºá R80.40 ááœáẠááŒááºáááºááŒááºáááºááŒááºážááŸáá·áº Smart Task áá²á·ááá¯á·áá±á¬ âá¡ááºá¹áá«áááºáá»á¬ážâ áá±á«áºáá¬ááŒá®áž áááºááá¯ááºáᬠAPI áá±á«áºááá¯ááŸá¯áá»á¬ážááᯠáááºážááá¯á·á¡ááœáẠáá»ááºáá»ááºážááŒááºáááºáá²á·áááºá ááá¯á·á¡ááŒááºá Legacy consoles á០Unified Policy áá¯ááºááá¯á·ááŒá±á¬ááºážááá·áºá¡áá« áá¯ááºáá±á¬ááºááá¯ááºá áœááºážá¡á¬ážáá¯á¶áž API áá¶á·ááá¯ážááŸá¯ááá¯áááºáž áááŸááá«áááºá á¥ááá¬á¡á¬ážááŒáá·áºá áá±á¬á·ááºáá²ááºáá¬ážááŸááºáž R80.40 ááœáẠááŒá¬ááŸááºá áœá¬á á±á¬áá·áºááá¯ááºážáá²á·ááá±á¬á¡ááºááááºááẠHTTPS á á áºáá±ážáá±ážáá°áá«áá Legacy áá¯ááºá០áá±á«ááºážá ááºážáá¬ážáá±á¬áá°áá«ááá¯ááºááá¯á· ááŒá±á¬ááºážááœáŸá±á·áá²á·ááŒá®áž á€áá¯ááºáá±á¬ááºáá»ááºááẠAPI áá±á«áºááá¯ááŸá¯áá»á¬ážááᯠáá»ááºáá»ááºážáááºáá¶áááŸááá²á·áááºá á€áááºááŸá¬ ááá¯ááºáá¶á¡áá»á¬ážá¡ááŒá¬ážááŸá á¥ááá±ááŸáá·áºá¡áá® á á áºáá±ážááŒááºážáááŒá¯ááẠáá¬ážááŒá áºáá¬ážáá±á¬ á á áºáá±ážááŒááºážá០á¡áá»áá¯ážá¡á á¬áž 3 áᯠ(áá»ááºážáá¬áá±ážá ááá¹áá¬áá±ážá á¡á áá¯ážááááºáá±á¬ááºááŸá¯áá»á¬áž) ááᯠáááºáá¯ááºáá¬ážááá·áº HTTPS á á áºáá±ážáá±ážáá°áá«áá ááááºáááºážáá¬áá°ážááá¯á· á ááºážáá»ááºážáá áºáá¯áááºáá±á¬ááºážááá·áº ááá°áá¬áá áºáá¯ááŒá áºáááºá
HTTPS á á áºáá±ážáá±ážáá°áá«áááœáẠá ááºážáá»ááºážáá áºáá¯ááá·áºáá«á
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Check Point á á®áá¶ááá·áºááœá²ááŸá¯áá¬áá¬ááœáẠPython script áá»á¬ážááá¯áá¯ááºáá±á¬ááºááŒááºážá
á¡á¬ážáá¯á¶ážá¡áá°áá°áá«áá²á
Security CheckUp ááᯠá¡ááŒááºááá·áºááœááºážáááºá¡ááœáẠScript
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main()
á
áá¬ážááŸááºá¡áááá¬ááºáá
áºáá¯áá«ááŸááá±á¬ ááá°áá¬ááá¯ááºáá
áºáᯠextension_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","паÑПлÑ","ÐаÑПлÑ","ÐлÑÑ","клÑÑ","ÑОÑÑ","КОÑÑ"]
}
áá±á¬ááºáá»ááº
á€áá±á¬ááºážáá«ážááẠá¡áá¯ááºá á¡ááŒá±áá¶ááŒá
áºááá¯ááºááŒá±áá»á¬ážááá¯áᬠáááºážá
á
áºáá¬ážáááºá Python SDK ááŸáá·áº module cpapi(ááẠááá·áºááŸááºážáá¬ážááá·áºá¡ááá¯ááºážá á€á¡áá¬áá»á¬ážááẠá¡ááŸááºáááẠáá°áá®áá±á¬ á¡áááá¹áá«ááºáá»á¬ážááŒá
áºáááº)á ဠmodule ááŸááá¯ááºááᯠáá±á·áá¬ááŒááºážááŒáá·áº áááºážááŸáá·áº áá¯ááºáá±á¬ááºáá¬ááœáẠááá¯áááẠááŒá
áºááá¯ááºáá»á±áá»á¬ážááᯠáááºááŸá¬ááœá±ááœá±á·ááŸááááºááŒá
áºáá«áááºá ááá·áºááá¯ááºááá¯áẠá¡áááºážáá»á¬ážá áá¯ááºáá±á¬ááºáá»ááºáá»á¬ážá áááºážáááºážáá»á¬ážááŸáá·áº ááááºážááŸááºáá»á¬ážááŒáá·áº ááŒáá·áºá
áœááºááá¯áááºááŸá¬ ááŒá
áºááá¯ááºáááºá ááá¹áááŸá Check Point á¡ááœáẠááá·áºá¡áá¯ááºá¡á¬áž á¡ááŒá²áá»áŸáá±ááá¯ááºááŒá®áž á¡ááŒá¬áž script áá»á¬ážááᯠááŒáá·áºááŸá¯ááá¯ááºáá«áááºá
áá»á±á¬áºááœáŸááºá
áœá¬ coding áá²á· á¡áá¯á¶ážáááááºáá±ážáá²á·á¡ááœáẠáá»á±ážáá°ážáááºáá«áááºá
source: www.habr.com