//**************************** Delete Health Probe NAT Rule ********************************************************************
public string fmcDeleteHPNatRules(string authToken, ILogger log, string natPolicyId)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId + "/manualnatrules";
log.LogInformation("util:::: Deleting HP NAT rule..Started");
var policyClient = new RestClient(uri);
var policyRequest = new RestRequest(Method.GET);
//Disable SSL certificate check
policyClient.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
policyRequest.AddHeader("X-auth-access-token", authToken);
var response = policyClient.Execute(policyRequest);
if (response.StatusCode.ToString() != "OK")
{
log.LogError("util:::: Failed get NAT rules details from NAT policy");
return("ERROR");
}
try
{
JObject o = JObject.Parse(response.Content);
string hpNatId = o["items"][0]["id"].ToString();
if (0 == hpNatId.Length)
{
log.LogError("util:::: Failed to get NAT rule id");
return("ERROR");
}
log.LogInformation("util:::: Gathered HB NAT rule id : {0}", hpNatId.ToString());
uri = uri + "/" + hpNatId;
var restPost = new fmcRestApiClass();
if ("ERROR" == restPost.fmcRestApiDelete(uri, authToken, log))
{
log.LogError("util:::: Failed to remove NAT rule ");
return("ERROR");
}
}
catch
{
log.LogError("util:::: Exception occoured");
return("ERROR");
}
log.LogInformation("util:::: Deleted NAT rule for Health Probe");
return("SUCCESS");
}
//****************************Create HOST Objects ********************************************************************
public string fmcHostObjectCreate(string authToken, string objName, string ip, ILogger log, string description)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/hosts";
string body = "{ \"name\": \"" + objName + "\", \"type\": \"Host\", \"value\": \"" + ip + "\", \"description\": \"" + description + "\" }";
log.LogInformation("util:::: Creating host object : {0}", objName);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create HOST Object : {0} .. probably already existing", objName);
return("ERROR");
}
return("SUCCESS");
}
//****************************Delete HOST Objects ********************************************************************
public string fmcDeleteHostObj(string authToken, ILogger log, string objId)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/hosts/" + objId;
log.LogInformation("util:::: Deleting Host Object..");
var restPost = new fmcRestApiClass();
var response = restPost.fmcRestApiDelete(uri, authToken, log);
if ("ERROR" == response.ToString())
{
log.LogError("util:::: Failed to remove Host Object ");
return("ERROR");
}
log.LogInformation("util:::: Deleted host object");
return("SUCCESS");
}
//****************************Delete NAT policy ********************************************************************
public string fmcDeleteNatPolicy(string authToken, ILogger log, string natPolicyId)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId;
log.LogInformation("util:::: Deleting NAT Policy Started..");
var restPost = new fmcRestApiClass();
var response = restPost.fmcRestApiDelete(uri, authToken, log);
if ("ERROR" == response.ToString())
{
log.LogError("util:::: Failed to remove NAT Policy ");
return("ERROR");
}
log.LogInformation("util:::: Deleted NAT policy");
return("SUCCESS");
}
//****************************Create Auto NAT Rule ********************************************************************
public string fmcCreateAutoNatRules(string authToken, ILogger log, string natPolicyId, string natType, string sourceZoneId, string destZoneId, string originalNetworkObjectId)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId + "/autonatrules";
string body = "{ \"type\": \"FTDAutoNatRule\", \"originalNetwork\": { \"type\": \"Network\", \"id\": \"" + originalNetworkObjectId + "\" }, \"originalPort\": \"0\", \"translatedPort\": \"0\", \"interfaceInTranslatedNetwork\": \"True\", \"dns\": \"False\", \"routeLookup\": \"False\", \"noProxyArp\": \"False\", \"netToNet\": \"False\", \"destinationInterface\": { \"id\": \"" + destZoneId + "\", \"type\": \"SecurityZone\" }, \"interfaceIpv6\": \"False\", \"fallThrough\": \"False\", \"natType\": \"DYNAMIC\", \"sourceInterface\": { \"id\": \"" + sourceZoneId + "\", \"type\": \"SecurityZone\" }, \"description\": \"\" } ";
log.LogInformation("util:::: Creating Auto NAT rule");
log.LogDebug("util:::: uri : {0}, body : {1}", uri, body);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create Auto NAT rule ");
return("ERROR");
}
return("SUCCESS");
}
//****************************Create Associate NAT policy with Device ********************************************************************
