//**************************** Delete Health Probe NAT Rule ******************************************************************** public string fmcDeleteHPNatRules(string authToken, ILogger log, string natPolicyId) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId + "/manualnatrules"; log.LogInformation("util:::: Deleting HP NAT rule..Started"); var policyClient = new RestClient(uri); var policyRequest = new RestRequest(Method.GET); //Disable SSL certificate check policyClient.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true; policyRequest.AddHeader("X-auth-access-token", authToken); var response = policyClient.Execute(policyRequest); if (response.StatusCode.ToString() != "OK") { log.LogError("util:::: Failed get NAT rules details from NAT policy"); return("ERROR"); } try { JObject o = JObject.Parse(response.Content); string hpNatId = o["items"][0]["id"].ToString(); if (0 == hpNatId.Length) { log.LogError("util:::: Failed to get NAT rule id"); return("ERROR"); } log.LogInformation("util:::: Gathered HB NAT rule id : {0}", hpNatId.ToString()); uri = uri + "/" + hpNatId; var restPost = new fmcRestApiClass(); if ("ERROR" == restPost.fmcRestApiDelete(uri, authToken, log)) { log.LogError("util:::: Failed to remove NAT rule "); return("ERROR"); } } catch { log.LogError("util:::: Exception occoured"); return("ERROR"); } log.LogInformation("util:::: Deleted NAT rule for Health Probe"); return("SUCCESS"); }
//****************************Create HOST Objects ******************************************************************** public string fmcHostObjectCreate(string authToken, string objName, string ip, ILogger log, string description) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/hosts"; string body = "{ \"name\": \"" + objName + "\", \"type\": \"Host\", \"value\": \"" + ip + "\", \"description\": \"" + description + "\" }"; log.LogInformation("util:::: Creating host object : {0}", objName); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to create HOST Object : {0} .. probably already existing", objName); return("ERROR"); } return("SUCCESS"); }
//****************************Delete HOST Objects ******************************************************************** public string fmcDeleteHostObj(string authToken, ILogger log, string objId) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/hosts/" + objId; log.LogInformation("util:::: Deleting Host Object.."); var restPost = new fmcRestApiClass(); var response = restPost.fmcRestApiDelete(uri, authToken, log); if ("ERROR" == response.ToString()) { log.LogError("util:::: Failed to remove Host Object "); return("ERROR"); } log.LogInformation("util:::: Deleted host object"); return("SUCCESS"); }
//****************************Delete NAT policy ******************************************************************** public string fmcDeleteNatPolicy(string authToken, ILogger log, string natPolicyId) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId; log.LogInformation("util:::: Deleting NAT Policy Started.."); var restPost = new fmcRestApiClass(); var response = restPost.fmcRestApiDelete(uri, authToken, log); if ("ERROR" == response.ToString()) { log.LogError("util:::: Failed to remove NAT Policy "); return("ERROR"); } log.LogInformation("util:::: Deleted NAT policy"); return("SUCCESS"); }
//****************************Create Auto NAT Rule ******************************************************************** public string fmcCreateAutoNatRules(string authToken, ILogger log, string natPolicyId, string natType, string sourceZoneId, string destZoneId, string originalNetworkObjectId) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies/" + natPolicyId + "/autonatrules"; string body = "{ \"type\": \"FTDAutoNatRule\", \"originalNetwork\": { \"type\": \"Network\", \"id\": \"" + originalNetworkObjectId + "\" }, \"originalPort\": \"0\", \"translatedPort\": \"0\", \"interfaceInTranslatedNetwork\": \"True\", \"dns\": \"False\", \"routeLookup\": \"False\", \"noProxyArp\": \"False\", \"netToNet\": \"False\", \"destinationInterface\": { \"id\": \"" + destZoneId + "\", \"type\": \"SecurityZone\" }, \"interfaceIpv6\": \"False\", \"fallThrough\": \"False\", \"natType\": \"DYNAMIC\", \"sourceInterface\": { \"id\": \"" + sourceZoneId + "\", \"type\": \"SecurityZone\" }, \"description\": \"\" } "; log.LogInformation("util:::: Creating Auto NAT rule"); log.LogDebug("util:::: uri : {0}, body : {1}", uri, body); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to create Auto NAT rule "); return("ERROR"); } return("SUCCESS"); }
