diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 10669eeba..4b109e985 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/test-install.yml b/.github/workflows/test-install.yml index 30c9003e5..9eb0b10d4 100644 --- a/.github/workflows/test-install.yml +++ b/.github/workflows/test-install.yml @@ -7,14 +7,14 @@ name: Build on: push: - branches: [ main,develop ] + branches: [ main, develop ] paths-ignore: - 'documentation/**' - 'design/**' pull_request: - types: [ ready_for_review review_requested ] - branches: [ main,develop ] + types: [ ready_for_review, review_requested ] + branches: [ main, develop ] paths-ignore: - 'documentation/**' - 'design/**' @@ -36,7 +36,8 @@ jobs: steps: - uses: actions/checkout@v3 - name: do test install in case of merged pull request - run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K + run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K +# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K # test_ubuntu_22: # name: test build on ubuntu_22 @@ -44,4 +45,5 @@ jobs: # steps: # - uses: actions/checkout@v3 # - name: do test install in case of merged pull request - # run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K + # run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K + # run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K diff --git a/.gitignore b/.gitignore index 7cd4f1771..e4d9f3106 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ .idea/ .test_data/ roles/importer/venv/ +ansible_venv/ diff --git a/.vscode/launch.json b/.vscode/launch.json index 34ec57626..6b4936dd8 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -7,7 +7,7 @@ "request": "launch", "preLaunchTask": "build_middleware", "enableStepFiltering": false, - "program": "${workspaceFolder}/roles/middleware/files/FWO.Middleware.Server/bin/Debug/net6.0/FWO.Middleware.Server.dll", + "program": "${workspaceFolder}/roles/middleware/files/FWO.Middleware.Server/bin/Debug/net8.0/FWO.Middleware.Server.dll", "args": [], "cwd": "${workspaceFolder}/roles/middleware/files/FWO.Middleware.Server", "console": "internalConsole", @@ -17,6 +17,9 @@ "action": "openExternally", "pattern": "\\bNow listening on:\\s+(https?://\\S+)", "uriFormat": "%s/swagger" + }, + "logging": { + "moduleLoad": false } }, { @@ -24,7 +27,7 @@ "type": "coreclr", "request": "launch", "preLaunchTask": "build_UI", - "program": "${workspaceFolder}/roles/ui/files/FWO.UI/bin/Debug/net6.0/FWO.Ui.dll", + "program": "${workspaceFolder}/roles/ui/files/FWO.UI/bin/Debug/net8.0/FWO.Ui.dll", "args": [], "cwd": "${workspaceFolder}/roles/ui/files/FWO.UI", "stopAtEntry": false, @@ -38,11 +41,40 @@ }, "sourceFileMap": { "/Views": "${workspaceFolder}/Views" + }, + "logging": { + "moduleLoad": false } }, + { + "name": "py-normalizeRlmOwners", + "type": "debugpy", + "request": "launch", + "program": "${workspaceFolder}/scripts/customizing/modelling/getOwnersFromTufinRlm.py", + "console": "integratedTerminal", + "env": { + "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}" + }, + "args": [ + "-c${workspaceFolder}/scripts/customizing/modelling/customizingConfig.json" + ] + }, + { + "name": "py-normalizeNwData", + "type": "debugpy", + "request": "launch", + "program": "${workspaceFolder}/scripts/customizing/modelling/convertNwObjDataExample.py", + "console": "integratedTerminal", + "env": { + "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}" + }, + "args": [ + "-c${workspaceFolder}/scripts/customizing/modelling/customizingConfig.json" + ] + }, { "name": "py-import-mgm", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/import-mgm.py", "console": "integratedTerminal", @@ -50,11 +82,12 @@ "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}" }, "args": [ - "-m55", - "-d3", + "-m5", + "-d1", "-f", "-s", - //"-c" + //"-l66", + // "-c" //"-l250" // 41 - lab fortimanager //"-nhttps://fwodemodata.cactus.de/demo07_dummyGw1.json" @@ -64,9 +97,22 @@ //"-ihttps://fwodemodata.cactus.de/big/xxx.json", ] }, + { + "name": "py-customize-FWO-sample", + "type": "debugpy", + "request": "launch", + "program": "${workspaceFolder}/scripts/customizing/customizeFwoSampleScript.py", + "console": "integratedTerminal", + "env": { + "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}" + }, + "args": [ + "-c${workspaceFolder}/scripts/customizing/sampleCustomSettings.json" + ] + }, { "name": "py-acquire-lock", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/common/files/acquire_lock.py", "console": "integratedTerminal", @@ -79,7 +125,7 @@ }, { "name": "py-generate-tenant-data", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/test/files/tenant_networks/create_tenant_network_data.py", "console": "integratedTerminal", @@ -90,7 +136,7 @@ }, { "name": "py-change-comment", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/sample-data/files/config_changes/write_date_to_comment.py", "console": "integratedTerminal", @@ -101,7 +147,7 @@ }, { "name": "py-change-rule", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/sample-data/files/config_changes/enlarge_rule.py", "console": "integratedTerminal", @@ -112,7 +158,7 @@ }, { "name": "py-cpr8x-get-config", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/checkpointR8x/get_config.py", "console": "integratedTerminal", @@ -130,7 +176,7 @@ }, { "name": "py-cpr8x-enrich-config", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/checkpointR8x/enrich_config.py", "console": "integratedTerminal", @@ -147,7 +193,7 @@ }, { "name": "py-cpr8x-parse-config", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/checkpointR8x/parse_config.py", "console": "integratedTerminal", @@ -161,7 +207,7 @@ }, { "name": "py-cpr8x-api-test-call", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/checkpointR8x/api-test-call.py", "console": "integratedTerminal", @@ -174,7 +220,7 @@ }, { "name": "py-get-config-fm7", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/fortimanager5ff/get_config.py", "console": "integratedTerminal", @@ -192,7 +238,7 @@ }, { "name": "py-export-itsecorg", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/api/files/scripts/fwo-export-itsecorg-devices.py", "console": "integratedTerminal", @@ -209,7 +255,7 @@ }, { "name": "py-export-config", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/api/files/scripts/fwo-export-config.py", "console": "integratedTerminal", @@ -222,7 +268,7 @@ }, { "name": "py-execute-graphql", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/api/files/scripts/fwo-execute-graphql.py", "console": "integratedTerminal", @@ -235,7 +281,7 @@ }, { "name": "py-execute-graphql-query", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/api/files/scripts/fwo-execute-graphql-query.py", "console": "integratedTerminal", @@ -248,7 +294,7 @@ }, { "name": "py-cpr8x-autodiscovery", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/checkpointR8x/auto-discover.py", "console": "integratedTerminal", @@ -266,7 +312,7 @@ }, { "name": "py-import-main-loop", - "type": "python", + "type": "debugpy", "request": "launch", "program": "${workspaceFolder}/roles/importer/files/importer/import-main-loop.py", "console": "integratedTerminal", @@ -283,13 +329,13 @@ "name": "c#-FWO Test", "type": "coreclr", "request": "launch", - "preLaunchTask": "build_test", + // "preLaunchTask": "build_test", "program": "/usr/bin/dotnet", "args": [ "test" ], "cwd": "${workspaceFolder}/roles/test/files/FWO.Test", - "stopAtEntry": true, + "stopAtEntry": false, "console": "integratedTerminal" }, { diff --git a/README.md b/README.md index 95d599985..3b298e7d1 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,17 @@ [![Open Source Love svg1](https://github.com/ellerbrock/open-source-badges/blob/master/badges/open-source-v1/open-source.svg)](https://github.com/ellerbrock/open-source-badges/) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) -- Import firewall configurations (rules) of various brands (Check Point, Fortinet, Cisco, Juniper, Barracuda, Netscreen) +- Import firewall configurations (rules) of various brands (Check Point, Fortinet, Cisco, Azure, Palo Alto, Juniper, Barracuda, Netscreen) - Request changes on your firewall configuration using the new workflow module in v6.0 - Display reports on firewall configuration and changes - Regularly re-certify firewall rules to clean up your rulebase - Use the built-in GraphQL API to integrate with your existing infrastructure (Directory Service, ITSM, IPAM, ...) -Demo: if you want to see what it looks like in advance, visit (user: test, password: drive2). +Reporting Demo: +![fwo-demo-reporting-vsmall](https://github.com/CactuseSecurity/firewall-orchestrator/assets/19877770/f9ffe37f-b059-44cf-b056-30a8f3e008a6) + + +Further Demo: if you want to see what it looks like in advance, visit (user: test, password: drive2). ## Installation instructions diff --git a/ansible.cfg b/ansible.cfg index ef5ce7703..faff2a1cf 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,12 +1,13 @@ # ansible.cfg [defaults] inventory = inventory -#timeout = 60 +# interpreter_python = ~/.local/bin/ansible +# timeout = 60 force_handlers = True stdout_callback = yaml -gathering = smart -gather_subset = !hardware,!facter,!ohai +# gathering = smart +# gather_subset = !hardware,!facter,!ohai ansible_conditional_bare_vars=false diff --git a/azure/app.zip b/azure/app.zip new file mode 100644 index 000000000..dc2df8407 Binary files /dev/null and b/azure/app.zip differ diff --git a/azure/createUiDefinition.json b/azure/createUiDefinition.json new file mode 100644 index 000000000..fcce79ab5 --- /dev/null +++ b/azure/createUiDefinition.json @@ -0,0 +1,91 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "basics": [ + {} + ], + "steps": [ + { + "name": "webAppSettings", + "label": "Web App settings", + "subLabel": { + "preValidation": "Configure the web app settings", + "postValidation": "Completed" + }, + "elements": [ + { + "name": "appServicePlanName", + "type": "Microsoft.Common.TextBox", + "label": "App Service plan name", + "placeholder": "App Service plan name", + "defaultValue": "", + "toolTip": "Use alphanumeric characters or hyphens with a maximum of 40 characters.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,40}$", + "validationMessage": "Only alphanumeric characters or hyphens are allowed, with a maximum of 40 characters." + }, + "visible": true + }, + { + "name": "appServiceName", + "type": "Microsoft.Common.TextBox", + "label": "App Service name prefix", + "placeholder": "App Service name prefix", + "defaultValue": "", + "toolTip": "Use alphanumeric characters or hyphens with minimum of 2 characters and maximum of 47 characters.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{2,47}$", + "validationMessage": "Only alphanumeric characters or hyphens are allowed, with a minimum of 2 characters and maximum of 47 characters." + }, + "visible": true + } + ] + }, + { + "name": "storageConfig", + "label": "Storage settings", + "subLabel": { + "preValidation": "Configure the storage settings", + "postValidation": "Completed" + }, + "elements": [ + { + "name": "storageAccounts", + "type": "Microsoft.Storage.MultiStorageAccountCombo", + "label": { + "prefix": "Storage account name prefix", + "type": "Storage account type" + }, + "toolTip": { + "prefix": "Enter maximum of 11 lowercase letters or numbers.", + "type": "Available choices are Standard_LRS, Standard_GRS, and Premium_LRS." + }, + "defaultValue": { + "type": "Standard_LRS" + }, + "constraints": { + "allowedTypes": [ + "Premium_LRS", + "Standard_LRS", + "Standard_GRS" + ] + }, + "visible": true + } + ] + } + ], + "outputs": { + "location": "[location()]", + "appServicePlanName": "[steps('webAppSettings').appServicePlanName]", + "appServiceNamePrefix": "[steps('webAppSettings').appServiceName]", + "storageAccountNamePrefix": "[steps('storageConfig').storageAccounts.prefix]", + "storageAccountType": "[steps('storageConfig').storageAccounts.type]" + } + } + } + \ No newline at end of file diff --git a/azure/deploy-2004.json b/azure/deploy-2004.json new file mode 100644 index 000000000..9f2bddeb5 --- /dev/null +++ b/azure/deploy-2004.json @@ -0,0 +1,331 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.17.1.54307", + "templateHash": "11453007703022839041" + } + }, + "parameters": { + "vmName": { + "type": "string", + "defaultValue": "simpleLinuxVM", + "metadata": { + "description": "The name of you Virtual Machine." + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Username for the Virtual Machine." + } + }, + "authenticationType": { + "type": "string", + "defaultValue": "password", + "allowedValues": [ + "sshPublicKey", + "password" + ], + "metadata": { + "description": "Type of authentication to use on the Virtual Machine. SSH key is recommended." + } + }, + "adminPasswordOrKey": { + "type": "securestring", + "metadata": { + "description": "SSH Key or password for the Virtual Machine. SSH key is recommended." + } + }, + "dnsLabelPrefix": { + "type": "string", + "defaultValue": "[toLower(format('{0}-{1}', parameters('vmName'), uniqueString(resourceGroup().id)))]", + "metadata": { + "description": "Unique DNS Name for the Public IP used to access the Virtual Machine." + } + }, + "ubuntuOSVersion": { + "type": "string", + "defaultValue": "Ubuntu-2004", + "allowedValues": [ + "Ubuntu-2004", + "Ubuntu-2204" + ], + "metadata": { + "description": "The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "The size of the VM" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "vNet", + "metadata": { + "description": "Name of the VNET" + } + }, + "subnetName": { + "type": "string", + "defaultValue": "Subnet", + "metadata": { + "description": "Name of the subnet in the virtual network" + } + }, + "networkSecurityGroupName": { + "type": "string", + "defaultValue": "SecGroupNet", + "metadata": { + "description": "Name of the Network Security Group" + } + }, + "securityType": { + "type": "string", + "defaultValue": "TrustedLaunch", + "allowedValues": [ + "Standard", + "TrustedLaunch" + ], + "metadata": { + "description": "Security Type of the Virtual Machine." + } + } + }, + "variables": { + "imageReference": { + "Ubuntu-1804": { + "publisher": "Canonical", + "offer": "UbuntuServer", + "sku": "18_04-lts-gen2", + "version": "latest" + }, + "Ubuntu-2004": { + "publisher": "Canonical", + "offer": "0001-com-ubuntu-server-focal", + "sku": "20_04-lts-gen2", + "version": "latest" + }, + "Ubuntu-2204": { + "publisher": "Canonical", + "offer": "0001-com-ubuntu-server-jammy", + "sku": "22_04-lts-gen2", + "version": "latest" + } + }, + "publicIPAddressName": "[format('{0}PublicIP', parameters('vmName'))]", + "networkInterfaceName": "[format('{0}NetInt', parameters('vmName'))]", + "osDiskType": "Standard_LRS", + "subnetAddressPrefix": "10.1.0.0/24", + "addressPrefix": "10.1.0.0/16", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]", + "keyData": "[parameters('adminPasswordOrKey')]" + } + ] + } + }, + "securityProfileJson": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "[parameters('securityType')]" + }, + "extensionName": "GuestAttestation", + "extensionPublisher": "Microsoft.Azure.Security.LinuxAttestation", + "extensionVersion": "1.0", + "maaTenantName": "GuestAttestation", + "maaEndpoint": "[substring('emptystring', 0, 0)]" + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-05-01", + "name": "[variables('networkInterfaceName')]", + "location": "[parameters('location')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]" + }, + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]", + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]" + ] + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2021-05-01", + "name": "[parameters('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "SSH", + "properties": { + "priority": 1000, + "protocol": "Tcp", + "access": "Allow", + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "destinationAddressPrefix": "*", + "destinationPortRange": "22" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2021-05-01", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('location')]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2021-05-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('subnetName'))]", + "properties": { + "addressPrefix": "[variables('subnetAddressPrefix')]", + "privateEndpointNetworkPolicies": "Enabled", + "privateLinkServiceNetworkPolicies": "Enabled" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" + ] + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2021-05-01", + "name": "[variables('publicIPAddressName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Basic" + }, + "properties": { + "publicIPAllocationMethod": "Dynamic", + "publicIPAddressVersion": "IPv4", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsLabelPrefix')]" + }, + "idleTimeoutInMinutes": 4 + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2021-11-01", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "osDisk": { + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "[variables('osDiskType')]" + } + }, + "imageReference": "[variables('imageReference')[parameters('ubuntuOSVersion')]]" + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + } + ] + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPasswordOrKey')]", + "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]" + }, + "securityProfile": "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + ] + }, + { + "condition": "[and(equals(parameters('securityType'), 'TrustedLaunch'), and(equals(variables('securityProfileJson').uefiSettings.secureBootEnabled, true()), equals(variables('securityProfileJson').uefiSettings.vTpmEnabled, true())))]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('vmName'), variables('extensionName'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[variables('extensionPublisher')]", + "type": "[variables('extensionName')]", + "typeHandlerVersion": "[variables('extensionVersion')]", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true, + "settings": { + "AttestationConfig": { + "MaaSettings": { + "maaEndpoint": "[variables('maaEndpoint')]", + "maaTenantName": "[variables('maaTenantName')]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" + ] + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + }, + "hostname": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName')), '2021-05-01').dnsSettings.fqdn]" + }, + "sshCommand": { + "type": "string", + "value": "[format('ssh {0}@{1}', parameters('adminUsername'), reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName')), '2021-05-01').dnsSettings.fqdn)]" + } + } + } \ No newline at end of file diff --git a/azure/fwo.bicep b/azure/fwo.bicep new file mode 100644 index 000000000..c2b432e09 --- /dev/null +++ b/azure/fwo.bicep @@ -0,0 +1,264 @@ +@description('The name of you Virtual Machine.') +param vmName string = 'fwoTest1' + +@description('Username for the Virtual Machine.') +param adminUsername string + +@description('Type of authentication to use on the Virtual Machine. SSH key is recommended.') +@allowed([ + 'sshPublicKey' + 'password' +]) +param authenticationType string = 'password' + +@description('SSH Key or password for the Virtual Machine. SSH key is recommended.') +@secure() +param adminPasswordOrKey string + +@description('Unique DNS Name for the Public IP used to access the Virtual Machine.') +param dnsLabelPrefix string = toLower('${vmName}-${uniqueString(resourceGroup().id)}') + +@description('The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.') +@allowed([ + 'Ubuntu-1804' + 'Ubuntu-2004' + 'Ubuntu-2204' +]) +param ubuntuOSVersion string = 'Ubuntu-2004' + +@description('Location for all resources.') +param location string = resourceGroup().location + +@description('The size of the VM') +param vmSize string = 'Standard_D2s_v3' + +@description('Name of the VNET') +param virtualNetworkName string = 'vNet' + +@description('Name of the subnet in the virtual network') +param subnetName string = 'Subnet' + +@description('Name of the Network Security Group') +param networkSecurityGroupName string = 'SecGroupNet' + +@description('Security Type of the Virtual Machine.') +@allowed([ + 'Standard' + 'TrustedLaunch' +]) +param securityType string = 'TrustedLaunch' + +var imageReference = { + 'Ubuntu-1804': { + publisher: 'Canonical' + offer: 'UbuntuServer' + sku: '18_04-lts-gen2' + version: 'latest' + } + 'Ubuntu-2004': { + publisher: 'Canonical' + offer: '0001-com-ubuntu-server-focal' + sku: '20_04-lts-gen2' + version: 'latest' + } + 'Ubuntu-2204': { + publisher: 'Canonical' + offer: '0001-com-ubuntu-server-jammy' + sku: '22_04-lts-gen2' + version: 'latest' + } +} +var publicIPAddressName = '${vmName}PublicIP' +var networkInterfaceName = '${vmName}NetInt' +var osDiskType = 'Standard_LRS' +var subnetAddressPrefix = '10.11.12.0/28' +var addressPrefix = '10.11.12.0/23' +var linuxConfiguration = { + disablePasswordAuthentication: true + ssh: { + publicKeys: [ + { + path: '/home/${adminUsername}/.ssh/authorized_keys' + keyData: adminPasswordOrKey + } + ] + } +} +var securityProfileJson = { + uefiSettings: { + secureBootEnabled: true + vTpmEnabled: true + } + securityType: securityType +} +var extensionName = 'GuestAttestation' +var extensionPublisher = 'Microsoft.Azure.Security.LinuxAttestation' +var extensionVersion = '1.0' +var maaTenantName = 'GuestAttestation' +var maaEndpoint = substring('emptystring', 0, 0) + +resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { + name: networkInterfaceName + location: location + properties: { + ipConfigurations: [ + { + name: 'ipconfig1' + properties: { + subnet: { + id: subnet.id + } + privateIPAllocationMethod: 'Dynamic' + publicIPAddress: { + id: publicIPAddress.id + } + } + } + ] + networkSecurityGroup: { + id: networkSecurityGroup.id + } + } +} + +resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' = { + name: networkSecurityGroupName + location: location + properties: { + securityRules: [ + { + name: 'SSH' + properties: { + priority: 1000 + protocol: 'Tcp' + access: 'Allow' + direction: 'Inbound' + sourceAddressPrefix: '*' + sourcePortRange: '*' + destinationAddressPrefix: '*' + destinationPortRange: '22' + } + } + ] + } +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + } +} + +resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = { + parent: virtualNetwork + name: subnetName + properties: { + addressPrefix: subnetAddressPrefix + privateEndpointNetworkPolicies: 'Enabled' + privateLinkServiceNetworkPolicies: 'Enabled' + } +} + +resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2021-05-01' = { + name: publicIPAddressName + location: location + sku: { + name: 'Basic' + } + properties: { + publicIPAllocationMethod: 'Dynamic' + publicIPAddressVersion: 'IPv4' + dnsSettings: { + domainNameLabel: dnsLabelPrefix + } + idleTimeoutInMinutes: 4 + } +} + +resource vm 'Microsoft.Compute/virtualMachines@2021-11-01' = { + name: vmName + location: location + properties: { + hardwareProfile: { + vmSize: vmSize + } + storageProfile: { + osDisk: { + createOption: 'FromImage' + managedDisk: { + storageAccountType: osDiskType + } + } + imageReference: imageReference[ubuntuOSVersion] + } + networkProfile: { + networkInterfaces: [ + { + id: networkInterface.id + } + ] + } + osProfile: { + computerName: vmName + adminUsername: adminUsername + adminPassword: adminPasswordOrKey + linuxConfiguration: ((authenticationType == 'password') ? null : linuxConfiguration) + } + securityProfile: ((securityType == 'TrustedLaunch') ? securityProfileJson : null) + } +} + +resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = if ((securityType == 'TrustedLaunch') && ((securityProfileJson.uefiSettings.secureBootEnabled == true) && (securityProfileJson.uefiSettings.vTpmEnabled == true))) { + parent: vm + name: extensionName + location: location + properties: { + publisher: extensionPublisher + type: extensionName + typeHandlerVersion: extensionVersion + autoUpgradeMinorVersion: true + enableAutomaticUpgrade: true + settings: { + AttestationConfig: { + MaaSettings: { + maaEndpoint: maaEndpoint + maaTenantName: maaTenantName + } + } + } + } +} + +resource config_app 'Microsoft.Compute/virtualMachines/extensions@2019-03-01' = { + name: '${vm.name}/install-fwo' + location: location + tags: { + displayName: 'install-fworch' + } + properties: { + publisher: 'Microsoft.Azure.Extensions' + type: 'CustomScript' + typeHandlerVersion: '2.1' + autoUpgradeMinorVersion: true + settings: {} + protectedSettings: { + commandToExecute: 'sh install_toplevel.sh' + fileUris: [ + 'https://github.com/CactuseSecurity/firewall-orchestrator/blob/main/scripts/install_toplevel.sh' + ] + } + } +} + +// https://github.com/tpurschke/firewall-orchestrator/blob/develop/azure/install_script.b64 +// https://github.com/CactuseSecurity/firewall-orchestrator/blob/main/scripts/install_toplevel.sh + +output adminUsername string = adminUsername +output hostname string = publicIPAddress.properties.dnsSettings.fqdn +output sshCommand string = 'ssh ${adminUsername}@${publicIPAddress.properties.dnsSettings.fqdn}' diff --git a/azure/install_script.b64 b/azure/install_script.b64 new file mode 100644 index 000000000..2361f96b7 --- /dev/null +++ b/azure/install_script.b64 @@ -0,0 +1 @@ +IyEvYmluL3NoCiNmaXJld2FsbC1vcmNoZXN0cmF0b3IgaW5zdGFsbGVyCgojaW5zdGFsbCByZXF1aXJlZCBwYWNrYWdlcwphcHQtZ2V0IGluc3RhbGwgZ2l0IGFuc2libGUgc3NoIHN1ZG8KCiNnZW5lcmF0ZSBzc2gga2V5CiMgc3NoLWtleWdlbiAtYiA0MDk2CiMgY2F0IC5zc2gvaWRfcnNhLnB1YiA+Pi5zc2gvYXV0aG9yaXplZF9rZXlzCiMgY2htb2QgNjAwIC5zc2gvYXV0aG9yaXplZF9rZXlzCgojdGVzdHMKIyBzc2ggMTI3LjAuMC4xCiMgYW5zaWJsZSAtbSBwaW5nIDEyNy4wLjAuMQoKI2Nsb25lIHJlcG9zaXRvcnkgYW5kIGluc3RhbGwgZmlyZXdhbGwtb3JjaGVzdHJhdG9yCmdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vQ2FjdHVzZVNlY3VyaXR5L2ZpcmV3YWxsLW9yY2hlc3RyYXRvciAmJiBjZCBmaXJld2FsbC1vcmNoZXN0cmF0b3IgJiYgYW5zaWJsZS1wbGF5Ym9vayBzaXRlLnltbCAtSwo= \ No newline at end of file diff --git a/azure/mainTemplate.json b/azure/mainTemplate.json new file mode 100644 index 000000000..5451e2051 --- /dev/null +++ b/azure/mainTemplate.json @@ -0,0 +1,109 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "appServicePlanName": { + "type": "string", + "maxLength": 40, + "metadata": { + "description": "Firewall Orchestrator Managed" + } + }, + "appServiceNamePrefix": { + "type": "string", + "maxLength": 47, + "metadata": { + "description": "FWORCH" + } + }, + "storageAccountNamePrefix": { + "type": "string", + "maxLength": 11, + "metadata": { + "description": "FWORCH_STO" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Premium_LRS", + "Standard_LRS", + "Standard_GRS" + ], + "metadata": { + "description": "Storage account type allowed values" + } + } + }, + "variables": { + "appServicePlanSku": "F1", + "appServicePlanCapacity": 1, + "appServiceName": "[format('{0}{1}', parameters('appServiceNamePrefix'), uniqueString(resourceGroup().id))]", + "storageAccountName": "[format('{0}{1}', parameters('storageAccountNamePrefix'), uniqueString(resourceGroup().id))]" + }, + "resources": [ + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2022-03-01", + "name": "[parameters('appServicePlanName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[variables('appServicePlanSku')]", + "capacity": "[variables('appServicePlanCapacity')]" + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2022-03-01", + "name": "[variables('appServiceName')]", + "location": "[parameters('location')]", + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]", + "httpsOnly": true, + "siteConfig": { + "appSettings": [ + { + "name": "AppServiceStorageConnectionString", + "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};EndpointSuffix={1};Key={2}', variables('storageAccountName'), environment().suffixes.storage, listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-09-01').keys[0].value)]" + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" + ] + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2022-09-01", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "kind": "StorageV2", + "properties": { + "accessTier": "Hot" + } + } + ], + "outputs": { + "appServicePlan": { + "type": "string", + "value": "[parameters('appServicePlanName')]" + }, + "appServiceApp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Web/sites', variables('appServiceName')), '2022-03-01').defaultHostName]" + }, + "storageAccount": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-09-01').primaryEndpoints.blob]" + } + } + } \ No newline at end of file diff --git a/documentation/auth/rbac.md b/documentation/auth/rbac.md index b0d877469..b09d975ad 100644 --- a/documentation/auth/rbac.md +++ b/documentation/auth/rbac.md @@ -18,6 +18,7 @@ The following roles are defined in ascending order of permissions: - importer - users can import config changes into the database - dbbackup - users that are able to read data tables for backup purposes - auditor - users that can view all data & settings (in the UI) but cannot make any changes +- modeller - users who can model applications - recertifier - users who can re-certify or de-certify firewall rules - fw-admin - users who can document open changes - requester - users that have the right to create requests diff --git a/documentation/developer-docs/api/api_handling_documentation.md b/documentation/developer-docs/api/api_handling_documentation.md index 33513a707..7659b23b1 100644 --- a/documentation/developer-docs/api/api_handling_documentation.md +++ b/documentation/developer-docs/api/api_handling_documentation.md @@ -76,7 +76,7 @@ Dez 10 10:45:56 fworch-comp fworch-import[342651]: -------- Import module: going Tasks: 19 (limit: 4637) Memory: 35.2M CGroup: /system.slice/fworch-middleware.service - └─396568 /usr/local/fworch/middleware/files/FWO.Middleware.Server/bin/Release/net6.0/FWO.Middleware.Server + └─396568 /usr/local/fworch/middleware/files/FWO.Middleware.Server/bin/Release/net8.0/FWO.Middleware.Server Dez 10 10:45:59 fworch-comp fworch.middleware-server[396568]: Info - Jwt generation (JwtWriter.cs in line 87): Generated JWT eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6Im1pZGRsZXdhcmU> Dez 10 10:45:59 fworch-comp fworch.middleware-server[396568]: Info - Found ldap connection to server (Program.cs in line 32): 127.0.0.1:636 diff --git a/documentation/developer-docs/csharp/blazor/blazorTable/README.md b/documentation/developer-docs/csharp/blazor/blazorTable/README.md index c1bde0e1a..53aae6b83 100644 --- a/documentation/developer-docs/csharp/blazor/blazorTable/README.md +++ b/documentation/developer-docs/csharp/blazor/blazorTable/README.md @@ -1,2 +1,8 @@ - [Github Site](https://github.com/IvanJosipovic/BlazorTable) - [Feature Site](https://blazortable.netlify.app/) +- adding a project to the solution + + tim@acantha22:~/dev/firewall-orchestrator/roles$ dotnet sln FWO.sln add lib/files/FWO.Encryption/FWO.Encryption.csproj + Project `lib/files/FWO.Encryption/FWO.Encryption.csproj` added to the solution. + tim@acantha22:~/dev/firewall-orchestrator/roles$ + \ No newline at end of file diff --git a/documentation/developer-docs/importer/FWO-import-api.md b/documentation/developer-docs/importer/FWO-import-api.md index 046c2ce8d..31fdf307a 100644 --- a/documentation/developer-docs/importer/FWO-import-api.md +++ b/documentation/developer-docs/importer/FWO-import-api.md @@ -17,7 +17,9 @@ "service_objects": [...], "user_objects": [...], "zone_objects": [...], - "rules": [...] + "rules": [...], + "routing": [], + "interfaces": [] } ``` @@ -144,7 +146,7 @@ here we describe a single rule: - rule_track can be any of log, none, alert, userdefined, mail, account, userdefined 1, userdefined 2, userdefined 3, snmptrap, log count, count, log alert, log alert count, log alert count alarm, log count alarm, count alarm, all, all start, utm, utm start, network log - rule_action can be any of accept, drop, deny, access, client encrypt, client auth, reject, encrypt, user auth, session auth, permit, permit webauth, redirect, map, permit auth, tunnel l2tp, tunnel vpn-group, tunnel vpn, actionlocalredirect, inner layer -## Putting it all together +## Putting it all together 1 This is a complete example of a config which may be imported: @@ -237,7 +239,31 @@ This is a complete example of a config which may be imported: "control_id": 1074, "zone_comment": "just a test" } - ]} + ], + "routing": [ + { + "destination": "10.0.3.38/32", + "distance": 0, + "interface": "port5.1524", + "ip_version": 4, + "metric": 0, + "routing_device": 10, + "source": null, + "static": true, + "target_gateway": "0.0.0.0" + } + ], + "interfaces": [ + { + "ip": "10.0.14.66", + "ip_version": 4, + "name": "port5.1524", + "netmask_bits": 32, + "routing_device": 10, + "state_up": true + } + ] +} ``` The following shows an example of how to import nat rules that are combined access/nat rules, here only translating destination (not showing irrelevant fields for brevity's sake): @@ -386,3 +412,131 @@ The following gives an overview of the nat rule presentation as read via FWO API - network_services.svc_source_port_end - range could be entered as string "112-123" - users.last_change_admin - rules.rule_last_change_admin + +## 11/2022 target config + +```json +{ + "control_id": 1074, + "mgm_id": 221, + "devices": [ + { + "name": "abc", + "id": 123, + "rulebase_name": "FirstLayer shared with inline layer", + "rules": [ + { + "rulebase_name": "FirstLayer shared with inline layer", + "control_id": 1074, + "rule_num": 0, + "rule_uid": "828b0f42-4b18-4352-8bdf-c9c864d692eb", + "rule_name": null, + "rule_comment": "test comment", + "rule_src": "test-ext-vpn-gw|test-interop-device|BeeW10|wsus", + "rule_dst": "sting-gw", + "rule_svc": "IPSEC", + "rule_time": "Any", + "rule_from_zone": null, + "rule_to_zone": null, + "rule_track": "Log", + "rule_action": "Drop", + "rule_implied": false, + "rule_src_neg": false, + "rule_dst_neg": false, + "rule_svc_neg": false, + "rule_disabled": true, + "rule_src_refs": "a580c5a3-379c-479b-b49d-487faba2442e|98bc04fc-b88b-4283-83ad-7b6899bc1876|2ad18398-e004-4324-af79-634be66941d6|2661ec9f-293f-4c82-8150-4bb6c883ca79", + "rule_dst_refs": "cbdd1e35-b6e9-4ead-b13f-fd6389e34987", + "rule_svc_refs": "97aeb475-9aea-11d5-bd16-0090272ccb30", + "rule_installon": "Policy Targets", + "parent_rule_uid": null, + "rule_ruleid": null, + "rule_type": "access", + "rule_last_change_admin": null + } + ], + "routing": [ + { + "destination": "10.0.3.38/32", + "distance": 0, + "interface": "port5.1524", + "ip_version": 4, + "metric": 0, + "routing_device": 10, + "source": null, + "static": true, + "target_gateway": "0.0.0.0" + } + ], + "interfaces": [ + { + "ip": "10.0.14.66", + "ip_version": 4, + "name": "port5.1524", + "netmask_bits": 32, + "routing_device": 10, + "state_up": true + } + ] + } + ], + "user_objects": [ + { + "user_typ": "simple", + "user_uid": "aae47c39-f416-4b32-801d-af53adfa1939", + "user_name": "test-user1", + "control_id": 1074, + "user_color": "black", + "user_comment": "" + }, + { + "user_typ": "group", + "user_uid": "227d1a80-cc1e-4cd4-9576-4d46f271402f", + "user_name": "test-group", + "control_id": 1074, + "user_color": "black", + "user_comment": "" + } + ], + "network_objects": [ + { + "obj_ip": "22.55.200.192/26", + "obj_typ": "network", + "obj_uid": "5368caf0-d192-457b-9c86-5d5f9e5dc199", + "obj_name": "Net_22.55.200.192-2", + "obj_color": "black", + "control_id": 1074, + "obj_ip_end": "22.55.200.192/26", + "obj_comment": null, + "obj_member_refs": null, + "obj_member_names": null + } + ], + "service_objects": [ + { + "rpc_nr": null, + "svc_typ": "simple", + "svc_uid": "97aeb44f-9aea-11d5-bd16-0090272ccb30", + "ip_proto": "6", + "svc_name": "AOL", + "svc_port": "5190", + "svc_color": "red", + "control_id": 1074, + "svc_comment": "AOL Instant Messenger. Also used by: ICQ & Apple iChat", + "svc_timeout": "3600", + "svc_port_end": "5190", + "svc_member_refs": null, + "svc_member_names": null + } + ], + "zone_objects": [ + { + "zone_name": "test-zone", + "svc_typ": "simple", + "zone_uid": "98aeb44f-9aea-11d5-bd16-0090272ccb30", + "control_id": 1074, + "zone_comment": "just a test" + } + ] +} +``` diff --git a/documentation/developer-docs/importer/firewall-APIs/checkpoint/api-calls-used.md b/documentation/developer-docs/importer/firewall-APIs/checkpoint/api-calls-used.md new file mode 100644 index 000000000..1b6c523f7 --- /dev/null +++ b/documentation/developer-docs/importer/firewall-APIs/checkpoint/api-calls-used.md @@ -0,0 +1,38 @@ +# API feature support + +Firewall Orchestrator uses the following Check Point API calls, which are available from CP API 1.3 - R80.20, +which is the earliest version supported by Firewall Orchestrator. + +See also https://sc1.checkpoint.com/documents/latest/APIs/ + +``` +show-api-versions +show-access-rulebase +show-address-ranges +show-application-site-categories +show-application-sites +show-changes +show-dns-domains +show-gateways-and-servers +show-groups +show-groups-with-exclusion +show-hosts +show-multicast-address-ranges +show-nat-rulebase +show-networks +show-object +show-packages +show-services-tcp +show-services-udp +show-services-dce-rpc +show-services-rpc +show-services-other +show-services-icmp +show-services-icmp6 +show-services-sctp +show-services-gtp +show-service-groups +show-simple-gateways +show-task +show-updatable-objects-repository-content +``` diff --git a/documentation/developer-docs/importer/firewall-APIs/checkpoint/cp-manager-api-howto.md b/documentation/developer-docs/importer/firewall-APIs/checkpoint/readme.md similarity index 73% rename from documentation/developer-docs/importer/firewall-APIs/checkpoint/cp-manager-api-howto.md rename to documentation/developer-docs/importer/firewall-APIs/checkpoint/readme.md index 8209ee9de..3a0bed036 100644 --- a/documentation/developer-docs/importer/firewall-APIs/checkpoint/cp-manager-api-howto.md +++ b/documentation/developer-docs/importer/firewall-APIs/checkpoint/readme.md @@ -76,7 +76,8 @@ gives the sid (session id) which can then be used to authenticate for further ap "api-server-version" : "1.8", "user-name" : "apiuser", "user-uid" : "ba2038a1-437f-45ef-8ea5-c8785cdad9a7" -}``` +} +``` ## logout @@ -93,3 +94,39 @@ curl --insecure --request POST \ --header 'X-chkp-sid: PhTmI9SD02MTtCWCcTHpc8FsIlX63icc9CvF19PB3qo' \ --data '{"name": "FirstLayer shared with inline layer"}' ``` + +## get an arbitrary object by UID + +```console +curl --insecure --request POST --url https://192.168.100.88/web_api/show-object --header 'Content-Type: application/json' --header 'X-chkp-sid: KJC5pzFMSRINoVTSByVhUq1xdEE33WD0uy9iXl-cG-4' --data '{"uid": "dd699ecd-1420-41a0-931f-de7f55f799b6", "details-level": "full"}' +``` +results in +```console +{ + "object" : { + "uid" : "d699ecd-1420-41a0-931f-de7f55f799b6", + "type" : "access-section", + "domain" : { + "uid" : "3981ee76-52c3-1744-bf5b-75fe309b1ed9", + "name" : "dom-name1", + "domain-type" : "domain" + }, + "tags" : [ ], + "meta-info" : { + "lock" : "unlocked", + "validation-state" : "ok", + "last-modify-time" : { + "posix" : 1668506934927, + "iso-8601" : "2022-11-15T11:08+0100" + }, + "last-modifier" : "admin-user-1234", + "creation-time" : { + "posix" : 1668506934927, + "iso-8601" : "2022-11-15T11:08+0100" + }, + "creator" : "admin-user-3433" + }, + "read-only" : false + } +} +``` diff --git a/documentation/developer-docs/importer/firewall-APIs/checkpoint/todo.md b/documentation/developer-docs/importer/firewall-APIs/checkpoint/todo.md deleted file mode 100644 index e0ff4f331..000000000 --- a/documentation/developer-docs/importer/firewall-APIs/checkpoint/todo.md +++ /dev/null @@ -1,15 +0,0 @@ - -# Check Point R8x API enhancement ideas - -a) increase api access speed -```console -[--sync] {true|false} - Synchronous execution of task - commands that generate the task will wait until the task is finished. - Default {true} - Environment variable: MGMT_CLI_SYNC -``` -b) add 2FA -```console - mgmt_cli login --client-cert path-to-certificate-file.p12 password secret -``` -c) Get OS information from CP gateway via API, see sk143612 \ No newline at end of file diff --git a/documentation/developer-docs/visual-studio/readme.md b/documentation/developer-docs/visual-studio/readme.md index ef73d205f..94d7d18df 100644 --- a/documentation/developer-docs/visual-studio/readme.md +++ b/documentation/developer-docs/visual-studio/readme.md @@ -107,7 +107,7 @@ or alternatively add the following to csproj file: - netcoreapp3.1 + net8.0 diff --git a/documentation/importer/readme.md b/documentation/importer/readme.md index 0c7c809bc..da60c9873 100644 --- a/documentation/importer/readme.md +++ b/documentation/importer/readme.md @@ -24,10 +24,8 @@ need to change import id in all csv-files to next id, e.g.: ## python importer ```console -fworch@fwodemo:~/importer$ ./import-mgm.py --help -usage: import-mgm.py [-h] -m management_id [-c] [-f] [-d debug_level] - [-x proxy_string] [-s ssl_verification_mode] - [-l api_limit] [-i config_file_input] +user@test:~$ ./import-mgm.py --help +usage: import-mgm.py [-h] -m management_id [-c] [-f] [-d debug_level] [-v] [-s] [-l api_limit] [-i config_file_input] [-n config_file_normalized_input] Read configuration from FW management via API calls @@ -35,26 +33,20 @@ optional arguments: -h, --help show this help message and exit -m management_id, --mgm_id management_id FWORCH DB ID of the management server to import - -c, --clear If set the import will delete all data for the given - management instead of importing - -f, --force If set the import will be attempted without checking - for changes before + -c, --clear If set the import will delete all data for the given management instead of importing + -f, --force If set the import will be attempted without checking for changes before -d debug_level, --debug debug_level - Debug Level: 0=off, 1=send debug to console, 2=send - debug to file, 3=save noramlized config file; - 4=additionally save native config file; default=0. - config files are saved to $FWORCH/tmp/import dir - -x proxy_string, --proxy proxy_string - proxy server string to use, e.g. http://1.2.3.4:8080 - -s ssl_verification_mode, --ssl ssl_verification_mode - [ca]certfile, if value not set, ssl check is off"; - default=empty/off + Debug Level: 0=off, 1=send debug to console, 2=send debug to file, 3=save noramlized config file; 4=additionally save native config file; default=0. config + files are saved to $FWORCH/tmp/import dir + -v, --verify_certificates + verify certificates + -s, --suppress_certificate_warnings + suppress certificate warnings -l api_limit, --limit api_limit - The maximal number of returned results per HTTPS - Connection; default=150 + The maximal number of returned results per HTTPS Connection; default=150 -i config_file_input, --in_file config_file_input - if set, the config will not be fetched from firewall - but read from native json config file specified here; - may also be an url. -fworch@fwodemo:~/importer$ + if set, the config will not be fetched from firewall but read from native json config file specified here; may also be an url. + -n config_file_normalized_input, --normalized_in_file config_file_normalized_input + if set, the config will not be fetched from firewall but read from normalized json config file specified here; may also be an url. +user@test:~$ ``` diff --git a/documentation/installer/README.MD b/documentation/installer/README.MD index 0a72f90c1..7f6d2d18e 100644 --- a/documentation/installer/README.MD +++ b/documentation/installer/README.MD @@ -11,3 +11,7 @@ If you just need a vanilla installation without any proxy involvement or other s If you need more advanced installation features like distributed installation or if you can only access the internet via an http proxy server, have a look at our [advanced installation instructions](install-advanced.md). In case you need more details on how to test/debug the installation process itself, refer to the [testing installation instructions](install-for-testing.md). + +## Supported Plattforms + +For supported operating system plattforms and their default operating systems, see /documentation/installer/postgresql_versions.md. diff --git a/documentation/installer/basic-installation.md b/documentation/installer/basic-installation.md index 86503d9e9..a5482dd21 100644 --- a/documentation/installer/basic-installation.md +++ b/documentation/installer/basic-installation.md @@ -1,14 +1,14 @@ # Installation instructions server - use latest debian or ubuntu minimal server with ssh service running (need to install and configure sudo for debian) -- recommended platforms are Ubuntu Server 20.04 LTS and Debian 11. See [system requirements](https://fwo.cactus.de/wp-content/uploads/2021/07/fwo-system-requirements-v5.pdf) for supported platforms +- recommended platforms are Ubuntu Server 22.04 LTS and Debian 12. See [system requirements](https://fwo.cactus.de/wp-content/uploads/2021/07/fwo-system-requirements-v5.pdf) for supported platforms - we will install various software components to your system. It is recommended to do so on a dedicated (test) system. 1) prepare your target system (make sure your user has full sudo permissions) ```console su - -apt-get install git ansible sudo +apt-get install git sudo ansible ``` if not already configured, add your current user to sudo group (make sure to activate this change by starting new shell or even rebooting): @@ -22,18 +22,27 @@ Also make sure your packages are up to date before FWORCH installation using e.g possibly followed by a reboot. +2) Getting Firewall Orchestrator + +with the following command (as normal user) -2) get Firewall Orchestrator with the following command (as normal user) ```console git clone https://github.com/CactuseSecurity/firewall-orchestrator.git ``` -3) Operating specific ansible adjustments - - Ubuntu 18.04, Debian 10: install latest ansible before firewall orchestrator installation: +3) Ansible installation + +Make sure you have ansible version 2.13 or above installed on your system (check with "ansible --version"). +If this is not the case, install a newer ansible. One possible way is to run the following script: + + cd firewall-orchestrator + source scripts/install-ansible-from-venv.sh + +Note that if your server is behind a proxy, you will have to set the proxy for pip as follows (to allow for ansible venv download): - cd firewall-orchestrator; ansible-playbook scripts/install-latest-ansible.yml -K + pip config set global.proxy http://YOUR-PROXY-NAME:YOUR-PROXY-PORT -4) install (on localhost) +4) Firewall Orchestrator installation ```console cd firewall-orchestrator; ansible-playbook site.yml -K @@ -58,3 +67,8 @@ install-srv : ok=302 changed=171 unreachable=0 failed=0 Simply navigate to and login with user 'admin' and the UI admin password. The api hasura admin secret can be used to access the API at . + + +If using the python venv method, you may now exit venv with: + + deactivate \ No newline at end of file diff --git a/documentation/installer/install-advanced.md b/documentation/installer/install-advanced.md index cc13dfa0b..ee25734cc 100644 --- a/documentation/installer/install-advanced.md +++ b/documentation/installer/install-advanced.md @@ -6,24 +6,34 @@ always change into the firewwall-orchestrator directory before starting the inst ### Installation mode parameter -The following switch can be used to set the type of installation to perform +installation_mode options: +- new (default) - assumes that no fworch is installed on the target devices - fails if it finds an installation +- uninstall - uninstalls the product including any data (database, ldap, files)! +- upgrade - installs on top of an existing system preserving any existing data in ldap, database, api; removes all files from target and copies latest sources instead + +#### Upgrading #### + +If you have an ansible version less than 2.13 on your machine, before doing an upgrade, switch into the virtual pyhton environment you created during installation before running the upgrade: ```console -ansible-playbook -e "installation_mode=upgrade" site.yml -K +cd ~/firewall-orchestrator +source ansible-venv/bin/activate ``` -If you want to drop the database and re-install from scratch, do the following: +Then for upgrading firewall orchestrator, use the following switch: ```console -ansible-playbook -e "installation_mode=uninstall" site.yml -K -ansible-playbook -e "installation_mode=new" site.yml -K +cd ~/firewall-orchestrator +ansible-playbook -e installation_mode=upgrade site.yml -K ``` -installation_mode options: -- new (default) - assumes that no fworch is installed on the target devices - fails if it finds an installation -- uninstall - uninstalls the product including any data (database, ldap, files)! -- upgrade - installs on top of an existing system preserving any existing data in ldap, database, api; removes all files from target and copies latest sources instead - +#### Uninstall #### +If you want to drop the database and re-install from scratch, do the following: + +```console +ansible-playbook -e installation_mode=uninstall site.yml -K +ansible-playbook site.yml -K +``` ### Installation behind a proxy (no direct Internet connection) @@ -59,17 +69,35 @@ Note that the following domains must be reachable through the proxy: github.com githubusercontent.com docker.com + cloudflare.docker.com docker.io hasura.io - ansible.com postgresql.org microsoft.com nuget.org + + Only for the initial setup of python venv + + pypi.org + pythonhosted.org + snapcraft.io + snapcraftcontent.com (and sub-domains) NB: for vscode-debugging, you also need access to visualstudio.com + +Remember if your server resides behind a proxy that you will have to set the proxy for pip as follows before installing ansible: + + pip config set global.proxy http://proxy:3128 + + +In case of timeout issues (you might be behind a security proxy that does intensive scanning), try to install ansible using the command: + + pip --default-timeout=3600 install ansible + + ### Parameter "api_no_metadata" to prevent meta data import e.g. if your hasura metadata file needs to be re-created from scratch, then use the following switch: @@ -134,7 +162,7 @@ rsyslog config compress maxage 7 rotate 99 - size=+4096k + maxsize 4096k missingok copytruncate sharedscripts diff --git a/documentation/installer/postgresql_versions.md b/documentation/installer/postgresql_versions.md new file mode 100644 index 000000000..5ec3f1fbb --- /dev/null +++ b/documentation/installer/postgresql_versions.md @@ -0,0 +1,10 @@ +# Default Postgresql Versions per Operating System + +Status as of 2023-01-24 + +- Ubuntu 18.04 10 +- Ubuntu 20.04 12 +- Ubuntu 22.04 14 +- Debian 10 11 +- Debian 11 13 +- Debian Testing 15 diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md new file mode 100644 index 000000000..0bb70508e --- /dev/null +++ b/documentation/revision-history-develop.md @@ -0,0 +1,204 @@ +# Firewall Orchestrator Revision History for DEVELOP branch only + +pre-5, a product called IT Security Organizer and was closed source. It was developed starting in 2005. +In 2020 we decided to re-launch a new + +### 6.1.0 - 16.11.2022 DEVELOP +- interactive network analysis prototype in UI +- integrate path analysis to workflow + +### 6.1.1 - 15.12.2022 DEVELOP +- recertification on owner base +- preparation of new task types + +### 6.1.2 - 20.12.2022 DEVELOP +- start of Palo Alto import module + +### 6.1.3 - xx.01.2023 DEVELOP +- enhance recertification + +### 6.1.4 - 27.01.2023 DEVELOP +- prepare delete rule requests + +### 6.2.2 22.03.2023 DEVELOP +- adding last hit of each rule for check point and FortiManager to recertification (report) + +### 6.3.3 09.05.2023 DEVELOP +- new importer module for importing FortiGate directly via FortiOS REST API + +### 6.4.4 19.06.2023 DEVELOP +- CPR8x importer: basic support for inline layers + +### 6.4.5 22.06.2023 DEVELOP +- Fortigate API importer: hotfix NAT rules +- upgrade to hasura API 2.28.0 + +### 6.4.6 23.06.2023 DEVELOP +- new email notification on import changes + +### 6.4.7 26.06.2023 DEVELOP +- hotfix fortiOS importer NAT IP addresses +- fixing issue during ubuntu OS upgrade with ldap +- unifying all buttons in UI + +### 6.4.8 29.06.2023 DEVELOP +- hotfix fortiOS importer: replacing ambiguous import statement + +### 6.4.9 03.07.2023 DEVELOP +- fix sample group role path + +### 6.4.10 07.07.2023 DEVELOP +- fixes in importer change mail notification for encrypted mails +- fixes for report links to objects +- fix template name display issue +- fix UI visibility for fw-admin role (multiple pages) +- UI login page: allow enter as submit +- UI reporting: filter objects in rule report +- adding demo video in github README.MD + +### 6.4.11 10.07.2023 DEVELOP +- bugfix in importer change mail notification for missing mail server config + +### 6.4.12 14.07.2023 DEVELOP +- UI settings: hotfix email port (default 25) was not written to config before +- splitting revision history into develop and main +- installer: supress csharp test results on success + +### 6.4.13 20.07.2023 DEVELOP +- re-login now also with enter key +- fixing help pages (email & importer settings, archive, scheduling) [#2162](https://github.com/CactuseSecurity/firewall-orchestrator/issues/2162) + +### 6.5.0 24.07.2023 DEVELOP +- UI: adding compliance matrix module +- UI: fix browser session persistence causing subscriptions to remain open after user logout; now api connection and web socket are disposed on logout +- API: removing obsolete graphql query repos +- API: upgrading hasura api to 2.30.0 +- installer: replacing deprecated path_to_script option in postgresql_query + +### 6.5.1 24.07.2023 DEVELOP +- New report type Unused Rules + +### 7.0.1 - 28.07.2023 DEVELOP +- Compliance matrix edit fix +- Logout audit logging fix + +### 7.0.2 - 28.07.2023 DEVELOP +- Default templates for new report types + +### 7.1 - 11.08.2023 DEVELOP +- adding tenant network UI +- adding test import via URI in hostname field +- replacing legacy demo data import with standard imported data, closing #2197 (note: only for new installations, an upgrade will not touch the demo data) +- test imports can now be made from file (integrated in UI) +- improve debugging of imports (no errors for missing object parts) + +### 7.1.1 - 15.08.2023 DEVELOP +- fixes upgrade bug on systems without demo data + +### 7.1.2 - 16.08.2023 DEVELOP +- adding Check Point R8x Inform action + +### 7.2 - 21.08.2023 DEVELOP +mostly version update summarizing latest PRs +- UI/API: adding tenant ip filtering beta version (clean-up and optiomazation necessary) +- API: updating hasura to 2.32.0 +- UI: now not showing super managers in RSB all tab +- UI: bug fixes blazor environment settings + - Use production / development based on the build type instead of always using development. + - Do not show detailed errors in production mode. + - Use the custom error page in the production environment. + - Spelling mistake fix +- UI: bug fix jwt expiry + - jwt expiry timer now works as intended + - after the jwt expired no exception can be triggered anymore + +### 7.2.1 - 11.09.2023 DEVELOP +- new settings option for rule ownership mode +### 7.2.2 - 15.09.2023 DEVELOP +- complete re-work: all ip addresses are now internally represented as ranges, including all networks +### 7.2.3 - 29.09.2023 DEVELOP +bugfix release: +- api - upgrade hasura to 2.33.4 +- installer - fix client/server db sort order mismatch (collate) +- adding simulated changes to fwodemodata (fortiate) +- importer - fix in fortiOS importer action field +- UI + - fix settings owner networks editing and displaying + - recert report (and recert page) IP addresses now also simplified like an other reports + - fix broken links in recert page +### 7.2.4 - 04.10.2023 DEVELOP +- new role modeller +- new mechanism for overwriting texts +# 7.2.5 - 05.10.2023 DEVELOP +- importer + - adding more error debugging in CPR8x importer + - adding new network object type 'external-gateway' (for interoperable-dervice in check point) + - fix fortimanager importer: ignore missing negate fields +- middleware & ui: add check for successful publishing dotnet +- middlware: fix upgrade become issue in middleware ldif files +- database: fix postgresql_query module reference + +# 7.2.6 - 06.10.2023 DEVELOP +- importer Checkpoint: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches) + +# 7.3 - 22.10.2023 DEVELOP +- cleanup unused database views and functions +- first working tenant ip-based filtering + +# 7.3.1 - 26.10.23 DEVELOP +- introducing unfiltered_managements and devices for tenant filtering +- fixing missing api perms fw-admin (management) +- rename management & device tenat_id fields to unfiltered_tenant_id +- fixing UI device selector crashes + +# 7.3.2 - 09.12.2023 DEVELOP +- Modelling first version + +# 7.3.3 - 08.01.2024 DEVELOP +- Moving to vanilla bootstrap css v5.3.2 +- adding extended tenant to device mapping settings (depending on latest bootstrap version) - closes #2280 +- fix for log locking for import process + +# 7.3.4 - 09.01.2024 DEVELOP +- Scheduled import change notification + +# 7.3.5 - 15.01.2024 DEVELOP +- importer log locking fix (only fixing import stopping so far) +- import change notification: + - DB extensions import_control.security_relevant_changes_counter + - removing python import notification + - writing to change counter after import (inpreparation for notification enhancement) +- importer demo tenant device mapping additions (upgrade) +- installer: introducing venv for newer ansible versions and thereby removing version handling + +# 7.3.6 - 23.01.2024 DEVELOP +- common service handling +- fixes credentials when installing without demo data +- fix error with pdf creation on debian testing + +# 8.0.1 - 20.02.2024 DEVELOP +- iconify modelling +- add missing config values + +# 8.0.2 - 11.03.2024 DEVELOP +- first version of NSX import module + +# 8.0.3 - 08.04.2024 DEVELOP +- add maintenance page during upgrade +- sample customizing py script with sample data, closes Installer customizable config (settings) #2275 +- remove log locking from importer due to stalling importer stops +- credentials encryption, closes encrypt passwords and keys #1508 + - breaking change for developer debugging: add the following local file when using -e testkeys=true: + /etc/fworch/secrets/main_key with content "not4production..not4production.." +- add custom (user-defined) fields to import + - cp only so far, other fw types missing + - user-defined fields are not part of reports yet + +# 8.1.1 - 15.04.2024 DEVELOP +- interface request workflow first version + +# 8.1.2 - 22.04.2024 DEVELOP +- encrypt emailPassword in config +- fix demo managements (change import from deactivated to activated - does not affect test managements) +- upgrade to dotnet 8.0 +- adding all imported modelling users to uiuser diff --git a/documentation/revision-history.md b/documentation/revision-history-main.md similarity index 57% rename from documentation/revision-history.md rename to documentation/revision-history-main.md index a4efdbbf0..149785b44 100644 --- a/documentation/revision-history.md +++ b/documentation/revision-history-main.md @@ -1,4 +1,4 @@ -# Firewall Orchestrator Revision History +# Firewall Orchestrator Revision History MAIN branch pre-5, a product called IT Security Organizer and was closed source. It was developed starting in 2005. In 2020 we decided to re-launch a new @@ -250,13 +250,123 @@ adding report template format fk and permissions ### 6.0.1 - 10.11.2022 - bugfix release with small issues (userconfig re-login, ldif upgrade bug, debian testing support) -### 6.1.0 - 16.11.2022 DEVELOP -- interactive network analysis prototype in UI -- integrate path analysis to workflow - -### 6.1.1 - 15.12.2022 DEVELOP -- recertification on owner base -- preparation of new task types - -### 6.1.2 - 20.12.2022 DEVELOP -- start of Palo Alto import module +### 6.0.2 - 24.12.2022 +- bugfix release with hasura API upgrade due to security bug in hasura + +### 6.2 - 16.03.2023 MAIN +- enhanced recertification module: adding ip-base recertification +- adding import modules for Palo Alto and Azure Firewall +- Workflow Module: adding delete rule request and integrated path analysis into workflow + +### 6.2.1 18.03.2023 MAIN +- fix ldap issues - closes ldap bugs #2023 +- reduced logging in release mode +- hasura v2.21.0 upgrade + +### 6.3 24.04.2023 MAIN +- adding CP R8X object types + - application categories + - updatable objects + - domain names + +### 6.3.1 27.04.2023 MAIN +- hotfix adding CP R8X object type application site + +### 6.3.2 05.05.2023 MAIN +- hotfix UI and fortigate importer credential handling +- checkpoint R8X importer adding support for Internet object type +- reporting - CSV export for change report + +### 6.4 25.05.2023 MAIN +- New importer module for importing FortiGate directly via FortiOS REST API +- Reporting: new lean export format JSON for resolved and tech reports +- hotfix FortiGate FortiOS REST importer: removing reference to gw_networking +- hotfix CPR8x importer: handling of empty section headers + +### 6.4.1 02.06.2023 MAIN +- FortiOS importer: add support for internet services + +### 6.4.2 05.06.2023 MAIN +- Hotfix - log locking UI hangs on prod systems due to infrequent log entries + +### 6.4.3 05.06.2023 MAIN +- Hotfix - global config subsription timout after 12h + +### 7.0 26.07.2023 MAIN +- new features + - UI adding compliance matrix module + - UI Reporting - unused rules report including delete ticket integration + - importer new email notification on security relevant import changes + - importer CPR8x: basic support for importing inline layers + +- maintenance / bug-fixing + - API: upgrading hasura api to 2.30.1 + - importer Fortigate API: hotfix NAT rules + - UI: cleanup around buttons and logout session handling + - UI Reporting: fixes links to objects, template name display, UI visibility for fw-admin role (multiple pages) + - UI (re-)login: allow enter as submit + - UI reporting: filter objects properly in rule report + - UI updating help pages: email & importer settings, archive, scheduling) + - installer: supress csharp test results on success + - demo data: fix sample group role path + - adding demo video in github README.MD + - splitting revision history into develop and main + +### 7.3 22.10.2023 MAIN +- new features + - recertification: new rule ownership + - customizable UI texts + - starting target state module with introducing new role "modeller" + - adding tenant ip filtering + - adding tenant simulation (exluding statistical report and recertification) including scheduling +- maintenance / bug-fixing + - complete re-work: all ip addresses are now internally represented as ranges, including all networks + - UI: + - do not show super managers in RSB all tab + - Use production / development based on the build type instead of always using development. + - do not show detailed errors in production mode + use the custom error page in the production environment + - bug fix jwt expiry, jwt expiry timer now works as intended + - unifying IP addresses display method across all parts + - fix filtering for rules with negated source / destination or single negated ip ranges + - Database: + - removing unused materialized view for tenant ip filtering + - Installer + - fix upgrade become issue in middleware ldif files + - fix client/server db sort order mismatch (collate) + - fix postgresql_query module reference + - adding simulated changes to fwodemodata (fortigate) + - add check for successful publishing dotnet (mw, ui) + - Importer + - fortiOS: fix importer action field + - fortimanager: ignore missing negate fields + - Check Point: adding Inform action + - Check Point: adding new network object type 'external-gateway' (for interoperable-dervice) + - Check Point: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches) + - API: + - upgrade hasura to 2.34.0 +- restrictions + - since tenant filtering is not done in the API but in the UI, the API should not be exposed to the tenants + +### 8.0 19.02.2024 MAIN +- Introducing new Network Modelling module + - allows your organisation to define the target state of all network connection on a per-application basis (or other distributed ownerships) +- Backend + - Introducing Scheduled import change notification including inline or attached change report (replacing simple import notification from import module) + - upgrade hasura graphql API to 2.37.0 +- UI + - New look and feel: Moving to vanilla bootstrap css v5.3.2 (allowing for future up to date css usage) + - ip based tenant filtering: introducing unfiltered_managements and devices and adding extended tenant to device mapping settings +- Installer (breaking change!) + - introducing venv for newer ansible versions and thereby removing annoying ansible version handling in installer (see https://github.com/CactuseSecurity/firewall-orchestrator/blob/main/documentation/installer/basic-installation.md for details) +- bugfixes for + - import log locking + - integration tests with credentials when installing without demo data + - pdf creation on debian testing plattform (trixie) + +# 8.1 - 10.04.2024 MAIN +- UI: iconifying modelling UI buttons (can now use icons instead of text buttons - configurable per user) +- Importer: first version of VMware NSX import module +- API: adding customizing script for bulk configs via API +- Database security: all credentials in the database are now encrypted - breaking change (for developer debugging only): add the following local file when using -e testkeys=true: + /etc/fworch/secrets/main_key with content "not4production..not4production.." +- Importer fix: remove log locking from importer due to stalling importer stops diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index db81cf3ef..f10e29fc6 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,5 +1,5 @@ ### general settings -product_version: "6.1.2" +product_version: "8.1.2" ansible_user: "{{ lookup('env', 'USER') }}" ansible_become_method: sudo ansible_python_interpreter: /usr/bin/python3 @@ -31,6 +31,7 @@ force_install: false user_id: 60320 fworch_user: "{{ product_name }}" fworch_group: "{{ fworch_user }}" +postgres_group: "postgres" fworch_parent_dir: "/usr/local" fworch_home: "{{ fworch_parent_dir }}/{{ product_name }}" fworch_conf_dir: "{{ fworch_home }}/etc" @@ -40,6 +41,7 @@ fworch_secrets_dir: "{{ fworch_conf_dir }}/secrets" # setting default proxy (may be overwritten via --extra-vars) http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" +no_proxy: "{{ lookup('env','no_proxy') }}" proxy_exceptions: "{{ lookup('env','no_proxy') }}" proxy_env: http_proxy: "{{ http_proxy }}" @@ -53,6 +55,10 @@ http_proxy_import_parameter: "" # use the following syntax for authenticated proxy access: # http_proxy=http://USERNAME:PASSWORD@1.2.3.4:8080/ +# OS +debian_testing_version: "12" + # should actually be 13 but microsoft does not yet provide https://packages.microsoft.com/config/debian/13 +debian_testing_release_name: trixie arch: x86_64 redhat_major_version: "8" redhat_arch: "{{ redhat_major_version }}-{{ arch }}" @@ -98,11 +104,12 @@ middleware_internal_port: 8880 ############################################################### ui_admin_password_file: "{{ fworch_secrets_dir }}/ui_admin_pwd" ui_admin_testonly_password: "fworch.1" +importer_password_file: "{{ fworch_secrets_dir }}/importer_pwd" importer_password_file_on_installer: etc/importer.pwd ### dotnet dotnet_deb_name: "packages-microsoft-prod.deb" -dotnet_version: "6.0" +dotnet_version: "8.0" dotnet_mode: "Release" # dotnet_mode: "Debug" debug_level: "1" @@ -123,12 +130,18 @@ fworch_log_dir: "/var/log/{{ product_name }}" fworch_log_lock_dir: "/var/{{ product_name }}/lock" fworch_mw_lockfile: "{{ fworch_log_lock_dir }}/FWO.Middleware.Server_log.lock" fworch_ui_lockfile: "{{ fworch_log_lock_dir }}/FWO.Ui_log.lock" +fworch_api_importer_lockfile: "{{ fworch_log_lock_dir }}/importer_api_log.lock" ### apache: both package and dir name (needed both on ui and api hosts): webserver_package_name: apache2 http_conf_dir: /etc/{{ webserver_package_name }}/sites-available/ wsgi_package_name: libapache2-mod-wsgi +############# wkhtmltopdf ######################### + +wkhtmltopdf_version: "0.12.6.1-3" + + ################# testing ######################### fworchtest_user: "{{ product_name }}test" fworchtest_home: "/home/{{ fworchtest_user }}" diff --git a/inventory/group_vars/apiserver.yml b/inventory/group_vars/apiserver.yml index ca7246508..99ae69f84 100644 --- a/inventory/group_vars/apiserver.yml +++ b/inventory/group_vars/apiserver.yml @@ -8,7 +8,7 @@ api_hasura_admin_test_password: "not4production" api_user_email: "{{ api_user }}@{{ api_network_listening_ip_address }}" api_home: "{{ fworch_home }}/api" api_hasura_cli_bin: "{{ fworch_home }}/api/bin/hasura" -api_hasura_version: "v2.15.2" +api_hasura_version: "v2.38.1" api_project_name: api api_no_metadata: false api_rollback_is_running: false diff --git a/inventory/group_vars/cloud.yml b/inventory/group_vars/cloud.yml new file mode 100644 index 000000000..745bbc536 --- /dev/null +++ b/inventory/group_vars/cloud.yml @@ -0,0 +1,12 @@ +################## cloud ########################### + +cloud_vm_name: fworch-vm1 +cloud_admin_name: cadmin +# cloud_admin_ssh_public_key: "" +cloud_network: "10.5.0.0/16" +cloud_subnet: "10.5.1.0/24" +cloud_location: northcentral +cloud_image_publisher: canonical +cloud_image_sku: "20_04-lts" +cloud_vm_size: "Standard_B2s" +cloud_resource_group: "fworch_rg" diff --git a/inventory/group_vars/databaseserver.yml b/inventory/group_vars/databaseserver.yml index ddfe2cf5f..327bd2b27 100644 --- a/inventory/group_vars/databaseserver.yml +++ b/inventory/group_vars/databaseserver.yml @@ -3,7 +3,6 @@ postgresql_package: postgresql postgresql_test_package: pgtap postgresql_c_client_library_header_files: libpq-dev postgresql_dev_package_prefix: postgresql-server-dev -postgresql_query_as_single_query: no database_install_dir: "{{ fworch_home }}/database" # table_space variable can be used to create database in another place where there is enough space @@ -22,24 +21,25 @@ database_groups: - fworchadmins database_idempotent_files: + - fworch-api-funcs.sql - fworch-basic-procs.sql + - fworch-grants.sql - fworch-import.sql - fworch-import-main.sql + - fworch-encryption.sql - fworch-obj-import.sql - fworch-obj-refs.sql + - fworch-path-analysis.sql + - fworch-qa.sql + - fworch-rule-import.sql + - fworch-rule-recert.sql + - fworch-rule-refs.sql + - fworch-rule-resolved.sql - fworch-svc-import.sql - fworch-svc-refs.sql + - fworch-texts.sql - fworch-usr-import.sql - fworch-usr-refs.sql - - fworch-rule-import.sql - - fworch-rule-refs.sql - - fworch-rule-resolved.sql + - fworch-views-changes.sql + - fworch-views-recert.sql - fworch-zone-import.sql - - fworch-report.sql - - fworch-qa.sql - - fworch-report-basics.sql - - fworch-views.sql - - fworch-api-funcs.sql - - fworch-grants.sql - - fworch-texts.sql - - fworch-path-analysis.sql \ No newline at end of file diff --git a/inventory/group_vars/middlewareserver.yml b/inventory/group_vars/middlewareserver.yml index 1e7c085a6..1c190d112 100644 --- a/inventory/group_vars/middlewareserver.yml +++ b/inventory/group_vars/middlewareserver.yml @@ -18,8 +18,6 @@ middleware_server_start_dir: "{{ middleware_server_base_dir }}/FWO.Middleware.Se middleware_ldif_dir: "{{ fworch_home }}/etc/ldif" importer_password: not4production -importer_password_file: "{{ fworch_secrets_dir }}/importer_pwd" - apache_mw_timeout: 14400 # sample-auth-data vars diff --git a/inventory/group_vars/sampleserver.yml b/inventory/group_vars/sampleserver.yml index fa49d9d53..e7da03783 100644 --- a/inventory/group_vars/sampleserver.yml +++ b/inventory/group_vars/sampleserver.yml @@ -1,10 +1,19 @@ sample_config_user: fworchsample -sample_config_user_home: "/home/{{ sample_config_user }}" +# sample_config_user_home: "/home/{{ sample_config_user }}" sample_data_rate: medium sample_role_purpose: demo -sample_fortigate_name: fortigate_demo -sample_checkpoint_name: "dummy only relevant for testing" +sample_fortigate_basename: fortigate +sample_fortigate_name: "{{ sample_fortigate_basename }}_demo" +sample_checkpoint_basename: "checkpoint" +sample_checkpoint_name: "{{ sample_checkpoint_basename }}_demo" +sample_checkpoint_uri: "https://fwodemodata.cactus.de/demo04_cpr8x.json" +demo_cpr8x_name_without_demo: "CPR81" +demo_cpr8x_name: "{{ demo_cpr8x_name_without_demo}}_demo" +demo_cpr8x_uri: "https://fwodemodata.cactus.de/demo09_cpr81.json" +demo_fos_name_without_demo: "FortiOS" +demo_fos_name: "{{ demo_fos_name_without_demo }}_demo" +demo_fos_uri: "https://fwodemodata.cactus.de/demo10_fOS.json" sample_postfix: _demo # sample openldap server diff --git a/roles/FWO.sln b/roles/FWO.sln index c468163ef..75e798229 100644 --- a/roles/FWO.sln +++ b/roles/FWO.sln @@ -27,10 +27,18 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Middleware.Server", "mi EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Ui", "ui\files\FWO.UI\FWO.Ui.csproj", "{A7ECA205-4916-4B66-8F37-15C656579D60}" EndProject -Project("{888888A0-9F3D-457C-B088-3A5042F75D52}") = "importer", "importer\importer.pyproj", "{1A1B90A0-227D-4041-A62A-F83AF9C9C7CF}" -EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.DeviceAutoDiscovery", "lib\files\FWO.DeviceAutoDiscovery\FWO.DeviceAutoDiscovery.csproj", "{C1D1FE54-4CDD-41C0-AABC-415950AA24D5}" EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Mail", "lib\files\FWO.Mail\FWO.Mail.csproj", "{1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Recert", "lib\files\FWO.Recert\FWO.Recert.csproj", "{520779B1-20EB-45D9-8A02-D0C4DFEC9302}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "files", "files", "{B48F8BD5-1056-4670-BEFA-F4A260293B6F}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Encryption", "lib\files\FWO.Encryption\FWO.Encryption.csproj", "{6EBEBF57-3399-4008-BA10-0D21F6827244}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.GlobalConstants", "lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj", "{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -81,12 +89,30 @@ Global {A7ECA205-4916-4B66-8F37-15C656579D60}.Debug|Any CPU.Build.0 = Debug|Any CPU {A7ECA205-4916-4B66-8F37-15C656579D60}.Release|Any CPU.ActiveCfg = Release|Any CPU {A7ECA205-4916-4B66-8F37-15C656579D60}.Release|Any CPU.Build.0 = Release|Any CPU - {1A1B90A0-227D-4041-A62A-F83AF9C9C7CF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {1A1B90A0-227D-4041-A62A-F83AF9C9C7CF}.Release|Any CPU.ActiveCfg = Release|Any CPU {C1D1FE54-4CDD-41C0-AABC-415950AA24D5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {C1D1FE54-4CDD-41C0-AABC-415950AA24D5}.Debug|Any CPU.Build.0 = Debug|Any CPU {C1D1FE54-4CDD-41C0-AABC-415950AA24D5}.Release|Any CPU.ActiveCfg = Release|Any CPU {C1D1FE54-4CDD-41C0-AABC-415950AA24D5}.Release|Any CPU.Build.0 = Release|Any CPU + {1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}.Debug|Any CPU.Build.0 = Debug|Any CPU + {1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}.Release|Any CPU.ActiveCfg = Release|Any CPU + {1E7CA417-C64A-4BD9-98D2-5A0A2DD94726}.Release|Any CPU.Build.0 = Release|Any CPU + {520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Debug|Any CPU.Build.0 = Debug|Any CPU + {520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.ActiveCfg = Release|Any CPU + {520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.Build.0 = Release|Any CPU + {14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.Build.0 = Debug|Any CPU + {14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.ActiveCfg = Release|Any CPU + {14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.Build.0 = Release|Any CPU + {6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.Build.0 = Debug|Any CPU + {6EBEBF57-3399-4008-BA10-0D21F6827244}.Release|Any CPU.ActiveCfg = Release|Any CPU + {6EBEBF57-3399-4008-BA10-0D21F6827244}.Release|Any CPU.Build.0 = Release|Any CPU + {0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Debug|Any CPU.Build.0 = Debug|Any CPU + {0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.ActiveCfg = Release|Any CPU + {0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -100,8 +126,12 @@ Global {C43BBC19-0147-44A4-AAF5-1CBC136A7A28} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} {9225BD37-C13E-4A97-AACD-17E784FA52BB} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} {F4972F10-28F8-4AE1-A5F6-C0E5DC1C0B29} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} - {1A1B90A0-227D-4041-A62A-F83AF9C9C7CF} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} {C1D1FE54-4CDD-41C0-AABC-415950AA24D5} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} + {1E7CA417-C64A-4BD9-98D2-5A0A2DD94726} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} + {520779B1-20EB-45D9-8A02-D0C4DFEC9302} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} + {B48F8BD5-1056-4670-BEFA-F4A260293B6F} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5} + {6EBEBF57-3399-4008-BA10-0D21F6827244} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F} + {0CBD4CC5-3E39-4134-A0E1-4DB8999619F3} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {68364621-1011-4D44-9CF5-518F0DC3F459} diff --git a/roles/api/files/replace_metadata.json b/roles/api/files/replace_metadata.json index dbd48a696..e6dc5aa26 100644 --- a/roles/api/files/replace_metadata.json +++ b/roles/api/files/replace_metadata.json @@ -9,6 +9,2203 @@ "name": "default", "kind": "postgres", "tables": [ + { + "table": { + "name": "ip_range", + "schema": "compliance" + }, + "object_relationships": [ + { + "name": "network_zone", + "using": { + "foreign_key_constraint_on": "network_zone_id" + } + } + ], + "insert_permissions": [ + { + "role": "fw-admin", + "permission": { + "check": {}, + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ] + } + }, + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ] + } + }, + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ] + } + } + ], + "select_permissions": [ + { + "role": "approver", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "auditor", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "implementer", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "planner", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "requester", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reviewer", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "fw-admin", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "network_zone_id", + "ip_range_end", + "ip_range_start" + ], + "filter": {}, + "check": {} + } + } + ], + "delete_permissions": [ + { + "role": "fw-admin", + "permission": { + "filter": {} + } + }, + { + "role": "importer", + "permission": { + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "filter": {} + } + } + ] + }, + { + "table": { + "name": "network_zone", + "schema": "compliance" + }, + "object_relationships": [ + { + "name": "super_network_zone", + "using": { + "foreign_key_constraint_on": "super_network_zone_id" + } + } + ], + "array_relationships": [ + { + "name": "ip_ranges", + "using": { + "foreign_key_constraint_on": { + "column": "network_zone_id", + "table": { + "name": "ip_range", + "schema": "compliance" + } + } + } + }, + { + "name": "network_zone_communication_destinations", + "using": { + "foreign_key_constraint_on": { + "column": "from_network_zone_id", + "table": { + "name": "network_zone_communication", + "schema": "compliance" + } + } + } + }, + { + "name": "network_zone_communication_sources", + "using": { + "foreign_key_constraint_on": { + "column": "to_network_zone_id", + "table": { + "name": "network_zone_communication", + "schema": "compliance" + } + } + } + }, + { + "name": "sub_network_zones", + "using": { + "foreign_key_constraint_on": { + "column": "super_network_zone_id", + "table": { + "name": "network_zone", + "schema": "compliance" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "fw-admin", + "permission": { + "check": {}, + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ] + } + }, + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ] + } + }, + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ] + } + } + ], + "select_permissions": [ + { + "role": "approver", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "auditor", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "implementer", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "planner", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "requester", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reviewer", + "permission": { + "columns": [ + "id", + "name", + "description", + "super_network_zone_id", + "owner_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "fw-admin", + "permission": { + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "id", + "owner_id", + "super_network_zone_id", + "description", + "name" + ], + "filter": {}, + "check": {} + } + } + ], + "delete_permissions": [ + { + "role": "fw-admin", + "permission": { + "filter": {} + } + }, + { + "role": "importer", + "permission": { + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "filter": {} + } + } + ] + }, + { + "table": { + "name": "network_zone_communication", + "schema": "compliance" + }, + "object_relationships": [ + { + "name": "from_network_zone", + "using": { + "foreign_key_constraint_on": "from_network_zone_id" + } + }, + { + "name": "to_network_zone", + "using": { + "foreign_key_constraint_on": "to_network_zone_id" + } + } + ], + "insert_permissions": [ + { + "role": "fw-admin", + "permission": { + "check": {}, + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ] + } + }, + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ] + } + }, + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ] + } + } + ], + "select_permissions": [ + { + "role": "approver", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "auditor", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "implementer", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "planner", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "requester", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reviewer", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "fw-admin", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "from_network_zone_id", + "to_network_zone_id" + ], + "filter": {}, + "check": {} + } + } + ], + "delete_permissions": [ + { + "role": "fw-admin", + "permission": { + "filter": {} + } + }, + { + "role": "importer", + "permission": { + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "filter": {} + } + } + ] + }, + { + "table": { + "name": "change_history", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "id", + "object_id", + "changer", + "change_text", + "app_id", + "change_type", + "object_type", + "change_time" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "id", + "object_id", + "changer", + "change_text", + "app_id", + "change_type", + "object_type", + "change_time" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "id", + "object_id", + "changer", + "change_text", + "app_id", + "change_type", + "object_type", + "change_time" + ], + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "connection", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "used_interface_id" + } + }, + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "array_relationships": [ + { + "name": "connections", + "using": { + "foreign_key_constraint_on": { + "column": "used_interface_id", + "table": { + "name": "connection", + "schema": "modelling" + } + } + } + }, + { + "name": "nwgroup_connections", + "using": { + "foreign_key_constraint_on": { + "column": "connection_id", + "table": { + "name": "nwgroup_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "nwobject_connections", + "using": { + "foreign_key_constraint_on": { + "column": "connection_id", + "table": { + "name": "nwobject_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "selected_connections", + "using": { + "foreign_key_constraint_on": { + "column": "connection_id", + "table": { + "name": "selected_connections", + "schema": "modelling" + } + } + } + }, + { + "name": "service_connections", + "using": { + "foreign_key_constraint_on": { + "column": "connection_id", + "table": { + "name": "service_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "service_group_connections", + "using": { + "foreign_key_constraint_on": { + "column": "connection_id", + "table": { + "name": "service_group_connection", + "schema": "modelling" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": { + "_or": [ + { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + { + "app_id": { + "_is_null": true + } + } + ] + }, + "columns": [ + "app_id", + "common_service", + "creation_date", + "creator", + "id", + "is_interface", + "is_published", + "is_requested", + "name", + "proposed_app_id", + "reason", + "ticket_id", + "used_interface_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "app_id", + "common_service", + "creation_date", + "creator", + "id", + "is_interface", + "is_published", + "is_requested", + "name", + "proposed_app_id", + "reason", + "ticket_id", + "used_interface_id" + ], + "filter": {}, + "allow_aggregations": true + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "app_id", + "common_service", + "creation_date", + "creator", + "id", + "is_interface", + "is_published", + "is_requested", + "name", + "proposed_app_id", + "reason", + "ticket_id", + "used_interface_id" + ], + "filter": {}, + "allow_aggregations": true + }, + "comment": "" + } + ], + "update_permissions": [ + { + "role": "modeller", + "permission": { + "columns": [ + "app_id", + "common_service", + "creation_date", + "creator", + "id", + "is_interface", + "is_published", + "is_requested", + "name", + "proposed_app_id", + "reason", + "ticket_id", + "used_interface_id" + ], + "filter": { + "_or": [ + { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + { + "app_id": { + "_is_null": true + } + } + ] + }, + "check": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": { + "_or": [ + { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + { + "app_id": { + "_is_null": true + } + } + ] + } + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "nwgroup", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "array_relationships": [ + { + "name": "nwgroup_connections", + "using": { + "foreign_key_constraint_on": { + "column": "nwgroup_id", + "table": { + "name": "nwgroup_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "nwobject_nwgroups", + "using": { + "foreign_key_constraint_on": { + "column": "nwgroup_id", + "table": { + "name": "nwobject_nwgroup", + "schema": "modelling" + } + } + } + }, + { + "name": "selected_objects", + "using": { + "foreign_key_constraint_on": { + "column": "nwgroup_id", + "table": { + "name": "selected_objects", + "schema": "modelling" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ] + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "check": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ], + "filter": {} + }, + "comment": "" + } + ], + "update_permissions": [ + { + "role": "middleware-server", + "permission": { + "columns": [ + "is_deleted" + ], + "filter": {}, + "check": null + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "id", + "is_deleted", + "comment", + "creator", + "id_string", + "name", + "app_id", + "group_type", + "creation_date" + ], + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "check": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "middleware-server", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + } + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "nwgroup_connection", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "connection_id" + } + }, + { + "name": "nwgroup", + "using": { + "foreign_key_constraint_on": "nwgroup_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "nwgroup_id", + "connection_field", + "connection_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "nwgroup_id", + "connection_field", + "connection_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "nwgroup_id", + "connection_field", + "connection_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "nwobject_connection", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "connection_id" + } + }, + { + "name": "owner_network", + "using": { + "foreign_key_constraint_on": "nwobject_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "nwobject_id", + "connection_field", + "connection_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "nwobject_id", + "connection_field", + "connection_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "nwobject_id", + "connection_field", + "connection_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "nwobject_nwgroup", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "nwgroup", + "using": { + "foreign_key_constraint_on": "nwgroup_id" + } + }, + { + "name": "owner_network", + "using": { + "foreign_key_constraint_on": "nwobject_id" + } + } + ], + "insert_permissions": [ + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "nwgroup_id", + "nwobject_id" + ] + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "nwobject_id", + "nwgroup_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "nwobject_id", + "nwgroup_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "nwgroup_id", + "nwobject_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "nwobject_id", + "nwgroup_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "middleware-server", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "selected_connections", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "connection_id" + } + }, + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "app_id", + "connection_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "app_id", + "connection_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "app_id", + "connection_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "selected_objects", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "nwgroup", + "using": { + "foreign_key_constraint_on": "nwgroup_id" + } + }, + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "nwgroup_id", + "app_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "nwgroup_id", + "app_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "nwgroup_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "nwgroup_id", + "app_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "middleware-server", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "service", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + }, + { + "name": "stm_ip_proto", + "using": { + "foreign_key_constraint_on": "proto_id" + } + } + ], + "array_relationships": [ + { + "name": "service_connections", + "using": { + "foreign_key_constraint_on": { + "column": "service_id", + "table": { + "name": "service_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "service_service_groups", + "using": { + "foreign_key_constraint_on": { + "column": "service_id", + "table": { + "name": "service_service_group", + "schema": "modelling" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "columns": [ + "is_global", + "name", + "app_id", + "id", + "port", + "port_end", + "proto_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "is_global", + "name", + "app_id", + "id", + "port", + "port_end", + "proto_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "is_global", + "name", + "app_id", + "id", + "port", + "port_end", + "proto_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "update_permissions": [ + { + "role": "modeller", + "permission": { + "columns": [ + "is_global", + "name", + "app_id", + "id", + "port", + "port_end", + "proto_id" + ], + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "check": null + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + } + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "service_connection", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "connection_id" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "service_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "connection_id", + "service_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "connection_id", + "service_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "connection_id", + "service_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "service_group", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "app_id" + } + } + ], + "array_relationships": [ + { + "name": "service_group_connections", + "using": { + "foreign_key_constraint_on": { + "column": "service_group_id", + "table": { + "name": "service_group_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "service_service_groups", + "using": { + "foreign_key_constraint_on": { + "column": "service_group_id", + "table": { + "name": "service_service_group", + "schema": "modelling" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "columns": [ + "is_global", + "comment", + "creator", + "name", + "app_id", + "id", + "creation_date" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "is_global", + "comment", + "creator", + "name", + "app_id", + "id", + "creation_date" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "is_global", + "comment", + "creator", + "name", + "app_id", + "id", + "creation_date" + ], + "filter": {} + }, + "comment": "" + } + ], + "update_permissions": [ + { + "role": "modeller", + "permission": { + "columns": [ + "is_global", + "comment", + "creator", + "name", + "app_id", + "id", + "creation_date" + ], + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + }, + "check": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": { + "app_id": { + "_in": "x-hasura-editable-owners" + } + } + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "service_group_connection", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "connection", + "using": { + "foreign_key_constraint_on": "connection_id" + } + }, + { + "name": "service_group", + "using": { + "foreign_key_constraint_on": "service_group_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "connection_id", + "service_group_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "connection_id", + "service_group_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "connection_id", + "service_group_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "service_service_group", + "schema": "modelling" + }, + "object_relationships": [ + { + "name": "service", + "using": { + "foreign_key_constraint_on": "service_id" + } + }, + { + "name": "service_group", + "using": { + "foreign_key_constraint_on": "service_group_id" + } + } + ], + "insert_permissions": [ + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "service_group_id", + "service_id" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "service_group_id", + "service_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "service_group_id", + "service_id" + ], + "filter": {} + }, + "comment": "" + } + ], + "delete_permissions": [ + { + "role": "modeller", + "permission": { + "filter": {} + }, + "comment": "" + } + ] + }, { "table": { "name": "alert", @@ -157,6 +2354,28 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "ack_by", + "ack_timestamp", + "alert_code", + "alert_dev_id", + "alert_id", + "alert_mgm_id", + "alert_timestamp", + "description", + "json_data", + "ref_alert_id", + "ref_log_id", + "source", + "title", + "user_id" + ] + } + }, { "role": "planner", "permission": { @@ -424,6 +2643,28 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "alert_id", + "ref_alert_id", + "ref_log_id", + "description", + "source", + "title", + "ack_by", + "alert_code", + "alert_dev_id", + "alert_mgm_id", + "user_id", + "json_data", + "ack_timestamp", + "alert_timestamp" + ], + "filter": {} + } + }, { "role": "planner", "permission": { @@ -446,6 +2687,29 @@ "filter": {} } }, + { + "role": "recertifier", + "permission": { + "columns": [ + "alert_id", + "ref_alert_id", + "ref_log_id", + "description", + "source", + "title", + "ack_by", + "alert_code", + "alert_dev_id", + "alert_mgm_id", + "user_id", + "json_data", + "ack_timestamp", + "alert_timestamp" + ], + "filter": {} + }, + "comment": "" + }, { "role": "reporter", "permission": { @@ -593,6 +2857,17 @@ "check": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "ack_by", + "ack_timestamp" + ], + "filter": {}, + "check": null + } + }, { "role": "planner", "permission": { @@ -794,6 +3069,18 @@ } } ], + "computed_fields": [ + { + "name": "cl_rule_relevant_for_tenant", + "definition": { + "function": { + "name": "cl_rule_relevant_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + } + ], "select_permissions": [ { "role": "auditor", @@ -878,6 +3165,34 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "abs_change_id", + "control_id", + "log_rule_id", + "new_rule_id", + "old_rule_id", + "documented", + "implicit_change", + "security_relevant", + "change_action", + "change_request_info", + "unique_name", + "change_type_id", + "dev_id", + "doku_admin", + "import_admin", + "mgm_id", + "changelog_rule_comment", + "change_time", + "docu_time" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -902,10 +3217,27 @@ "change_time", "unique_name" ], + "computed_fields": [ + "cl_rule_relevant_for_tenant" + ], "filter": { - "dev_id": { - "_in": "x-hasura-visible-devices" - } + "_and": [ + { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, + { + "cl_rule_relevant_for_tenant": { + "_eq": "true" + } + } + ] }, "allow_aggregations": true } @@ -934,10 +3266,27 @@ "change_time", "unique_name" ], + "computed_fields": [ + "cl_rule_relevant_for_tenant" + ], "filter": { - "dev_id": { - "_in": "x-hasura-visible-devices" - } + "_and": [ + { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, + { + "cl_rule_relevant_for_tenant": { + "_eq": "true" + } + } + ] }, "allow_aggregations": true } @@ -1196,9 +3545,33 @@ } }, "columns": [ - "config_user", + "config_user", + "config_key", + "config_value" + ] + } + }, + { + "role": "modeller", + "permission": { + "check": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + }, + "columns": [ "config_key", - "config_value" + "config_value", + "config_user" ] } }, @@ -1424,6 +3797,30 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "config_key", + "config_value", + "config_user" + ], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + } + } + }, { "role": "planner", "permission": { @@ -1628,6 +4025,31 @@ "check": null } }, + { + "role": "modeller", + "permission": { + "columns": [ + "config_key", + "config_value", + "config_user" + ], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + }, + "check": null + } + }, { "role": "planner", "permission": { @@ -1725,6 +4147,170 @@ } ] }, + { + "table": { + "name": "customtxt", + "schema": "public" + }, + "select_permissions": [ + { + "role": "anonymous", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "approver", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "auditor", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "implementer", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "planner", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "reporter", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "requester", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "reviewer", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + } + ] + }, { "table": { "name": "device", @@ -1742,12 +4328,6 @@ "using": { "foreign_key_constraint_on": "dev_typ_id" } - }, - { - "name": "tenant", - "using": { - "foreign_key_constraint_on": "tenant_id" - } } ], "array_relationships": [ @@ -1823,6 +4403,18 @@ } } }, + { + "name": "reqelements", + "using": { + "foreign_key_constraint_on": { + "column": "device_id", + "table": { + "name": "reqelement", + "schema": "request" + } + } + } + }, { "name": "rule_metadata", "using": { @@ -1875,6 +4467,28 @@ } } ], + "computed_fields": [ + { + "name": "get_changelog_rules_for_tenant", + "definition": { + "function": { + "name": "get_changelog_rules_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + }, + { + "name": "get_rules_for_tenant", + "definition": { + "function": { + "name": "get_rules_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + } + ], "insert_permissions": [ { "role": "fw-admin", @@ -1896,7 +4510,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -1924,7 +4537,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -1954,7 +4566,6 @@ "mgm_id", "dev_name", "dev_typ_id", - "tenant_id", "dev_active", "dev_comment", "dev_create", @@ -1993,7 +4604,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2021,7 +4631,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2051,7 +4660,6 @@ "mgm_id", "dev_name", "dev_typ_id", - "tenant_id", "dev_active", "dev_comment", "dev_create", @@ -2085,17 +4693,56 @@ "package_name", "package_uid", "dev_typ_id", - "tenant_id", - "dev_active", + "dev_active", + "dev_comment", + "dev_create", + "dev_update", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "hide_in_gui" + ], + "filter": {} + } + }, + { + "role": "modeller", + "permission": { + "columns": [ + "clearing_import_ran", + "dev_active", + "do_not_import", + "force_initial_import", + "hide_in_gui", + "dev_name", + "global_rulebase_name", + "global_rulebase_uid", + "local_rulebase_name", + "local_rulebase_uid", + "package_name", + "package_uid", + "dev_id", + "dev_typ_id", + "mgm_id", "dev_comment", "dev_create", - "dev_update", - "do_not_import", - "clearing_import_ran", - "force_initial_import", - "hide_in_gui" + "dev_update" ], - "filter": {} + "filter": { + "_and": [ + { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + ] + }, + "allow_aggregations": true } }, { @@ -2117,7 +4764,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2158,7 +4804,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2199,7 +4844,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2229,7 +4873,6 @@ "mgm_id", "dev_name", "dev_typ_id", - "tenant_id", "dev_active", "dev_comment", "dev_create", @@ -2268,7 +4911,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2309,7 +4951,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2352,7 +4993,6 @@ "dev_id", "dev_typ_id", "mgm_id", - "tenant_id", "dev_comment", "dev_create", "dev_update" @@ -2410,6 +5050,39 @@ ], "filter": {} } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "name", + "id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "reporter", + "permission": { + "columns": [ + "name", + "id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "name", + "id" + ], + "filter": {} + }, + "comment": "" } ], "update_permissions": [ @@ -3360,19 +6033,21 @@ "role": "importer", "permission": { "columns": [ - "control_id", "changes_found", - "is_initial_import", - "successful_import", + "control_id", "delimiter_group", "delimiter_list", "delimiter_user", "delimiter_zone", "import_errors", - "mgm_id", + "is_initial_import", "last_change_in_config", + "mgm_id", + "notification_done", + "security_relevant_changes_counter", "start_time", - "stop_time" + "stop_time", + "successful_import" ], "filter": {}, "allow_aggregations": true @@ -3382,19 +6057,21 @@ "role": "middleware-server", "permission": { "columns": [ - "control_id", "changes_found", - "is_initial_import", - "successful_import", + "control_id", "delimiter_group", "delimiter_list", "delimiter_user", "delimiter_zone", "import_errors", - "mgm_id", + "is_initial_import", "last_change_in_config", + "mgm_id", + "notification_done", + "security_relevant_changes_counter", "start_time", - "stop_time" + "stop_time", + "successful_import" ], "filter": {} } @@ -3479,19 +6156,31 @@ "role": "importer", "permission": { "columns": [ - "control_id", "changes_found", - "is_initial_import", - "successful_import", + "control_id", "delimiter_group", "delimiter_list", "delimiter_user", "delimiter_zone", "import_errors", - "mgm_id", + "is_initial_import", "last_change_in_config", + "mgm_id", + "notification_done", + "security_relevant_changes_counter", "start_time", - "stop_time" + "stop_time", + "successful_import" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "notification_done" ], "filter": {}, "check": {} @@ -3823,37 +6512,38 @@ "check": {}, "columns": [ "control_id", + "rule_id", + "rule_disabled", + "rule_dst_neg", + "rule_implied", + "rule_src_neg", + "rule_svc_neg", "last_change_admin", - "last_change_time", + "rule_installon", + "rule_name", + "rule_ruleid", + "rule_scope", + "rule_sysid", + "rule_time", + "rule_type", + "rulebase_name", + "rule_num", "parent_rule_uid", "rule_action", "rule_comment", - "rule_disabled", "rule_dst", - "rule_dst_neg", "rule_dst_refs", "rule_from_zone", "rule_head_text", - "rule_id", - "rule_implied", - "rule_installon", - "rule_name", - "rule_num", - "rule_ruleid", - "rule_scope", "rule_src", - "rule_src_neg", "rule_src_refs", "rule_svc", - "rule_svc_neg", "rule_svc_refs", - "rule_sysid", - "rule_time", "rule_to_zone", "rule_track", - "rule_type", "rule_uid", - "rulebase_name" + "last_change_time", + "last_hit" ] } } @@ -4128,6 +6818,17 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "culture_info", + "name" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -4287,7 +6988,11 @@ "permission": { "columns": [ "ldap_connection_id", - "ldap_tenant_level" + "ldap_name", + "ldap_port", + "ldap_server", + "ldap_tenant_level", + "tenant_id" ], "filter": {} } @@ -4328,6 +7033,20 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "ldap_connection_id", + "ldap_name", + "ldap_port", + "ldap_server", + "ldap_tenant_level", + "tenant_id" + ], + "filter": {} + } + }, { "role": "planner", "permission": { @@ -4599,6 +7318,30 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "data_issue_id", + "import_id", + "rule_id", + "description", + "object_name", + "object_type", + "object_uid", + "rule_uid", + "source", + "suspected_cause", + "issue_dev_id", + "issue_mgm_id", + "severity", + "user_id", + "issue_timestamp" + ] + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -4883,6 +7626,30 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "data_issue_id", + "import_id", + "rule_id", + "description", + "object_name", + "object_type", + "object_uid", + "rule_uid", + "source", + "suspected_cause", + "issue_dev_id", + "issue_mgm_id", + "severity", + "user_id", + "issue_timestamp" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -5052,12 +7819,6 @@ "using": { "foreign_key_constraint_on": "dev_typ_id" } - }, - { - "name": "tenant", - "using": { - "foreign_key_constraint_on": "tenant_id" - } } ], "array_relationships": [ @@ -5253,6 +8014,18 @@ } } }, + { + "name": "tenant_to_managements", + "using": { + "foreign_key_constraint_on": { + "column": "management_id", + "table": { + "name": "tenant_to_management", + "schema": "public" + } + } + } + }, { "name": "usrs", "using": { @@ -5305,6 +8078,16 @@ "schema": "public" } } + }, + { + "name": "get_objects_for_tenant", + "definition": { + "function": { + "name": "get_objects_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } } ], "insert_permissions": [ @@ -5313,30 +8096,32 @@ "permission": { "check": {}, "columns": [ - "clearing_import_ran", + "mgm_id", + "dev_typ_id", + "mgm_name", + "mgm_comment", + "cloud_tenant_id", + "cloud_subscription_id", + "mgm_create", + "mgm_update", + "import_credential_id", + "ssh_hostname", + "ssh_port", + "last_import_md5_complete_config", + "last_import_attempt", + "last_import_attempt_successful", "do_not_import", + "clearing_import_ran", "force_initial_import", - "hide_in_gui", - "last_import_attempt_successful", "config_path", "domain_uid", + "hide_in_gui", "importer_hostname", - "last_import_md5_complete_config", - "mgm_name", - "ssh_hostname", "debug_level", - "dev_typ_id", - "import_credential_id", - "mgm_id", - "multi_device_manager_id", - "ssh_port", - "tenant_id", - "mgm_comment", - "last_import_attempt", - "mgm_create", - "mgm_update" + "multi_device_manager_id" ] - } + }, + "comment": "" } ], "select_permissions": [ @@ -5351,8 +8136,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5385,7 +8169,6 @@ "mgm_id", "multi_device_manager_id", "ssh_port", - "tenant_id", "mgm_comment", "last_import_attempt", "mgm_create", @@ -5418,7 +8201,6 @@ "mgm_id", "multi_device_manager_id", "ssh_port", - "tenant_id", "mgm_comment", "last_import_attempt", "mgm_create", @@ -5438,9 +8220,8 @@ "domain_uid", "hide_in_gui", "mgm_id", - "mgm_name", - "multi_device_manager_id", - "tenant_id" + "mgm_name", + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5473,7 +8254,6 @@ "mgm_id", "multi_device_manager_id", "ssh_port", - "tenant_id", "mgm_comment", "last_import_attempt", "mgm_create", @@ -5506,7 +8286,6 @@ "mgm_id", "multi_device_manager_id", "ssh_port", - "tenant_id", "mgm_comment", "last_import_attempt", "mgm_create", @@ -5515,6 +8294,27 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "config_path", + "dev_typ_id", + "do_not_import", + "domain_uid", + "hide_in_gui", + "mgm_id", + "mgm_name", + "multi_device_manager_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, { "role": "planner", "permission": { @@ -5526,8 +8326,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5560,7 +8359,6 @@ "mgm_id", "multi_device_manager_id", "ssh_port", - "tenant_id", "mgm_comment", "last_import_attempt", "mgm_create", @@ -5584,8 +8382,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5606,8 +8403,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": {}, "allow_aggregations": true @@ -5623,8 +8419,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5645,8 +8440,7 @@ "hide_in_gui", "mgm_id", "mgm_name", - "multi_device_manager_id", - "tenant_id" + "multi_device_manager_id" ], "filter": { "mgm_id": { @@ -5662,32 +8456,34 @@ "role": "fw-admin", "permission": { "columns": [ - "clearing_import_ran", + "mgm_id", + "dev_typ_id", + "mgm_name", + "mgm_comment", + "cloud_tenant_id", + "cloud_subscription_id", + "mgm_create", + "mgm_update", + "import_credential_id", + "ssh_hostname", + "ssh_port", + "last_import_md5_complete_config", + "last_import_attempt", + "last_import_attempt_successful", "do_not_import", + "clearing_import_ran", "force_initial_import", - "hide_in_gui", - "last_import_attempt_successful", "config_path", "domain_uid", + "hide_in_gui", "importer_hostname", - "last_import_md5_complete_config", - "mgm_name", - "ssh_hostname", "debug_level", - "dev_typ_id", - "import_credential_id", - "mgm_id", - "multi_device_manager_id", - "ssh_port", - "tenant_id", - "mgm_comment", - "last_import_attempt", - "mgm_create", - "mgm_update" + "multi_device_manager_id" ], "filter": {}, "check": {} - } + }, + "comment": "" }, { "role": "importer", @@ -5702,87 +8498,6 @@ } ] }, - { - "table": { - "name": "nw_object_limits", - "schema": "public" - }, - "select_permissions": [ - { - "role": "auditor", - "permission": { - "columns": [ - "obj_id", - "first_ip", - "last_ip", - "mgm_id" - ], - "filter": {}, - "allow_aggregations": true - } - }, - { - "role": "fw-admin", - "permission": { - "columns": [ - "obj_id", - "first_ip", - "last_ip", - "mgm_id" - ], - "filter": {}, - "allow_aggregations": true - } - }, - { - "role": "recertifier", - "permission": { - "columns": [ - "obj_id", - "first_ip", - "last_ip", - "mgm_id" - ], - "filter": { - "mgm_id": { - "_in": "x-hasura-visible-managements" - } - }, - "allow_aggregations": true - } - }, - { - "role": "reporter", - "permission": { - "columns": [ - "obj_id", - "first_ip", - "last_ip", - "mgm_id" - ], - "filter": { - "mgm_id": { - "_in": "x-hasura-visible-managements" - } - }, - "allow_aggregations": true - } - }, - { - "role": "reporter-viewall", - "permission": { - "columns": [ - "obj_id", - "first_ip", - "last_ip", - "mgm_id" - ], - "filter": {}, - "allow_aggregations": true - } - } - ] - }, { "table": { "name": "object", @@ -5887,21 +8602,6 @@ } } }, - { - "name": "network_object_limits", - "using": { - "manual_configuration": { - "column_mapping": { - "obj_id": "obj_id" - }, - "insertion_order": null, - "remote_table": { - "name": "nw_object_limits", - "schema": "public" - } - } - } - }, { "name": "objgrpFlatsByObjgrpFlatMemberId", "using": { @@ -6090,6 +8790,45 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "obj_id", + "last_change_admin", + "zone_id", + "mgm_id", + "obj_name", + "obj_comment", + "obj_uid", + "obj_typ_id", + "obj_location", + "obj_member_names", + "obj_member_refs", + "initial_config", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_nat", + "nattyp_id", + "obj_nat_ip", + "obj_nat_ip_end", + "obj_nat_install", + "obj_color_id", + "obj_sys_name", + "obj_sys_location", + "obj_sys_contact", + "obj_sys_desc", + "obj_sys_readcom", + "obj_sys_writecom", + "active", + "obj_create", + "obj_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, { "role": "recertifier", "permission": { @@ -6438,64 +9177,190 @@ }, "object_relationships": [ { - "name": "tenant", + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "change_histories", + "using": { + "foreign_key_constraint_on": { + "column": "app_id", + "table": { + "name": "change_history", + "schema": "modelling" + } + } + } + }, + { + "name": "connections", + "using": { + "foreign_key_constraint_on": { + "column": "app_id", + "table": { + "name": "connection", + "schema": "modelling" + } + } + } + }, + { + "name": "nwgroups", + "using": { + "foreign_key_constraint_on": { + "column": "app_id", + "table": { + "name": "nwgroup", + "schema": "modelling" + } + } + } + }, + { + "name": "owner_networks", + "using": { + "foreign_key_constraint_on": { + "column": "owner_id", + "table": { + "name": "owner_network", + "schema": "public" + } + } + } + }, + { + "name": "recertifications", + "using": { + "foreign_key_constraint_on": { + "column": "owner_id", + "table": { + "name": "recertification", + "schema": "public" + } + } + } + }, + { + "name": "reqtask_owners", + "using": { + "foreign_key_constraint_on": { + "column": "owner_id", + "table": { + "name": "reqtask_owner", + "schema": "public" + } + } + } + }, + { + "name": "rule_owners", + "using": { + "foreign_key_constraint_on": { + "column": "owner_id", + "table": { + "name": "rule_owner", + "schema": "public" + } + } + } + }, + { + "name": "selected_connections", "using": { - "foreign_key_constraint_on": "tenant_id" + "foreign_key_constraint_on": { + "column": "app_id", + "table": { + "name": "selected_connections", + "schema": "modelling" + } + } } - } - ], - "array_relationships": [ + }, { - "name": "owner_networks", + "name": "selected_objects", "using": { "foreign_key_constraint_on": { - "column": "owner_id", + "column": "app_id", "table": { - "name": "owner_network", - "schema": "public" + "name": "selected_objects", + "schema": "modelling" } } } }, { - "name": "reqtask_owners", + "name": "service_groups", "using": { "foreign_key_constraint_on": { - "column": "owner_id", + "column": "app_id", "table": { - "name": "reqtask_owner", - "schema": "public" + "name": "service_group", + "schema": "modelling" } } } }, { - "name": "rule_owners", + "name": "services", "using": { "foreign_key_constraint_on": { - "column": "owner_id", + "column": "app_id", "table": { - "name": "rule_owner", - "schema": "public" + "name": "service", + "schema": "modelling" } } } } ], - "select_permissions": [ + "insert_permissions": [ { - "role": "approver", + "role": "middleware-server", "permission": { + "check": {}, "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", + "recert_interval", "tenant_id", + "last_recert_check" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "approver", + "permission": { + "columns": [ + "active", + "app_id_external", + "common_service_possible", + "criticality", + "dn", + "group_dn", + "id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", "recert_interval", - "next_recert_date" + "tenant_id" ], "filter": {} } @@ -6504,15 +9369,20 @@ "role": "auditor", "permission": { "columns": [ - "is_default", + "active", "app_id_external", + "common_service_possible", + "criticality", "dn", "group_dn", - "name", "id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", "recert_interval", - "tenant_id", - "next_recert_date" + "tenant_id" ], "filter": {} } @@ -6521,15 +9391,20 @@ "role": "fw-admin", "permission": { "columns": [ - "is_default", + "active", "app_id_external", + "common_service_possible", + "criticality", "dn", "group_dn", - "name", "id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", "recert_interval", - "tenant_id", - "next_recert_date" + "tenant_id" ], "filter": {} } @@ -6538,32 +9413,104 @@ "role": "implementer", "permission": { "columns": [ - "is_default", + "active", "app_id_external", + "common_service_possible", + "criticality", "dn", "group_dn", + "id", + "import_source", + "is_default", + "last_recert_check", "name", + "recert_check_params", + "recert_interval", + "tenant_id" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "active", + "app_id_external", + "common_service_possible", + "criticality", + "dn", + "group_dn", "id", - "tenant_id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", "recert_interval", - "next_recert_date" + "tenant_id" ], "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "active", + "app_id_external", + "common_service_possible", + "criticality", + "dn", + "group_dn", + "id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", + "recert_interval", + "tenant_id" + ], + "filter": { + "_and": [ + { + "_or": [ + { + "tenant_id": { + "_is_null": true + } + }, + { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + ] + } + ] + }, + "allow_aggregations": true + } + }, { "role": "planner", "permission": { "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", - "tenant_id", "recert_interval", - "next_recert_date" + "tenant_id", + "last_recert_check" ], "filter": {} } @@ -6572,20 +9519,34 @@ "role": "recertifier", "permission": { "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", "recert_interval", "tenant_id", - "next_recert_date" + "last_recert_check" ], "filter": { - "tenant_id": { - "_eq": "x-hasura-tenant-id" - } + "_or": [ + { + "tenant_id": { + "_is_null": true + } + }, + { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + ] }, "allow_aggregations": true } @@ -6594,15 +9555,20 @@ "role": "reporter", "permission": { "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", "recert_interval", "tenant_id", - "next_recert_date" + "last_recert_check" ], "filter": { "tenant_id": { @@ -6616,15 +9582,20 @@ "role": "reporter-viewall", "permission": { "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", "recert_interval", "tenant_id", - "next_recert_date" + "last_recert_check" ], "filter": {}, "allow_aggregations": true @@ -6634,55 +9605,231 @@ "role": "requester", "permission": { "columns": [ + "active", + "common_service_possible", "is_default", "app_id_external", + "criticality", "dn", "group_dn", + "import_source", "name", + "recert_check_params", "id", + "recert_interval", "tenant_id", + "last_recert_check" + ], + "filter": {} + } + }, + { + "role": "reviewer", + "permission": { + "columns": [ + "active", + "app_id_external", + "common_service_possible", + "criticality", + "dn", + "group_dn", + "id", + "import_source", + "is_default", + "last_recert_check", + "name", + "recert_check_params", + "recert_interval", + "tenant_id" + ], + "filter": {} + } + } + ], + "update_permissions": [ + { + "role": "middleware-server", + "permission": { + "columns": [ + "active", + "common_service_possible", + "is_default", + "app_id_external", + "criticality", + "dn", + "group_dn", + "import_source", + "name", + "recert_check_params", + "id", "recert_interval", - "next_recert_date" + "tenant_id", + "last_recert_check" + ], + "filter": {}, + "check": null + } + } + ] + }, + { + "table": { + "name": "owner_network", + "schema": "public" + }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "owner_id" + } + }, + { + "name": "stm_ip_proto", + "using": { + "foreign_key_constraint_on": "ip_proto_id" + } + } + ], + "array_relationships": [ + { + "name": "nwobject_connections", + "using": { + "foreign_key_constraint_on": { + "column": "nwobject_id", + "table": { + "name": "nwobject_connection", + "schema": "modelling" + } + } + } + }, + { + "name": "nwobject_nwgroups", + "using": { + "foreign_key_constraint_on": { + "column": "nwobject_id", + "table": { + "name": "nwobject_nwgroup", + "schema": "modelling" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "custom_type", + "id", + "import_source", + "ip", + "ip_end", + "ip_proto_id", + "is_deleted", + "name", + "nw_type", + "owner_id", + "port" + ] + }, + "comment": "" + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "id", + "is_deleted", + "import_source", + "name", + "ip", + "ip_end", + "custom_type", + "ip_proto_id", + "nw_type", + "owner_id", + "port" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "custom_type", + "id", + "import_source", + "ip", + "ip_end", + "ip_proto_id", + "is_deleted", + "name", + "nw_type", + "owner_id", + "port" ], "filter": {} - } + }, + "comment": "" }, { - "role": "reviewer", + "role": "modeller", "permission": { "columns": [ - "is_default", - "app_id_external", - "dn", - "group_dn", - "name", "id", - "tenant_id", - "recert_interval", - "next_recert_date" + "is_deleted", + "import_source", + "name", + "ip", + "ip_end", + "custom_type", + "ip_proto_id", + "nw_type", + "owner_id", + "port" ], "filter": {} - } + }, + "comment": "" } - ] - }, - { - "table": { - "name": "owner_network", - "schema": "public" - }, - "object_relationships": [ + ], + "update_permissions": [ { - "name": "owner", - "using": { - "foreign_key_constraint_on": "owner_id" - } - }, + "role": "middleware-server", + "permission": { + "columns": [ + "custom_type", + "import_source", + "ip", + "ip_end", + "ip_proto_id", + "is_deleted", + "name", + "nw_type", + "owner_id", + "port" + ], + "filter": {}, + "check": null + }, + "comment": "" + } + ], + "delete_permissions": [ { - "name": "stm_ip_proto", - "using": { - "foreign_key_constraint_on": "ip_proto_id" - } + "role": "middleware-server", + "permission": { + "filter": {} + }, + "comment": "" } ] }, @@ -6777,23 +9924,72 @@ "name": "recertification", "schema": "public" }, + "object_relationships": [ + { + "name": "owner", + "using": { + "foreign_key_constraint_on": "owner_id" + } + }, + { + "name": "rule_metadatum", + "using": { + "foreign_key_constraint_on": "rule_metadata_id" + } + } + ], "insert_permissions": [ { - "role": "recertifier", + "role": "importer", "permission": { "check": {}, "columns": [ + "comment", "id", + "ip_match", + "next_recert_date", + "owner_id", + "rule_id", "rule_metadata_id", + "user_dn" + ] + } + }, + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "id", "rule_id", - "ip_match", + "rule_metadata_id", "recertified", "comment", - "owner_id", + "ip_match", "user_dn", + "owner_id", + "next_recert_date", "recert_date" ] } + }, + { + "role": "recertifier", + "permission": { + "check": {}, + "columns": [ + "comment", + "id", + "ip_match", + "next_recert_date", + "owner_id", + "recert_date", + "recertified", + "rule_id", + "rule_metadata_id", + "user_dn" + ] + } } ], "select_permissions": [ @@ -6801,14 +9997,34 @@ "role": "auditor", "permission": { "columns": [ + "comment", "id", + "ip_match", + "next_recert_date", + "owner_id", + "recert_date", + "recertified", + "rule_id", "rule_metadata_id", + "user_dn" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "id", "rule_id", - "ip_match", + "rule_metadata_id", "recertified", "comment", - "owner_id", + "ip_match", "user_dn", + "owner_id", + "next_recert_date", "recert_date" ], "filter": {} @@ -6818,16 +10034,85 @@ "role": "recertifier", "permission": { "columns": [ + "comment", "id", - "rule_metadata_id", + "ip_match", + "next_recert_date", + "owner_id", + "recert_date", + "recertified", "rule_id", + "rule_metadata_id", + "user_dn" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "comment", + "id", "ip_match", + "next_recert_date", "owner_id", + "recert_date", + "recertified", + "rule_id", + "rule_metadata_id", + "user_dn" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "id", + "rule_id", + "rule_metadata_id", + "recertified", + "comment", + "ip_match", "user_dn", + "owner_id", + "next_recert_date", + "recert_date" + ], + "filter": {}, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "recertifier", + "permission": { + "columns": [ + "id", + "rule_id", + "rule_metadata_id", "recertified", - "recert_date", - "comment" + "comment", + "ip_match", + "user_dn", + "owner_id", + "next_recert_date", + "recert_date" ], + "filter": {}, + "check": null + } + } + ], + "delete_permissions": [ + { + "role": "middleware-server", + "permission": { "filter": {} } } @@ -6922,6 +10207,28 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "report_id", + "description", + "report_name", + "report_owner_id", + "report_template_id", + "report_type", + "tenant_wide_visible", + "report_json", + "report_csv", + "report_html", + "report_pdf", + "report_end_time", + "report_start_time" + ] + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -7034,6 +10341,32 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "report_id", + "description", + "report_name", + "report_owner_id", + "report_template_id", + "report_type", + "tenant_wide_visible", + "report_json", + "report_csv", + "report_html", + "report_pdf", + "report_end_time", + "report_start_time" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "allow_aggregations": true + } + }, { "role": "recertifier", "permission": { @@ -7102,22 +10435,49 @@ "report_html", "report_pdf", "report_end_time", - "report_start_time" + "report_start_time" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_owner_id", + "report_template_id", + "report_type", + "description", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_pdf", + "report_end_time", + "report_start_time", + "report_name" ], "filter": { "report_owner_id": { "_eq": "X-Hasura-User-Id" } }, - "allow_aggregations": true + "check": null } - } - ], - "update_permissions": [ + }, { - "role": "auditor", + "role": "fw-admin", "permission": { "columns": [ + "report_pdf", "report_owner_id", "report_template_id", "report_type", @@ -7127,7 +10487,6 @@ "report_json", "report_csv", "report_html", - "report_pdf", "report_end_time", "report_start_time", "report_name" @@ -7141,7 +10500,7 @@ } }, { - "role": "fw-admin", + "role": "modeller", "permission": { "columns": [ "report_pdf", @@ -7266,6 +10625,16 @@ } } }, + { + "role": "modeller", + "permission": { + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, { "role": "recertifier", "permission": { @@ -7443,6 +10812,25 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "report_schedule_id", + "report_schedule_active", + "report_schedule_name", + "report_schedule_counter", + "report_schedule_every", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_template_id", + "report_schedule_start_time" + ] + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -7575,6 +10963,28 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_schedule_counter", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, { "role": "recertifier", "permission": { @@ -7705,6 +11115,29 @@ "check": null } }, + { + "role": "modeller", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_schedule_counter", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, { "role": "recertifier", "permission": { @@ -7796,6 +11229,16 @@ } } }, + { + "role": "modeller", + "permission": { + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, { "role": "recertifier", "permission": { @@ -7880,6 +11323,22 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ] + } + }, { "role": "recertifier", "permission": { @@ -7966,6 +11425,22 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, { "role": "recertifier", "permission": { @@ -8056,6 +11531,29 @@ } } }, + { + "role": "modeller", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, { "role": "recertifier", "permission": { @@ -8151,6 +11649,18 @@ } } }, + { + "role": "modeller", + "permission": { + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, { "role": "recertifier", "permission": { @@ -8273,6 +11783,23 @@ ] } }, + { + "role": "modeller", + "permission": { + "check": {}, + "columns": [ + "filterline_history", + "report_filter", + "report_template_name", + "report_template_id", + "report_template_owner", + "report_parameters", + "report_template_comment", + "report_template_create" + ] + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -8385,6 +11912,35 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "filterline_history", + "report_filter", + "report_parameters", + "report_template_comment", + "report_template_create", + "report_template_id", + "report_template_name", + "report_template_owner" + ], + "filter": { + "_or": [ + { + "report_template_owner": { + "_eq": 0 + } + }, + { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + ] + } + } + }, { "role": "recertifier", "permission": { @@ -8516,6 +12072,27 @@ "check": null } }, + { + "role": "modeller", + "permission": { + "columns": [ + "filterline_history", + "report_filter", + "report_parameters", + "report_template_comment", + "report_template_create", + "report_template_id", + "report_template_name", + "report_template_owner" + ], + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, { "role": "recertifier", "permission": { @@ -8601,6 +12178,16 @@ } } }, + { + "role": "modeller", + "permission": { + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, { "role": "recertifier", "permission": { @@ -8672,6 +12259,52 @@ } } ], + "insert_permissions": [ + { + "role": "approver", + "permission": { + "check": {}, + "columns": [ + "reqtask_id", + "owner_id" + ] + }, + "comment": "" + }, + { + "role": "implementer", + "permission": { + "check": {}, + "columns": [ + "reqtask_id", + "owner_id" + ] + }, + "comment": "" + }, + { + "role": "planner", + "permission": { + "check": {}, + "columns": [ + "reqtask_id", + "owner_id" + ] + }, + "comment": "" + }, + { + "role": "requester", + "permission": { + "check": {}, + "columns": [ + "reqtask_id", + "owner_id" + ] + }, + "comment": "" + } + ], "select_permissions": [ { "role": "approver", @@ -8743,6 +12376,36 @@ "filter": {} } } + ], + "delete_permissions": [ + { + "role": "approver", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "implementer", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "planner", + "permission": { + "filter": {} + }, + "comment": "" + }, + { + "role": "requester", + "permission": { + "filter": {} + }, + "comment": "" + } ] }, { @@ -8962,56 +12625,143 @@ } } ], + "computed_fields": [ + { + "name": "get_rule_froms_for_tenant", + "definition": { + "function": { + "name": "get_rule_froms_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + }, + { + "name": "get_rule_tos_for_tenant", + "definition": { + "function": { + "name": "get_rule_tos_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + }, + { + "name": "rule_relevant_for_tenant", + "definition": { + "function": { + "name": "rule_relevant_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + } + ], "select_permissions": [ { "role": "auditor", "permission": { "columns": [ + "parent_rule_id", + "rule_create", + "rule_id", + "rule_last_seen", + "xlate_rule", "access_rule", - "action_id", "active", + "nat_rule", + "rule_disabled", + "rule_dst_neg", + "rule_implied", + "rule_src_neg", + "rule_svc_neg", + "rule_installon", + "rule_name", + "rule_ruleid", + "rule_time", + "action_id", "dev_id", "last_change_admin", "mgm_id", - "nat_rule", - "parent_rule_id", + "rule_from_zone", + "rule_num", + "rule_to_zone", + "track_id", + "rule_custom_fields", + "rule_num_numeric", "parent_rule_type", "rule_action", "rule_comment", - "rule_create", - "rule_disabled", "rule_dst", - "rule_dst_neg", "rule_dst_refs", - "rule_from_zone", "rule_head_text", + "rule_src", + "rule_src_refs", + "rule_svc", + "rule_svc_refs", + "rule_track", + "rule_uid" + ], + "computed_fields": [ + "rule_relevant_for_tenant" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "parent_rule_id", + "rule_create", "rule_id", + "rule_last_seen", + "xlate_rule", + "access_rule", + "active", + "nat_rule", + "rule_disabled", + "rule_dst_neg", "rule_implied", + "rule_src_neg", + "rule_svc_neg", "rule_installon", - "rule_last_seen", "rule_name", + "rule_ruleid", + "rule_time", + "action_id", + "dev_id", + "last_change_admin", + "mgm_id", + "rule_from_zone", "rule_num", + "rule_to_zone", + "track_id", + "rule_custom_fields", "rule_num_numeric", - "rule_ruleid", + "parent_rule_type", + "rule_action", + "rule_comment", + "rule_dst", + "rule_dst_refs", + "rule_head_text", "rule_src", - "rule_src_neg", "rule_src_refs", "rule_svc", - "rule_svc_neg", "rule_svc_refs", - "rule_time", - "rule_to_zone", "rule_track", - "rule_uid", - "track_id", - "xlate_rule" + "rule_uid" + ], + "computed_fields": [ + "rule_relevant_for_tenant" ], "filter": {}, "allow_aggregations": true } }, { - "role": "fw-admin", + "role": "middleware-server", "permission": { "columns": [ "parent_rule_id", @@ -9039,6 +12789,7 @@ "rule_num", "rule_to_zone", "track_id", + "rule_custom_fields", "rule_num_numeric", "parent_rule_type", "rule_action", @@ -9053,6 +12804,9 @@ "rule_track", "rule_uid" ], + "computed_fields": [ + "rule_relevant_for_tenant" + ], "filter": {}, "allow_aggregations": true } @@ -9086,6 +12840,7 @@ "rule_num", "rule_to_zone", "track_id", + "rule_custom_fields", "rule_num_numeric", "parent_rule_type", "rule_action", @@ -9100,6 +12855,9 @@ "rule_track", "rule_uid" ], + "computed_fields": [ + "rule_relevant_for_tenant" + ], "filter": { "_and": [ { @@ -9111,6 +12869,11 @@ "dev_id": { "_in": "x-hasura-visible-devices" } + }, + { + "rule_relevant_for_tenant": { + "_eq": "true" + } } ] }, @@ -9146,6 +12909,7 @@ "rule_num", "rule_to_zone", "track_id", + "rule_custom_fields", "rule_num_numeric", "parent_rule_type", "rule_action", @@ -9160,6 +12924,9 @@ "rule_track", "rule_uid" ], + "computed_fields": [ + "rule_relevant_for_tenant" + ], "filter": { "_and": [ { @@ -9171,6 +12938,11 @@ "dev_id": { "_in": "x-hasura-visible-devices" } + }, + { + "rule_relevant_for_tenant": { + "_eq": "true" + } } ] }, @@ -9206,6 +12978,7 @@ "rule_num", "rule_to_zone", "track_id", + "rule_custom_fields", "rule_num_numeric", "parent_rule_type", "rule_action", @@ -9220,6 +12993,9 @@ "rule_track", "rule_uid" ], + "computed_fields": [ + "rule_relevant_for_tenant" + ], "filter": {}, "allow_aggregations": true } @@ -9263,6 +13039,18 @@ } } ], + "computed_fields": [ + { + "name": "rule_from_relevant_for_tenant", + "definition": { + "function": { + "name": "rule_from_relevant_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + } + ], "select_permissions": [ { "role": "auditor", @@ -9277,6 +13065,9 @@ "active", "negated" ], + "computed_fields": [ + "rule_from_relevant_for_tenant" + ], "filter": {}, "allow_aggregations": true } @@ -9294,10 +13085,30 @@ "active", "negated" ], + "computed_fields": [ + "rule_from_relevant_for_tenant" + ], "filter": {}, "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "obj_id", + "rf_create", + "rf_last_seen", + "rule_from_id", + "rule_id", + "user_id", + "active", + "negated" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -9311,7 +13122,32 @@ "active", "negated" ], - "filter": {}, + "computed_fields": [ + "rule_from_relevant_for_tenant" + ], + "filter": { + "_and": [ + { + "rule": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + } + }, + { + "rule": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + }, + { + "rule_from_relevant_for_tenant": { + "_eq": "true" + } + } + ] + }, "allow_aggregations": true } }, @@ -9328,7 +13164,32 @@ "active", "negated" ], - "filter": {}, + "computed_fields": [ + "rule_from_relevant_for_tenant" + ], + "filter": { + "_and": [ + { + "rule": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + } + }, + { + "rule": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + }, + { + "rule_from_relevant_for_tenant": { + "_eq": "true" + } + } + ] + }, "allow_aggregations": true } }, @@ -9345,6 +13206,9 @@ "active", "negated" ], + "computed_fields": [ + "rule_from_relevant_for_tenant" + ], "filter": {}, "allow_aggregations": true } @@ -9377,6 +13241,18 @@ } ], "array_relationships": [ + { + "name": "recertifications", + "using": { + "foreign_key_constraint_on": { + "column": "rule_metadata_id", + "table": { + "name": "recertification", + "schema": "public" + } + } + } + }, { "name": "rule_owners", "using": { @@ -9512,6 +13388,32 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, { "role": "recertifier", "permission": { @@ -9534,7 +13436,8 @@ "rule_owner_dn", "rule_recertification_comment" ], - "filter": {} + "filter": {}, + "allow_aggregations": true } }, { @@ -9782,6 +13685,18 @@ "foreign_key_constraint_on": "rule_metadata_id" } } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "rule_metadata_id", + "owner_id" + ], + "filter": {} + } + } ] }, { @@ -9844,6 +13759,21 @@ "filter": {} } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "rs_create", + "rs_last_seen", + "rule_id", + "svc_id", + "active", + "negated" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -10045,19 +13975,34 @@ } } ], + "computed_fields": [ + { + "name": "rule_to_relevant_for_tenant", + "definition": { + "function": { + "name": "rule_to_relevant_for_tenant", + "schema": "public" + }, + "session_argument": "hasura_session" + } + } + ], "select_permissions": [ { "role": "auditor", "permission": { "columns": [ - "active", - "negated", "obj_id", "rt_create", "rt_last_seen", "rule_id", "rule_to_id", - "user_id" + "user_id", + "active", + "negated" + ], + "computed_fields": [ + "rule_to_relevant_for_tenant" ], "filter": {} } @@ -10075,11 +14020,14 @@ "rule_to_id", "user_id" ], + "computed_fields": [ + "rule_to_relevant_for_tenant" + ], "filter": {} } }, { - "role": "recertifier", + "role": "middleware-server", "permission": { "columns": [ "active", @@ -10091,7 +14039,48 @@ "rule_to_id", "user_id" ], - "filter": {}, + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "obj_id", + "rt_create", + "rt_last_seen", + "rule_id", + "rule_to_id", + "user_id", + "active", + "negated" + ], + "computed_fields": [ + "rule_to_relevant_for_tenant" + ], + "filter": { + "_and": [ + { + "rule": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + } + }, + { + "rule": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + }, + { + "rule_to_relevant_for_tenant": { + "_eq": "true" + } + } + ] + }, "allow_aggregations": true } }, @@ -10108,7 +14097,32 @@ "rule_to_id", "user_id" ], - "filter": {}, + "computed_fields": [ + "rule_to_relevant_for_tenant" + ], + "filter": { + "_and": [ + { + "rule": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + } + }, + { + "rule": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + }, + { + "rule_to_relevant_for_tenant": { + "_eq": "true" + } + } + ] + }, "allow_aggregations": true } }, @@ -10116,14 +14130,17 @@ "role": "reporter-viewall", "permission": { "columns": [ - "active", - "negated", "obj_id", "rt_create", "rt_last_seen", "rule_id", "rule_to_id", - "user_id" + "user_id", + "active", + "negated" + ], + "computed_fields": [ + "rule_to_relevant_for_tenant" ], "filter": {} } @@ -10528,6 +14545,48 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "svc_create", + "svc_id", + "svc_last_seen", + "active", + "initial_config", + "srv_keeponinstall", + "svc_accept_rep", + "svc_accept_rep_any", + "svc_mfa", + "svc_sync", + "svc_sync_delay", + "svc_tcp_res", + "svc_timeout_std", + "svc_code", + "svc_name", + "svc_rpcnr", + "ip_proto_id", + "last_change_admin", + "mgm_id", + "svc_color_id", + "svc_port", + "svc_port_end", + "svc_source_port", + "svc_source_port_end", + "svc_sync_delay_start", + "svc_timeout", + "svc_typ_id", + "svc_comment", + "svc_match", + "svc_member_names", + "svc_member_refs", + "svc_prod_specific", + "svc_uid" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -10757,6 +14816,17 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "action_name", + "action_id" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -11210,6 +15280,28 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "dev_typ_is_mgmt", + "dev_typ_is_multi_mgmt", + "is_pure_routing_device", + "dev_typ_config_file_basic_objects", + "dev_typ_config_file_rules", + "dev_typ_config_file_users", + "dev_typ_manufacturer", + "dev_typ_name", + "dev_typ_version", + "dev_typ_id", + "dev_typ_comment", + "dev_typ_predef_obj", + "dev_typ_predef_svc" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -11394,6 +15486,18 @@ } } } + }, + { + "name": "servicesByProtoId", + "using": { + "foreign_key_constraint_on": { + "column": "proto_id", + "table": { + "name": "service", + "schema": "modelling" + } + } + } } ], "select_permissions": [ @@ -11450,6 +15554,30 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "ip_proto_name", + "ip_proto_id", + "ip_proto_comment" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "ip_proto_name", + "ip_proto_id", + "ip_proto_comment" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -11570,6 +15698,18 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "obj_typ_id", + "obj_typ_name", + "obj_typ_comment" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -11657,6 +15797,18 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "svc_typ_name", + "svc_typ_id", + "svc_typ_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, { "role": "recertifier", "permission": { @@ -11788,6 +15940,17 @@ "allow_aggregations": true } }, + { + "role": "modeller", + "permission": { + "columns": [ + "track_name", + "track_id" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -11900,6 +16063,17 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "usr_typ_name", + "usr_typ_id" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -12165,18 +16339,6 @@ } } }, - { - "name": "devices", - "using": { - "foreign_key_constraint_on": { - "column": "tenant_id", - "table": { - "name": "device", - "schema": "public" - } - } - } - }, { "name": "ldap_connections", "using": { @@ -12190,60 +16352,60 @@ } }, { - "name": "management", + "name": "owners", "using": { "foreign_key_constraint_on": { "column": "tenant_id", "table": { - "name": "management", + "name": "owner", "schema": "public" } } } }, { - "name": "owners", + "name": "reports", "using": { "foreign_key_constraint_on": { - "column": "tenant_id", + "column": "tenant_wide_visible", "table": { - "name": "owner", + "name": "report", "schema": "public" } } } }, { - "name": "reports", + "name": "tenant_networks", "using": { "foreign_key_constraint_on": { - "column": "tenant_wide_visible", + "column": "tenant_id", "table": { - "name": "report", + "name": "tenant_network", "schema": "public" } } } }, { - "name": "tenant_networks", + "name": "tenant_to_devices", "using": { "foreign_key_constraint_on": { "column": "tenant_id", "table": { - "name": "tenant_network", + "name": "tenant_to_device", "schema": "public" } } } }, { - "name": "tenant_to_devices", + "name": "tenant_to_managements", "using": { "foreign_key_constraint_on": { "column": "tenant_id", "table": { - "name": "tenant_to_device", + "name": "tenant_to_management", "schema": "public" } } @@ -12321,6 +16483,22 @@ "filter": {} } }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", + "tenant_create" + ], + "filter": {} + } + }, { "role": "middleware-server", "permission": { @@ -12337,24 +16515,122 @@ "filter": {}, "allow_aggregations": true } + }, + { + "role": "modeller", + "permission": { + "columns": [ + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", + "tenant_create" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", + "tenant_create" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "reporter", + "permission": { + "columns": [ + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", + "tenant_create" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", + "tenant_create" + ], + "filter": {}, + "allow_aggregations": true + }, + "comment": "" } ], "update_permissions": [ { - "role": "middleware-server", + "role": "fw-admin", "permission": { "columns": [ - "tenant_id", + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_report", "tenant_name", "tenant_projekt", + "tenant_id", "tenant_comment", - "tenant_report", + "tenant_create" + ], + "filter": {}, + "check": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ "tenant_can_view_all_devices", "tenant_is_superadmin", + "tenant_report", + "tenant_name", + "tenant_projekt", + "tenant_id", + "tenant_comment", "tenant_create" ], "filter": {}, - "check": null + "check": {} } } ], @@ -12539,8 +16815,9 @@ "permission": { "check": {}, "columns": [ + "tenant_id", "device_id", - "tenant_id" + "shared" ] } } @@ -12551,7 +16828,8 @@ "permission": { "columns": [ "tenant_id", - "device_id" + "device_id", + "shared" ], "filter": {} } @@ -12560,34 +16838,217 @@ "role": "fw-admin", "permission": { "columns": [ + "tenant_id", "device_id", - "tenant_id" + "shared" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" ], "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "reporter", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" + ], + "filter": {}, + "allow_aggregations": true + }, + "comment": "" + } + ], + "update_permissions": [ + { + "role": "fw-admin", + "permission": { + "columns": [ + "tenant_id", + "device_id", + "shared" + ], + "filter": {}, + "check": {} + }, + "comment": "" + } + ] + }, + { + "table": { + "name": "tenant_to_management", + "schema": "public" + }, + "object_relationships": [ + { + "name": "management", + "using": { + "foreign_key_constraint_on": "management_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "shared", + "management_id", + "tenant_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "fw-admin", + "permission": { + "columns": [ + "shared", + "management_id", + "tenant_id" + ], + "filter": {} + }, + "comment": "" + }, { "role": "middleware-server", "permission": { "columns": [ - "tenant_id", - "device_id" + "shared", + "management_id", + "tenant_id" + ], + "filter": {} + }, + "comment": "" + }, + { + "role": "modeller", + "permission": { + "columns": [ + "shared", + "management_id", + "tenant_id" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "shared", + "management_id", + "tenant_id" + ], + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, + { + "role": "reporter", + "permission": { + "columns": [ + "shared", + "management_id", + "tenant_id" ], - "filter": {} - } - } - ], - "update_permissions": [ + "filter": { + "tenant_id": { + "_eq": "x-hasura-tenant-id" + } + } + }, + "comment": "" + }, { - "role": "fw-admin", + "role": "reporter-viewall", "permission": { "columns": [ - "device_id", + "shared", + "management_id", "tenant_id" ], - "filter": {}, - "check": null - } + "filter": {} + }, + "comment": "" } ] }, @@ -12672,6 +17133,18 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "id", + "language", + "txt" + ], + "filter": {} + }, + "comment": "" + }, { "role": "planner", "permission": { @@ -13292,6 +17765,29 @@ "filter": {} } }, + { + "role": "modeller", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": {} + } + }, { "role": "planner", "permission": { @@ -13538,6 +18034,20 @@ "check": null } }, + { + "role": "modeller", + "permission": { + "columns": [ + "uiuser_language" + ], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + }, + "check": null + } + }, { "role": "planner", "permission": { @@ -14176,6 +18686,37 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "user_create", + "user_id", + "user_last_seen", + "active", + "user_authmethod", + "user_firstname", + "user_lastname", + "user_name", + "user_valid_from", + "user_valid_until", + "last_change_admin", + "mgm_id", + "tenant_id", + "user_color_id", + "usr_typ_id", + "dst_restrict", + "src_restrict", + "time_restrict", + "user_comment", + "user_member_names", + "user_member_refs", + "user_uid" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -14281,73 +18822,49 @@ }, { "table": { - "name": "view_change_counter", - "schema": "public" - } - }, - { - "table": { - "name": "view_changes", - "schema": "public" - } - }, - { - "table": { - "name": "view_changes_by_changed_element_id", - "schema": "public" - } - }, - { - "table": { - "name": "view_device_names", - "schema": "public" - } - }, - { - "table": { - "name": "view_documented_change_counter", + "name": "v_active_access_allow_rules", "schema": "public" } }, { "table": { - "name": "view_import_status_errors", + "name": "v_rule_with_dst_owner", "schema": "public" } }, { "table": { - "name": "view_import_status_successful", + "name": "v_rule_with_src_owner", "schema": "public" } }, { "table": { - "name": "view_import_status_table", + "name": "view_changes", "schema": "public" } }, { "table": { - "name": "view_import_status_table_unsorted", + "name": "view_obj_changes", "schema": "public" } }, { "table": { - "name": "view_obj_changes", + "name": "view_reportable_changes", "schema": "public" } }, { "table": { - "name": "view_reportable_changes", + "name": "view_rule_changes", "schema": "public" } }, { "table": { - "name": "view_rule_changes", + "name": "view_rule_source_or_destination", "schema": "public" } }, @@ -14466,144 +18983,9 @@ } } ], - "select_permissions": [ - { - "role": "auditor", - "permission": { - "columns": [ - "matches", - "rule_id", - "xlate_rule", - "access_rule", - "nat_rule", - "rule_disabled", - "rule_dst_neg", - "rule_src_neg", - "rule_svc_neg", - "owner_name", - "rule_name", - "action_id", - "dev_id", - "mgm_id", - "owner_id", - "rule_from_zone", - "rule_last_certifier", - "rule_to_zone", - "track_id", - "rule_num_numeric", - "rule_action", - "rule_comment", - "rule_head_text", - "rule_track", - "rule_uid", - "rule_last_certified" - ], - "filter": { - "dev_id": { - "_in": "x-hasura-visible-devices" - } - }, - "allow_aggregations": true - } - }, - { - "role": "recertifier", - "permission": { - "columns": [ - "rule_num_numeric", - "track_id", - "action_id", - "rule_from_zone", - "rule_to_zone", - "dev_id", - "mgm_id", - "rule_uid", - "rule_id", - "owner_id", - "owner_name", - "rule_last_certified", - "rule_last_certifier", - "rule_action", - "rule_name", - "rule_comment", - "rule_track", - "rule_src_neg", - "rule_dst_neg", - "rule_svc_neg", - "rule_head_text", - "rule_disabled", - "access_rule", - "xlate_rule", - "nat_rule", - "matches" - ], - "filter": { - "_and": [ - { - "mgm_id": { - "_in": "x-hasura-visible-managements" - } - }, - { - "dev_id": { - "_in": "x-hasura-visible-devices" - } - } - ] - }, - "allow_aggregations": true - } - }, - { - "role": "reporter", - "permission": { - "columns": [ - "rule_id", - "xlate_rule", - "access_rule", - "nat_rule", - "rule_disabled", - "rule_dst_neg", - "rule_src_neg", - "rule_svc_neg", - "owner_name", - "rule_name", - "action_id", - "dev_id", - "mgm_id", - "owner_id", - "rule_from_zone", - "rule_last_certifier", - "rule_to_zone", - "track_id", - "rule_num_numeric", - "matches", - "rule_action", - "rule_comment", - "rule_head_text", - "rule_track", - "rule_uid", - "rule_last_certified" - ], - "filter": { - "_and": [ - { - "mgm_id": { - "_in": "x-hasura-visible-managements" - } - }, - { - "dev_id": { - "_in": "x-hasura-visible-devices" - } - } - ] - }, - "allow_aggregations": true - } - }, + "select_permissions": [ { - "role": "reporter-viewall", + "role": "auditor", "permission": { "columns": [ "rule_id", @@ -14620,6 +19002,7 @@ "dev_id", "mgm_id", "owner_id", + "recert_interval", "rule_from_zone", "rule_last_certifier", "rule_to_zone", @@ -14633,117 +19016,11 @@ "rule_uid", "rule_last_certified" ], - "filter": {}, - "allow_aggregations": true - } - } - ] - }, - { - "table": { - "name": "view_svc_changes", - "schema": "public" - } - }, - { - "table": { - "name": "view_tenant_rules", - "schema": "public" - }, - "select_permissions": [ - { - "role": "auditor", - "permission": { - "columns": [ - "parent_rule_id", - "rule_create", - "rule_id", - "rule_last_seen", - "xlate_rule", - "access_rule", - "active", - "nat_rule", - "rule_disabled", - "rule_dst_neg", - "rule_implied", - "rule_src_neg", - "rule_svc_neg", - "rule_installon", - "rule_name", - "rule_ruleid", - "rule_time", - "action_id", - "dev_id", - "last_change_admin", - "mgm_id", - "rule_from_zone", - "rule_num", - "rule_to_zone", - "tenant_id", - "track_id", - "rule_num_numeric", - "parent_rule_type", - "rule_action", - "rule_comment", - "rule_dst", - "rule_dst_refs", - "rule_head_text", - "rule_src", - "rule_src_refs", - "rule_svc", - "rule_svc_refs", - "rule_track", - "rule_uid" - ], - "filter": {}, - "allow_aggregations": true - } - }, - { - "role": "fw-admin", - "permission": { - "columns": [ - "parent_rule_id", - "rule_create", - "rule_id", - "rule_last_seen", - "xlate_rule", - "access_rule", - "active", - "nat_rule", - "rule_disabled", - "rule_dst_neg", - "rule_implied", - "rule_src_neg", - "rule_svc_neg", - "rule_installon", - "rule_name", - "rule_ruleid", - "rule_time", - "action_id", - "dev_id", - "last_change_admin", - "mgm_id", - "rule_from_zone", - "rule_num", - "rule_to_zone", - "tenant_id", - "track_id", - "rule_num_numeric", - "parent_rule_type", - "rule_action", - "rule_comment", - "rule_dst", - "rule_dst_refs", - "rule_head_text", - "rule_src", - "rule_src_refs", - "rule_svc", - "rule_svc_refs", - "rule_track", - "rule_uid" - ], - "filter": {}, + "filter": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, "allow_aggregations": true } }, @@ -14751,53 +19028,36 @@ "role": "recertifier", "permission": { "columns": [ - "parent_rule_id", - "rule_create", "rule_id", - "rule_last_seen", "xlate_rule", "access_rule", - "active", "nat_rule", "rule_disabled", "rule_dst_neg", - "rule_implied", "rule_src_neg", "rule_svc_neg", - "rule_installon", + "owner_name", "rule_name", - "rule_ruleid", - "rule_time", "action_id", "dev_id", - "last_change_admin", "mgm_id", + "owner_id", + "recert_interval", "rule_from_zone", - "rule_num", + "rule_last_certifier", "rule_to_zone", - "tenant_id", "track_id", "rule_num_numeric", - "parent_rule_type", + "matches", "rule_action", "rule_comment", - "rule_dst", - "rule_dst_refs", "rule_head_text", - "rule_src", - "rule_src_refs", - "rule_svc", - "rule_svc_refs", "rule_track", - "rule_uid" + "rule_uid", + "rule_last_certified" ], "filter": { "_and": [ - { - "tenant_id": { - "_eq": "x-hasura-tenant-id" - } - }, { "mgm_id": { "_in": "x-hasura-visible-managements" @@ -14817,53 +19077,36 @@ "role": "reporter", "permission": { "columns": [ - "parent_rule_id", - "rule_create", "rule_id", - "rule_last_seen", "xlate_rule", "access_rule", - "active", "nat_rule", "rule_disabled", "rule_dst_neg", - "rule_implied", "rule_src_neg", "rule_svc_neg", - "rule_installon", + "owner_name", "rule_name", - "rule_ruleid", - "rule_time", "action_id", "dev_id", - "last_change_admin", "mgm_id", + "owner_id", + "recert_interval", "rule_from_zone", - "rule_num", + "rule_last_certifier", "rule_to_zone", - "tenant_id", "track_id", "rule_num_numeric", - "parent_rule_type", + "matches", "rule_action", "rule_comment", - "rule_dst", - "rule_dst_refs", "rule_head_text", - "rule_src", - "rule_src_refs", - "rule_svc", - "rule_svc_refs", "rule_track", - "rule_uid" + "rule_uid", + "rule_last_certified" ], "filter": { "_and": [ - { - "tenant_id": { - "_eq": "x-hasura-tenant-id" - } - }, { "mgm_id": { "_in": "x-hasura-visible-managements" @@ -14883,45 +19126,33 @@ "role": "reporter-viewall", "permission": { "columns": [ - "parent_rule_id", - "rule_create", "rule_id", - "rule_last_seen", "xlate_rule", "access_rule", - "active", "nat_rule", "rule_disabled", "rule_dst_neg", - "rule_implied", "rule_src_neg", "rule_svc_neg", - "rule_installon", + "owner_name", "rule_name", - "rule_ruleid", - "rule_time", "action_id", "dev_id", - "last_change_admin", "mgm_id", + "owner_id", + "recert_interval", "rule_from_zone", - "rule_num", + "rule_last_certifier", "rule_to_zone", - "tenant_id", "track_id", "rule_num_numeric", - "parent_rule_type", + "matches", "rule_action", "rule_comment", - "rule_dst", - "rule_dst_refs", "rule_head_text", - "rule_src", - "rule_src_refs", - "rule_svc", - "rule_svc_refs", "rule_track", - "rule_uid" + "rule_uid", + "rule_last_certified" ], "filter": {}, "allow_aggregations": true @@ -14931,13 +19162,7 @@ }, { "table": { - "name": "view_undocumented_change_counter", - "schema": "public" - } - }, - { - "table": { - "name": "view_undocumented_changes", + "name": "view_svc_changes", "schema": "public" } }, @@ -15041,6 +19266,21 @@ "allow_aggregations": true } }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "zone_create", + "zone_last_seen", + "active", + "zone_name", + "mgm_id", + "zone_id" + ], + "filter": {} + }, + "comment": "" + }, { "role": "recertifier", "permission": { @@ -16046,11 +20286,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16065,11 +20306,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16084,11 +20326,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16103,11 +20346,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16123,11 +20367,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16142,11 +20387,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16161,11 +20407,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16180,11 +20427,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16199,11 +20447,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16218,11 +20467,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16237,11 +20487,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16258,11 +20509,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16278,11 +20530,12 @@ "id", "implementation_task_id", "network_object_id", + "original_nat_id", "service_id", "user_id", + "rule_uid", "ip", "ip_proto_id", - "original_nat_id", "port", "field", "implementation_action" @@ -16987,6 +21240,12 @@ "schema": "request" }, "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "device_id" + } + }, { "name": "object", "using": { @@ -17046,12 +21305,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17066,12 +21327,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17085,12 +21348,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17104,12 +21369,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17123,12 +21390,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17142,12 +21411,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17161,12 +21432,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17180,12 +21453,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17201,12 +21476,14 @@ "columns": [ "id", "network_object_id", + "original_nat_id", "service_id", "task_id", "user_id", + "rule_uid", "ip", + "device_id", "ip_proto_id", - "original_nat_id", "port", "field", "request_action" @@ -17360,29 +21637,30 @@ "permission": { "check": {}, "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ] } } @@ -17392,29 +21670,30 @@ "role": "approver", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17423,29 +21702,30 @@ "role": "auditor", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "devices", - "task_type", - "title", "current_handler", + "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17454,29 +21734,30 @@ "role": "fw-admin", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17485,29 +21766,30 @@ "role": "implementer", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17516,29 +21798,30 @@ "role": "planner", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17547,29 +21830,30 @@ "role": "requester", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17578,29 +21862,30 @@ "role": "reviewer", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {} } @@ -17611,6 +21896,7 @@ "role": "approver", "permission": { "columns": [ + "additional_info", "assigned_group", "current_handler", "recent_handler", @@ -17626,6 +21912,7 @@ "role": "fw-admin", "permission": { "columns": [ + "additional_info", "assigned_group", "current_handler", "recent_handler", @@ -17641,6 +21928,7 @@ "role": "implementer", "permission": { "columns": [ + "additional_info", "assigned_group", "current_handler", "recent_handler", @@ -17656,6 +21944,7 @@ "role": "planner", "permission": { "columns": [ + "additional_info", "assigned_group", "current_handler", "recent_handler", @@ -17671,29 +21960,30 @@ "role": "requester", "permission": { "columns": [ - "id", - "ticket_id", + "additional_info", "assigned_group", - "task_type", - "title", "current_handler", "devices", + "free_text", + "id", + "last_recert_date", "nw_obj_grp_id", + "reason", "recent_handler", + "request_action", "rule_action", "rule_tracking", - "state_id", - "svc_grp_id", - "task_number", - "user_grp_id", - "free_text", - "reason", - "last_recert_date", "start", + "state_id", "stop", + "svc_grp_id", "target_begin_date", "target_end_date", - "request_action" + "task_number", + "task_type", + "ticket_id", + "title", + "user_grp_id" ], "filter": {}, "check": null @@ -17703,6 +21993,7 @@ "role": "reviewer", "permission": { "columns": [ + "additional_info", "assigned_group", "current_handler", "recent_handler", @@ -18665,6 +22956,12 @@ "name": "get_visible_managements_per_tenant", "schema": "public" } + }, + { + "function": { + "name": "recert_get_one_owner_one_mgm", + "schema": "public" + } } ], "configuration": { @@ -18686,4 +22983,4 @@ ] } } -} +} \ No newline at end of file diff --git a/roles/api/handlers/main.yml b/roles/api/handlers/main.yml index 228ca4f28..17ed989bc 100644 --- a/roles/api/handlers/main.yml +++ b/roles/api/handlers/main.yml @@ -6,14 +6,14 @@ delegate_to: "{{ inventory_hostname }}" listen: "api handler" when: api_handler_guard == "start" - become: yes + become: true - name: delete backup file: state: absent path: "{{ fworch_home }}/backup_api" listen: "api handler" - become: yes + become: true # set variable to indicate that we are in rollback mode - set_fact: diff --git a/roles/api/tasks/api-apache-install-and-setup.yml b/roles/api/tasks/api-apache-install-and-setup.yml index 2aa7793cd..d7c8d1841 100644 --- a/roles/api/tasks/api-apache-install-and-setup.yml +++ b/roles/api/tasks/api-apache-install-and-setup.yml @@ -29,7 +29,7 @@ copy: src: "/etc/apache2/ssl/server.crt" dest: "/etc/ssl/certs/" - remote_src: yes + remote_src: true when: installation_mode == "new" - name: enable apache modules proxy proxy_http ssl rewrite proxy_wstunnel @@ -68,5 +68,5 @@ name: "{{ webserver_package_name }}" state: restarted - become: yes + become: true environment: "{{ proxy_env }}" diff --git a/roles/api/tasks/api-create-docu.yml b/roles/api/tasks/api-create-docu.yml index 425081f3f..c0334ee88 100644 --- a/roles/api/tasks/api-create-docu.yml +++ b/roles/api/tasks/api-create-docu.yml @@ -6,12 +6,12 @@ - name: create api documentation using 2fd/graphdoc - install graphdoc npm: name: "@2fd/graphdoc" - global: yes + global: true environment: "{{ proxy_env }}" - become: yes + become: true - name: create api documentation using 2fd/graphdoc shell: "export NODE_OPTIONS='--max-old-space-size=4096' && graphdoc -x 'x-hasura-admin-secret: {{ api_hasura_admin_secret }}' --force -e https://{{ api_network_listening_ip_address }}:{{ api_port }}/v1/graphql -o {{ ui_start_dir }}/wwwroot/api_schema" - become: yes + become: true become_user: "{{ fworch_user }}" diff --git a/roles/api/tasks/grants-ansible-2.10.yml b/roles/api/tasks/grants-ansible-2.10.yml deleted file mode 100644 index c1a8b35de..000000000 --- a/roles/api/tasks/grants-ansible-2.10.yml +++ /dev/null @@ -1,8 +0,0 @@ - -- name: set grants hasura schema from ansible 2.10 - community.postgresql.postgresql_query: - db: "{{ fworch_db_name }}" - query: "GRANT USAGE ON SCHEMA hdb_catalog TO dbbackupusers; Grant select on ALL TABLES in SCHEMA hdb_catalog to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA hdb_catalog GRANT SELECT ON TABLES TO group dbbackupusers;" - as_single_query: "{{ postgresql_query_as_single_query }}" - become: yes - become_user: postgres diff --git a/roles/api/tasks/grants-ansible-pre2.10.yml b/roles/api/tasks/grants-ansible-pre2.10.yml deleted file mode 100644 index bba538249..000000000 --- a/roles/api/tasks/grants-ansible-pre2.10.yml +++ /dev/null @@ -1,9 +0,0 @@ - - -- name: set grants hasura schema before ansible 2.10 - postgresql_query: - db: "{{ fworch_db_name }}" - query: "GRANT USAGE ON SCHEMA hdb_catalog TO dbbackupusers; Grant select on ALL TABLES in SCHEMA hdb_catalog to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA hdb_catalog GRANT SELECT ON TABLES TO group dbbackupusers;" - become: yes - become_user: postgres - diff --git a/roles/api/tasks/hasura-install.yml b/roles/api/tasks/hasura-install.yml index d362f1216..a22e91a6c 100644 --- a/roles/api/tasks/hasura-install.yml +++ b/roles/api/tasks/hasura-install.yml @@ -8,13 +8,13 @@ - python3-pip - python3-virtualenv - python3-docker - become: yes + become: true - name: read dbadmin pwd from secrets file slurp: src: "{{ dbadmin_password_file }}" register: api_user_password - become: yes + become: true - name: decode dbadmin pwd set_fact: @@ -24,7 +24,7 @@ slurp: src: "{{ jwt_public_key_file }}" register: api_hasura_jwt_secret_dict - become: yes + become: true - name: decode key set_fact: @@ -34,10 +34,10 @@ file: path: "{{ fworch_secrets_dir }}" state: directory - mode: "0700" + mode: "0750" owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - become: yes + group: "{{ postgres_group }}" + become: true - name: set static hasura admin pwd for test purposes only set_fact: @@ -56,7 +56,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: check for existing hasura cli file stat: @@ -68,19 +68,19 @@ get_url: url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" dest: "{{ api_hasura_cli_bin }}" - force: yes + force: true mode: "0755" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" environment: "{{ proxy_env }}" - become: yes + become: true when: not api_cli_check.stat.exists - name: initialize hasura cli directory command: "{{ api_hasura_cli_bin }} init {{ product_name }} --skip-update-check --endpoint http://{{ api_local_listening_ip_address }}:{{ api_port }} --admin-secret {{ api_hasura_admin_secret }}" args: chdir: "{{ api_home }}" - become: yes + become: true become_user: "{{ fworch_user }}" environment: "{{ proxy_env }}" when: not api_cli_check.stat.exists @@ -109,6 +109,8 @@ HTTPS_PROXY: "{{ https_proxy }}" http_proxy: "{{ http_proxy }}" https_proxy: "{{ https_proxy }}" + no_proxy: "{{ no_proxy }}" + NO_PROXY: "{{ no_proxy }}" - name: show hasura env for debugging debug: @@ -116,52 +118,28 @@ hasura_env when: debug_level > '1' -- name: start hasura container ansible 2.10 and higher +- name: start hasura container docker_container: name: "{{ api_container_name }}" image: hasura/graphql-engine:{{ api_hasura_version }} state: started network_mode: host - networks_cli_compatible: yes + networks_cli_compatible: true log_driver: syslog log_options: syslog-address: "{{ syslog_proto }}://{{ syslog_host }}:{{ syslog_port }}" syslog-facility: daemon tag: "{{ api_container_name }}" - recreate: yes + recreate: true exposed_ports: - "{{ api_port }}:{{ api_port }}" env: "{{ hasura_env }}" container_default_behavior: no_defaults register: docker_return - become: yes - become_user: "{{ fworch_user }}" - environment: "{{ proxy_env }}" - when: ansible_version.full is version('2.10', '>=') - -- name: start hasura container pre ansible 2.10 - docker_container: - name: "{{ api_container_name }}" - image: hasura/graphql-engine:{{ api_hasura_version }} - state: started - network_mode: host - networks_cli_compatible: yes - log_driver: syslog - log_options: - syslog-address: "{{ syslog_proto }}://{{ syslog_host }}:{{ syslog_port }}" - syslog-facility: daemon - tag: "{{ api_container_name }}" - recreate: yes - exposed_ports: - - "{{ api_port }}:{{ api_port }}" - env: - "{{ hasura_env }}" - register: docker_return - become: yes + become: true become_user: "{{ fworch_user }}" environment: "{{ proxy_env }}" - when: ansible_version.full is version('2.10', '<') - name: show docker result debug: @@ -173,7 +151,7 @@ docker_container_info: name: "{{ api_container_name }}" register: result - become: yes + become: true become_user: "{{ fworch_user }}" - name: Print the status of the container in case of problems only @@ -185,17 +163,17 @@ template: src: "{{ api_service_name }}.service.j2" dest: "/lib/systemd/system/{{ api_service_name }}.service" - backup: yes + backup: true mode: "0644" owner: "root" - become: yes + become: true - name: make hasura docker container run at host startup systemd: name: "{{ api_service_name }}" - daemon_reload: yes - enabled: yes - become: yes + daemon_reload: true + enabled: true + become: true - name: wait for hasura port to become available wait_for: @@ -214,7 +192,7 @@ uri: url: "http://{{ api_local_listening_ip_address }}:{{ api_port }}/v1/metadata" method: POST - return_content: yes + return_content: true body_format: json headers: Content-Type: application/json @@ -222,4 +200,8 @@ x-hasura-role: "admin" body: "{{ lookup('file','replace_metadata.json') | from_json }}" when: not api_rollback_is_running | bool -# do not install latest metadata in case of rollback + # do not install latest metadata in case of rollback + environment: + http_proxy: "" + https_proxy: "" + # do not use http proxy for metadata import diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml index ba0015bc9..4c8d93a0a 100644 --- a/roles/api/tasks/main.yml +++ b/roles/api/tasks/main.yml @@ -19,13 +19,13 @@ dest: "{{ fworch_home }}/backup_api" delegate_to: "{{ inventory_hostname }}" when: api_dir_check.stat.exists and installation_mode == "upgrade" - become: yes + become: true - name: remove api home file: path: "{{ api_home }}" state: absent - become: yes + become: true - name: create api home file: @@ -34,7 +34,7 @@ mode: "0755" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: create api bin file: @@ -43,7 +43,7 @@ mode: "0755" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: install apache2 import_tasks: api-apache-install-and-setup.yml @@ -51,27 +51,10 @@ - name: hasura install import_tasks: hasura-install.yml -- name: settings grants for hasura schema old ansible - include_tasks: grants-ansible-pre2.10.yml - when: ansible_version.full is version('2.10', '<') - -- name: settings grants for hasura schema new ansible - include_tasks: grants-ansible-2.10.yml - when: ansible_version.full is version('2.10', '>=') - - name: include upgrade script import_tasks: run-upgrades.yml when: "installation_mode == 'upgrade'" -- name: copy fworch config export and import scripts - copy: - src: scripts - dest: "{{ fworch_home }}" - mode: "0755" - owner: "{{ fworch_user}}" - group: "{{ fworch_user}}" - become: yes - - name: copy fwo_api.py for scripting from importer copy: src: roles/importer/files/importer/fwo_api.py @@ -79,7 +62,7 @@ mode: "0644" owner: "{{ fworch_user}}" group: "{{ fworch_user}}" - become: yes + become: true - name: api create documentation import_tasks: api-create-docu.yml @@ -91,4 +74,13 @@ changed_when: true notify: "api handler" when: installation_mode == "upgrade" - become: yes + become: true + +- name: set grants for hasura schemas (after hasura install) + postgresql_query: + db: "{{ fworch_db_name }}" + query: "GRANT USAGE ON SCHEMA {{ item }} TO dbbackupusers; Grant select on ALL TABLES in SCHEMA {{ item }} to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA {{ item }} GRANT SELECT ON TABLES TO group dbbackupusers;" + become: true + become_user: postgres + loop: + - hdb_catalog diff --git a/roles/api/tasks/upgrade/5.7.1.yml b/roles/api/tasks/upgrade/5.7.1.yml index a3d4b8987..e619c7e7f 100644 --- a/roles/api/tasks/upgrade/5.7.1.yml +++ b/roles/api/tasks/upgrade/5.7.1.yml @@ -6,20 +6,20 @@ copy: src: "/usr/local/bin/hasura" dest: "{{ api_hasura_cli_bin }}" - remote_src: yes + remote_src: true when: installation_mode == "upgrade" - become: yes - ignore_errors: yes + become: true + ignore_errors: true # initially cp current api_metadata to fworch_home/api - name: download {{ api_hasura_version }} hasura cli binary get_url: url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" dest: "{{ api_hasura_cli_bin }}" - force: yes + force: true mode: "0755" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" environment: "{{ proxy_env }}" - become: yes + become: true when: not api_cli_check.stat.exists diff --git a/roles/api/templates/fworch-hasura-docker-api.service.j2 b/roles/api/templates/fworch-hasura-docker-api.service.j2 index bef0c2039..6606b0297 100644 --- a/roles/api/templates/fworch-hasura-docker-api.service.j2 +++ b/roles/api/templates/fworch-hasura-docker-api.service.j2 @@ -1,18 +1,19 @@ [Unit] Description={{ product_name }} API +Requires=docker.service {% if 'databaseserver' in group_names -%} -After=network.target remote-fs.target nss-lookup.target postgresql.service +After=network.target remote-fs.target nss-lookup.target postgresql.service docker.service {% else -%} -After=network.target remote-fs.target nss-lookup.target +After=network.target remote-fs.target nss-lookup.target docker.service {%- endif %} [Service] +Restart=on-failure WorkingDirectory={{ fworch_home }} -ExecStartPre=/bin/sleep 10 -ExecStart=/usr/bin/docker start {{ api_container_name }} -StandardOutput=syslog -StandardError=syslog +ExecStart=/usr/bin/docker start -a {{ api_container_name }} +ExecStop=/usr/bin/docker stop -t 2 {{ api_container_name }} +StandardOutput=journal +StandardError=journal SyslogIdentifier={{ product_name }}-api User={{ fworch_user }} -Environment= [Install] -WantedBy=multi-user.target +WantedBy=default.target diff --git a/roles/common/files/acquire_lock.py b/roles/common/files/acquire_lock.py deleted file mode 100644 index 28b21d6db..000000000 --- a/roles/common/files/acquire_lock.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/python3 - -import sys -from time import sleep - -assert len(sys.argv) == 2 -lock_file_path = sys.argv[1] - -lock_file = None -access_possible = False -while not access_possible: - try: - lock_file = open(lock_file_path, "r") - lock_file_content_raw = lock_file.readlines() - if len(lock_file_content_raw) == 0: - # empty file - access_possible = True - else: - lock_file_content = lock_file_content_raw[-1].strip() - if lock_file_content == "": - access_possible = True - elif lock_file_content.endswith("ACKNOWLEDGED"): - access_possible = True - elif lock_file_content.endswith("RELEASED"): - print("Waiting for release acknowledge.") - sleep(0.5) - except Exception as e: - sleep(0.1) - print(e) - finally: - if lock_file != None: - lock_file.close() - sleep(0.1) - -access_requested = False -while not access_requested: - try: - lock_file = open(lock_file_path, "w") - lock_file.writelines("REQUESTED\n") - access_requested = True - except Exception as e: - sleep(0.1) - print(e) - finally: - if lock_file != None: - lock_file.close() - sleep(0.1) - -access_granted = False -while not access_granted: - try: - lock_file = open(lock_file_path, "a+") - # jump to beginning of file - lock_file.seek(0) - access_granted = lock_file.readlines( - )[-1].strip().endswith("GRANTED") - except Exception as e: - sleep(0.1) - print(e) - finally: - if lock_file != None: - lock_file.close() - sleep(0.1) diff --git a/roles/common/files/release_lock.py b/roles/common/files/release_lock.py deleted file mode 100644 index 8d3a591a2..000000000 --- a/roles/common/files/release_lock.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/python3 - -import sys -from time import sleep - -assert len(sys.argv) == 2 -lock_file_path = sys.argv[1] -lock_file = None - -access_released = False -while not access_released: - try: - lock_file = open(lock_file_path, "a") - lock_file.writelines("RELEASED\n") - access_released = True - except Exception as e: - sleep(0.1) - print(e) - finally: - if lock_file != None: - lock_file.close() - sleep(0.1) diff --git a/roles/common/tasks/conf_file_creator.yml b/roles/common/tasks/conf_file_creator.yml index 6e0a2d038..634250ccb 100644 --- a/roles/common/tasks/conf_file_creator.yml +++ b/roles/common/tasks/conf_file_creator.yml @@ -1,18 +1,5 @@ - block: - - name: fetch remote config file - fetch: - src: "{{ fworch_conf_file }}" - dest: "temp_remote_config_file.json" - flat: yes - when: already_installed and installation_mode == "upgrade" - - - name: read config file of currently installed product - include_vars: - file: "temp_remote_config_file.json" - name: config - when: already_installed and installation_mode == "upgrade" - - name: remove local copy of remote config file file: state: absent @@ -24,11 +11,6 @@ dest: "/etc/{{ product_name }}" state: link - - name: get version of currently installed product - set_fact: - old_version: "{{ config.product_version }}" - when: already_installed and installation_mode == "upgrade" - - name: set config values set_fact: config_json: @@ -39,6 +21,7 @@ api_hasura_jwt_alg: "{{ api_hasura_jwt_alg }}" middleware_native_uri: "http://{{ middleware_hostname }}:{{ middleware_internal_port }}/" middleware_uri: "{{ middleware_uri }}" + remote_addresses: [] - name: create central conf file by dumping varibale as json file copy: @@ -46,4 +29,4 @@ dest: "{{ fworch_conf_file }}" when: installation_mode == "new" - become: yes + become: true diff --git a/roles/common/tasks/install_syslog.yml b/roles/common/tasks/install_syslog.yml index d6d7db74a..192deb1ba 100644 --- a/roles/common/tasks/install_syslog.yml +++ b/roles/common/tasks/install_syslog.yml @@ -3,7 +3,7 @@ package: name: "rsyslog" state: present - become: yes + become: true - name: create log dir for {{ product_name }} on ubuntu - owner syslog file: @@ -12,7 +12,7 @@ owner: syslog group: syslog mode: "0775" - become: yes + become: true when: ansible_facts['distribution'] == "Ubuntu" - name: create log dir for {{ product_name }} on debian - owner root @@ -22,7 +22,7 @@ owner: root group: root mode: "0775" - become: yes + become: true when: ansible_facts['distribution'] == "Debian" - name: change rsyslog config to receive logs @@ -31,7 +31,7 @@ block: | module(load="im{{ syslog_proto }}") input(type="im{{ syslog_proto }}" port="{{ syslog_port }}") - become: yes + become: true - name: create log dir for {{ product_name }} on redhat - owner root file: @@ -41,7 +41,7 @@ group: root mode: "0775" when: ansible_facts['distribution'] == "RedHat" - become: yes + become: true # - name: create db log file for {{ product_name }} - owner postgres # file: @@ -50,12 +50,12 @@ # owner: postgres # group: adm # mode: "0640" -# become: yes +# become: true - name: edit rsyslog to include fworch file logging blockinfile: path: "/etc/rsyslog.d/30-{{ product_name }}.conf" - create: yes + create: true block: | # syslog for {{ product_name }}; Log {{ product_name }} log messages to file @@ -80,18 +80,18 @@ if $programname startswith '{{ product_name }}' and $msg contains "Audit" then action(type="omfile" file="{{ fworch_log_dir }}/audit.log" template="fworch") if $programname startswith '{{ product_name }}' and $msg contains "FWORCHAlert" then action(type="omfile" file="{{ fworch_log_dir }}/alert.log" template="fworch") if $programname == '{{ product_name }}-webhook' then action(type="omfile" file="{{ fworch_log_dir }}/webhook.log" template="fworch") - become: yes + become: true - name: edit logrotate blockinfile: path: "/etc/logrotate.d/{{ product_name }}" - create: yes + create: true block: | {{ fworch_log_dir }}/middleware.log { compress maxage 7 rotate 99 - size=+4096k + maxsize 4096k missingok copytruncate sharedscripts @@ -107,7 +107,7 @@ compress maxage 7 rotate 99 - size=+4096k + maxsize 4096k missingok copytruncate sharedscripts @@ -123,7 +123,7 @@ compress maxage 7 rotate 99 - size=+4096k + maxsize 4096k missingok copytruncate sharedscripts @@ -138,7 +138,21 @@ {{ fworch_log_dir }}/database.log {{ fworch_log_dir }}/ldap.log {{ fworch_log_dir }}/api.log - {{ fworch_log_dir }}/importer-api.log + {{ fworch_log_dir }}/importer-api.log { + compress + maxage 7 + rotate 99 + maxsize 4096k + missingok + copytruncate + sharedscripts + prerotate + {{ fworch_home }}/scripts/acquire_lock.py {{ fworch_api_importer_lockfile }} >/dev/null 2>&1 + endscript + postrotate + {{ fworch_home }}/scripts/release_lock.py {{ fworch_api_importer_lockfile }} >/dev/null 2>&1 + endscript + } {{ fworch_log_dir }}/audit.log {{ fworch_log_dir }}/alert.log {{ fworch_log_dir }}/webhook.log @@ -146,15 +160,15 @@ compress maxage 7 rotate 99 - size=+4096k + maxsize 4096k missingok copytruncate } - become: yes + become: true - name: reload rsyslog service service: name: "rsyslog" state: restarted - become: yes + become: true diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 6b2de729e..72f6eacad 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,13 +1,66 @@ - block: - - name: assert ansible version + - name: assert ansible version gt 2.13 fail: - msg: Ansible 2.8 or above is required - when: ansible_version.full is version('2.8', '<') + msg: Ansible 2.13 or above is required + when: ansible_version.full is version('2.13', '<') + + + - name: check for existing main config file {{ fworch_conf_file }} + stat: + path: "{{ fworch_conf_file }}" + register: already_installed + + - set_fact: + already_installed: "{{ already_installed.stat.exists }}" + + - debug: + msg: "installation_mode={{ installation_mode }}, already_installed={{ already_installed }}" + + - name: fail if unknown installation_mode is set + fail: + msg: "Found undefined installation_mode: {{ installation_mode }}, aborting." + when: installation_mode != "new" and installation_mode != "uninstall" and installation_mode != "upgrade" + + - name: fail if already installed and installation_mode is new + fail: + msg: "Found existing installation but running with installation_mode set to {{ installation_mode }}. If you want to upgrade, use 'installation_mode=upgrade'." + when: already_installed|bool and installation_mode == "new" + + - name: fail if not already installed and installation_mode is upgrade + fail: + msg: "Could not find existing installation but running with installation_mode set to {{ installation_mode }}. Try running with installation_mode=new" + when: not already_installed and installation_mode == "upgrade" + + + # when upgrading check if we are not attempting a downgrade + - block: + - name: fetch remote config file + fetch: + src: "{{ fworch_conf_file }}" + dest: "temp_remote_config_file.json" + flat: true + + - name: read config file of currently installed product + include_vars: + file: "temp_remote_config_file.json" + name: config + + - name: get version of currently installed product + set_fact: + old_version: "{{ config.product_version }}" + + - name: abort in case of downgrade + fail: + msg: "your are attempting to downgrade the product from {{ old_version }} to {{ product_version }}, which is not supported" + when: old_version>product_version + + when: already_installed and installation_mode == "upgrade" + - name: update operating system package cache .deb based apt: - update_cache: yes + update_cache: true when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" - name: check for existing upgradable packages @@ -19,22 +72,43 @@ - debug: msg: "current number of upgradable packages: {{ upgradable_packages.stdout_lines|length-1 }}" + - block: + - name: disable apache2 maintenance web site + command: "a2dissite {{ product_name }}-maintenance" + ignore_errors: true + + - name: enable {{ product_name }} web site + command: "a2ensite {{ product_name }}-ui" + ignore_errors: true + + - name: restart apache without maintenance site + service: + name: "{{ webserver_package_name }}" + state: restarted + when: installation_mode == "upgrade" + - name: assert there are no upgradable packages. upgrades must be run interactively outside the FWORCH installer fail: msg: - There are upgradable OS packages available, please run OS upgrade before running FWORCH installer. - - Use "-e force_install=yes" to overwrite this check and install anyway at your own risk. - when: | - (ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian") - and upgradable_packages.stdout_lines|length > 1 + - Use "-e force_install=true" to overwrite this check and install anyway at your own risk. + when: | + not force_install|bool and not run_on_github|bool and + (ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian") and + upgradable_packages.stdout_lines|length > 1 - when: not force_install|bool and not run_on_github|bool - - name: update operating system packages .deb based (for github actions or enforced run) - apt: - upgrade: dist - update_cache: yes - when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool + # - name: fix grub-efi (for github actions) + # apt: + # upgrade: dist + # update_cache: true + # when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool + + # - name: update operating system packages .deb based (for github actions) + # apt: + # upgrade: dist + # update_cache: true + # when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool - name: update operating system packages .rpm based (untested) yum: @@ -49,32 +123,6 @@ - rsync - acl - - name: check for existing main config file {{ fworch_conf_file }} - stat: - path: "{{ fworch_conf_file }}" - register: already_installed - - - set_fact: - already_installed: "{{ already_installed.stat.exists }}" - - - debug: - msg: "installation_mode={{ installation_mode }}, already_installed={{ already_installed }}" - - - name: fail if unknown installation_mode is set - fail: - msg: "Found undefined installation_mode: {{ installation_mode }}, aborting." - when: installation_mode != "new" and installation_mode != "uninstall" and installation_mode != "upgrade" - - - name: fail if already installed and installation_mode is new - fail: - msg: "Found existing installation but running with installation_mode set to {{ installation_mode }}. If you want to upgrade, use 'installation_mode=upgrade'." - when: already_installed|bool and installation_mode == "new" - - - name: fail if not already installed and installation_mode is upgrade - fail: - msg: "Could not find existing installation but running with installation_mode set to {{ installation_mode }}. Try running with installation_mode=new" - when: not already_installed and installation_mode == "upgrade" - - name: create group {{ fworch_group }} group: name: "{{ fworch_user }}" @@ -89,7 +137,7 @@ home: "{{ fworch_home }}" shell: /bin/bash group: "{{ fworch_group }}" - generate_ssh_key: yes + generate_ssh_key: true ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa @@ -105,25 +153,6 @@ group: "{{ fworch_group }}" mode: "0775" - - name: create scripts directory - file: - path: "{{ fworch_home }}/scripts" - state: directory - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - mode: "0775" - - - name: copy log lock scripts - copy: - src: "{{ item }}" - dest: "{{ fworch_home }}/scripts/" - mode: "0755" - owner: "{{ fworch_user}}" - group: "{{ fworch_user}}" - loop: - - acquire_lock.py - - release_lock.py - - name: install rsyslog import_tasks: install_syslog.yml when: "install_syslog | bool" @@ -136,10 +165,19 @@ group: "{{ fworch_group }}" mode: "0775" + - name: copy fworch scripts directory + copy: + src: scripts + dest: "{{ fworch_home }}" + mode: "0755" + owner: "{{ fworch_user}}" + group: "{{ fworch_user}}" + become: true + - name: add proxy setting to fworch users .profile and .bashrc blockinfile: path: "{{ fworch_home }}/{{ item }}" - create: yes + create: true mode: "0644" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" @@ -163,19 +201,48 @@ path: "{{ fworch_home }}/etc/secrets" state: directory owner: "{{ fworch_user }}" + group: "{{ fworch_user }}" + # group: "{{ postgres_group }}" # group does not exist yet during install, created in role database + mode: '0750' + when: "installation_mode == 'new'" + + - name: generate main key + set_fact: + main_key: "{{ randomly_generated_pwd }}" # 32 bytes + main_key_file: "{{ fworch_secrets_dir }}/main_key" + when: testkeys is not defined or testkeys|bool is false + + - name: set static main key for test purposes only + set_fact: + main_key: "{{ api_hasura_admin_test_password }}..