Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importer: Add Dynamic Objects #2489

Open
alf-cactus opened this issue Jul 15, 2024 · 1 comment
Open

Importer: Add Dynamic Objects #2489

alf-cactus opened this issue Jul 15, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@alf-cactus
Copy link
Collaborator

alf-cactus commented Jul 15, 2024
edited
Loading

Dynamic Objects IPs and Ports are provided by big tech companies, they can vary daily. Firewall Vendors seem to store these information in their own databases and provide them to the Firewall Managers via Internet.

Checkpoint

Distinguishes between Aplications (used in Service) and Updatable Objects (used in SRC and DST). I can't figure out how to get current ports for Applications or current IPs from Updatable Objects via API. The API call "show-updatable-objects-repository-content" returns "info-url" for each Updatable Object. This URL links to non-standardized documentation pages of the Internet Company. You can see this list online
https://support.checkpoint.com/results/sk/sk131852

Fortinet

Internet Services contain IPs and Ports. They are stored in the Internet Services Database https://www.fortiguard.com/services/isdb
You can get all names and IDs per API (see first payload) and get a full description with IPs and ports for each individual Internet Service (see second payload)

payload = {
        "id": 1,
        "method": "exec",
        "params": [
            {
                "data": {
                    "action": "get",
                    "resource": "/api/v2/monitor/firewall/internet-service-basic",
                    "target": [
                        "adom/<adom>/device/<device>"
                    ]
                },
                "url": "sys/proxy/json"
            }
        ],
        "session": mySessionId,
        "verbose": 1
    }


payload = {
        "id": 1,
        "method": "exec",
        "params": [
            {
                "data": {
                    "action": "get",
                    "resource": "/api/v2/monitor/firewall/internet-service-details?city_id=0&count=1000&country_id=0&id=327880&region_id=0&start=0",
                    "target": [
                        "adom/<adom>/device/<device>"
                    ]
                },
                "url": "sys/proxy/json"
            }
        ],
        "session": mySessionId,
        "verbose": 1
    }

Possible Solution

In "network_objects" define new "obj_typ" eg. "dynamic". Objects of this type should be interpreted as "internet objects". That means their IPs are not 0.0.0.0/0 but from a smaller set. This smaller set might be defined as a zone in the compliance matrix
@alf-cactus alf-cactus added the enhancement New feature or request label Jul 15, 2024
@tpurschke
Copy link
Contributor

could you also add sample results for the two API calls?

@tpurschke tpurschke changed the title Add Dynamic Objects to Importer Importer: Add Dynamic Objects Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tpurschke @alf-cactus