#!/usr/bin/python2.6 import json import connect import sys import time host = "fmc.dcloud.local" username = "restapiuser" password = "C1sco12345" #connect to the FMC API headers,uuid,server = connect.connect (host, username, password) ngfw_number = 0 while ngfw_number != '1' and ngfw_number != '2' and ngfw_number != '3': ngfw_number = str(raw_input("Specify firewall to register.\n Enter 1 for NGFW1.\n Enter 2 for NGFW2.\n Enter 3 for NGFW3.\nWhich firewall do you want to register? ")) ngfw_name='NGFW' + ngfw_number name=ngfw_name if ngfw_number == "1": outside_address = "198.18.133.81" outside_CIDR = "198.18.133.81/18" inside_address = "198.19.10.1" inside_CIDR = "198.19.10.1/24" if ngfw_number == "2": outside_address = "198.18.133.82" outside_CIDR = "198.18.133.82/18" inside_address = "198.19.10.2" inside_CIDR = "198.19.10.2/24" if ngfw_number == "3": outside_address = "198.18.133.83" outside_CIDR = "198.18.133.83/18" inside_address = "198.19.10.3" inside_CIDR = "198.19.10.3/24" policy_name = str(raw_input("Enter name of new Access Control Policy to be create:")) access_policy = { "type": "AccessPolicy", "name": policy_name, "defaultAction": { "action": "BLOCK" } } post_response = connect.accesspolicyPOST(headers,uuid,server,access_policy) policy_id = post_response["id"] print "Access Control Policy " + policy_name + " created.\n" print 'Attempting to register',ngfw_name+'.' device_post = { "name": name, "hostName": "ngfw"+ngfw_number+".dcloud.local", "regKey": "C1sco12345", "type": "Device", "license_caps": [ "BASE", "MALWARE", "URLFilter", "THREAT" ], "accessPolicy": { "id": policy_id, "type": "AccessPolicy" } } post_data = json.dumps(device_post) output = connect.devicePOST (headers, uuid, server, post_data) #print "\n---------------------------------------" #print "\n\nPost request is: \n" + json.dumps(output,indent=4) + "\n\n" #print "---------------------------------------\n" registered = False metadata = output["metadata"] task = metadata["task"] task_id = task["id"] str_no = 0 while registered == False: str_no = str_no + 1 print "Registration is in progress. (" + str(str_no) + ")" result = connect.taskstatusGET(headers,uuid,server, task_id) #print "\n\n-----result = " + str(result) + "--------\n" if result != 200: print "Registration completed.\n" registered = True else: time.sleep(10) # GET ALL THE DEVICES AND THEIR corresponding interfaces #user_input = str(raw_input("In the FMC UI, confirm that the device discovery has completed and then press 'y' to continue or 'n' to exit. [y/n]")) headers,uuid,server = connect.connect (host, username, password) #if user_input == "n": # quit() devices = connect.deviceGET(headers,uuid,server) for device in devices["items"]: if device["name"] == name: print "Device found; setting ID." device_id = device["id"] # NOW THAT WE HAVE THE DEVICE ID WE NEED TO GET ALL THE INTERFACES discovered = False # Interfaces i want to change interface_1 = "GigabitEthernet0/0" interface_2 = "GigabitEthernet0/1" str_no = 0 while discovered == False: str_no = str_no + 1 print "Interface discovery is in progress. (" + str(str_no) + ")" result = connect.interfaceGETCHK(headers,uuid,server,device_id) if result == 200: discovered = True print "Interface discovery completed.\n" time.sleep(10) interfaces = connect.interfaceGET(headers,uuid,server,device_id) for interface in interfaces["items"]: if interface["name"] == interface_1: interface_1_id = interface["id"] print "interface 1 found" if interface["name"] == interface_2: interface_2_id = interface["id"] print "interface 2 found" #user_input = str(raw_input("Would you like to configure device interfaces? [y/n]")) user_input = "y" if user_input == "y": print 'Attempting to set outside interface IP address to',outside_CIDR+'.' interface_put = { "type": "PhysicalInterface", "hardware": { "duplex": "AUTO", "speed": "AUTO" }, "mode":"NONE", "enabled": True, "MTU": 1500, "managementOnly": False, "ifname": "outside", "enableAntiSpoofing": False, "name": "GigabitEthernet0/0", "id": interface_1_id, "ipv4" : { "static": { "address":outside_address, "netmask":"18" } } } put_data = json.dumps(interface_put) connect.interfacePUT (headers, uuid, server, put_data,device_id,interface_1_id) print 'Attempting to set inside interface IP address to',inside_CIDR+'.' interface_put = { "type": "PhysicalInterface", "hardware": { "duplex": "AUTO", "speed": "AUTO" }, "mode":"NONE", "enabled": True, "MTU": 1500, "managementOnly": False, "ifname": "inside", "enableAntiSpoofing": False, "name": "GigabitEthernet0/1", "id": interface_2_id, "ipv4" : { "static": { "address":inside_address, "netmask":"24" } } } put_data = json.dumps(interface_put) connect.interfacePUT (headers, uuid, server, put_data,device_id,interface_2_id)