Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Greg_Dunlap
Participant

Python API Lib set

a few months ago i found a code snip on here of python calling the web api and i wanted to expand on it to make a more extensible library set.

https://github.com/celticcow/r80api-functions

has the library set with a test script ... a LOT of debug info is returned.  I've been able to take this and make web front ends via simple cgi calls to automate a lot of firewall object builds etc ..

the idea is to call a function like add_a_host that will take arguments and do the json work for you ... and check things like does a host already exist with this IP.  or add_a_host_with_group which will add a host ... if a host object does NOT exist with this IP already.  if a host with that IP exist it will add that host object to the group name that is passed as an argument.   does similar things with networks and IP ranges.

 

example:

"""
add a host object and add it to a group
"""
def add_a_host_with_group(ip_addr, name, ip, group, sid):
    print("temp -- in add_a_host<br>")
    check_host_obj = {"type" : "host", "filter" : ip, "ip-only" : "true"}
    chkhst = api_call(ip_addr, "show-objects", check_host_obj, sid)

    if(chkhst['total'] == 0):
        #need new host
        if(name_exist(ip_addr, name, sid) == False):
            host_to_add = {"name" : name, "ip-address" : ip, "groups" : group, "color" : "light green"}
            out1 = api_call(ip_addr, "add-host", host_to_add, sid)
            print(json.dumps(out1))
        else:
            print("object with that name already exist")
    else:
        # host exist ... 
        print("host already exist")
        existing_host_name = chkhst['objects'][0]['name'] # name of existing host
        add_host_to_group_json = {
            "name" : group,
            "members" : {
                "add" : existing_host_name
            }
        }
        out1 = api_call(ip_addr, "set-group", add_host_to_group_json, sid)
        print(json.dumps(out1))

 

so in the main code you can just do something like:

apifunctions.add_a_host_with_group(ip_addr, "test176", "192.168.176.200", "group1", sid)

 

this will attempt to create a host object named "test176" with ip 192.168.176.200 into a group named "group1" unless something already exist with that IP and then it will add that.

ip_addr  = raw_input("Enter IP of MDS : ")
ip_cma   = raw_input("Enter IP of CMA : ")
user     = raw_input("Enter P1 User : ")
password = getpass.getpass('Enter P1 Password :')

sid = apifunctions.login(user, password, ip_addr, ip_cma)

 

will get you sid for the login.

 

hope this is helpful.  it's been a huge time savor for me when we're building out policies and i can create a web form for engineers to dump data into and it will create / search for them.

1 Reply
Maik
Advisor

Not bad 🙂 But are you familiar with the official Python SDK for the management (and nowadays also the GAiA) API?

You can find it via the official Check Point Github Account, or by clicking here.

Could save you some time as it nearly has all the features which somebody would need for automation tasks via the API.

It handles the requests and return values + also have own functions for login etc. In addition to that it includes samples, that show you how to get started.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events