{{ api_hasura_admin_test_password }}.." # to have 32 bytes + main_key_file: "{{ fworch_secrets_dir }}/main_key" + when: testkeys is defined and testkeys|bool + + - name: Check if main key file exists + stat: + path: "{{ main_key_file }}" + register: stat_result + + - name: write main key to secrets directory + copy: + content: "{{ main_key }}\n" + dest: "{{ main_key_file }}" + mode: '0640' + owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - mode: '0700' + become: true + when: not stat_result.stat.exists - set_fact: wsgi_package_name: "{{ wsgi_package_name }}-py3" when: | - (ansible_facts['distribution_release']|lower == 'bookworm') + (ansible_facts['distribution_release']|lower == debian_testing_release_name) or (ansible_facts['distribution']|lower == 'debian' and ansible_facts['distribution_major_version']|int is version('10', '>')) or (ansible_facts['distribution']|lower == 'ubuntu' and ansible_facts['distribution_major_version']|int is version('20', '>')) - - name: copy iso.conf to target + - name: copy iso.conf to target for legacy importer support only template: src: iso.conf.j2 dest: "{{ fworch_home }}/etc/iso.conf" @@ -189,5 +256,5 @@ import_tasks: run-upgrades.yml when: "installation_mode == 'upgrade'" - become: yes + become: true \ No newline at end of file diff --git a/roles/common/tasks/redhat_preps.yml b/roles/common/tasks/redhat_preps.yml index 705eed743..e41109e4e 100644 --- a/roles/common/tasks/redhat_preps.yml +++ b/roles/common/tasks/redhat_preps.yml @@ -18,7 +18,7 @@ rhsm_repository: name: "codeready-builder-for-rhel-{{ redhat_major_version }}-{{ arch }}-rpms" environment: "{{ proxy_env }}" - become: yes + become: true - name: setting default locale in /etc/profile blockinfile: @@ -27,4 +27,4 @@ export LANG="en_US.utf8" export LANGUAGE="en_US.utf8" export LC_ALL="en_US.utf8" - become: yes + become: true diff --git a/roles/common/tasks/upgrade/7.2.3.yml b/roles/common/tasks/upgrade/7.2.3.yml new file mode 100644 index 000000000..477ea8591 --- /dev/null +++ b/roles/common/tasks/upgrade/7.2.3.yml @@ -0,0 +1,24 @@ +- name: Read config file + slurp: + path: "{{ fworch_conf_file }}" + register: config_file + +- name: Parse JSON content + set_fact: + json_data: "{{ config_file.content | b64decode | from_json }}" + +- name: Modify config file if remote_addresses property is not present + block: + - name: Add remote_addresses property + set_fact: + modified_json_data: "{{ json_data | combine({'remote_addresses': []}) }}" + + - name: Save updated config to file + copy: + content: "{{ modified_json_data | to_nice_json }}" + dest: "{{ fworch_conf_file }}" + owner: "{{ fworch_user }}" + group: "{{ fworch_group }}" + + when: "'remote_addresses' not in json_data" + \ No newline at end of file diff --git a/roles/database/files/sql/creation/fworch-create-constraints.sql b/roles/database/files/sql/creation/fworch-create-constraints.sql index f563ef6f1..55039c56c 100755 --- a/roles/database/files/sql/creation/fworch-create-constraints.sql +++ b/roles/database/files/sql/creation/fworch-create-constraints.sql @@ -1,5 +1,13 @@ +CREATE OR REPLACE FUNCTION is_single_ip (ip CIDR) + RETURNS BOOLEAN + LANGUAGE 'plpgsql' IMMUTABLE COST 1 + AS +$BODY$ + BEGIN + RETURN masklen(ip)=32 AND family(ip)=4 OR masklen(ip)=128 AND family(ip)=6; + END; +$BODY$; -/* Create Alternate Keys */ Alter Table "changelog_object" add Constraint "alt_key_changelog_object" UNIQUE ("abs_change_id"); Alter Table "changelog_rule" add Constraint "alt_key_changelog_rule" UNIQUE ("abs_change_id"); Alter Table "changelog_service" add Constraint "alt_key_changelog_service" UNIQUE ("abs_change_id"); @@ -7,31 +15,29 @@ Alter Table "changelog_user" add Constraint "alt_key_changelog_user" UNIQUE ("ab Alter Table "import_changelog" add Constraint "Alter_Key14" UNIQUE ("import_changelog_nr","control_id"); Alter Table "import_control" add Constraint "control_id_stop_time_unique" UNIQUE ("stop_time","control_id"); Alter Table "object" add Constraint "obj_altkey" UNIQUE ("mgm_id","zone_id","obj_uid","obj_create"); --- Alter Table "rule" add Constraint "rule_altkey" UNIQUE ("mgm_id","rule_uid","rule_create"); +ALTER TABLE object ADD CONSTRAINT object_obj_ip_is_host CHECK (is_single_ip(obj_ip)); +ALTER TABLE object ADD CONSTRAINT object_obj_ip_end_is_host CHECK (is_single_ip(obj_ip_end)); +ALTER TABLE object ADD CONSTRAINT object_obj_ip_not_null CHECK (obj_ip IS NOT NULL OR obj_typ_id=2); +ALTER TABLE object ADD CONSTRAINT object_obj_ip_end_not_null CHECK (obj_ip_end IS NOT NULL OR obj_typ_id=2); +ALTER TABLE owner ADD CONSTRAINT owner_name_unique_in_tenant UNIQUE ("name","tenant_id"); +ALTER TABLE owner_network ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); +ALTER TABLE owner_network ADD CONSTRAINT owner_network_ip_unique UNIQUE (owner_id, ip); +ALTER TABLE request.reqelement ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); +ALTER TABLE request.implelement ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); Alter Table "rule" add Constraint "rule_altkey" UNIQUE ("dev_id","rule_uid","rule_create",xlate_rule); Alter Table "rule_metadata" add Constraint "rule_metadata_alt_key" UNIQUE ("rule_uid","dev_id"); Alter Table "service" add Constraint "svc_altkey" UNIQUE ("mgm_id","svc_uid","svc_create"); Alter Table "stm_dev_typ" add Constraint "Alter_Key1" UNIQUE ("dev_typ_name","dev_typ_version"); Alter Table "usr" add Constraint "usr_altkey" UNIQUE ("mgm_id","user_name","user_create"); Alter Table "zone" add Constraint "Alter_Key10" UNIQUE ("mgm_id","zone_name"); --- TODO: Alter Table "tenant" add Constraint "tenant_name_unique" UNIQUE("tenant_name") - - -ALTER TABLE owner ADD CONSTRAINT owner_name_unique_in_tenant UNIQUE ("name","tenant_id"); ---- owner_network --- -ALTER TABLE owner_network ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); - ---- request elements --- -ALTER TABLE request.reqelement ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); -ALTER TABLE request.implelement ADD CONSTRAINT port_in_valid_range CHECK (port > 0 and port <= 65535); - ---- routing --- - -ALTER TABLE gw_route DROP CONSTRAINT IF EXISTS gw_route_routing_device_foreign_key; -ALTER TABLE gw_route ADD CONSTRAINT gw_route_routing_device_foreign_key FOREIGN KEY (routing_device) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; -ALTER TABLE gw_route DROP CONSTRAINT IF EXISTS gw_route_interface_foreign_key; -ALTER TABLE gw_route ADD CONSTRAINT gw_route_interface_foreign_key FOREIGN KEY (interface_id) REFERENCES gw_interface(id) ON UPDATE RESTRICT ON DELETE CASCADE; +create unique index if not exists only_one_future_recert_per_owner_per_rule on recertification(owner_id,rule_metadata_id,recert_date) + where recert_date IS NULL; -ALTER TABLE gw_interface DROP CONSTRAINT IF EXISTS gw_interface_routing_device_foreign_key; -ALTER TABLE gw_interface ADD CONSTRAINT gw_interface_routing_device_foreign_key FOREIGN KEY (routing_device) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; +--- compliance +CREATE EXTENSION IF NOT EXISTS btree_gist; +ALTER TABLE compliance.ip_range ADD CONSTRAINT "exclude_overlapping_ip_ranges" +EXCLUDE USING gist ( + network_zone_id WITH =, + numrange(ip_range_start - '0.0.0.0'::inet, ip_range_end - '0.0.0.0'::inet, '[]') WITH && +); diff --git a/roles/database/files/sql/creation/fworch-create-foreign-keys.sql b/roles/database/files/sql/creation/fworch-create-foreign-keys.sql index 3c50b4832..f38fc74d1 100755 --- a/roles/database/files/sql/creation/fworch-create-foreign-keys.sql +++ b/roles/database/files/sql/creation/fworch-create-foreign-keys.sql @@ -37,7 +37,9 @@ Alter table "changelog_user" add foreign key ("old_user_id") references "usr" ( Alter table "config" add foreign key ("config_user") references "uiuser" ("uiuser_id") on update restrict on delete cascade; Alter table "device" add foreign key ("dev_typ_id") references "stm_dev_typ" ("dev_typ_id") on update restrict on delete cascade; Alter table "device" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; -Alter table "device" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; +ALTER TABLE gw_route ADD CONSTRAINT gw_route_routing_device_foreign_key FOREIGN KEY (routing_device) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE gw_route ADD CONSTRAINT gw_route_interface_foreign_key FOREIGN KEY (interface_id) REFERENCES gw_interface(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE gw_interface ADD CONSTRAINT gw_interface_routing_device_foreign_key FOREIGN KEY (routing_device) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; Alter table "import_changelog" add foreign key ("control_id") references "import_control" ("control_id") on update restrict on delete cascade; Alter table "import_config" add constraint "import_config_import_id_f_key" foreign key ("import_id") references "import_control" ("control_id") on update restrict on delete cascade; Alter table "import_config" add constraint "import_config_mgm_id_f_key" foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; @@ -51,7 +53,6 @@ Alter table "import_user" add foreign key ("control_id") references "import_con Alter table "import_zone" add foreign key ("control_id") references "import_control" ("control_id") on update restrict on delete cascade; Alter table "ldap_connection" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; Alter table "management" add foreign key ("dev_typ_id") references "stm_dev_typ" ("dev_typ_id") on update restrict on delete cascade; -Alter table "management" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; ALTER TABLE "management" ADD CONSTRAINT management_multi_device_manager_id_fkey FOREIGN KEY ("multi_device_manager_id") REFERENCES "management" ("mgm_id") ON UPDATE RESTRICT; --ON DELETE CASCADE; ALTER TABLE "management" ADD CONSTRAINT management_import_credential_id_foreign_key FOREIGN KEY (import_credential_id) REFERENCES import_credential(id) ON UPDATE RESTRICT ON DELETE CASCADE; Alter table "object" add foreign key ("last_change_admin") references "uiuser" ("uiuser_id") on update restrict on delete cascade; @@ -161,7 +162,10 @@ Alter table "svcgrp_flat" add foreign key ("svcgrp_flat_member_id") references Alter table "tenant_network" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; Alter table "tenant_to_device" add foreign key ("device_id") references "device" ("dev_id") on update restrict on delete cascade; Alter table "tenant_to_device" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; +Alter table "tenant_to_management" add foreign key ("management_id") references "management" ("mgm_id") on update restrict on delete cascade; +Alter table "tenant_to_management" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; Alter table "txt" add foreign key ("language") references "language" ("name") on update restrict on delete cascade; +Alter table "customtxt" add foreign key ("language") references "language" ("name") on update restrict on delete cascade; Alter table "uiuser" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; Alter table "uiuser" add foreign key ("uiuser_language") references "language" ("name") on update restrict on delete cascade; Alter table "uiuser" add foreign key ("ldap_connection_id") references "ldap_connection" ("ldap_connection_id") on update restrict on delete cascade; @@ -203,6 +207,7 @@ ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_service_foreign ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_object_foreign_key FOREIGN KEY (network_object_id) REFERENCES object(obj_id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_request_reqelement_foreign_key FOREIGN KEY (original_nat_id) REFERENCES request.reqelement(id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_usr_foreign_key FOREIGN KEY (user_id) REFERENCES usr(user_id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_device_foreign_key FOREIGN KEY (device_id) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; --- request.approval --- ALTER TABLE request.approval ADD CONSTRAINT request_approval_request_reqtask_foreign_key FOREIGN KEY (task_id) REFERENCES request.reqtask(id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE request.approval ADD CONSTRAINT request_approval_tenant_foreign_key FOREIGN KEY (tenant_id) REFERENCES tenant(tenant_id) ON UPDATE RESTRICT ON DELETE CASCADE; @@ -262,7 +267,42 @@ ALTER TABLE request.impltask ADD CONSTRAINT request_impltask_object_foreign_key ALTER TABLE request.impltask ADD CONSTRAINT request_impltask_usergrp_foreign_key FOREIGN KEY (user_grp_id) REFERENCES usr(user_id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE request.impltask ADD CONSTRAINT request_impltask_current_handler_foreign_key FOREIGN KEY (current_handler) REFERENCES uiuser(uiuser_id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE request.impltask ADD CONSTRAINT request_impltask_recent_handler_foreign_key FOREIGN KEY (recent_handler) REFERENCES uiuser(uiuser_id) ON UPDATE RESTRICT ON DELETE CASCADE; - --- recertification --- ALTER TABLE recertification ADD CONSTRAINT recertification_rule_metadata_foreign_key FOREIGN KEY (rule_metadata_id) REFERENCES rule_metadata(rule_metadata_id) ON UPDATE RESTRICT ON DELETE CASCADE; ALTER TABLE recertification ADD CONSTRAINT recertification_owner_foreign_key FOREIGN KEY (owner_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +--- compliance.ip_range --- +ALTER TABLE compliance.ip_range ADD CONSTRAINT compliance_ip_range_network_zone_foreign_key FOREIGN KEY (network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +--- compliance.network_zone --- +ALTER TABLE compliance.network_zone ADD CONSTRAINT compliance_super_zone_foreign_key FOREIGN KEY (super_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +--- compliance.network_zone_communication --- +ALTER TABLE compliance.network_zone_communication ADD CONSTRAINT compliance_from_network_zone_communication_foreign_key FOREIGN KEY (from_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE compliance.network_zone_communication ADD CONSTRAINT compliance_to_network_zone_communication_foreign_key FOREIGN KEY (to_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +-- modelling +ALTER TABLE modelling.nwgroup ADD CONSTRAINT modelling_nwgroup_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.connection ADD CONSTRAINT modelling_connection_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.connection ADD CONSTRAINT modelling_connection_used_interface_foreign_key FOREIGN KEY (used_interface_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_nwgroup ADD CONSTRAINT modelling_nwobject_nwgroup_nwobject_foreign_key FOREIGN KEY (nwobject_id) REFERENCES owner_network(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_nwgroup ADD CONSTRAINT modelling_nwobject_nwgroup_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwgroup_connection ADD CONSTRAINT modelling_nwgroup_connection_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwgroup_connection ADD CONSTRAINT modelling_nwgroup_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_connection ADD CONSTRAINT modelling_nwobject_connection_nwobject_foreign_key FOREIGN KEY (nwobject_id) REFERENCES owner_network(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_connection ADD CONSTRAINT modelling_nwobject_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service ADD CONSTRAINT modelling_service_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service ADD CONSTRAINT modelling_service_protocol_foreign_key FOREIGN KEY (proto_id) REFERENCES stm_ip_proto(ip_proto_id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group ADD CONSTRAINT modelling_service_group_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_service_group ADD CONSTRAINT modelling_service_service_group_service_foreign_key FOREIGN KEY (service_id) REFERENCES modelling.service(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_service_group ADD CONSTRAINT modelling_service_service_group_service_group_foreign_key FOREIGN KEY (service_group_id) REFERENCES modelling.service_group(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group_connection ADD CONSTRAINT modelling_service_group_connection_service_group_foreign_key FOREIGN KEY (service_group_id) REFERENCES modelling.service_group(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group_connection ADD CONSTRAINT modelling_service_group_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_connection ADD CONSTRAINT modelling_service_connection_service_foreign_key FOREIGN KEY (service_id) REFERENCES modelling.service(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_connection ADD CONSTRAINT modelling_service_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.change_history ADD CONSTRAINT modelling_change_history_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_objects ADD CONSTRAINT modelling_selected_objects_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_objects ADD CONSTRAINT modelling_selected_objects_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_connections ADD CONSTRAINT modelling_selected_connections_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_connections ADD CONSTRAINT modelling_selected_connections_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; + diff --git a/roles/database/files/sql/creation/fworch-create-indices.sql b/roles/database/files/sql/creation/fworch-create-indices.sql index 29710b2cd..96917ff51 100755 --- a/roles/database/files/sql/creation/fworch-create-indices.sql +++ b/roles/database/files/sql/creation/fworch-create-indices.sql @@ -14,11 +14,13 @@ Create index IF NOT EXISTS idx_import_rule01 on import_rule (rule_id); Create index IF NOT EXISTS idx_object01 on object (mgm_id); Create index IF NOT EXISTS idx_object02 on object (obj_name,mgm_id,zone_id,active); Create index IF NOT EXISTS idx_object03 on object (obj_uid,mgm_id,zone_id,active); +Create index IF NOT EXISTS idx_object04 on object (obj_ip); Create index IF NOT EXISTS idx_objgrp_flat01 on objgrp_flat (objgrp_flat_id); Create index IF NOT EXISTS idx_objgrp_flat02 on objgrp_flat (objgrp_flat_member_id); Create index IF NOT EXISTS idx_rule01 on rule (rule_uid,mgm_id,dev_id,active,nat_rule,xlate_rule); Create index IF NOT EXISTS idx_rule02 on rule (mgm_id,rule_id,rule_uid,dev_id); Create index IF NOT EXISTS idx_rule03 on rule (dev_id); +Create index IF NOT EXISTS idx_rule04 on rule (action_id); Create index IF NOT EXISTS idx_rule_from01 on rule_from (rule_id); Create index IF NOT EXISTS idx_rule_service01 on rule_service (rule_id); Create index IF NOT EXISTS idx_rule_service02 on rule_service (svc_id); @@ -33,10 +35,11 @@ Create index IF NOT EXISTS idx_usergrp_flat02 on usergrp_flat (usergrp_flat_memb Create index IF NOT EXISTS idx_zone01 on zone (zone_name,mgm_id); Create index IF NOT EXISTS idx_zone02 on zone (mgm_id); -- needed as mgm_id is not first column on above composite index - -- make sure a maximum of one stop_time=null entry exists per mgm_id (only one running import per mgm): CREATE UNIQUE INDEX uidx_import_control_only_one_null_stop_time_per_mgm_when_null ON import_control (mgm_id) WHERE stop_time IS NULL; +CREATE UNIQUE index if not exists only_one_default_owner on owner(is_default) where is_default = true; + -- probably useful: Create index "IX_Relationship59" on "import_service" ("control_id"); Create index "IX_Relationship61" on "import_rule" ("control_id"); @@ -113,3 +116,8 @@ Create index "IX_Relationship179" on "zone" ("zone_last_seen"); create unique index if not exists only_one_default_owner on owner(is_default) where is_default = true; + +-- compliance +Create index IF NOT EXISTS idx_fkey_network_zone_id on compliance.ip_range USING HASH (network_zone_id); +Create index IF NOT EXISTS idx_fkey_network_zone_from on compliance.network_zone_communication USING HASH (from_network_zone_id); +Create index IF NOT EXISTS idx_fkey_network_zone_to on compliance.network_zone_communication USING HASH (to_network_zone_id); diff --git a/roles/database/files/sql/creation/fworch-create-tables.sql b/roles/database/files/sql/creation/fworch-create-tables.sql index 165a1b55b..e1af68020 100755 --- a/roles/database/files/sql/creation/fworch-create-tables.sql +++ b/roles/database/files/sql/creation/fworch-create-tables.sql @@ -1,6 +1,6 @@ /* Created 29.04.2005 -Last modified 13.12.2020 +Last modified 14.07.2023 Project Firewall Orchestrator Contact https://cactus.de/fworch Database PostgreSQL 9-13 @@ -12,7 +12,7 @@ the abs_hange_id is needed as it is incremented across 4 different tables */ -Create sequence if not exists "public"."abs_change_id_seq" +Create sequence "public"."abs_change_id_seq" Increment 1 Minvalue 1 Maxvalue 9223372036854775807 @@ -40,7 +40,6 @@ Create table "device" -- contains an entry for each firewall gateway "package_name" Varchar, "package_uid" Varchar, "dev_typ_id" Integer NOT NULL, - "tenant_id" Integer, "dev_active" Boolean NOT NULL Default true, "dev_comment" Text, "dev_create" Timestamp NOT NULL Default now(), @@ -58,7 +57,6 @@ Create table "management" -- contains an entry for each firewall management syst "dev_typ_id" Integer NOT NULL, "mgm_name" Varchar NOT NULL, "mgm_comment" Text, - "tenant_id" Integer, "cloud_tenant_id" VARCHAR, "cloud_subscription_id" VARCHAR, "mgm_create" Timestamp NOT NULL Default now(), @@ -81,7 +79,7 @@ Create table "management" -- contains an entry for each firewall management syst primary key ("mgm_id") ); -create table if not exists import_credential +create table import_credential ( id SERIAL PRIMARY KEY, credential_name varchar NOT NULL, @@ -176,6 +174,7 @@ Create table "rule" "rule_create" BIGINT NOT NULL, "rule_last_seen" BIGINT NOT NULL, "dev_id" Integer, + "rule_custom_fields" jsonb, "access_rule" BOOLEAN Default TRUE, "nat_rule" BOOLEAN Default FALSE, "xlate_rule" BIGINT, @@ -196,7 +195,7 @@ Create table "rule_metadata" "rule_last_certified" Timestamp, "rule_last_certifier" Integer, "rule_last_certifier_dn" VARCHAR, - "rule_owner" Integer, + "rule_owner" Integer, -- points to a uiuser (not an owner) "rule_owner_dn" Varchar, -- distinguished name pointing to ldap group, path or user "rule_to_be_removed" Boolean NOT NULL Default FALSE, "last_change_admin" Integer, @@ -438,6 +437,14 @@ Create table "txt" primary key ("id", "language") ); +Create table "customtxt" +( + "id" Varchar NOT NULL, + "language" Varchar NOT NULL, + "txt" Varchar NOT NULL, + primary key ("id", "language") +); + Create table "error" ( "error_id" Varchar NOT NULL UNIQUE, @@ -451,7 +458,7 @@ Create table "error" Create table "tenant" ( "tenant_id" SERIAL, - "tenant_name" Varchar NOT NULL, + "tenant_name" Varchar NOT NULL UNIQUE, "tenant_projekt" Varchar, "tenant_comment" Text, "tenant_report" Boolean Default true, @@ -461,10 +468,19 @@ Create table "tenant" primary key ("tenant_id") ); +Create table tenant_to_management +( + tenant_id Integer NOT NULL, + management_id Integer NOT NULL, + shared BOOLEAN NOT NULL DEFAULT TRUE, + primary key ("tenant_id", "management_id") +); + Create table "tenant_to_device" ( "tenant_id" Integer NOT NULL, "device_id" Integer NOT NULL, + shared Boolean NOT NULL DEFAULT TRUE, primary key ("tenant_id", "device_id") ); @@ -474,8 +490,8 @@ Create table "tenant_network" "tenant_id" Integer NOT NULL, "tenant_net_name" Varchar, "tenant_net_comment" Text, - "tenant_net_ip" Cidr, - "tenant_net_ip_end" Cidr, + "tenant_net_ip" Cidr NOT NULL, + "tenant_net_ip_end" Cidr NOT NULL, "tenant_net_create" Timestamp NOT NULL Default now(), primary key ("tenant_net_id") ); @@ -580,11 +596,13 @@ Create table "import_control" "successful_import" Boolean NOT NULL Default FALSE, "changes_found" Boolean NOT NULL Default FALSE, "import_errors" Varchar, + "notification_done" Boolean NOT NULL Default FALSE, + "security_relevant_changes_counter" INTEGER NOT NULL Default 0, primary key ("control_id") ); -- temporary table for storing the fw-relevant config during import -CREATE TABLE IF NOT EXISTS "import_config" ( +CREATE table "import_config" ( "import_id" bigint NOT NULL, "mgm_id" integer NOT NULL, "chunk_number" integer, @@ -712,6 +730,8 @@ Create table "import_rule" "rule_svc_refs" Text, "parent_rule_uid" Text, "rule_type" Varchar Default 'access', + "last_hit" Timestamp, + "rule_custom_fields" JSONB, primary key ("control_id","rule_id") ); @@ -727,7 +747,7 @@ Create table "import_zone" -- drop table if exists gw_route; -- drop table if exists gw_interface; -create table if not exists gw_interface +create table gw_interface ( id SERIAL PRIMARY KEY, routing_device INTEGER NOT NULL, @@ -738,7 +758,7 @@ create table if not exists gw_interface netmask_bits INTEGER NOT NULL ); -create table if not exists gw_route +create table gw_route ( id SERIAL PRIMARY KEY, routing_device INT NOT NULL, @@ -952,7 +972,7 @@ Create table "report" primary key ("report_id") ); -Create table if not exists "report_schedule" +Create table "report_schedule" ( "report_schedule_id" BIGSERIAL, "report_schedule_name" Varchar, -- NOT NULL Default "Report_"|"report_id"::VARCHAR, -- user given name of a report @@ -1009,44 +1029,52 @@ Create table "config" -- owner ------------------------------------------------------- -create table if not exists owner +create table owner ( id SERIAL PRIMARY KEY, - name Varchar NOT NULL, + name Varchar UNIQUE NOT NULL, dn Varchar NOT NULL, group_dn Varchar NOT NULL, is_default boolean default false, tenant_id int, recert_interval int, - next_recert_date Timestamp, - app_id_external varchar not null + app_id_external varchar UNIQUE, + last_recert_check Timestamp, + recert_check_params Varchar, + criticality Varchar, + active boolean default true, + import_source Varchar, + common_service_possible boolean default false ); -create unique index if not exists only_one_default_owner on owner(is_default) -where is_default = true; - -create table if not exists owner_network +create table owner_network ( - id SERIAL PRIMARY KEY, + id BIGSERIAL PRIMARY KEY, owner_id int, + name Varchar, ip cidr NOT NULL, + ip_end cidr NOT NULL, port int, - ip_proto_id int + ip_proto_id int, + nw_type int, + import_source Varchar default 'manual', + is_deleted boolean default false, + custom_type int ); -create table if not exists reqtask_owner +create table reqtask_owner ( reqtask_id bigint, owner_id int ); -create table if not exists rule_owner +create table rule_owner ( owner_id int, rule_metadata_id bigint ); -create table if not exists recertification +create table recertification ( id BIGSERIAL PRIMARY KEY, rule_metadata_id bigint NOT NULL, @@ -1056,19 +1084,20 @@ create table if not exists recertification user_dn varchar, recertified boolean default false, recert_date Timestamp, - comment varchar + comment varchar, + next_recert_date Timestamp ); -- workflow ------------------------------------------------------- -- create schema -create schema if not exists request; +create schema request; -CREATE TYPE rule_field_enum AS ENUM ('source', 'destination', 'service'); +CREATE TYPE rule_field_enum AS ENUM ('source', 'destination', 'service', 'rule'); CREATE TYPE action_enum AS ENUM ('create', 'delete', 'modify'); -- create tables -create table if not exists request.reqtask +create table request.reqtask ( id BIGSERIAL PRIMARY KEY, title VARCHAR, @@ -1092,10 +1121,11 @@ create table if not exists request.reqtask assigned_group varchar, target_begin_date Timestamp, target_end_date Timestamp, - devices varchar + devices varchar, + additional_info varchar ); -create table if not exists request.reqelement +create table request.reqelement ( id BIGSERIAL PRIMARY KEY, request_action action_enum NOT NULL default 'create', @@ -1107,10 +1137,12 @@ create table if not exists request.reqelement service_id bigint, field rule_field_enum NOT NULL, user_id bigint, - original_nat_id int + original_nat_id bigint, + device_id int, + rule_uid varchar ); -create table if not exists request.approval +create table request.approval ( id BIGSERIAL PRIMARY KEY, task_id bigint, @@ -1127,7 +1159,7 @@ create table if not exists request.approval state_id int NOT NULL ); -create table if not exists request.ticket +create table request.ticket ( id BIGSERIAL PRIMARY KEY, title VARCHAR NOT NULL, @@ -1148,7 +1180,7 @@ create table if not exists request.ticket ticket_priority int ); -create table if not exists request.comment +create table request.comment ( id BIGSERIAL PRIMARY KEY, ref_id bigint, @@ -1158,37 +1190,37 @@ create table if not exists request.comment comment_text varchar ); -create table if not exists request.ticket_comment +create table request.ticket_comment ( ticket_id bigint, comment_id bigint ); -create table if not exists request.reqtask_comment +create table request.reqtask_comment ( task_id bigint, comment_id bigint ); -create table if not exists request.approval_comment +create table request.approval_comment ( approval_id bigint, comment_id bigint ); -create table if not exists request.impltask_comment +create table request.impltask_comment ( task_id bigint, comment_id bigint ); -create table if not exists request.state +create table request.state ( id Integer NOT NULL UNIQUE PRIMARY KEY, name Varchar NOT NULL ); -create table if not exists request.action +create table request.action ( id SERIAL PRIMARY KEY, name Varchar NOT NULL, @@ -1201,13 +1233,13 @@ create table if not exists request.action external_parameters Varchar ); -create table if not exists request.state_action +create table request.state_action ( state_id int, action_id int ); -create table if not exists request.implelement +create table request.implelement ( id BIGSERIAL PRIMARY KEY, implementation_action action_enum NOT NULL default 'create', @@ -1219,10 +1251,11 @@ create table if not exists request.implelement service_id bigint, field rule_field_enum NOT NULL, user_id bigint, - original_nat_id int + original_nat_id bigint, + rule_uid varchar ); -create table if not exists request.impltask +create table request.impltask ( id BIGSERIAL PRIMARY KEY, title VARCHAR, @@ -1246,3 +1279,156 @@ create table if not exists request.impltask target_begin_date Timestamp, target_end_date Timestamp ); + + +--- Compliance --- +create schema compliance; + +create table compliance.network_zone +( + id BIGSERIAL PRIMARY KEY, + name VARCHAR NOT NULL, + description VARCHAR NOT NULL, + super_network_zone_id bigint, + owner_id bigint +); + +create table compliance.network_zone_communication +( + from_network_zone_id bigint NOT NULL, + to_network_zone_id bigint NOT NULL +); + +create table compliance.ip_range +( + network_zone_id bigint NOT NULL, + ip_range_start inet NOT NULL, + ip_range_end inet NOT NULL, + PRIMARY KEY(network_zone_id, ip_range_start, ip_range_end) +); + + +--- Network modelling --- +create schema modelling; + +create table modelling.nwgroup +( + id BIGSERIAL PRIMARY KEY, + app_id int, + id_string Varchar, + name Varchar, + comment Varchar, + group_type int, + is_deleted boolean default false, + creator Varchar, + creation_date timestamp default now() +); + +create table modelling.connection +( + id SERIAL PRIMARY KEY, + app_id int, + proposed_app_id int, + name Varchar, + reason Text, + is_interface boolean default false, + used_interface_id int, + is_requested boolean default false, + ticket_id bigint, + common_service boolean default false, + is_published boolean default false, + creator Varchar, + creation_date timestamp default now() +); + +create table modelling.selected_objects +( + app_id int, + nwgroup_id bigint, + primary key (app_id, nwgroup_id) +); + +create table modelling.selected_connections +( + app_id int, + connection_id int, + primary key (app_id, connection_id) +); + +create table modelling.nwobject_nwgroup +( + nwobject_id bigint, + nwgroup_id bigint, + primary key (nwobject_id, nwgroup_id) +); + +create table modelling.nwgroup_connection +( + nwgroup_id bigint, + connection_id int, + connection_field int, -- enum src=1, dest=2, ... + primary key (nwgroup_id, connection_id, connection_field) +); + +create table modelling.nwobject_connection -- (used only if settings flag is set) +( + nwobject_id bigint, + connection_id int, + connection_field int, -- enum src=1, dest=2, ... + primary key (nwobject_id, connection_id, connection_field) +); + +create table modelling.service +( + id SERIAL PRIMARY KEY, + app_id int, + name Varchar, + is_global boolean default false, + port int, + port_end int, + proto_id int +); + +create table modelling.service_group +( + id SERIAL PRIMARY KEY, + app_id int, + name Varchar, + is_global boolean default false, + comment Varchar, + creator Varchar, + creation_date timestamp default now() +); + +create table modelling.service_service_group +( + service_id int, + service_group_id int, + primary key (service_id, service_group_id) +); + +create table modelling.service_group_connection +( + service_group_id int, + connection_id int, + primary key (service_group_id, connection_id) +); + +create table modelling.service_connection -- (used only if settings flag is set) +( + service_id int, + connection_id int, + primary key (service_id, connection_id) +); + +create table modelling.change_history +( + id BIGSERIAL PRIMARY KEY, + app_id int, + change_type int, + object_type int, + object_id bigint, + change_text Varchar, + changer Varchar, + change_time Timestamp default now() +); diff --git a/roles/database/files/sql/creation/fworch-create-triggers.sql b/roles/database/files/sql/creation/fworch-create-triggers.sql index b7c298fbb..9c0139ce3 100644 --- a/roles/database/files/sql/creation/fworch-create-triggers.sql +++ b/roles/database/files/sql/creation/fworch-create-triggers.sql @@ -128,14 +128,98 @@ BEGIN END; $BODY$ LANGUAGE plpgsql -VOLATILE -COST 100; +VOLATILE; ALTER FUNCTION public.import_config_from_json () OWNER TO fworch; - DROP TRIGGER IF EXISTS import_config_insert ON import_config CASCADE; CREATE TRIGGER import_config_insert BEFORE INSERT ON import_config FOR EACH ROW EXECUTE PROCEDURE import_config_from_json (); + +------------------------- +-- recert refresh trigger + +create or replace function refresh_view_rule_with_owner() +returns trigger language plpgsql +as $$ +begin + refresh materialized view view_rule_with_owner; + return null; +end $$; + +drop trigger IF exists refresh_view_rule_with_owner_delete_trigger ON recertification CASCADE; + +create trigger refresh_view_rule_with_owner_delete_trigger +after delete on recertification for each statement +execute procedure refresh_view_rule_with_owner(); + +-- -- function used during import of owner data +-- CREATE OR REPLACE FUNCTION recert_refresh_per_owner(i_owner_id INTEGER) RETURNS VOID AS $$ +-- DECLARE +-- r_mgm RECORD; +-- BEGIN +-- BEGIN +-- FOR r_mgm IN +-- SELECT mgm_id, mgm_name FROM management +-- LOOP +-- PERFORM recert_refresh_one_owner_one_mgm (i_owner_id, r_mgm.mgm_id, NULL::TIMESTAMP); +-- END LOOP; + +-- EXCEPTION WHEN OTHERS THEN +-- RAISE EXCEPTION 'Exception caught in recert_refresh_per_owner while handling management %', r_mgm.mgm_name; +-- END; +-- RETURN; +-- END; +-- $$ LANGUAGE plpgsql; + + +-- CREATE OR REPLACE FUNCTION owner_change_triggered () +-- RETURNS TRIGGER +-- AS $BODY$ +-- BEGIN +-- IF NOT NEW.id IS NULL THEN +-- PERFORM recert_refresh_per_owner(NEW.id); +-- END IF; +-- RETURN NEW; +-- END; +-- $BODY$ +-- LANGUAGE plpgsql +-- VOLATILE; +-- ALTER FUNCTION public.owner_change_triggered () OWNER TO fworch; + + +-- DROP TRIGGER IF EXISTS owner_change ON owner CASCADE; + +-- CREATE TRIGGER owner_change +-- AFTER INSERT OR UPDATE OR DELETE ON owner +-- FOR EACH ROW +-- EXECUTE PROCEDURE owner_change_triggered (); + + +-- CREATE OR REPLACE FUNCTION owner_network_change_triggered () +-- RETURNS TRIGGER +-- AS $BODY$ +-- BEGIN +-- IF NOT NEW.owner_id IS NULL THEN +-- PERFORM recert_refresh_per_owner(NEW.owner_id); +-- END IF; +-- RETURN NEW; +-- END; +-- $BODY$ +-- LANGUAGE plpgsql +-- VOLATILE; +-- ALTER FUNCTION public.owner_network_change_triggered () OWNER TO fworch; + +-- DROP TRIGGER IF EXISTS owner_network_change ON owner_network CASCADE; + +-- CREATE TRIGGER owner_network_change +-- AFTER INSERT OR UPDATE OR DELETE ON owner_network +-- FOR EACH ROW +-- EXECUTE PROCEDURE owner_network_change_triggered (); + +-- -- LargeOwnerChange: uncomment to disable triggers (e.g. for large installations without recert needs) +-- -- ALTER TABLE owner DISABLE TRIGGER owner_change; +-- -- ALTER TABLE owner_network DISABLE TRIGGER owner_network_change; + diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql index 39c3a0ef1..8d1e8d45c 100644 --- a/roles/database/files/sql/creation/fworch-fill-stm.sql +++ b/roles/database/files/sql/creation/fworch-fill-stm.sql @@ -7,6 +7,7 @@ insert into uiuser (uiuser_id, uiuser_username, uuid) VALUES (0,'default', 'defa insert into config (config_key, config_value, config_user) VALUES ('DefaultLanguage', 'English', 0); insert into config (config_key, config_value, config_user) VALUES ('sessionTimeout', '720', 0); insert into config (config_key, config_value, config_user) VALUES ('sessionTimeoutNoticePeriod', '60', 0); -- in minutes before expiry +insert into config (config_key, config_value, config_user) VALUES ('uiHostName', 'http://localhost:5000', 0); -- insert into config (config_key, config_value, config_user) VALUES ('maxMessages', '3', 0); insert into config (config_key, config_value, config_user) VALUES ('elementsPerFetch', '100', 0); insert into config (config_key, config_value, config_user) VALUES ('maxInitialFetchesRightSidebar', '10', 0); @@ -21,6 +22,20 @@ insert into config (config_key, config_value, config_user) VALUES ('recertificat insert into config (config_key, config_value, config_user) VALUES ('recertificationDisplayPeriod', '30', 0); insert into config (config_key, config_value, config_user) VALUES ('ruleRemovalGracePeriod', '60', 0); insert into config (config_key, config_value, config_user) VALUES ('commentRequired', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('recAutocreateDeleteTicket', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketTitle', 'Ticket Title', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketReason', 'Ticket Reason', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleReqTaskTitle', 'Task Title', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleReqTaskReason', 'Task Reason', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketPriority', '3', 0); +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleInitState', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('recCheckActive', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailSubject', 'Upcoming rule recertifications', 0); +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailUpcomingText', 'The following rules are upcoming to be recertified:', 0); +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailOverdueText', 'The following rules are overdue to be recertified:', 0); +insert into config (config_key, config_value, config_user) VALUES ('recCheckParams', '{"check_interval":2,"check_offset":1,"check_weekday":null,"check_dayofmonth":null}', 0); +insert into config (config_key, config_value, config_user) VALUES ('recRefreshStartup', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('recRefreshDaily', 'False', 0); insert into config (config_key, config_value, config_user) VALUES ('messageViewTime', '7', 0); insert into config (config_key, config_value, config_user) VALUES ('dailyCheckStartAt', '00:00:00', 0); insert into config (config_key, config_value, config_user) VALUES ('autoDiscoverStartAt', '00:00:00', 0); @@ -41,6 +56,7 @@ insert into config (config_key, config_value, config_user) VALUES ('reqRulModSta insert into config (config_key, config_value, config_user) VALUES ('reqGrpCreStateMatrix', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqGrpModStateMatrix', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqGrpDelStateMatrix', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); +insert into config (config_key, config_value, config_user) VALUES ('reqNewIntStateMatrix', '{"config_value":{"request":{"matrix":{"0":[0,49,620]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":49,"active":true},"approval":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"planning":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"verification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"implementation":{"matrix":{"205":[205,249],"49":[210],"210":[610,210,249]},"derived_states":{"205":205,"49":49,"210":210},"lowest_input_state":49,"lowest_start_state":205,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[249,205,299]},"derived_states":{"249":249},"lowest_input_state":249,"lowest_start_state":249,"lowest_end_state":299,"active":true},"recertification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqMasterStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqGenStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqAccStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); @@ -49,12 +65,51 @@ insert into config (config_key, config_value, config_user) VALUES ('reqRulModSta insert into config (config_key, config_value, config_user) VALUES ('reqGrpCreStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqGrpModStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); insert into config (config_key, config_value, config_user) VALUES ('reqGrpDelStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620],"49":[49,620],"620":[620]},"derived_states":{"0":0,"49":49,"620":620},"lowest_input_state":0,"lowest_start_state":49,"lowest_end_state":49,"active":true},"approval":{"matrix":{"49":[60],"60":[60,99,610],"99":[99],"610":[610]},"derived_states":{"49":49,"60":60,"99":99,"610":610},"lowest_input_state":49,"lowest_start_state":60,"lowest_end_state":99,"active":true},"planning":{"matrix":{"99":[110],"110":[110,120,130,149],"120":[120,110,130,149],"130":[130,110,120,149,610],"149":[149],"610":[610]},"derived_states":{"99":99,"110":110,"120":110,"130":110,"149":149,"610":610},"lowest_input_state":99,"lowest_start_state":110,"lowest_end_state":149,"active":false},"verification":{"matrix":{"149":[160],"160":[160,199,610],"199":[199],"610":[610]},"derived_states":{"149":149,"160":160,"199":199,"610":610},"lowest_input_state":149,"lowest_start_state":160,"lowest_end_state":199,"active":false},"implementation":{"matrix":{"99":[210],"210":[210,220,249],"220":[220,210,249,610],"249":[249],"610":[610]},"derived_states":{"99":99,"210":210,"220":210,"249":249,"610":610},"lowest_input_state":99,"lowest_start_state":210,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[260],"260":[260,270,299],"270":[210,270,260,299,610],"299":[299],"610":[610]},"derived_states":{"249":249,"260":260,"270":260,"299":299,"610":610},"lowest_input_state":249,"lowest_start_state":260,"lowest_end_state":299,"active":false},"recertification":{"matrix":{"299":[310],"310":[310,349,400],"349":[349],"400":[400]},"derived_states":{"299":299,"310":310,"349":349,"400":400},"lowest_input_state":299,"lowest_start_state":310,"lowest_end_state":349,"active":false}}}', 0); -insert into config (config_key, config_value, config_user) VALUES ('reqAvailableTaskTypes', '[0,1,2]', 0); +insert into config (config_key, config_value, config_user) VALUES ('reqNewIntStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":49,"active":true},"approval":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"planning":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"verification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"implementation":{"matrix":{"205":[205,249],"49":[210],"210":[610,210,249]},"derived_states":{"205":205,"49":49,"210":210},"lowest_input_state":49,"lowest_start_state":205,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[249,205,299]},"derived_states":{"249":249},"lowest_input_state":249,"lowest_start_state":249,"lowest_end_state":299,"active":true},"recertification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false}}}', 0); +insert into config (config_key, config_value, config_user) VALUES ('reqAvailableTaskTypes', '[0,1,2,3]', 0); insert into config (config_key, config_value, config_user) VALUES ('reqPriorities', '[{"numeric_prio":1,"name":"Highest","ticket_deadline":1,"approval_deadline":1},{"numeric_prio":2,"name":"High","ticket_deadline":3,"approval_deadline":2},{"numeric_prio":3,"name":"Medium","ticket_deadline":7,"approval_deadline":3},{"numeric_prio":4,"name":"Low","ticket_deadline":14,"approval_deadline":7},{"numeric_prio":5,"name":"Lowest","ticket_deadline":30,"approval_deadline":14}]', 