//****************************Create Associate NAT policy with Device ******************************************************************** public string fmcAssociateNATpolicyWithDevice(string authToken, ILogger log, string policyName, string policyId, string deviceName, string deviceId) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/assignment/policyassignments"; string body = "{ \"type\": \"PolicyAssignment\", \"policy\": { \"type\": \"FTDNatPolicy\", \"id\": \"" + policyId + "\" }, \"targets\": [ { \"id\": \"" + deviceId + "\", \"type\": \"Device\" } ] }"; log.LogInformation("util:::: Associating NAT policy {0} with Device {1} ", policyName, deviceName); // log.LogInformation("util:::: uri : {0}, body : {1}", uri, body); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to Associate NAT policy {0}", policyName); return("ERROR"); } return("SUCCESS"); }
//****************************Create NAT Policy ******************************************************************** public string fmcCreateNATpolicy(string authToken, ILogger log, string policyName, string description) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/policy/ftdnatpolicies"; string body = "{ \"type\": \"FTDNatPolicy\", \"name\": \"" + policyName + "\", \"description\": \"" + description + "\" }"; log.LogInformation("util:::: Creating NAT policy {0}", policyName); log.LogDebug("util:::: uri : {0}, body : {1}", uri, body); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to create NAT policy {0}", policyName); return("ERROR"); } return("SUCCESS"); }
//****************************Create Network Group Objects ******************************************************************** // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! // !! This routine does not work as written and is only included as a placeholder !! // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! public string fmcNetworkGroupObjectCreate(string authToken, string objName, string netobjs, ILogger log, string description) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/object/networkgroups"; string body = "{ \"name\": \"" + objName + "\", \"value\": \"" + netobjs + "\", \"overridable\": \"False\", \"description\": \"" + description + "\" }"; log.LogInformation("util:::: Creating Network Group object : {0}", objName); log.LogDebug("util:::: uri : {0}, body : {1}", uri, body); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to create Network Group Object : {0}..probably already existing", objName); return("ERROR"); } return("SUCCESS"); }
//****************************Create HOST Static Routes ******************************************************************** public string fmcCreateHostRoutes(string authToken, ILogger log, string ngfwid, string interfaceName, string hostObjectNameTarget, string hostObjectIdTarget, string hostObjectNameGw, string hostObjectIdGw, string metric) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/devices/devicerecords/" + ngfwid + "/routing/ipv4staticroutes"; string body = "{ \"interfaceName\":\"" + interfaceName + "\", \"selectedNetworks\": [ { \"type\": \"Host\", \"id\": \"" + hostObjectIdTarget + "\", \"name\": \"" + hostObjectNameTarget + "\" } ], \"gateway\": { \"object\": { \"type\": \"Host\", \"id\": \"" + hostObjectIdGw + "\", \"name\": \"" + hostObjectNameGw + "\" } }, \"metricValue\": \"" + metric + "\", \"type\": \"IPv4StaticRoute\", \"isTunneled\": \"False\" } "; log.LogInformation("util:::: Creating host route for {0}:{1}", hostObjectNameTarget, hostObjectNameGw); log.LogDebug("util:::: uri : {0}, body : {1}", uri, body); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); log.LogInformation("util:::: Response : {0}", response); if ("ERROR" == response) { log.LogError("util:::: Failed to create host route : {0}:{1}", hostObjectNameTarget, hostObjectNameGw); return("ERROR"); } return("SUCCESS"); }
//****************************Create Device Group ******************************************************************** public string fmcCreateDeviceGroup(string authToken, ILogger log, string devGroupName) { string fmcIP = System.Environment.GetEnvironmentVariable("FMC_IP", EnvironmentVariableTarget.Process); string fmcUUID = System.Environment.GetEnvironmentVariable("FMC_DOMAIN_UUID", EnvironmentVariableTarget.Process); string uri = "https://" + fmcIP + "/api/fmc_config/v1/domain/" + fmcUUID + "/devicegroups/devicegrouprecords"; string body = "{ \"name\": \"" + devGroupName + "\", \"type\": \"DeviceGroup\" }"; log.LogInformation("uri: {0}", uri); log.LogInformation("body: {0}", body); log.LogInformation("util:::: Creating Device Group : {0}..", devGroupName); var restPost = new fmcRestApiClass(); string response = restPost.fmcRestApiPost(uri, authToken, log, body); if ("ERROR" == response) { log.LogError("util:::: Failed to create device group "); return("ERROR"); } return("SUCCESS"); }