Ole malosi atoatoa ole fegalegaleai ma API e faʻaalia pe a faʻaogaina faʻatasi ma le polokalame code, pe a mafai ona faʻatupuina faʻamalosi API talosaga ma meafaigaluega mo le suʻeina o tali API. Ae ui i lea, o loʻo tumau pea le le iloa Pusa Atina'e Polokalama Python (lea ua ta'ua mulimuli ane o le Python SDK) mo Siaki Point Management API, ae le aoga. E matua faafaigofieina ai le olaga o tagata atiaʻe ma tagata e fiafia i masini. Ua maua e le Python le lauiloa tele talu ai nei ma na ou filifili e faʻatumu le avanoa ma toe iloilo uiga autu. . O lenei tusiga e avea o se faʻaopoopoga sili i se isi tusiga i luga o Habré . O le a matou vaʻavaʻai pe faʻapefea ona tusia ni tusitusiga e faʻaaoga ai le Python SDK ma vaʻavaʻai totoʻa i le faʻaogaina fou o le Pulega API i le version 1.6 (lagolago amata mai R80.40). Ina ia malamalama i le tusiga, e te manaʻomia le poto masani o le galue ma API ma Python.
Ole Check Point o lo'o fa'atupuina ma le malosi le API ma i le taimi nei ua tu'uina atu mea nei:
- - galue ma le 'auʻaunaga faʻatonutonu e ala i le API (ma le mafai ona faʻatino tusitusiga i luga o faitotoʻa e pulea e le server pule)
- - galue ma faitotoa saogalemu
- — galue ma se pusa oneone i le ao Siaki Point
- - galue ma le Identity Awareness lau i luga o faitotoa
- — galue ma le SMB faitotoa pulega faitotoa ()
- - fegalegaleai ma IoT controllers
- - galulue ma (SD-WAN fofo saogalemu)
- - galulue ma
O le Python SDK o loʻo lagolagoina nei fegalegaleaiga ma le Pulega API ma Gaia API. O le a tatou vaʻavaʻai i vasega sili ona taua, metotia ma fesuiaiga i lenei module.
Fa'apipi'i le module
Faiga cpapi fa'apipi'i vave ma faigofie mai faatasi ai ma le fesoasoani pip. O lo'o maua fa'atonuga fa'apipi'i au'ili'ili i totonu . O lenei module ua fetuutuunai e galue ma Python versions 2.7 ma 3.7. I lenei tusiga, o le a tuʻuina atu faʻataʻitaʻiga e faʻaaoga ai le Python 3.7. Ae ui i lea, o le Python SDK e mafai ona faʻatautaia saʻo mai le Check Point Management Server (Smart Management), ae naʻo le Python 2.7 latou te lagolagoina, o lea o le vaega mulimuli o le a tuʻuina atu le code mo le version 2.7. A maeʻa ona faʻapipiʻi le module, ou te fautuaina le vaʻai i faʻataʻitaʻiga i totonu o faʻamaumauga examples_python2 и examples_python3.
Amataina
Ina ia mafai ona tatou galulue faatasi ma vaega o le module cpapi, e tatau ona tatou faaulufale mai mai le module cpapi ia le itiiti ifo ma le lua vasega manaomia:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Vasega APIClientArgs e nafa ma laina fesoʻotaʻiga i le API server, ma le vasega APIClient e nafa ma fegalegaleaiga ma le API.
Fuaina o fa'amaufa'ailoga feso'ota'iga
Ina ia faʻamalamalamaina faʻasologa eseese mo le faʻafesoʻotaʻi i le API, e tatau ona e fatuina se faʻataʻitaʻiga o le vasega APIClientArgs. I le faʻavae, o ona faʻamaufaʻailoga ua muai faʻamalamalamaina ma pe a faʻatautaia le faʻamaumauga i luga o le pule faʻatonu, latou te le manaʻomia le faʻamaonia.
client_args = APIClientArgs()Ae pe a tamoʻe i luga o se tagata talimalo lona tolu, e tatau ona e faʻamaonia le itiiti ifo i le tuatusi IP poʻo le igoa talimalo o le API server (faʻapitoa foi o le pulega pulega). I le faʻataʻitaʻiga o loʻo i lalo, matou te faʻamalamalamaina le faʻaogaina o fesoʻotaʻiga server ma tuʻuina atu i ai le tuatusi IP o le faʻaumau pulega o se manoa.