0); insert into config (config_key, config_value, config_user) VALUES ('reqAutoCreateImplTasks', 'enterInReqTask', 0); +insert into config (config_key, config_value, config_user) VALUES ('reqOwnerBased', 'False', 0); insert into config (config_key, config_value, config_user) VALUES ('reqAllowObjectSearch', 'False', 0); insert into config (config_key, config_value, config_user) VALUES ('reqAllowManualOwnerAdmin', 'False', 0); insert into config (config_key, config_value, config_user) VALUES ('reqActivatePathAnalysis', 'True', 0); +insert into config (config_key, config_value, config_user) VALUES ('reqShowCompliance', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('unusedTolerance', '400', 0); +insert into config (config_key, config_value, config_user) VALUES ('creationTolerance', '90', 0); +insert into config (config_key, config_value, config_user) VALUES ('ruleOwnershipMode', 'mixed', 0); +insert into config (config_key, config_value, config_user) VALUES ('allowServerInConn', 'True', 0); +insert into config (config_key, config_value, config_user) VALUES ('allowServiceInConn', 'True', 0); +insert into config (config_key, config_value, config_user) VALUES ('importAppDataStartAt', '00:00:00', 0); +insert into config (config_key, config_value, config_user) VALUES ('importAppDataSleepTime', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataStartAt', '00:00:00', 0); +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataSleepTime', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('importAppDataPath', '[]', 0); +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataPath', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"useAppPart":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0); +insert into config (config_key, config_value, config_user) VALUES ('modCommonAreas', '[]', 0); +insert into config (config_key, config_value, config_user) VALUES ('ModAppServerTypes', '[{"Id":0,"Name":"Default"}]', 0); +insert into config (config_key, config_value, config_user) VALUES ('modReqInterfaceName', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modReqEmailSubject', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modReqEmailBody', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modReqTicketTitle', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modReqTaskTitle', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0); +insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0); +insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailServerAddress', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailPort', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailTls', 'None', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailUser', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailPassword', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('emailSenderAddress', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyRecipients', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySubject', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyBody', '', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyActive', 'False', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyType', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySleepTime', '0', 0); +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyStartAt', '00:00:00', 0); + INSERT INTO "report_format" ("report_format_name") VALUES ('json'); INSERT INTO "report_format" ("report_format_name") VALUES ('pdf'); @@ -138,6 +193,43 @@ INSERT INTO "report_template" ("report_filter","report_template_name","report_te "end_time": "2022-01-01T00:00:00.0000000+01:00", "open_start": false, "open_end": false}}'); +INSERT INTO "report_template" ("report_filter","report_template_name","report_template_comment","report_template_owner", "report_parameters") + VALUES ('','Last year''s Unused Rules','T0106', 0, + '{"report_type":10,"device_filter":{"management":[]}, + "time_filter": { + "is_shortcut": true, + "shortcut": "now", + "report_time": "2022-01-01T00:00:00.0000000+01:00", + "timerange_type": "SHORTCUT", + "shortcut_range": "this year", + "offset": 0, + "interval": "DAYS", + "start_time": "2022-01-01T00:00:00.0000000+01:00", + "end_time": "2022-01-01T00:00:00.0000000+01:00", + "open_start": false, + "open_end": false}, + "unused_filter": { + "creationTolerance": 0, + "unusedForDays": 365}}'); +INSERT INTO "report_template" ("report_filter","report_template_name","report_template_comment","report_template_owner", "report_parameters") + VALUES ('','Next Month''s Recertifications','T0107', 0, + '{"report_type":7,"device_filter":{"management":[]}, + "time_filter": { + "is_shortcut": true, + "shortcut": "now", + "report_time": "2022-01-01T00:00:00.0000000+01:00", + "timerange_type": "SHORTCUT", + "shortcut_range": "this year", + "offset": 0, + "interval": "DAYS", + "start_time": "2022-01-01T00:00:00.0000000+01:00", + "end_time": "2022-01-01T00:00:00.0000000+01:00", + "open_start": false, + "open_end": false}, + "recert_filter": { + "recertOwnerList": [], + "recertShowAnyMatch": true, + "recertificationDisplayPeriod": 30}}'); insert into parent_rule_type (id, name) VALUES (1, 'section'); -- do not restart numbering insert into parent_rule_type (id, name) VALUES (2, 'guarded-layer'); -- restart numbering, rule restrictions are ANDed to all rules below it, layer is not entered if guard does not apply @@ -172,6 +264,7 @@ insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (15,'voip_gk'); insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (16,'gsn_handover_group'); insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (17,'voip_sip'); insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (18,'simple-gateway'); +insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (19,'external-gateway'); insert into stm_action (action_id,action_name) VALUES (1,'accept'); -- cp, fortinet insert into stm_action (action_id,action_name) VALUES (2,'drop'); -- cp @@ -202,6 +295,7 @@ insert into stm_action (action_id,action_name) VALUES (25,'NAT dst, svc') ON CON insert into stm_action (action_id,action_name) VALUES (26,'NAT svc') ON CONFLICT DO NOTHING; -- port nat insert into stm_action (action_id,action_name) VALUES (27,'NAT src, svc') ON CONFLICT DO NOTHING; -- source ip nat plus port nat insert into stm_action (action_id,action_name) VALUES (28,'NAT') ON CONFLICT DO NOTHING; -- generic NAT +insert into stm_action (action_id,action_name) VALUES (29,'inform'); -- cp insert into stm_track (track_id,track_name) VALUES (1,'log'); insert into stm_track (track_id,track_name) VALUES (2,'none'); @@ -270,6 +364,15 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac VALUES (22,'Palo Alto Panorama','2023ff','Palo Alto','',true,true,false) ON CONFLICT DO NOTHING; insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) VALUES (23,'Palo Alto Management','2023ff','Palo Alto','',false,true,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (24,'FortiOS Management','REST','Fortinet','',false,true,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (25,'Fortinet FortiOS Gateway','REST','Fortinet','',false,false,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (26,'NSX','REST','VMWare','',false,true,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (27,'NSX DFW Gateway','REST','VMWare','',false,false,false) ON CONFLICT DO NOTHING; + update stm_dev_typ set dev_typ_predef_svc= 'ANY;0;0;65535;1;other;simple @@ -465,6 +568,7 @@ insert into request.state (id,name) VALUES (160,'Plan In Verification'); insert into request.state (id,name) VALUES (199,'Plan Verified'); insert into request.state (id,name) VALUES (200,'To Implement'); +insert into request.state (id,name) VALUES (205,'Rework'); insert into request.state (id,name) VALUES (210,'In Implementation'); insert into request.state (id,name) VALUES (220,'Implementation Trouble'); insert into request.state (id,name) VALUES (249,'Implemented'); @@ -484,3 +588,7 @@ insert into request.state (id,name) VALUES (500,'InProgress'); insert into request.state (id,name) VALUES (600,'Done'); insert into request.state (id,name) VALUES (610,'Rejected'); insert into request.state (id,name) VALUES (620,'Discarded'); + +INSERT INTO owner (id, name, dn, group_dn, is_default, recert_interval, app_id_external) +VALUES (0, 'super-owner', 'uid=admin,ou=tenant0,ou=operator,ou=user,dc=fworch,dc=internal', 'group-dn-for-super-owner', true, 365, 'NONE') +ON CONFLICT DO NOTHING; diff --git a/roles/database/files/sql/idempotent/fworch-api-funcs.sql b/roles/database/files/sql/idempotent/fworch-api-funcs.sql index 5f6de591c..b04213500 100644 --- a/roles/database/files/sql/idempotent/fworch-api-funcs.sql +++ b/roles/database/files/sql/idempotent/fworch-api-funcs.sql @@ -3,9 +3,7 @@ CREATE OR REPLACE FUNCTION public.get_visible_devices_per_tenant(integer) RETURNS SETOF device_type LANGUAGE 'plpgsql' - COST 100 STABLE - ROWS 1000 AS $BODY$ DECLARE i_tenant_id ALIAS FOR $1; @@ -20,10 +18,20 @@ BEGIN RETURN NEXT ROW (i_dev_id, v_dev_name); END LOOP; ELSE - FOR i_dev_id, v_dev_name IN SELECT device_id, dev_name FROM tenant JOIN tenant_to_device USING (tenant_id) LEFT JOIN device ON (tenant_to_device.device_id=device.dev_id) WHERE tenant.tenant_id=i_tenant_id + FOR i_dev_id, v_dev_name IN + SELECT device_id, dev_name FROM tenant + RIGHT JOIN tenant_to_device USING (tenant_id) + LEFT JOIN device ON (tenant_to_device.device_id=device.dev_id) + WHERE tenant.tenant_id=i_tenant_id + UNION + SELECT dev_id, dev_name FROM tenant + RIGHT JOIN tenant_to_management USING (tenant_id) + LEFT JOIN device ON (NOT tenant_to_management.shared AND tenant_to_management.management_id=device.mgm_id) + WHERE tenant.tenant_id=i_tenant_id and dev_id is not null LOOP RETURN NEXT ROW (i_dev_id, v_dev_name); END LOOP; + -- also add devices that belong to unfiltered managements END IF; RETURN; END; @@ -32,16 +40,13 @@ $BODY$; CREATE OR REPLACE FUNCTION public.get_visible_managements_per_tenant(integer) RETURNS SETOF device_type LANGUAGE 'plpgsql' - COST 100 STABLE - ROWS 1000 AS $BODY$ DECLARE i_tenant_id ALIAS FOR $1; i_mgm_id integer; v_mgm_name VARCHAR; b_can_view_all_devices boolean; - i_dev_id integer; BEGIN SELECT INTO b_can_view_all_devices tenant_can_view_all_devices FROM tenant WHERE tenant_id=i_tenant_id; IF b_can_view_all_devices THEN @@ -50,8 +55,11 @@ BEGIN RETURN NEXT ROW (i_mgm_id, v_mgm_name); END LOOP; ELSE - -- return all managements belonging to devices the tenant can view - derive it from get_visible_devices_per_tenant: - FOR i_mgm_id, v_mgm_name IN SELECT DISTINCT mgm_id, mgm_name FROM management WHERE mgm_id IN (SELECT mgm_id FROM device WHERE dev_id IN (SELECT id FROM get_visible_devices_per_tenant(i_tenant_id))) + FOR i_mgm_id, v_mgm_name IN + SELECT mgm_id, mgm_name FROM tenant + RIGHT JOIN tenant_to_management USING (tenant_id) + LEFT JOIN management ON (management_id=mgm_id) + WHERE tenant.tenant_id=i_tenant_id and mgm_id is not null LOOP RETURN NEXT ROW (i_mgm_id, v_mgm_name); END LOOP; @@ -94,4 +102,482 @@ AS $function$ WHERE r.mgm_id = management_row.mgm_id AND rule_id = any (rule_ids) AND r.created <= import_id AND (r.removed IS NULL OR r.removed >= import_id) GROUP BY u.user_id ORDER BY MAX(user_name), u.user_id -$function$; \ No newline at end of file +$function$; + + +CREATE OR REPLACE FUNCTION ip_ranges_overlap(ip1_start cidr, ip1_end cidr, ip2_start cidr, ip2_end cidr, inverted boolean DEFAULT FALSE) + RETURNS boolean AS $$ + BEGIN + IF ip1_start IS NULL OR ip1_end IS NULL OR ip2_start IS NULL OR ip2_end IS NULL THEN + RETURN FALSE; + END IF; + + IF inverted THEN -- []: cidr1 ~> invert (): cidr2 + IF ip1_start <= ip2_start AND ip2_end <= ip1_end THEN --[-*(--)-*]-- ~> --]-*(--)-*[-- + RETURN FALSE; + ELSE + RETURN TRUE; + END IF; + END IF; + + RETURN ip1_start <= ip2_end AND ip2_start <= ip1_end; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + +CREATE OR REPLACE FUNCTION has_relevant_change(cl_rule changelog_rule, tenant integer) +RETURNS boolean AS $$ + DECLARE show boolean DEFAULT false; + + BEGIN + IF tenant IS NULL THEN + RAISE EXCEPTION 'Given tenant is NULL'; + ELSIF tenant = 1 THEN + show := true; + ELSE + IF EXISTS ( + SELECT diff.obj_id, diff.negated FROM ( -- set of difference between rule_from of old and new rule + SELECT obj_id, negated FROM rule_from WHERE rule_id = cl_rule.old_rule_id EXCEPT SELECT obj_id, negated FROM rule_from WHERE rule_id = cl_rule.new_rule_id + UNION + (SELECT obj_id, negated FROM rule_from WHERE rule_id = cl_rule.new_rule_id EXCEPT SELECT obj_id, negated FROM rule_from WHERE rule_id = cl_rule.old_rule_id) + ) AS diff + JOIN objgrp_flat ON (obj_id=objgrp_flat_id) + JOIN object ON (objgrp_flat_member_id=object.obj_id) + JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, diff.negated)) + WHERE tenant_id = tenant + ) THEN + show := true; + END IF; + + IF EXISTS ( + SELECT diff.obj_id, diff.negated FROM ( -- set of difference between rule_to of old and new rule + SELECT obj_id, negated FROM rule_to WHERE rule_id = cl_rule.old_rule_id EXCEPT SELECT obj_id, negated FROM rule_to WHERE rule_id = cl_rule.new_rule_id + UNION + (SELECT obj_id, negated FROM rule_to WHERE rule_id = cl_rule.new_rule_id EXCEPT SELECT obj_id, negated FROM rule_to WHERE rule_id = cl_rule.old_rule_id) + ) AS diff + JOIN objgrp_flat ON (obj_id=objgrp_flat_id) + JOIN object ON (objgrp_flat_member_id=object.obj_id) + JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, diff.negated)) + WHERE tenant_id = tenant + ) THEN + show := true; + END IF; + + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + +CREATE OR REPLACE FUNCTION cl_rule_relevant_for_tenant(cl_rule changelog_rule, hasura_session json) +RETURNS boolean AS $$ + DECLARE t_id integer; + show boolean DEFAULT false; + + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id = 1 THEN + show := true; + ELSE + show := has_relevant_change(cl_rule, t_id); + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + + +CREATE OR REPLACE FUNCTION rule_from_relevant_for_tenant(rule_from rule_from, hasura_session json) +RETURNS boolean AS $$ + DECLARE + t_id integer; + show boolean DEFAULT false; + rule_to_obj RECORD; + i_dev_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + SELECT INTO i_dev_id dev_id FROM rule_from LEFT JOIN rule USING (rule_id); + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id = 1 THEN + show := true; + ELSE + IF rulebase_fully_visible_to_tenant(i_dev_id, t_id) THEN + show := true; + ELSE + IF EXISTS ( -- ip of rule_from object is in tenant_network of tenant + SELECT rf.obj_id FROM rule_from rf + LEFT JOIN rule r ON (rf.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE rule_from_id = rule_from.rule_from_id AND tenant_id = t_id + ) THEN + show := true; + ELSE -- check if all rule_from objects visible since relevant rule_to exists + FOR rule_to_obj IN + SELECT rt.*, tenant_network.tenant_id + FROM rule_to rt + LEFT JOIN rule r ON (rt.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE rt.rule_id = rule_from.rule_id + LOOP + IF rule_to_obj.tenant_id = t_id THEN + show := true; + EXIT; + END IF; + END LOOP; + END IF; + END IF; + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + + +CREATE OR REPLACE FUNCTION rule_to_relevant_for_tenant(rule_to rule_to, hasura_session json) +RETURNS boolean AS $$ + DECLARE + t_id integer; + show boolean DEFAULT false; + rule_from_obj RECORD; + i_dev_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + SELECT INTO i_dev_id dev_id FROM rule_to LEFT JOIN rule USING (rule_id); + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id = 1 THEN + show := true; + ELSE + IF rulebase_fully_visible_to_tenant(i_dev_id, t_id) THEN + show := true; + ELSE + IF EXISTS ( -- ip of rule_to object is in tenant_network of tenant + SELECT rt.obj_id FROM rule_to rt + LEFT JOIN rule r ON (rt.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE rule_to_id = rule_to.rule_to_id AND tenant_id = t_id + ) THEN + show := true; + ELSE -- check if all rule_to objects visible since relevant rule_from exists + FOR rule_from_obj IN + SELECT rf.*, tenant_network.tenant_id + FROM rule_from rf + LEFT JOIN rule r ON (rf.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE rf.rule_id = rule_to.rule_id + LOOP + IF rule_from_obj.tenant_id = t_id THEN + show := true; + EXIT; + END IF; + END LOOP; + END IF; + END IF; + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_changelog_rules_for_tenant(device_row device, tenant integer, hasura_session json) +RETURNS SETOF changelog_rule AS $$ + DECLARE t_id integer; + + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; + -- ELSIF t_id != 1 THEN + -- RAISE EXCEPTION 'Tenant id in hasura session is not 1 (admin). Tenant simulation not allowed.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant 1 (admin) cannot be simulated.'; + ELSE + RETURN QUERY + SELECT cl_rule.* FROM changelog_rule cl_rule + WHERE cl_rule.dev_id = device_row.dev_id AND has_relevant_change(cl_rule, tenant) = true; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_objects_for_tenant(management_row management, tenant integer, hasura_session json) +RETURNS SETOF object AS $$ + DECLARE t_id integer; + + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + -- ELSIF t_id != 1 THEN + -- RAISE EXCEPTION 'Tenant id in hasura session is not 1 (admin). Tenant simulation not allowed.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant 1 (admin) cannot be simulated.'; + ELSE + RETURN QUERY + SELECT o.* FROM ( + SELECT o.* FROM object o + LEFT JOIN rule_from rf ON (o.obj_id=rf.obj_id) + LEFT JOIN rule r ON (rf.rule_id=r.rule_id) + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat rt_of ON (rt.obj_id=rt_of.objgrp_flat_id) + LEFT JOIN object rt_o ON (rt_of.objgrp_flat_member_id=rt_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(o.obj_ip, o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg) + OR ip_ranges_overlap(rt_o.obj_ip, rt_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE o.mgm_id = management_row.mgm_id AND tenant_id = tenant AND r.rule_head_text is NULL + UNION + SELECT o.* FROM object o + LEFT JOIN rule_to rt ON (o.obj_id=rt.obj_id) + LEFT JOIN rule r ON (rt.rule_id=r.rule_id) + LEFT JOIN rule_from rf ON (r.rule_id=rf.rule_id) + LEFT JOIN objgrp_flat rf_of ON (rf.obj_id=rf_of.objgrp_flat_id) + LEFT JOIN object rf_o ON (rf_of.objgrp_flat_member_id=rf_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(o.obj_ip, o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg) + OR ip_ranges_overlap(rf_o.obj_ip, rf_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE o.mgm_id = management_row.mgm_id AND tenant_id = tenant AND r.rule_head_text is NULL + ) AS o + ORDER BY obj_name; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + +------------------------------------------------------------------------------------------------------------------------ +-- rule_relevant complexity: O(rf + rt) +-- rule_from_relevant complexity: O(rt) +-- rule_to_relevant complexity: O(rf) +-- total for single rule: O(rf + rt + 2*rf*rt) +-- theoretical min needed complexity: O(2(rf+rt)) +-- obj_relevant complexity: O(r * rf * rt) +-- with material view: all O(1) but additional O(ten * r * (rf + rt)) for each import / tenant change + +CREATE OR REPLACE FUNCTION rulebase_fully_visible_to_tenant(i_dev_id INTEGER, i_tenant_id INTEGER) + RETURNS boolean AS $$ + DECLARE + i_mgm_id INTEGER; + i_temp_id INTEGER; + b_mgm_is_unfiltered boolean := FALSE; + b_dev_is_unfiltered boolean := FALSE; + BEGIN + SELECT INTO i_mgm_id + mgm_id + FROM device LEFT JOIN management USING (mgm_id) + WHERE dev_id=i_dev_id; + + SELECT INTO i_temp_id + management_id + FROM tenant_to_management + WHERE management_id=i_mgm_id AND tenant_id=i_tenant_id AND NOT shared; + + IF FOUND THEN + b_mgm_is_unfiltered := TRUE; + END IF; + + SELECT INTO i_temp_id + device_id + FROM tenant_to_device + WHERE device_id=i_dev_id AND tenant_id=i_tenant_id AND NOT shared; + + IF FOUND THEN + b_dev_is_unfiltered := TRUE; + END IF; + + RETURN b_mgm_is_unfiltered OR b_dev_is_unfiltered; + + END; +$$ LANGUAGE 'plpgsql' STABLE; + + +CREATE OR REPLACE FUNCTION rule_relevant_for_tenant(rule rule, hasura_session json) +RETURNS boolean AS $$ + DECLARE + t_id integer; + show boolean DEFAULT false; + mgm_unfiltered_tenant_id integer; + gw_unfiltered_tenant_id integer; + + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id = 1 THEN + show := true; + ELSE + IF rulebase_fully_visible_to_tenant(rule.dev_id, t_id) THEN + show := true; + ELSE + IF EXISTS ( + SELECT rf.obj_id FROM rule_from rf + LEFT JOIN rule r ON (rf.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE rf.rule_id = rule.rule_id AND tenant_id = t_id + ) THEN + show := true; + ELSIF EXISTS ( + SELECT rt.obj_id FROM rule_to rt + LEFT JOIN rule r ON (rt.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE rt.rule_id = rule.rule_id AND tenant_id = t_id + ) THEN + show := true; + END IF; + END IF; + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_rules_for_tenant(device_row device, tenant integer, hasura_session json) +RETURNS SETOF rule AS $$ + DECLARE + t_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; +-- SELECT INTO i_dev_id dev_id FROM device; + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + IF rulebase_fully_visible_to_tenant(device_row.dev_id, tenant) + THEN + RETURN QUERY SELECT * FROM rule WHERE dev_id=device_row.dev_id; + ELSE + RETURN QUERY + SELECT r.* FROM rule r + LEFT JOIN rule_from rf ON (r.rule_id=rf.rule_id) + LEFT JOIN objgrp_flat rf_of ON (rf.obj_id=rf_of.objgrp_flat_id) + LEFT JOIN object rf_o ON (rf_of.objgrp_flat_member_id=rf_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(rf_o.obj_ip, rf_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE r.dev_id = device_row.dev_id AND tenant_id = tenant AND rule_head_text IS NULL + UNION + SELECT r.* FROM rule r + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat rt_of ON (rt.obj_id=rt_of.objgrp_flat_id) + LEFT JOIN object rt_o ON (rt_of.objgrp_flat_member_id=rt_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(rt_o.obj_ip, rt_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE r.dev_id = device_row.dev_id AND tenant_id = tenant AND rule_head_text IS NULL + ORDER BY rule_name; + END IF; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_rule_froms_for_tenant(rule rule, tenant integer, hasura_session json) +RETURNS SETOF rule_from AS $$ + DECLARE + t_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + IF rulebase_fully_visible_to_tenant(rule.dev_id, tenant) + THEN + RETURN QUERY SELECT rf.* FROM rule_from rf WHERE rule_id = rule.rule_id; + ELSIF EXISTS ( + SELECT rt.obj_id FROM rule_to rt + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != rule.rule_dst_neg)) + WHERE rt.rule_id = rule.rule_id AND tenant_id = tenant + ) THEN + RETURN QUERY + SELECT rf.* FROM rule_from rf WHERE rule_id = rule.rule_id; + ELSE + RETURN QUERY + SELECT DISTINCT rf.* FROM rule_from rf + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != rule.rule_src_neg)) + WHERE rule_id = rule.rule_id AND tenant_id = tenant; + END IF; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION public.get_rule_tos_for_tenant(rule rule, tenant integer, hasura_session json) + RETURNS SETOF rule_to + LANGUAGE plpgsql + STABLE +AS $function$ + DECLARE + t_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + IF rulebase_fully_visible_to_tenant(rule.dev_id, tenant) + THEN + RETURN QUERY SELECT rt.* FROM rule_to rt WHERE rule_id = rule.rule_id; + ELSIF EXISTS ( + SELECT rf.obj_id FROM rule_from rf + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != rule.rule_src_neg)) + WHERE rf.rule_id = rule.rule_id AND tenant_id = tenant + ) THEN + RETURN QUERY + SELECT rt.* FROM rule_to rt WHERE rule_id = rule.rule_id; + ELSE + RETURN QUERY + SELECT DISTINCT rt.* FROM rule_to rt + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != rule.rule_dst_neg)) + WHERE rule_id = rule.rule_id AND tenant_id = tenant; + END IF; + END IF; + END; +$function$ diff --git a/roles/database/files/sql/idempotent/fworch-basic-procs.sql b/roles/database/files/sql/idempotent/fworch-basic-procs.sql index 14408209a..833a6802e 100644 --- a/roles/database/files/sql/idempotent/fworch-basic-procs.sql +++ b/roles/database/files/sql/idempotent/fworch-basic-procs.sql @@ -36,6 +36,19 @@ END; $$ LANGUAGE plpgsql; +CREATE OR REPLACE FUNCTION are_equal (jsonb, jsonb) + RETURNS boolean + AS $$ +BEGIN + IF (($1 IS NULL AND $2 IS NULL) OR $1 = $2) THEN + RETURN TRUE; + ELSE + RETURN FALSE; + END IF; +END; +$$ +LANGUAGE plpgsql; + CREATE OR REPLACE FUNCTION are_equal (varchar, varchar) RETURNS boolean AS $$ @@ -251,35 +264,6 @@ END; $$ LANGUAGE plpgsql; ----------------------------------------------------- --- FUNCTION: get_dev_typ_id --- Zweck: liefert die dev_typ_id zu einem device-name zurueck --- Parameter: device-name VARCHAR --- RETURNS: INTEGER dev_typ_id des uebergebenen devices --- -CREATE OR REPLACE FUNCTION get_dev_typ_id (varchar) - RETURNS integer - AS $$ -DECLARE - devicename ALIAS FOR $1; - dev RECORD; -BEGIN - SELECT - INTO dev dev_typ_id - FROM - device - WHERE - dev_name = devicename; - IF NOT FOUND THEN - -- TODO: Fehlerbehandlung - PERFORM - error_handling ('ERR_DEV_NOT_FOUND', devicename); - END IF; - RETURN dev.dev_typ_id; -END; -$$ -LANGUAGE plpgsql; - ---------------------------------------------------- -- FUNCTION: error_handling (einmal mit und einmal ohne variablen Anteil) -- Zweck: gibt Fehlermeldung aus @@ -418,155 +402,100 @@ END; $$ LANGUAGE plpgsql; ---------------------------------------------------------------------------------------- --- instr functions that mimic Oracle's counterpart --- Syntax: instr(string1, string2, [n], [m]) where [] denotes optional parameters. --- --- Searches string1 beginning at the nth character for the mth occurrence --- of string2. If n is negative, search backwards. If m is not passed, --- assume 1 (search starts at first character). --- -CREATE OR REPLACE FUNCTION instr (varchar, varchar) - RETURNS integer - AS $$ +CREATE OR REPLACE FUNCTION get_last_change_admin_of_rulebase_change (BIGINT, INTEGER) RETURNS INTEGER AS +$BODY$ DECLARE - pos integer; -BEGIN - pos := instr ($1, $2, 1); - RETURN pos; -END; -$$ -LANGUAGE plpgsql; + i_import_id ALIAS FOR $1; + i_dev_id ALIAS FOR $2; + r_rule RECORD; + i_admin_counter INTEGER; +BEGIN -CREATE OR REPLACE FUNCTION instr (varchar, varchar, integer) - RETURNS integer - AS $$ + SELECT INTO i_admin_counter COUNT(distinct import_admin) FROM changelog_rule + WHERE control_id=i_import_id AND dev_id=i_dev_id AND NOT import_admin IS NULL GROUP BY import_admin; + IF (i_admin_counter=1) THEN + SELECT INTO r_rule import_admin FROM changelog_rule + WHERE control_id=i_import_id AND dev_id=i_dev_id AND NOT import_admin IS NULL GROUP BY import_admin; +-- RAISE NOTICE 'Found last_change_admin %', r_rule.import_admin; + IF FOUND THEN + RETURN r_rule.import_admin; + ELSE + RETURN NULL; + END IF; + ELSE + RETURN NULL; + END IF; +END; +$BODY$ + LANGUAGE 'plpgsql' VOLATILE; + +---------------------------------------------------- +-- FUNCTION: get_last_change_admin_of_obj_delete(import_id, mgm_id) +-- Zweck: liefert den change_admin fuer einen Import zurueck (fuer svc- nwobj u. usr_deletes +-- benoetigt fuer obj / svc / usr _deletes +-- Annahme: ein Admin hat alle Changes an einem Management zu einem Zeitpunkt gemacht +-- wenn nicht, dann wird NULL zurueckgeliefert +-- Parameter1: import id +-- RETURNS: id des change_admins +-- + +-- DROP FUNCTION get_last_change_admin_of_obj_delete (BIGINT); +CREATE OR REPLACE FUNCTION get_last_change_admin_of_obj_delete (BIGINT) RETURNS INTEGER AS +$BODY$ DECLARE - string ALIAS FOR $1; - string_to_search ALIAS FOR $2; - beg_index ALIAS FOR $3; - pos integer NOT NULL DEFAULT 0; - temp_str varchar; - beg integer; - length integer; - ss_length integer; -BEGIN - IF beg_index > 0 THEN - temp_str := substring(string FROM beg_index); - pos := position(string_to_search IN temp_str); - IF pos = 0 THEN - RETURN 0; - ELSE - RETURN pos + beg_index - 1; - END IF; - ELSE - ss_length := char_length(string_to_search); - length := char_length(string); - beg := length + beg_index - ss_length + 2; - WHILE beg > 0 LOOP - temp_str := substring(string FROM beg FOR ss_length); - pos := position(string_to_search IN temp_str); - IF pos > 0 THEN - RETURN beg; - END IF; - beg := beg - 1; - END LOOP; - RETURN 0; - END IF; -END; -$$ -LANGUAGE plpgsql; + i_import_id ALIAS FOR $1; + r_obj RECORD; + i_admin_counter INTEGER; + i_admin_id INTEGER; +BEGIN + i_admin_counter := 0; + FOR r_obj IN + SELECT import_admin FROM changelog_object WHERE control_id=i_import_id AND NOT import_admin IS NULL + UNION + SELECT import_admin FROM changelog_service WHERE control_id=i_import_id AND NOT import_admin IS NULL + UNION + SELECT import_admin FROM changelog_user WHERE control_id=i_import_id AND NOT import_admin IS NULL + LOOP + i_admin_counter := i_admin_counter + 1; + i_admin_id := r_obj.import_admin; + END LOOP; + IF (i_admin_counter=1) THEN + RETURN i_admin_id; + ELSE + RETURN NULL; + END IF; +END; +$BODY$ +LANGUAGE 'plpgsql' VOLATILE; -CREATE OR REPLACE FUNCTION instr (varchar, varchar, integer, integer) - RETURNS integer - AS $$ +---------------------------------------------------- +-- FUNCTION: get_previous_import_id(devid, zeitpunkt) +-- Zweck: liefert zu einem Device + Zeitpunkt die Import ID des vorherigen Imports +-- Parameter1: Device_id (INTEGER) +-- Parameter2: Time (timestamp) +-- RETURNS: ID des vorherigen Imports +-- +CREATE OR REPLACE FUNCTION get_previous_import_id(INTEGER,TIMESTAMP) RETURNS BIGINT AS $$ DECLARE - string ALIAS FOR $1; - string_to_search ALIAS FOR $2; - beg_index ALIAS FOR $3; - occur_index ALIAS FOR $4; - pos integer NOT NULL DEFAULT 0; - occur_number integer NOT NULL DEFAULT 0; - temp_str varchar; - beg integer; - i integer; - length integer; - ss_length integer; + i_device_id ALIAS FOR $1; + t_report_time_in ALIAS FOR $2; + t_report_time TIMESTAMP; + i_mgm_id INTEGER; + i_prev_import_id BIGINT; BEGIN - IF beg_index > 0 THEN - beg := beg_index; - temp_str := substring(string FROM beg_index); - FOR i IN 1..occur_index LOOP - pos := position(string_to_search IN temp_str); - IF i = 1 THEN - beg := beg + pos - 1; - ELSE - beg := beg + pos; - END IF; - temp_str := substring(string FROM beg + 1); - END LOOP; - IF pos = 0 THEN - RETURN 0; - ELSE - RETURN beg; - END IF; - ELSE - ss_length := char_length(string_to_search); - length := char_length(string); - beg := length + beg_index - ss_length + 2; - WHILE beg > 0 LOOP - temp_str := substring(string FROM beg FOR ss_length); - pos := position(string_to_search IN temp_str); - IF pos > 0 THEN - occur_number := occur_number + 1; - IF occur_number = occur_index THEN - RETURN beg; - END IF; - END IF; - beg := beg - 1; - END LOOP; - RETURN 0; - END IF; + IF t_report_time_in IS NULL THEN + t_report_time := now(); + ELSE + t_report_time := t_report_time_in; + END IF; + SELECT INTO i_mgm_id mgm_id FROM device WHERE dev_id=i_device_id; + SELECT INTO i_prev_import_id max(control_id) FROM import_control WHERE mgm_id=i_mgm_id AND + start_time<=t_report_time AND NOT stop_time IS NULL AND successful_import; + IF NOT FOUND THEN + RETURN NULL; + ELSE +-- RAISE NOTICE 'found get_previous_import_id: %', i_prev_import_id; + RETURN i_prev_import_id; + END IF; END; -$$ -LANGUAGE plpgsql; - - --- CREATE OR REPLACE FUNCTION add_data_issue(varchar,int,timestamp,BIGINT,varchar,varchar,varchar,bigint,int,int,varchar,varchar,varchar) RETURNS VOID AS $$ --- DECLARE --- v_source ALIAS FOR $1; --- i_severity ALIAS FOR $2; --- t_timestamp ALIAS FOR $3; --- i_current_import_id ALIAS FOR $4; --- v_obj_name ALIAS FOR $5; --- v_obj_uid ALIAS FOR $6; --- v_rule_uid ALIAS FOR $7; --- i_rule_id ALIAS FOR $8; --- i_mgm_id ALIAS FOR $9; --- i_dev_id ALIAS FOR $10; --- v_obj_type ALIAS FOR $11; --- v_suspected_cause ALIAS FOR $12; --- v_description ALIAS FOR $13; --- v_log_string VARCHAR; --- BEGIN --- INSERT INTO log_data_issue ( --- source, severity, issue_timestamp, import_id, object_name, object_uid, rule_uid, --- rule_id, issue_mgm_id, issue_dev_id, object_type, suspected_cause, description ) --- VALUES ( --- v_source, i_severity, t_timestamp, i_current_import_id, v_obj_name, v_obj_uid, v_rule_uid, --- i_rule_id, i_mgm_id, i_dev_id, v_obj_type, v_suspected_cause, v_description); --- RETURN; --- v_log_string := 'src=' || v_source || ', sev=' || v_severity; --- IF t_timestamp IS NOT NULL THEN --- v_log_string := v_log_string || ', time=' || t_timestamp; --- END IF; --- IF i_current_import_id IS NOT NULL THEN --- v_log_string := v_log_string || ', import_id=' || CAST(i_current_import_id AS VARCHAR); --- END IF; --- IF v_obj_name IS NOT NULL THEN --- v_log_string := v_log_string || ', object_name=' || v_obj_name; --- END IF; --- -- todo: add more issue information --- RAISE INFO '%', v_log_string; -- send the log to syslog as well --- END; --- $$ LANGUAGE plpgsql; +$$ LANGUAGE plpgsql; diff --git a/roles/database/files/sql/idempotent/fworch-encryption.sql b/roles/database/files/sql/idempotent/fworch-encryption.sql new file mode 100644 index 000000000..c7c3fb351 --- /dev/null +++ b/roles/database/files/sql/idempotent/fworch-encryption.sql @@ -0,0 +1,162 @@ +------------------------------------- +-- credentials/secrets encryption +-- the following functions are needed for the upgrade and during installation (to encrypt the ldap passwords in ldap_connection table) +-- for existing installations all encrytion/decryption is done in the UI or in the MW server (for ldap binding) + +CREATE EXTENSION IF NOT EXISTS pgcrypto; + +CREATE OR REPLACE FUNCTION custom_aes_cbc_encrypt_base64(plaintext TEXT, key TEXT) RETURNS TEXT AS $$ +DECLARE + iv BYTEA; + encrypted_text BYTEA; +BEGIN + -- Generate a random IV (Initialization Vector) + iv := gen_random_bytes(16); -- IV size for AES is typically 16 bytes + + -- Perform AES CBC encryption + encrypted_text := encrypt_iv(plaintext::BYTEA, key::BYTEA, iv, 'aes-cbc/pad:pkcs'); + + -- Combine IV and encrypted text and encode them to base64 + RETURN encode(iv || encrypted_text, 'base64'); +END; +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION custom_aes_cbc_decrypt_base64(ciphertext TEXT, key TEXT) RETURNS TEXT AS $$ +DECLARE + iv BYTEA; + encrypted_text BYTEA; + decrypted_text BYTEA; +BEGIN + -- Decode the base64 string into IV and encrypted text + encrypted_text := decode(ciphertext, 'base64'); + + -- Extract IV from the encrypted text + iv := substring(encrypted_text from 1 for 16); + + -- Extract encrypted text without IV + encrypted_text := substring(encrypted_text from 17); + + -- Perform AES CBC decryption + decrypted_text := decrypt_iv(encrypted_text, key::BYTEA, iv, 'aes-cbc/pad:pkcs'); + + -- Return the decrypted text + RETURN convert_from(decrypted_text, 'UTF8'); +END; +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION encryptText (plaintext_in text, key_in text) RETURNS text AS $$ +DECLARE + t_cyphertext TEXT; + t_plaintext TEXT; + t_crypt_algo TEXT := 'cipher-algo=aes256'; + t_coding_algo TEXT := 'base64'; + -- ba_iv bytea; +BEGIN + -- check if plaintext is actually ciphertext + BEGIN + SELECT into t_plaintext custom_aes_cbc_decrypt_base64(plaintext_in, key_in); + -- if we get here without error, the plaintext passed in was actually already encrypted + RETURN plaintext_in; + EXCEPTION WHEN OTHERS THEN + RETURN custom_aes_cbc_encrypt_base64(plaintext_in, key_in); + END; +END; +$$ LANGUAGE plpgsql VOLATILE; + +CREATE OR REPLACE FUNCTION decryptText (cyphertext_in text, key text) RETURNS text AS $$ +DECLARE + t_plaintext TEXT; + t_crypt_algo TEXT := 'cipher-algo=aes-256-cbc/pad:pkcs'; + t_coding_algo TEXT := 'base64'; +BEGIN + BEGIN + SELECT INTO t_plaintext custom_aes_cbc_decrypt_base64(cyphertext_in, key); + RETURN t_plaintext; + EXCEPTION WHEN OTHERS THEN + -- decryption did not work out, so assuming that text was not encrypted + RAISE EXCEPTION 'decryption with the given key failed!'; + END; + +END; +$$ LANGUAGE plpgsql VOLATILE; + +CREATE OR REPLACE FUNCTION encryptPasswords (key text) RETURNS VOID AS $$ +DECLARE + r_cred RECORD; + t_encrypted TEXT; +BEGIN + -- encrypt pwds in import_credential table + FOR r_cred IN + SELECT id, secret FROM import_credential + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.secret, key); + UPDATE import_credential SET secret=t_encrypted WHERE id=r_cred.id; + END LOOP; + + --encrypt pwds in ldap_connection table + FOR r_cred IN + SELECT ldap_search_user_pwd, ldap_write_user_pwd, ldap_connection_id FROM ldap_connection + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_search_user_pwd, key); + UPDATE ldap_connection SET ldap_search_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_write_user_pwd, key); + UPDATE ldap_connection SET ldap_write_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + END LOOP; + + -- encrypt smtp email user pwds in config table + SELECT INTO r_cred config_value FROM config WHERE config_key='emailPassword'; + SELECT INTO t_encrypted * FROM encryptText(r_cred.config_value, key); + UPDATE config SET config_value=t_encrypted WHERE config_key='emailPassword'; + + RETURN; +END; +$$ LANGUAGE plpgsql; + +-- get encryption key from filesystem +CREATE OR REPLACE FUNCTION getMainKey() RETURNS TEXT AS $$ +DECLARE + t_key TEXT; +BEGIN + CREATE TEMPORARY TABLE temp_main_key (key text); + COPY temp_main_key FROM '/etc/fworch/secrets/main_key' CSV DELIMITER ','; + SELECT INTO t_key * FROM temp_main_key; + -- RAISE NOTICE 'main key: "%"', t_key; + DROP TABLE temp_main_key; + RETURN t_key; +END; +$$ LANGUAGE plpgsql; + +-- finally do the encryption in the db tables +SELECT * FROM encryptPasswords (getMainKey()); + +-- function for adding local ldap data with encrypted pwds into ldap_connection +CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords( + serverName TEXT, + port INTEGER, + userSearchPath TEXT, + roleSearchPath TEXT, + groupSearchPath TEXT, + tenantLevel INTEGER, + searchUser TEXT, + searchUserPwd TEXT, + writeUser TEXT, + writeUserPwd TEXT, + ldapType INTEGER +) RETURNS VOID AS $$ +DECLARE + t_key TEXT; + t_encryptedReadPwd TEXT; + t_encryptedWritePwd TEXT; +BEGIN + IF NOT EXISTS (SELECT * FROM ldap_connection WHERE ldap_server = serverName) + THEN + SELECT INTO t_key * FROM getMainKey(); + SELECT INTO t_encryptedReadPwd * FROM encryptText(searchUserPwd, t_key); + SELECT INTO t_encryptedWritePwd * FROM encryptText(writeUserPwd, t_key); + INSERT INTO ldap_connection + (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups, + ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type) + VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType); + END IF; +END; +$$ LANGUAGE plpgsql; diff --git a/roles/database/files/sql/idempotent/fworch-grants.sql b/roles/database/files/sql/idempotent/fworch-grants.sql index 07d48d1b0..bb003757e 100644 --- a/roles/database/files/sql/idempotent/fworch-grants.sql +++ b/roles/database/files/sql/idempotent/fworch-grants.sql @@ -1,15 +1,23 @@ -- settings backup permissions +GRANT USAGE ON SCHEMA public TO dbbackupusers; GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO group "dbbackupusers"; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO group "dbbackupusers"; Grant select on ALL TABLES in SCHEMA public to group dbbackupusers; +ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO group "dbbackupusers"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO group dbbackupusers; +GRANT USAGE ON SCHEMA request TO dbbackupusers; GRANT SELECT ON ALL SEQUENCES IN SCHEMA request TO group "dbbackupusers"; +Grant select on ALL TABLES in SCHEMA request to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA request GRANT SELECT ON SEQUENCES TO group "dbbackupusers"; -Grant select on ALL TABLES in SCHEMA request to group dbbackupusers; ALTER DEFAULT PRIVILEGES IN SCHEMA request GRANT SELECT ON TABLES TO group dbbackupusers; +GRANT USAGE ON SCHEMA compliance TO dbbackupusers; +GRANT SELECT ON ALL SEQUENCES IN SCHEMA compliance TO group "dbbackupusers"; +Grant select on ALL TABLES in SCHEMA compliance to group dbbackupusers; +ALTER DEFAULT PRIVILEGES IN SCHEMA compliance GRANT SELECT ON SEQUENCES TO group "dbbackupusers"; +ALTER DEFAULT PRIVILEGES IN SCHEMA compliance GRANT SELECT ON TABLES TO group dbbackupusers; + -- grants for all (implicit) sequences GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO group "secuadmins"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO group "secuadmins"; @@ -72,6 +80,8 @@ Grant insert on "changelog_rule" to group "configimporters"; Grant insert,update on "rule_nwobj_resolved" to group "configimporters"; Grant insert,update on "rule_svc_resolved" to group "configimporters"; Grant insert,update on "rule_user_resolved" to group "configimporters"; +Grant ALL on "recertification" to group "configimporters"; +Grant ALL on "recertification" to group "fworchadmins"; -- secuadmins: Grant update on "uiuser" to group "secuadmins"; diff --git a/roles/database/files/sql/idempotent/fworch-import-main.sql b/roles/database/files/sql/idempotent/fworch-import-main.sql index fa8771efd..5d25f3e62 100644 --- a/roles/database/files/sql/idempotent/fworch-import-main.sql +++ b/roles/database/files/sql/idempotent/fworch-import-main.sql @@ -140,10 +140,10 @@ BEGIN LOOP SELECT INTO b_do_not_import do_not_import FROM device WHERE dev_id=r_dev.dev_id; IF NOT b_do_not_import THEN -- RAISE NOTICE 'importing %', r_dev.dev_name; - v_err_pos := 'import_rules of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ')'; + v_err_pos := 'import_rules of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ') '; IF (import_rules(r_dev.dev_id, i_current_import_id)) THEN -- returns true if rule order needs to be changed -- currently always returns true as each import needs a rule reordering - v_err_pos := 'import_rules_set_rule_num_numeric of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ')'; + v_err_pos := 'import_rules_set_rule_num_numeric of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ') '; -- in case of any changes - adjust rule_num values in rulebase PERFORM import_rules_set_rule_num_numeric (i_current_import_id,r_dev.dev_id); END IF; @@ -169,6 +169,9 @@ BEGIN IF b_force_initial_import THEN UPDATE management SET force_initial_import=FALSE WHERE mgm_id=i_mgm_id; END IF; -- evtl. gesetztes management.force_initial_import-Flag loeschen v_err_pos := 'import_changelog_sync'; PERFORM import_changelog_sync (i_current_import_id, i_mgm_id); -- Abgleich zwischen import_changelog und changelog_xxx + v_err_pos := 'recert_refresh_per_management'; + -- LargeOwnerChange: comment out the following line + -- PERFORM recert_refresh_per_management (i_mgm_id); EXCEPTION WHEN OTHERS THEN -- read error from import_control and rollback GET STACKED DIAGNOSTICS v_exception_message = MESSAGE_TEXT, @@ -194,8 +197,7 @@ BEGIN RETURN ''; END; $BODY$ - LANGUAGE plpgsql VOLATILE - COST 100; + LANGUAGE plpgsql VOLATILE; ALTER FUNCTION public.import_all_main(BIGINT, BOOLEAN) OWNER TO fworch; @@ -206,15 +208,12 @@ DECLARE v_event ALIAS FOR $1; -- description of the processed time t_import_start ALIAS FOR $2; -- start time of the import BEGIN - RAISE NOTICE '% duration: %s', v_event, CAST(now()- t_import_start AS VARCHAR); --- RAISE NOTICE 'duration of last step: %s', CAST(now()- t_import_start AS VARCHAR); RETURN now(); END; $BODY$ LANGUAGE plpgsql -VOLATILE -COST 100; +STABLE; ---------------------------------------------------- -- FUNCTION: import_global_refhandler_main @@ -251,7 +250,7 @@ BEGIN LOOP SELECT INTO b_do_not_import do_not_import FROM device WHERE dev_id=r_device.dev_id; IF NOT b_do_not_import THEN - v_err_pos := 'import_rule_refhandler_main of device ' || r_device.