public string fmcAssociateNATpolicyWithDevice(string authToken, ILogger log, string policyName, string policyId, string deviceName, string deviceId)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/assignment/policyassignments";
string body = "{ \"type\": \"PolicyAssignment\", \"policy\": { \"type\": \"FTDNatPolicy\", \"id\": \"" + policyId + "\" }, \"targets\": [ { \"id\": \"" + deviceId + "\", \"type\": \"Device\" } ] }";
log.LogInformation("util:::: Associating NAT policy {0} with Device {1} ", policyName, deviceName);
// log.LogInformation("util:::: uri : {0}, body : {1}", uri, body);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to Associate NAT policy {0}", policyName);
return("ERROR");
}
return("SUCCESS");
}
//****************************Create NAT Policy ********************************************************************
public string fmcCreateNATpolicy(string authToken, ILogger log, string policyName, string description)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies";
string body = "{ \"type\": \"FTDNatPolicy\", \"name\": \"" + policyName + "\", \"description\": \"" + description + "\" }";
log.LogInformation("util:::: Creating NAT policy {0}", policyName);
log.LogDebug("util:::: uri : {0}, body : {1}", uri, body);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create NAT policy {0}", policyName);
return("ERROR");
}
return("SUCCESS");
}
//****************************Create Network Group Objects ********************************************************************
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// !! This routine does not work as written and is only included as a placeholder !!
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
public string fmcNetworkGroupObjectCreate(string authToken, string objName, string netobjs, ILogger log, string description)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/networkgroups";
string body = "{ \"name\": \"" + objName + "\", \"value\": \"" + netobjs + "\", \"overridable\": \"False\", \"description\": \"" + description + "\" }";
log.LogInformation("util:::: Creating Network Group object : {0}", objName);
log.LogDebug("util:::: uri : {0}, body : {1}", uri, body);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create Network Group Object : {0}..probably already existing", objName);
return("ERROR");
}
return("SUCCESS");
}
//****************************Create HOST Static Routes ********************************************************************
public string fmcCreateHostRoutes(string authToken, ILogger log, string ngfwid, string interfaceName, string hostObjectNameTarget, string hostObjectIdTarget, string hostObjectNameGw, string hostObjectIdGw, string metric)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/devices/devicerecords/" + ngfwid + "/routing/ipv4staticroutes";
string body = "{ \"interfaceName\":\"" + interfaceName + "\", \"selectedNetworks\": [ { \"type\": \"Host\", \"id\": \"" + hostObjectIdTarget + "\", \"name\": \"" + hostObjectNameTarget + "\" } ], \"gateway\": { \"object\": { \"type\": \"Host\", \"id\": \"" + hostObjectIdGw + "\", \"name\": \"" + hostObjectNameGw + "\" } }, \"metricValue\": \"" + metric + "\", \"type\": \"IPv4StaticRoute\", \"isTunneled\": \"False\" } ";
log.LogInformation("util:::: Creating host route for {0}:{1}", hostObjectNameTarget, hostObjectNameGw);
log.LogDebug("util:::: uri : {0}, body : {1}", uri, body);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
log.LogInformation("util:::: Response : {0}", response);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create host route : {0}:{1}", hostObjectNameTarget, hostObjectNameGw);
return("ERROR");
}
return("SUCCESS");
}
//****************************Create Device Group ********************************************************************
public string fmcCreateDeviceGroup(string authToken, ILogger log, string devGroupName)
{
string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process);
string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process);
string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/devicegroups/devicegrouprecords";
string body = "{ \"name\": \"" + devGroupName + "\", \"type\": \"DeviceGroup\" }";
log.LogInformation("uri: {0}", uri);
log.LogInformation("body: {0}", body);
log.LogInformation("util:::: Creating Device Group : {0}..", devGroupName);
var restPost = new fmcRestApiClass();
string response = restPost.fmcRestApiPost(uri, authToken, log, body);
if ("ERROR" == response)
{
log.LogError("util:::: Failed to create device group ");
return("ERROR");
}
return("SUCCESS");
}