client_args = APIClientArgs(server='192.168.47.241')Seʻi o tatou vaʻavaʻai i faʻamaufaʻailoga uma ma o latou tau le aoga e mafai ona faʻaaogaina pe a faʻafesoʻotaʻi i le API server:
O finauga o le __init__ metotia o le APIClientArgs vasega
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextOu te talitonu o finauga e mafai ona faʻaaogaina i faʻataʻitaʻiga o le APIClientArgs vasega e faʻaogaina i le Check Point pule ma e le manaʻomia ni faʻamatalaga faaopoopo.
Feso'ota'i e ala i le APIClient ma le context manager
Vasega APIClient O le auala sili ona faigofie e faʻaaoga ai e ala i le pule o faʻamatalaga. O mea uma e manaʻomia e tuʻuina atu i se faʻataʻitaʻiga o le APIClient vasega o fesoʻotaʻiga faʻamaufaʻailoga na faʻamatalaina i le laasaga muamua.
with APIClient(client_args) as client:
O le a le otometi ona faia e le pule o le context se valaau e saini i le API server, ae na te faia se logo out call pe a alu ese. Afai o nisi mafuaaga e le manaʻomia ai le logoina pe a maeʻa ona galue ma API telefoni, e tatau ona e amata galue e aunoa ma le faʻaogaina o le pule o le tala:
client = APIClient(clieng_args)Siaki le feso'ota'iga
O le auala pito sili ona faigofie e siaki ai pe fetaui le fesoʻotaʻiga ma faʻamaufaʻailoga faʻapitoa o le faʻaaogaina lea o le metotia siaki_ tamatamailima. Afai e le manuia le faʻamaoniga o le sha1 hash sum mo le tamatamai lima o le server API tusi faamaonia (le auala ua toe faafoi sesē), ona masani lea ona mafua mai i faʻafitauli fesoʻotaʻiga ma e mafai ona tatou taofia le faʻatinoina o le polokalame (pe tuʻuina atu i le tagata faʻaoga le avanoa e faʻasaʻo ai faʻamatalaga fesoʻotaʻiga):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Faamolemole ia matau i le lumanai o le vasega APIClient o le a siaki uma API valaau (metotia api_call и api_query, o le a tatou talanoa atili e uiga ia i latou) sha1 tusi tusi tamatamai lima i luga o le API server. Ae afai, pe a siaki le sha1 fingerprint o le API server certificate, ua iloa se mea sese (le tusi faamaonia e le o iloa pe ua suia), o le auala siaki_ tamatamailima o le a maua ai le avanoa e faʻaopoopo / suia faʻamatalaga e uiga i luga o le masini i le lotoifale otometi. O lenei siaki e mafai ona faʻagata atoatoa (ae e mafai ona fautuaina pe a faʻaogaina tusitusiga i luga o le API server lava ia, pe a faʻafesoʻotaʻi i le 127.0.0.1), faʻaaoga le APIClientArgs finauga - unsafe_auto_accept (vaai atili e uiga i APIClientArgs muamua i le "Faʻamalamalamaina o laina fesoʻotaʻiga").
client_args = APIClientArgs(unsafe_auto_accept=True)Ulufale ile API server
У APIClient o loʻo i ai le tele o auala 3 mo le saini i totonu o le API server, ma e malamalama uma i latou i le uiga sid(session-id), lea e faʻaaogaina otometi i valaau API taʻitasi mulimuli ane i le ulutala (o le igoa i le ulutala o lenei parakalafa o le X-chkp-sid), o lea e leai se mana'oga e fa'agasolo atili lenei fa'ailoga.
