| NETWORK GROUP CLI SCRIPTS | | SERVICE GROUP CLI SCRIPTS |
|---|---|
| PANORAMA-PALO ALTO | PANORAMA-PALO ALTO |
| PALO ALTO STANDALONE FW | PALO ALTO STANDALONE FW |
| CHECKPOINT SDM R8* FW | CHECKPOINT SDM R8* FW |
| FORTIGATE FIREWALL/PROXY | FORTIGATE FIREWALL/PROXY |
| JUNIPER SRX FW | JUNIPER SRX FW |
| CISCO ASA FW | |
| CISCO IOS ROUTERS |
What is the time-consuming task in creating firewall rules? It is of course creating large address objects and address groups, isn't it? We got you covered. Our Online/Offline Tools help create these in minutes.
1. No need to learn complex API methods and functions for various firewalls.
2. Simple API calls to create object doesn’t really save time unless it’s integrated as part of larger programming.
3. Doesn’t require skills with programming languages.
4. Naming the Address-Group and Host IDs are simply editable in a Notepad.
5. Only require access to the CLI of the respective firewalls.
6. It is just a matter of copy pasting the commands generated by the tools.
It starts with simply asking the question what all the actions are we as firewall rules creators do as part of the operations. Let’s list them below.
1. Search for existing Objects/Rules.
2. Create new Objects/Rules.
3. Modify/Update new Objects/Rules.
4. Delete existing Objects/Rules.
1. GET == Search for existing Objects/Rules.
2. POST == Create new Objects/Rules.
3. PUT == Modify/Update new Objects/Rules.
4. DELETE == Delete existing Objects/Rules.
It is as simple as to start with, what are the methods available via API to do these tasks? Continue to scroll down below after the demo videos for how to use these tools to continue reading.
Create Address Group in FortiGate Firewall/Proxy in seconds, refer to video below.
Create New Network Group with CheckPoint Manager API Calls.
Update Existing Network Group with CheckPoint Manager API Calls.
How to use the Tool for PaloAlto Firewall Address-group creation-Panorama.
Video on how this tool shall be used to create Automated CLI commands of NetworkObjectgroups/AddressGroup/NetworkGroup/AddressSet for various firewalls.
Just like you have noticed the API methods has got specific names for the functions that we do, it has everything formatted in a specific manner, so the program understands what it does.
These formats are used to represent the data (variables and its values) for the program to handle as well as for us the programmers to understand what we are doing.
Widely used formats are JSON and XML. Each has their own advantages over the other and has specific structure in which they represent data.
To understand even better, let’s say we wanted to search for an Object in the firewall. The API GET method pulls the data from the firewall for our query and suppose we prefer the JSON format the result will be displayed in JSON format for that Object.
You will see the response below for example given in Palo Alto official guide.
{
"@code": "19",
"@status": "success",
"result": {
"@count": "3",
"@total-count": "3",
"entry": [
{
"@location": "vsys",
"@name": "fqdn1",
"@vsys": "vsys1",
fqdn": "www.test.com"
}
]
}
}
Don’t worry you just need to understand the left of : represents the variables and the right of : represents its values. When you search for an Address Object, the left should show it’s an object and the right should show the values of the objects.
What all can you remember that an Object has?
1. Name = some name
2. Value = IP address
3. Description = About the IP address
So, the API GET method should at least show these either in JSON or XML format. You shall use your own manipulations to make decisions.
Likewise, to Create an Address Object you need to provide these values in the respective format for the firewall to understand it’s a new Address Object creations and creates it. Same applies for other methods like PUT and DELETE.
Now you know the API calls can be used to do the same manual tasks that we as firewall Administrators do, these calls can be used in many ways.
1. Browser based API calls.
2. Programmable API calls ex. Python.
You as an administrator have your own privileged account to login to the devices to make changes, right?
How does an API make changes to the firewalls? It must have an account, doesn’t it? These accounts could be a dedicated API account for a given firewall or it shall your admin credentials.
The important thing to note is that the firewall used this credential to create an API Session key that is valid for that login session.
The Browser or the Program code uses this API Session key to login to the firewall and perform the function it is coded to do.
Now that you know what the API methods do, in what format the date is manipulated, how to establish a connection with the firewall. That’s a great way to start.
You shall learn more about the APIs for various firewalls here
1. Palo Alto API here.
2. CheckPoint API here.
Share this content with fellow Network/Security Engineers if this adds value to you.