does anyone know a way to add/create R77.30 style access rules (no inline 'n stuff) in R80.30 using the API (v1.5) and a csv file listing multiple rules in a multi domain environment?
The following is what I got so far, but that is pure guesswork...how would this look right?
So this is me trying to add a number of access rules containing all the relevant data (I don't need "time", "install on", etc.).
I am guessing the following after deriving bits and pieces all over the forum and internet:
mgmt_cli add access-rule -b /var/log/tmp/rules.csv --version 1.5
How would the correct csv file first row (header) look like? Something like this?:
package --- would be the according policy name used in that domain
postion.above --- will be a ruleUID as value
Does anyone have a working example of the above szenario? I can't be that far away from a working set of command and csv syntax.
Thanks a lot in advance.
Consider me already logged in to the according domain (Multi Domain Management) before executing anything else.
mgmt_cli login -d <domain_objid> > sid.txt.$$
$$ --- will add the session ID for a more or less unique file name. I know, I know, not ideal...but it serves the purpose allright in this case.
objid --- can be gathered using teh following command...at least on a R80.30 MDM MGMT server. A single CMA does not need this parameter (-d).
psql_client cpm postgres -c"select objid,name from domainbase_data where dlesession=0 and not deleted;"
Publish every 200-300 changes!
mgmt_cli publish -s sid.txt.$$
Logout when done
mgmt_cli logout -s sid.txt.$$
I also used the API to create all the objects like groups, hosts (adding them to groups already created as well in one go) and services (ports).
mgmt_cli add group -b groups.csv -s sid.txt.$$
mgmt_cli add host -b host.csv -s sid.txt.$$
mgmt_cli add service-tcp -b TCPports.csv
mgmt_cli add service-udp -b UDPports.csv
mgmt_cli add service-icmp -b ICMPports.csv
mgmt_cli add service-dce-rpc -b DCEports.csv
The reason to do the above is a vast number of connections (50+ million times hit count) I gathered from a few firewall logs matching too wide rules (something close to "src:<RFC1918_ranges> dst:<RFC1918_ranges> svc:any action:allow"). In order to create more specific set of rules for traffic really happening and bleeding out the too wide rules eventually.
I used an Excelsheet with loads of formulas I have never ever used before to prepare tabs for each of the required csv-files (groups, hosts, ports, rules) based on the reference data collected in the first tab (src, dst, port, protocol). The tabs are filled automatically ready for export as seperate csv-files. And here I am stuck on the rule part and how it has to look like. Please help
PS: All the links in other articles about adding objects and nat rules did not really mention anything else I need. I don't have to mention that the API reference does not explain bulk/batch usage. This is odd, as the API should help automate processes.
previously known as (pka.) Carsten_Weber