auala e saini ai
Filifiliga e faʻaaoga ai le saini ma le upega tafaʻilagi (i le faʻataʻitaʻiga, o le username admin ma le password 1q2w3e o loʻo pasia e avea ma finauga faʻatulagaina):
login = client.login('admin', '1q2w3e') O lo'o avanoa fo'i fa'ailoga fa'aopoopo i le auala e saini ai;
continue_last_session=False, domain=None, read_only=False, payload=NoneLogin_with_api_key method
Filifiliga e fa'aaoga ai se ki api (lagolagoina e amata mai i le pulega R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA=" o le aoga autu lea o le API mo se tasi o tagata faʻaoga i luga o le faʻaumau pulega ma le auala faʻatagaina API ki):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') I le auala login_with_api_key o lo'o avanoa tutusa fa'asologa fa'apitoa e pei o le metotia login.
login_as_root auala
Filifiliga e saini i se masini faʻapitonuʻu ma se API server:
login = client.login_as_root()E na'o le lua ta'iala e mafai ona maua mo lenei metotia:
domain=None, payload=NoneMa mulimuli ane valaau le API i latou lava
E lua a matou filifiliga e fai ai API telefoni e ala i metotia api_call и api_query. Se'i tatou iloa po o le a le eseesega oi latou.
api_call
O lenei metotia e faʻaoga mo soʻo se telefoni. E tatau ona tatou pasia le vaega mulimuli mo le valaau api ma le uta i le tino talosaga pe a manaʻomia. Afai e leai se totogi, ona le mafai lea ona tuʻuina atu:
api_versions = client.api_call('show-api-versions') Fa'aaliga mo lenei talosaga i lalo ole tipi:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Fa'aaliga mo lenei talosaga i lalo ole tipi:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Se'i ou faia se fa'aagaga i le taimi lava lena o lenei metotia e fa'aoga mo na'o telefoni o lo'o aofia ai le fa'asili. O sea fa'ailoga e tupu pe a iai pe ono iai fo'i le tele o fa'amatalaga. Mo se faʻataʻitaʻiga, e mafai ona avea lenei mea ma se talosaga mo se lisi o mea uma na faia i luga o le pule o le pulega. Mo ia talosaga, e toe faʻafoʻi e le API se lisi o mea e 50 e ala i le le mafai (e mafai ona e faʻateleina le tapulaʻa i le 500 mea i le tali). Ma ina ia aua neʻi toso faʻamatalaga i le tele o taimi e ala i le suia o le offset parameter i le API talosaga, o loʻo i ai se auala api_query e otometi ai lenei galuega. Fa'ata'ita'iga o telefoni e mana'omia ai lenei metotia: fa'aaliga-sauniga, fa'aaliga-talimalo, fa'aaliga-feso'ota'iga, fa'aalia-wildcards, fa'aaliga-vaega, fa'aaliga-tuatusi-va, fa'aalia-faigofie-faitotoa, fa'aali-faigofie-fa'aupuga, fa'aali-avanoa-role, fa'aali-fa'atuatuaina-tagata fa'atau, fa'aaliga-fa'aiga. O le mea moni, matou te vaʻai i le tele o upu i le igoa o nei API telefoni, o lea o nei valaau o le a faigofie ona taulimaina api_query
show_hosts = client.api_query('show-hosts') Fa'aaliga mo lenei talosaga i lalo ole tipi:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Fa'agasologa o taunu'uga o telefoni API
A maeʻa lenei mea e mafai ona e faʻaogaina fesuiaiga ma metotia o le vasega APITali(i totonu o le context manager ma fafo). I le vasega APITali 4 metotia ma 5 fesuiaiga ua muai faʻamalamalamaina;
manuia
Muamua, o se manatu lelei le mautinoa o le API telefoni na manuia ma toe faʻafoʻi mai se iʻuga. E i ai se metotia mo lenei mea manuia:
In [49]: api_versions.success
Out[49]: True
Fa'afo'i le Sa'o pe a manuia le valaau API (fa'ailoga tali - 200) ma le Sese pe a le manuia (so'o se isi fa'ailoga tali). E faigofie ona faʻaoga vave pe a uma se API telefoni e faʻaalia ai faʻamatalaga eseese e faʻatatau i le code tali.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) statuscode
Toe fa'afo'i le code tali pe a mae'a le telefoni API.
In [62]: api_versions.status_code
Out[62]: 400
Fa'ailoga e mafai ona tali atu: 200,400,401,403,404,409,500,501.
seti_success_status
I lenei tulaga, atonu e tatau ona suia le tau o le tulaga manuia. Fa'atekinisi, e mafai ona e tu'uina so'o se mea iina, e o'o lava i se manoa masani. Ae o se faʻataʻitaʻiga moni o le toe setiina lea o le parakalafa i le False i lalo o nisi tulaga faʻatasi. I lalo ifo, faʻalogo i le faʻataʻitaʻiga pe a iai ni galuega o loʻo taʻavale i luga o le pulega pulega, ae o le a matou manatu o lenei talosaga ua le manuia (o le a matou setiina le suiga manuia i sesē, e ui i le mea moni na manuia le valaau API ma toe faafoi le code 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breaktali()
O le auala tali e mafai ai ona e matamata i le lomifefiloi ma le code tali (status_code) ma le tino tali (tino).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
faʻamatalaga
Fa'atagaina oe e va'ai na'o le tino o le tali (tino) e aunoa ma ni fa'amatalaga le mana'omia.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
O lenei faʻamatalaga e naʻo le taimi na tupu ai se mea sese aʻo faʻagasolo le talosaga API (faʻailoga tali lē 200). Faataitaiga galuega faatino
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Faataitaiga aoga
O fa'ata'ita'iga ia o lo'o fa'aogaina le API telefoni na fa'aopoopo i le Pulega API 1.6.
Muamua, se'i o tatou va'ava'ai pe fa'apefea ona galue le telefoni add-host и fa'aopoopo-tuatusi-lautele. Fa'apea tatou te mana'omia le fatuina o tuatusi IP uma o le subnet 192.168.0.0/24, o le octet mulimuli o le 5, e avea ma mea faitino o le ituaiga talimalo, ma tusi isi tuatusi IP uma e avea ma mea faitino o le ituaiga tuatusi. I le tulaga lea, tuuese le tuatusi subnet ma le tuatusi faasalalau.
O lea la, o loʻo i lalo se faʻamaumauga e foia ai lenei faʻafitauli ma fatuina 50 mea faitino o le ituaiga talimalo ma 51 mea faitino o le tuʻufaʻatasiga o tuatusi. Ina ia foia le faʻafitauli, 101 API telefoni e manaʻomia (e le o faitauina le telefoni faʻasalalau mulimuli). E le gata i lea, i le faʻaaogaina o le timeit module, matou te faʻatatauina le taimi e faʻatino ai le tusitusiga seia oʻo ina faʻasalalau suiga.
Fa'amatalaga e fa'aaoga ai le add-host ma le add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
I totonu o laʻu siosiomaga lab, o lenei tusitusiga e ave i le va o le 30 ma le 50 sekone e faʻatino ai, e faʻatatau i le uta i luga o le pulega pulega.
Sei o tatou vaʻai pe faʻafefea ona foia le faʻafitauli lava e tasi e faʻaaoga ai se API telefoni fa'aopoopo-mea-fa'a'a'aiga, lagolago lea na fa'aopoopoina ile API version 1.6. O lenei valaau e mafai ai ona e faia ni mea se tele i le taimi e tasi i le tasi API talosaga. E le gata i lea, o nei mea e mafai ona avea ma mea faitino o ituaiga eseese (mo se faʻataʻitaʻiga, 'au, subnets ma tuatusi tuatusi). O le mea lea, e mafai ona foia la matou galuega i totonu o le faʻavae o le tasi API telefoni.
Fa'amatalaga e fa'aaoga ai mea fa'aopoopo-vaega
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Ma o le faʻatinoina o lenei tusitusiga i totonu o laʻu siosiomaga lab e manaʻomia mai le 3 i le 7 sekone, faʻalagolago i le uta i luga o le pulega pulega. O lona uiga, i le averesi, i luga o 101 API mea faitino, o le ituaiga ituaiga telefoni e 10 taimi vave. I luga o se numera tele o mea faitino o le eseesega o le a sili atu ona manaia.
Se'i o tatou va'ai pe fa'apefea ona galue seti-mea-vaega. I le faʻaaogaina o lenei API, e mafai ona tatou suia tele soʻo se parakalafa. Sei o tatou seti le afa muamua o tuatusi mai le faʻataʻitaʻiga muamua (e oʻo atu i le .124 'au, ma laina foʻi) i le sienna lanu, ma tuʻu le lanu khaki i le afa lona lua o tuatusi.
Suia le lanu o mea na faia i le faʻataʻitaʻiga muamua
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
E mafai ona e tapeina le tele o mea faitino i le tasi API telefoni faʻaaoga tape-mea-fa'aputuga. Se'i o tatou va'ai i se fa'ata'ita'iga fa'ailoga e tape uma 'au na faia muamua e ala i fa'aopoopo-mea-fa'a'a'aiga.
Aveese mea e faʻaaoga ai le tape-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
O galuega uma e aliali mai i faʻasalalauga fou o le Check Point software e vave maua mai API telefoni. O le mea lea, i le R80.40 o ia "foliga" e pei o le Toe faʻafoʻisia ma le Smart Task na faʻaalia, ma na vave saunia telefoni API mo i latou. E le gata i lea, o galuega uma pe a siitia mai le Legacy consoles i le Unified Policy mode e maua ai foi le lagolago API. Mo se faʻataʻitaʻiga, o le faʻafouga ua leva ona faʻatali i le polokalama faʻapipiʻi R80.40 o le faʻauluina lea o le HTTPS Inspection policy mai le Legacy mode i le Unified Policy mode, ma o lenei gaioiga na vave maua ai le API. O se faʻataʻitaʻiga lea o tulafono faʻaopoopo e faʻaopoopoina se tulafono i le tulaga pito i luga o le HTTPS Inspection policy e le aofia ai vaega 3 mai asiasiga (Soifua Maloloina, Tupe, Auaunaga a le Malo), lea e faʻasaina mai asiasiga e tusa ai ma tulafono a le tele o atunuu.
Fa'aopoopo se tulafono ile tulafono ole Su'esu'ega HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Fa'agasolo fa'amaumauga a le Python i luga ole 'au'aunaga fa'afoe o le Check Point
E tutusa mea uma o lo'o i ai fa'amatalaga i le auala e fa'agasolo sa'o ai tusitusiga Python mai le 'au'aunaga fa'atonutonu. E mafai ona faigofie pe a le mafai ona e faʻafesoʻotaʻi i le API server mai se isi masini. Sa ou pueina se vitio ono minute lea ou te tilotilo ai i le faapipiiina o le module cpapi ma foliga o le faʻaogaina o tusitusiga Python i luga o le server pule. E fai ma fa'ata'ita'iga, o lo'o fa'agasolo se fa'amaumauga e fa'autometi ai le fa'atulagaina o se faitoto'a fou mo se galuega e pei o le su'eina o feso'ota'iga Siaki Puipuiga. Faatasi ai ma foliga na tatau ona ou taulimaina: o le galuega e leʻi faʻaalia i le Python 2.7 faiga, ina ia faʻagasolo le faʻamatalaga e ulufale ai le tagata faʻaoga, e faʻaaogaina se galuega raw_input. A leai, o le code e tutusa ma le lafoaia mai isi masini, ae sili atu ona faigofie le faʻaaogaina o le galuega login_as_root, ina ia aua neʻi faʻamaonia lou lava igoa ole igoa, upu faʻaulu ma le tuatusi IP o le faʻaumau pulega.
Fa'amatalaga mo le seti vave o le Siaki Puipuiga
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() O se fa'ata'ita'iga faila o lo'o i ai se lomifefiloi o upu fa'aigoa additional_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
iʻuga
O lenei tusiga e suʻesuʻeina naʻo avanoa masani o galuega Python SDK ma le module cpapi(e pei ona e mateina, o upu tutusa ia), ma e ala i le suʻesuʻeina o le code i totonu o lenei module o le a e mauaina ai le tele o avanoa e galue ai. E mafai ona e manaʻo e faʻaopoopo i au lava vasega, galuega, metotia ma fesuiaiga. E mafai ona e fa'asoa i taimi uma lau galuega ma va'ai i isi fa'amaumauga mo le Su'ega i le vaega i totonu o le nuu , lea e tu'ufa'atasia uma le au atina'e oloa ma tagata fa'aoga.
Manuia coding ma faafetai mo le faitau seia oo i le iuga!
puna: www.habr.com