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ')'; + v_err_pos := 'import_rule_refhandler_main of device ' || r_device.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ') '; PERFORM import_rule_refhandler_main(i_current_import_id, r_device.dev_id); END IF; END LOOP; diff --git a/roles/database/files/sql/idempotent/fworch-import.sql b/roles/database/files/sql/idempotent/fworch-import.sql index ac0e2c7f7..2b62df037 100644 --- a/roles/database/files/sql/idempotent/fworch-import.sql +++ b/roles/database/files/sql/idempotent/fworch-import.sql @@ -137,11 +137,15 @@ DECLARE i_import_id ALIAS FOR $2; -- ID des Imports i_prev_import_id BIGINT; -- temp. Record BEGIN - SELECT INTO i_prev_import_id MAX(control_id) FROM import_control WHERE mgm_id=i_mgm_id AND control_id'; END IF; - -- IF NOT r_request.tenant_name IS NULL THEN - -- v_result := v_result || r_request.tenant_name || ': '; - -- END IF; - -- IF NOT r_request.request_type_name IS NULL THEN - -- v_result := v_result || r_request.request_type_name || '-'; - -- END IF; - -- v_result := v_result || r_request.request_number; - - -- END LOOP; - RETURN v_result; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_last_change_admin_of_rulebase_change(import_id, dev_id) --- Zweck: liefert den change_admin fuer einen Zeitpunkt und ein Device zurueck (fuer rule_deletes --- benoetigt fuer rule_deletes --- Annahme: ein Admin hat alle Rule-Changes an einer Rulebase zu einem Zeitpunkt gemacht --- Parameter1: import id --- Parameter2: device id --- RETURNS: id des change_admins --- - --- DROP FUNCTION get_last_change_admin_of_rulebase_change (BIGINT, INTEGER); -CREATE OR REPLACE FUNCTION get_last_change_admin_of_rulebase_change (BIGINT, INTEGER) RETURNS INTEGER AS -$BODY$ -DECLARE - i_import_id ALIAS FOR $1; - i_dev_id ALIAS FOR $2; - r_rule RECORD; - i_admin_counter INTEGER; -BEGIN - - SELECT INTO i_admin_counter COUNT(distinct import_admin) FROM changelog_rule - WHERE control_id=i_import_id AND dev_id=i_dev_id AND NOT import_admin IS NULL GROUP BY import_admin; - IF (i_admin_counter=1) THEN - SELECT INTO r_rule import_admin FROM changelog_rule - WHERE control_id=i_import_id AND dev_id=i_dev_id AND NOT import_admin IS NULL GROUP BY import_admin; --- RAISE NOTICE 'Found last_change_admin %', r_rule.import_admin; - IF FOUND THEN - RETURN r_rule.import_admin; - ELSE - RETURN NULL; - END IF; - ELSE - RETURN NULL; - END IF; -END; -$BODY$ - LANGUAGE 'plpgsql' VOLATILE; - ----------------------------------------------------- --- FUNCTION: get_last_change_admin_of_obj_delete(import_id, mgm_id) --- Zweck: liefert den change_admin fuer einen Import zurueck (fuer svc- nwobj u. usr_deletes --- benoetigt fuer obj / svc / usr _deletes --- Annahme: ein Admin hat alle Changes an einem Management zu einem Zeitpunkt gemacht --- wenn nicht, dann wird NULL zurueckgeliefert --- Parameter1: import id --- RETURNS: id des change_admins --- - --- DROP FUNCTION get_last_change_admin_of_obj_delete (BIGINT); -CREATE OR REPLACE FUNCTION get_last_change_admin_of_obj_delete (BIGINT) RETURNS INTEGER AS -$BODY$ -DECLARE - i_import_id ALIAS FOR $1; - r_obj RECORD; - i_admin_counter INTEGER; - i_admin_id INTEGER; -BEGIN - i_admin_counter := 0; - FOR r_obj IN - SELECT import_admin FROM changelog_object WHERE control_id=i_import_id AND NOT import_admin IS NULL - UNION - SELECT import_admin FROM changelog_service WHERE control_id=i_import_id AND NOT import_admin IS NULL - UNION - SELECT import_admin FROM changelog_user WHERE control_id=i_import_id AND NOT import_admin IS NULL - LOOP - i_admin_counter := i_admin_counter + 1; - i_admin_id := r_obj.import_admin; - END LOOP; - IF (i_admin_counter=1) THEN - RETURN i_admin_id; - ELSE - RETURN NULL; - END IF; -END; -$BODY$ -LANGUAGE 'plpgsql' VOLATILE; - ----------------------------------------------------- --- FUNCTION: get_mgmt_dev_list(name-of-refcursor) --- Zweck: liefert Cursor mit allen Managements und Devices zurueck (Name u. ID) --- Parameter1: Name des zurueckzuliefernden Pointers --- RETURNS: Cursor mit Tabelle (mgmt_id,mgmt_name,dev_id,dev_name,manufacturer) --- ---DROP FUNCTION get_mgmt_dev_list(REFCURSOR); -CREATE OR REPLACE FUNCTION get_mgmt_dev_list(REFCURSOR) RETURNS REFCURSOR AS $$ -DECLARE -BEGIN - OPEN $1 FOR - SELECT management.mgm_id,management.mgm_name,device.dev_id,device.dev_name,stm_dev_typ.dev_typ_manufacturer - FROM management, device, stm_dev_typ - WHERE management.mgm_id=device.mgm_id AND stm_dev_typ.dev_typ_id=device.dev_typ_id - ORDER BY dev_typ_manufacturer,mgm_name,dev_name; - RETURN $1; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_mgmt_list(name-of-refcursor) --- Zweck: liefert Cursor mit allen Managements zurueck (Name u. ID) --- Parameter1: Name des zurueckzuliefernden Pointers --- RETURNS: Cursor mit Tabelle (mgmt_id,mgmt_name,manufacturer) --- - --- DROP FUNCTION get_mgmt_list(REFCURSOR); -CREATE OR REPLACE FUNCTION get_mgmt_list(REFCURSOR) RETURNS REFCURSOR AS $$ -DECLARE -BEGIN - OPEN $1 FOR - SELECT management.mgm_id,management.mgm_name,stm_dev_typ.dev_typ_manufacturer - FROM management, stm_dev_typ - WHERE management.dev_typ_id=stm_dev_typ.dev_typ_id - ORDER BY dev_typ_manufacturer,mgm_name; - RETURN $1; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_dev_list(name-of-refcursor,mgm_id) --- Zweck: liefert Cursor mit allen Device-Ids der zum Management gehoerigen Devices zurueck (ID) --- Parameter1: Name des zurueckzuliefernden Pointers --- RETURNS: Cursor mit Tabelle (dev_id) --- --- DROP FUNCTION get_dev_list(REFCURSOR,INTEGER); -CREATE OR REPLACE FUNCTION get_dev_list(REFCURSOR,INTEGER) RETURNS REFCURSOR AS $$ -DECLARE - i_mgm_id ALIAS FOR $2; -BEGIN - OPEN $1 FOR - SELECT dev_id - FROM device - WHERE mgm_id=i_mgm_id; - RETURN $1; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_report_typ_list(name-of-refcursor) --- Zweck: liefert Cursor mit allen Reporttypen zurueck (Name u. ID) --- Parameter1: Name des zurueckzuliefernden Pointers --- RETURNS: Cursor mit Tabelle (report_typ_id,report_typ_name) --- --- DROP FUNCTION get_report_typ_list(REFCURSOR); --- CREATE OR REPLACE FUNCTION get_report_typ_list(REFCURSOR) RETURNS REFCURSOR AS $$ --- DECLARE --- r_config RECORD; --- BEGIN --- SELECT INTO r_config * FROM config; --- IF r_config.language='german' THEN --- OPEN $1 FOR --- SELECT report_typ_id, report_typ_name --- FROM stm_report_typ --- ORDER BY report_typ_id; --- -- ORDER BY report_typ_name; --- ELSE --- OPEN $1 FOR --- SELECT report_typ_id, report_typ_name --- FROM stm_report_typ --- ORDER BY report_typ_id; --- -- ORDER BY report_typ_name; --- END IF; --- RETURN $1; --- END; --- $$ LANGUAGE plpgsql; - --- CREATE OR REPLACE FUNCTION get_report_typ_list(REFCURSOR) RETURNS REFCURSOR AS $$ --- DECLARE --- r_config RECORD; --- BEGIN --- SELECT INTO r_config * FROM config; --- OPEN $1 FOR --- SELECT report_typ_id,report_typ_name as report_typ_name --- FROM stm_report_typ --- ORDER BY report_typ_id; --- RETURN $1; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_tenant_list(name-of-refcursor) --- Zweck: liefert Cursor mit allen tenants zurueck (Name u. ID) --- Parameter1: Name des zurueckzuliefernden Pointers --- Parameter2: tenant-Id fuer spaetere Anzeige direkt fuer tenant --- RETURNS: Cursor mit Tabelle (tenant_id,tenant_name) --- -CREATE OR REPLACE FUNCTION get_tenant_list(REFCURSOR) RETURNS REFCURSOR AS $$ -DECLARE -BEGIN - OPEN $1 FOR SELECT tenant_id,tenant_name FROM tenant ORDER BY tenant_name; - RETURN $1; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_exploded_src_of_rule(rule_id) --- Zweck: liefert alle in den Quellen enthalten object IDs zurueck --- Zweck: auch fuer alle Gruppen rekursiv --- Parameter1: rule_id der Regel --- Parameter2: relevante import_id --- RETURNS: alle obj_ids als Tabelle --- -CREATE OR REPLACE FUNCTION get_exploded_src_of_rule(BIGINT) RETURNS SETOF BIGINT AS $$ -DECLARE - i_rule_id ALIAS FOR $1; --- i_import_id ALIAS FOR $2; - r_obj RECORD; - r_obj2 RECORD; -BEGIN - FOR r_obj IN - SELECT obj_id FROM rule_from WHERE rule_id=i_rule_id -- AND rf_create<=i_import_id AND rf_last_seen>=i_import_id - LOOP - FOR r_obj2 IN --- SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id,i_import_id) - SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id) - LOOP - RETURN NEXT r_obj2.obj_id; - END LOOP; - END LOOP; - RETURN; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_exploded_dst_of_rule(rule_id,import_id) --- Zweck: liefert alle in den Zielen enthalten objeckt IDs zurueck --- Zweck: auch fuer alle Gruppen rekursiv --- Parameter1: rule_id der Regel --- Parameter1: relevante import_id --- RETURNS: alle obj_ids als Tabelle --- -CREATE OR REPLACE FUNCTION get_exploded_dst_of_rule(BIGINT) RETURNS SETOF BIGINT AS $$ -DECLARE - i_rule_id ALIAS FOR $1; --- i_import_id ALIAS FOR $2; - r_obj RECORD; - r_obj2 RECORD; -BEGIN - FOR r_obj IN - SELECT obj_id FROM rule_to WHERE rule_id=i_rule_id -- AND rt_create<=i_import_id AND rt_last_seen>=i_import_id - LOOP - FOR r_obj2 IN --- SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id,i_import_id) - SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id) - LOOP - RETURN NEXT r_obj2.obj_id; - END LOOP; - END LOOP; - RETURN; -END; -$$ LANGUAGE plpgsql; --- version ohne import_id ----------------------------------------------------- --- FUNCTION: get_exploded_dst_of_rule(rule_id) --- Zweck: liefert alle in den Zielen enthalten objeckt IDs zurueck --- Zweck: auch fuer alle Gruppen rekursiv --- Parameter1: rule_id der Regel --- RETURNS: alle obj_ids als Tabelle --- -CREATE OR REPLACE FUNCTION get_exploded_dst_of_rule(BIGINT) RETURNS SETOF BIGINT AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - r_obj RECORD; - r_obj2 RECORD; -BEGIN - FOR r_obj IN - SELECT obj_id FROM rule_to WHERE rule_id=i_rule_id -- AND rt_create<=i_import_id AND rt_last_seen>=i_import_id - LOOP - FOR r_obj2 IN --- SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id,i_import_id) - SELECT explode_objgrp AS obj_id FROM explode_objgrp(r_obj.obj_id) - LOOP - RETURN NEXT r_obj2.obj_id; - END LOOP; - END LOOP; - RETURN; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_previous_import_id(devid, zeitpunkt) --- Zweck: liefert zu einem Device + Zeitpunkt die Import ID des vorherigen Imports --- Parameter1: Device_id (INTEGER) --- Parameter2: Time (timestamp) --- RETURNS: ID des vorherigen Imports --- -CREATE OR REPLACE FUNCTION get_previous_import_id(INTEGER,TIMESTAMP) RETURNS BIGINT AS $$ -DECLARE - i_device_id ALIAS FOR $1; - t_report_time_in ALIAS FOR $2; - t_report_time TIMESTAMP; - i_mgm_id INTEGER; - i_prev_import_id BIGINT; -BEGIN - IF t_report_time_in IS NULL THEN - t_report_time := now(); - ELSE - t_report_time := t_report_time_in; - END IF; - SELECT INTO i_mgm_id mgm_id FROM device WHERE dev_id=i_device_id; - SELECT INTO i_prev_import_id max(control_id) FROM import_control WHERE mgm_id=i_mgm_id AND - start_time<=t_report_time AND NOT stop_time IS NULL AND successful_import; - IF NOT FOUND THEN - RETURN NULL; - ELSE --- RAISE NOTICE 'found get_previous_import_id: %', i_prev_import_id; - RETURN i_prev_import_id; - END IF; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_previous_import_ids(time) --- Zweck: liefert zu einem Zeitpunkt die Import ID aller Systeme des vorherigen Imports --- Parameter1: Time (timestamp) --- RETURNS: string mit Import-Ids, eg.: (1, 2, 5, 7) --- -CREATE OR REPLACE FUNCTION get_previous_import_ids(TIMESTAMP) RETURNS VARCHAR AS $$ -DECLARE - t_report_time_in ALIAS FOR $1; - t_report_time TIMESTAMP; - i_mgm_id INTEGER; - r_dev RECORD; - v_id_string VARCHAR; - i_prev_import_id BIGINT; -BEGIN - IF t_report_time_in IS NULL THEN - t_report_time := now(); - ELSE - t_report_time := t_report_time_in; - END IF; - v_id_string := ' ('; - FOR r_dev IN - SELECT dev_id FROM device - LOOP - i_prev_import_id := get_previous_import_id(r_dev.dev_id, t_report_time); - IF NOT i_prev_import_id IS NULL THEN - IF NOT v_id_string=' (' THEN - v_id_string := v_id_string || ', '; - END IF; - v_id_string := v_id_string || CAST(i_prev_import_id AS VARCHAR); - END IF; - END LOOP; - v_id_string := v_id_string || ') '; - RETURN v_id_string; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_next_import_id($devid) --- Zweck: liefert zu einem Device + Zeitpunkt die Import ID des naechst folgenden Imports --- Parameter1: Device_id (INTEGER) --- Parameter2: Time (timestamp) --- RETURNS: ID des naechsten Imports --- -CREATE OR REPLACE FUNCTION get_next_import_id(INTEGER,TIMESTAMP) RETURNS BIGINT AS $$ -DECLARE - i_device_id ALIAS FOR $1; - t_report_time_in ALIAS FOR $2; - t_report_time TIMESTAMP; - i_mgm_id INTEGER; - i_next_import_id BIGINT; -BEGIN - IF t_report_time_in IS NULL THEN - t_report_time := now(); - ELSE - t_report_time := t_report_time_in; - END IF; - SELECT INTO i_mgm_id mgm_id FROM device WHERE dev_id=i_device_id; - SELECT INTO i_next_import_id min(control_id) FROM import_control WHERE mgm_id=i_mgm_id - AND start_time>=t_report_time AND NOT stop_time IS NULL AND successful_import; - RETURN i_next_import_id; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_matching_import_id --- Zweck: liefert zu einem Zeitpunkt die ID des unmittelbar davor --- Zweck: stattgefunden habenden Imports fuer das Device zurueck --- Parameter1: Device_id (INTEGER) --- Parameter2: Zeitpunkt (TIMESTAMP) --- RETURNS: ID des Imports --- -CREATE OR REPLACE FUNCTION get_matching_import_id(INTEGER, TIMESTAMP) RETURNS BIGINT AS $$ -DECLARE - i_device_id ALIAS FOR $1; - t_report_time_in ALIAS FOR $2; - i_import_id BIGINT; - i_mgm_id INTEGER; - t_report_time TIMESTAMP; -BEGIN - IF t_report_time_in IS NULL THEN - t_report_time := now(); - ELSE t_report_time := t_report_time_in; - END IF; - SELECT INTO i_mgm_id mgm_id FROM device WHERE dev_id=i_device_id; - SELECT INTO i_import_id control_id FROM import_control - WHERE mgm_id=i_mgm_id AND start_time<=t_report_time AND NOT stop_time IS NULL AND successful_import -- get only completed imports - ORDER BY control_id desc - LIMIT 1; --- RAISE EXCEPTION 'device_id: %, time: %, import_id: %', i_device_id, t_report_time, i_import_id; - RETURN i_import_id; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: explode_objgrp --- Zweck: liefert alle obj_ids die in der Gruppe (auch rekursiv) enthalten sind, zurueck --- Zweck: wenn keine Gruppe, dann nur das object selbst --- Parameter1: obj_id --- RETURNS: wahr, wenn das Komplement von object zum tenant mit tenant_id gehoert --- -CREATE OR REPLACE FUNCTION explode_objgrp (BIGINT) RETURNS SETOF BIGINT AS $$ -DECLARE - i_obj_id ALIAS FOR $1; - r_obj RECORD; -- zu pruefendes Objekt -BEGIN - IF is_obj_group(i_obj_id) THEN -- keine Gruppe - FOR r_obj IN - SELECT objgrp_flat_member_id FROM object LEFT JOIN objgrp_flat ON objgrp_flat_id=object.obj_id - WHERE object.obj_id=i_obj_id - LOOP - RETURN NEXT r_obj.objgrp_flat_member_id; - END LOOP; - ELSE -- Gruppe - RETURN NEXT i_obj_id; - END IF; - RETURN; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: is_rule_src_negated --- Zweck: liefert TRUE, wenn die Quelle der Regel negiert ist --- Parameter1: rule_id --- RETURNS: BOOLEAN --- -CREATE OR REPLACE FUNCTION is_rule_src_negated (BIGINT) RETURNS BOOLEAN AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - r_rule_src_neg BOOLEAN; -- result -BEGIN - SELECT INTO r_rule_src_neg rule_src_neg FROM rule WHERE rule_id=i_rule_id; - RETURN r_rule_src_neg; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: is_rule_dst_negated --- Zweck: liefert TRUE, wenn das Ziel der Regel negiert ist --- Parameter1: rule_id --- RETURNS: BOOLEAN --- -CREATE OR REPLACE FUNCTION is_rule_dst_negated (BIGINT) RETURNS BOOLEAN AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - r_rule_dst_neg BOOLEAN; -- result -BEGIN - SELECT INTO r_rule_dst_neg rule_dst_neg FROM rule WHERE rule_id=i_rule_id; - RETURN r_rule_dst_neg; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_rule_action --- Zweck: liefert die Aktion der Regel zur Anzeige (als ID und als String) --- Parameter1: rule_id --- RETURNS: action_id und string der Aktion --- -CREATE OR REPLACE FUNCTION get_rule_action (BIGINT) RETURNS RECORD AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - r_rule RECORD; -- record to be returned -BEGIN - SELECT INTO r_rule rule.action_id,action_name FROM rule,stm_action - WHERE rule.action_id=stm_action.action_id AND rule_id=i_rule_id; - RETURN r_rule; -END; -$$ LANGUAGE plpgsql; \ No newline at end of file diff --git a/roles/database/files/sql/idempotent/fworch-report.sql b/roles/database/files/sql/idempotent/fworch-report.sql deleted file mode 100644 index c8d18034c..000000000 --- a/roles/database/files/sql/idempotent/fworch-report.sql +++ /dev/null @@ -1,1095 +0,0 @@ --- $Id: iso-report.sql,v 1.1.2.7 2012-05-28 10:32:56 tim Exp $ --- $Source: /home/cvs/iso/package/install/database/Attic/iso-report.sql,v $ - ----------------------------------------------------- --- Filterfunktionen zum Generieren von Reports ----------------------------------------------------- --- get_tenant_ip_filter(tenant_id) RETURNS VARCHAR --- get_negated_tenant_ip_filter(tenant_id) RETURNS VARCHAR - --- get_obj_ids_of_filtered_ruleset(INTEGER[]) RETURNS SETOF INTEGER - --- get_rule_ids(device_id, zeitpunkt, tenant_id) RETURNS SETOF INTEGER --- get_rule_ids(device_id, zeitpunkt, tenant_id, src_ip, dst_ip, any_ip, proto, port) RETURNS SETOF INTEGER --> for rulesearch - --- rule_src_contains_tenant_obj (rule_id, tenant_id) RETURNS BOOLEAN --- rule_dst_contains_tenant_obj (rule_id, tenant_id) RETURNS BOOLEAN --- obj_belongs_to_tenant (obj_id, tenant_id) RETURNS BOOLEAN --- obj_neg_belongs_to_tenant (obj_id, tenant_id) RETURNS BOOLEAN - --- get_rule_src (rule_id, tenant_id) RETURNS SETOF INTEGER --- get_rule_dst (rule_id, tenant_id) RETURNS SETOF INTEGER - --- get_tenant_relevant_changes(tenant-ID, management-id, device-id, startzeit, stopzeit) --- unterfunktionen von get_tenant_relevant_changes: - -- get_svc_ids_of_tenant(tenant, array_of_rule_ids) RETURNS SETOF INTEGER - -- get_user_ids_of_tenant(tenant, array_of_rule_ids) RETURNS SETOF INTEGER - -- get_obj_ids_of_tenant(tenant, array_of_rule_ids) RETURNS SETOF INTEGER - ----------------------------------------------------- --- FUNCTION: get_tenant_relevant_changes --- Zweck: liefert zu einem tenant alle Changes zurueck, die in fuer ihn relevanten sind --- Parameter1: tenant-ID des zu betrachtenden tenants --- Parameter2: managment-id --- Parameter3: device-id --- Parameter4: startzeit --- Parameter5: stopzeit - --- RETURNS: Menge der relevanten Changes (abs_change_id : set of integer) --- --- CREATE OR REPLACE FUNCTION get_tenant_relevant_changes(INTEGER, INTEGER, INTEGER, TIMESTAMP, TIMESTAMP) RETURNS SETOF BIGINT AS $$ --- DECLARE --- i_tenant_id ALIAS FOR $1; --- i_mgm_id ALIAS FOR $2; --- i_dev_id ALIAS FOR $3; --- t_start ALIAS FOR $4; --- t_end ALIAS FOR $5; --- r_change RECORD; --- v_sql VARCHAR; --- BEGIN --- -- delete content of temp table anf fill it again with all rule_ids of the requested tenant --- DELETE FROM temp_table_for_tenant_filtered_rule_ids; --- INSERT INTO temp_table_for_tenant_filtered_rule_ids SELECT rule_id FROM view_tenant_rules WHERE tenant_id=i_tenant_id; --- v_sql := 'SELECT abs_change_id FROM view_changes_by_changed_element_id WHERE TRUE'; --- -- apply filter criteria if set --- IF NOT i_mgm_id=NULL THEN v_sql := v_sql || ' AND mgm_id=' || i_mgm_id; END IF; --- IF NOT i_dev_id=NULL THEN v_sql := v_sql || ' AND dev_id=' || i_dev_id; END IF; --- IF NOT t_start=NULL THEN v_sql := v_sql || ' AND change_time>=' || t_start; END IF; --- IF NOT t_end=NULL THEN v_sql := v_sql || ' AND change_time<=' || t_end; END IF; --- -- now the various individual change elements --- v_sql := v_sql || ' AND ((change_element=''service'' and element_id in (select * from get_svc_ids_for_tenant())) ' || --- 'OR (change_element=''user'' and element_id in (select * from get_user_ids_for_tenant())) ' || --- 'OR (change_element=''object'' and element_id in (select * from get_obj_ids_for_tenant())) ' || --- 'OR (change_element=''rule'' and element_id in (select * from temp_table_for_tenant_filtered_rule_ids))' || --- ') GROUP BY abs_change_id'; --- FOR r_change IN EXECUTE v_sql --- LOOP --- RETURN NEXT r_change.abs_change_id; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_svc_ids_of_tenant --- Zweck: liefert zu einem tenant alle dienste zurueck, die in fuer ihn relevanten regeln vorkommen --- Annahme: die Menge der Regeln steht in temp_table_for_tenant_filtered_rule_ids --- RETURNS: Menge der Dienst-IDs (svc_id) --- --- CREATE OR REPLACE FUNCTION get_svc_ids_for_tenant() RETURNS SETOF BIGINT AS $$ --- DECLARE --- r_svc RECORD; --- BEGIN --- FOR r_svc IN --- SELECT service.svc_id FROM rule --- LEFT JOIN rule_service USING (rule_id) --- LEFT JOIN svcgrp_flat ON (rule_service.svc_id=svcgrp_flat_id) --- LEFT JOIN service ON (svcgrp_flat_member_id=service.svc_id) --- WHERE rule.rule_id IN (SELECT rule_id FROM temp_table_for_tenant_filtered_rule_ids) --- GROUP BY service.svc_id --- LOOP --- RETURN NEXT r_svc.svc_id; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_user_ids_of_tenant --- Zweck: liefert zu einem tenant alle User zurueck, die in fuer ihn relevanten regeln vorkommen --- Annahme: die Menge der Regeln steht in temp_table_for_tenant_filtered_rule_ids --- RETURNS: Menge der User-IDs (user_id) --- -- --- CREATE OR REPLACE FUNCTION get_user_ids_for_tenant() RETURNS SETOF BIGINT AS $$ --- DECLARE --- r_user RECORD; --- BEGIN --- FOR r_user IN --- SELECT usr.user_id FROM rule --- LEFT JOIN rule_from USING (rule_id) --- LEFT JOIN usergrp_flat ON (rule_user.user_id=usergrp_flat_id) --- LEFT JOIN usr ON (usergrp_flat_member_id=usr.user_id) --- WHERE rule.rule_id IN (SELECT rule_id FROM temp_table_for_tenant_filtered_rule_ids) --- GROUP BY usr.user_id --- LOOP --- RETURN NEXT r_user.user_id; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_obj_ids_of_tenant --- Zweck: liefert zu einem tenant alle NW-Objekte zurueck, die in fuer ihn relevanten regeln vorkommen --- Annahme: die Menge der Regeln steht in temp_table_for_tenant_filtered_rule_ids --- RETURNS: Menge der object-IDs (obj_id) --- --- CREATE OR REPLACE FUNCTION get_obj_ids_for_tenant() RETURNS SETOF BIGINT AS $$ --- DECLARE --- r_obj RECORD; --- BEGIN --- FOR r_obj IN --- SELECT object.obj_id FROM rule --- LEFT JOIN rule_from USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat_id) --- LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) --- WHERE rule.rule_id IN (SELECT rule_id FROM temp_table_for_tenant_filtered_rule_ids) --- UNION --- SELECT object.obj_id FROM rule --- LEFT JOIN rule_to USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat_id) --- LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) --- WHERE rule.rule_id IN (SELECT rule_id FROM temp_table_for_tenant_filtered_rule_ids) --- GROUP BY object.obj_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_tenant_ip_filter --- Zweck: liefert zu einem tenant einen Filter-String --- Parameter1: tenant-ID des zu betrachtenden tenants --- RETURNS: String mit booleschem Ausdruck fuer SQL-Where-Clause --- -CREATE OR REPLACE FUNCTION get_tenant_ip_filter(INTEGER) RETURNS VARCHAR AS $$ -DECLARE - i_tenant_id ALIAS FOR $1; - v_filter VARCHAR; - r_tenant_net RECORD; -BEGIN - IF i_tenant_id IS NULL THEN - RETURN 'TRUE'; - ELSE - v_filter := '('; - FOR r_tenant_net IN - SELECT tenant_net_ip FROM tenant_network WHERE tenant_id=i_tenant_id - LOOP - v_filter := v_filter || ' obj_ip<<=' || E'\'' || - CAST (r_tenant_net.tenant_net_ip AS VARCHAR) || E'\'' || ' OR ' || E'\'' || - CAST (r_tenant_net.tenant_net_ip AS VARCHAR) || E'\'' || '<<=obj_ip OR'; - END LOOP; - v_filter := v_filter || ' FALSE)'; --- RAISE INFO 'tenant-filter: %', v_filter; - RETURN v_filter; - END IF; -END; -$$ LANGUAGE plpgsql; - - ----------------------------------------------------- --- FUNCTION: get_ip_filter --- Zweck: liefert zu einer IP-Adresse einen Filter-String --- Parameter1: IP-Adresse (auch Netzbereich) --- RETURNS: String mit booleschem Ausdruck fuer SQL-Where-Clause --- -CREATE OR REPLACE FUNCTION get_ip_filter(CIDR) RETURNS VARCHAR AS $$ -DECLARE - c_ip_filter ALIAS FOR $1; - v_filter VARCHAR; -BEGIN - IF c_ip_filter IS NULL THEN - RETURN ' TRUE '; - ELSE - v_filter := ' ( obj_ip<<=' || E'\'' || - CAST (c_ip_filter AS VARCHAR) || E'\'' || ' OR ' || E'\'' || - CAST (c_ip_filter AS VARCHAR) || E'\'' || '<<=obj_ip ) '; --- RAISE INFO 'ip-filter: %', v_filter; - RETURN v_filter; - END IF; -END; -$$ LANGUAGE plpgsql; ----------------------------------------------------- --- FUNCTION: get_negated_tenant_ip_filter --- Zweck: liefert zu einem tenant einen Filter-String --- Zweck: fuer ngegierte Regelteile (Quelle oder Ziel) --- Parameter1: tenant-ID des zu betrachtenden tenants --- RETURNS: String mit booleschem Ausdruck fuer SQL-Where-Clause --- -CREATE OR REPLACE FUNCTION get_negated_tenant_ip_filter(INTEGER) RETURNS VARCHAR AS $$ -DECLARE - i_tenant_id ALIAS FOR $1; - v_filter VARCHAR; - r_tenant_net RECORD; -BEGIN - IF i_tenant_id IS NULL THEN - RETURN 'TRUE'; - ELSE - v_filter := '('; - FOR r_tenant_net IN - SELECT tenant_net_ip FROM tenant_network WHERE tenant_id=i_tenant_id - LOOP - v_filter := v_filter || 'NOT(obj_ip<<=' || E'\'' || - CAST (r_tenant_net.tenant_net_ip AS VARCHAR) || E'\'' || ') AND NOT(' || E'\'' || - CAST (r_tenant_net.tenant_net_ip AS VARCHAR) || E'\'' || '<<=obj_ip) AND '; - END LOOP; - v_filter := v_filter || ' TRUE)'; --- RAISE INFO 'tenant-filter: %', v_filter; - RETURN v_filter; - END IF; -END; -$$ LANGUAGE plpgsql; - - ----------------------------------------------------- --- FUNCTION: get_obj_ids_of_filtered_ruleset --- Zweck: liefert Tabelle mit allen Object-IDs zurueck, --- Zweck: die in den Zielen oder Quellen der Regeln vorkommen --- Parameter1: Array mit allen Rule_IDs --- Parameter2: import_id --- Parameter3: tenant-ID des Kunden, fuer den der Report generiert werden soll --- Parameter3: wenn NULL: keine Kunden-Filterung: liefere alle Regeln --- RETURNS: Tabelle mit einer Spalte (obj_id) --- --- CREATE OR REPLACE FUNCTION get_obj_ids_of_filtered_ruleset(BIGINT[], INTEGER, TIMESTAMP) RETURNS SETOF BIGINT AS $$ --- DECLARE --- ar_rule_ids ALIAS FOR $1; --- i_tenant ALIAS FOR $2; --- t_time ALIAS FOR $3; --- r_rule RECORD; --- r_obj RECORD; --- BEGIN --- FOR r_rule IN --- SELECT rule_id FROM rule WHERE rule_id = ANY (ar_rule_ids) --- LOOP --- FOR r_obj IN --- ( --- ( --- -- SELECT get_rule_src AS obj_id FROM get_rule_src(r_rule.rule_id,i_import_id,i_tenant) --- SELECT get_rule_src AS obj_id FROM get_rule_src(r_rule.rule_id,i_tenant,t_time) --- ) --- UNION --- ( --- -- SELECT get_rule_dst AS obj_id FROM get_rule_dst(r_rule.rule_id,i_import_id,i_tenant) --- SELECT get_rule_dst AS obj_id FROM get_rule_dst(r_rule.rule_id,i_tenant,t_time) --- ) --- ) -- GROUP BY obj_id ORDER BY obj_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_obj_ids_of_filtered_ruleset_flat --- Zweck: liefert Tabelle mit allen Object-IDs zurueck, --- Zweck: die in den Zielen oder Quellen der Regeln vorkommen --- Zweck: plus alle Objekte, die in den Gruppen dort stecken --- Parameter1: Array mit allen Rule_IDs --- Parameter2: import_id --- Parameter3: tenant-ID des Kunden, fuer den der Report generiert werden soll --- Parameter3: wenn NULL: keine Kunden-Filterung: liefere alle Regeln --- RETURNS: Tabelle mit einer Spalte (obj_id) --- --- CREATE OR REPLACE FUNCTION get_obj_ids_of_filtered_ruleset_flat(INTEGER[], INTEGER, TIMESTAMP) RETURNS SETOF INTEGER AS $$ --- DECLARE --- ar_rule_ids ALIAS FOR $1; --- i_tenant ALIAS FOR $2; --- t_time ALIAS FOR $3; --- r_rule RECORD; --- r_obj RECORD; --- BEGIN --- FOR r_rule IN --- SELECT rule_id FROM rule WHERE rule_id = ANY (ar_rule_ids) --- LOOP --- FOR r_obj IN --- ( --- SELECT get_rule_src_flat AS obj_id FROM get_rule_src_flat(r_rule.rule_id,i_tenant,t_time) --- UNION --- SELECT get_rule_dst_flat AS obj_id FROM get_rule_dst_flat(r_rule.rule_id,i_tenant,t_time) --- ) --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- END LOOP; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: get_obj_ids_of_filtered_management --- Zweck: liefert Tabelle mit allen Object-IDs des Managements zurueck, --- Zweck: die in den Filterkriterien (tenant und Zeitpunkt) gen�gen --- Parameter1: ID des Managements --- Parameter2: import_id --- Parameter3: tenant-ID des Kunden, fuer den der Report generiert werden soll --- Parameter3: wenn NULL: keine Kunden-Filterung: liefere alle Regeln --- RETURNS: Tabelle mit einer Spalte (obj_id) --- -CREATE OR REPLACE FUNCTION get_obj_ids_of_filtered_management(INTEGER, BIGINT, INTEGER) RETURNS SETOF BIGINT AS $$ -DECLARE - i_mgm_id ALIAS FOR $1; - i_import_id ALIAS FOR $2; - i_tenant ALIAS FOR $3; - r_obj RECORD; - v_sql_code VARCHAR; - v_filter VARCHAR; -BEGIN - IF NOT i_tenant IS NULL THEN - v_filter := get_tenant_ip_filter(i_tenant); - v_sql_code := 'SELECT obj_id FROM object WHERE mgm_id=' || i_mgm_id || ' AND obj_create<=' || i_import_id || - ' AND obj_last_seen>=' || i_import_id || ' AND ' || v_filter; --- RAISE NOTICE 'sql_code: %', v_sql_code; - FOR r_obj IN EXECUTE v_sql_code - LOOP - RETURN NEXT r_obj.obj_id; - END LOOP; - ELSE - FOR r_obj IN - SELECT obj_id FROM object WHERE mgm_id=i_mgm_id AND obj_create<=i_import_id AND obj_last_seen>=i_import_id - LOOP - RETURN NEXT r_obj.obj_id; - END LOOP; - END IF; - RETURN; -END; -$$ LANGUAGE plpgsql; - - --- CREATE OR REPLACE FUNCTION get_rule_ids_no_tenant_filter(int4, "timestamp", cidr, cidr, cidr, int4, int4, VARCHAR) --- RETURNS SETOF int4 AS --- $BODY$ --- DECLARE --- i_device_id ALIAS FOR $1; --- t_in_report_time ALIAS FOR $2; --- -- i_tenant_id ALIAS FOR $3; --- c_ip_src ALIAS FOR $3; --- c_ip_dst ALIAS FOR $4; --- c_ip_anywhere ALIAS FOR $5; --- i_proto ALIAS FOR $6; --- i_port ALIAS FOR $7; --- v_admin_view_filter ALIAS FOR $8; --- i_relevant_import_id BIGINT; -- ID des Imports, direkt vor dem Report-Zeitpunkt --- v_tenant_filter_ip_list VARCHAR; -- Filter-Liste mit allen IP-Bereichen des tenants --- v_tenant_filter_ip_list_negated VARCHAR; -- Filter-Liste mit allen IP-Bereichen des tenants fuer negierte Faelle --- r_rule RECORD; -- temp. Variable fuer Rule-ID --- t_report_time TIMESTAMP; -- Zeitpunkt des Reports (jetzt, wenn t_in_report_time IS NULL) --- v_sql_get_rules_with_tenant_src_ips VARCHAR; -- SQL-Code zum Holen der Rule-IDs mit Quellen im tenant-Bereich --- v_sql_get_rules_with_tenant_dst_ips VARCHAR; -- SQL-Code zum Holen der Rule-IDs mit Zielen im tenant-Bereich --- v_error_str VARCHAR; --- v_dev_filter VARCHAR; -- filter for devices (true for all devices) --- v_import_filter VARCHAR; -- filter for imports --- v_select_statement VARCHAR; --- v_order_statement VARCHAR; --- v_src_ip_filter VARCHAR; -- Filter fuer source ip match --- v_dst_ip_filter VARCHAR; -- Filter fuer destination ip match --- BEGIN --- v_order_statement := ''; --- IF t_in_report_time IS NULL THEN t_report_time := now(); -- no report time given, assuming now() --- ELSE t_report_time := t_in_report_time; END IF; --- -- set filter: a) import filter, b) device filter --- IF i_device_id IS NULL THEN -- ueber alle Devices --- v_import_filter := get_previous_import_ids(t_report_time); --- IF v_import_filter = ' () ' THEN v_import_filter := ' FALSE '; --- ELSE v_import_filter := 'rule_order.control_id IN ' || get_previous_import_ids(t_report_time); END IF; --- v_dev_filter := ' TRUE '; --- ELSE --- i_relevant_import_id := get_previous_import_id(i_device_id, t_report_time); --- IF i_relevant_import_id IS NULL THEN --- v_error_str := 'device_id: ' || CAST(i_device_id AS VARCHAR) || ', time: ' || CAST(t_report_time AS VARCHAR); --- PERFORM error_handling('WARN_NO_IMP_ID_FOUND', v_error_str); --- v_import_filter := ' FALSE '; --- ELSE --- v_import_filter := 'rule_order.control_id = ' || CAST(i_relevant_import_id AS VARCHAR); --- END IF; --- v_dev_filter := 'rule_order.dev_id = ' || CAST(i_device_id AS VARCHAR); --- END IF; --- IF c_ip_src IS NULL THEN v_src_ip_filter := ' TRUE '; --- ELSE v_src_ip_filter := ' (object.obj_ip <<= ' || E'\'' || CAST(c_ip_src AS VARCHAR) || E'\'' || ' OR object.obj_ip >>= ' || E'\'' || CAST(c_ip_src AS VARCHAR) || E'\'' || ') '; END IF; --- IF c_ip_dst IS NULL THEN v_dst_ip_filter := ' TRUE '; --- ELSE v_dst_ip_filter := ' (object.obj_ip <<= ' || E'\'' || CAST(c_ip_dst AS VARCHAR) || E'\'' || ' OR object.obj_ip >>= ' || E'\'' || CAST(c_ip_dst AS VARCHAR) || E'\'' || ') '; END IF; --- v_select_statement := --- ' (SELECT rule_id FROM rule_order LEFT JOIN rule USING (rule_id) LEFT JOIN rule_from USING (rule_id) LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat_member_id) ' || --- ' LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) WHERE ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND ' || v_src_ip_filter || ' AND ' || v_admin_view_filter || ' AND rule.rule_head_text IS NULL AND NOT rule_disabled AND rule_action<>' || --- E'\'' || 'drop' || E'\'' || ' AND rule_action<>' || --- E'\'' || 'reject' || E'\'' || ' AND rule_action<>' || E'\'' || 'deny' || E'\'' || ')' || --- ' INTERSECT ' || --- ' (SELECT rule_id FROM rule_order LEFT JOIN rule USING (rule_id) LEFT JOIN rule_to USING (rule_id) LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat_member_id) ' || --- ' LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) WHERE ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND ' || v_dst_ip_filter || ' AND ' || v_admin_view_filter || ' AND rule.rule_head_text IS NULL AND NOT rule_disabled AND rule_action<>' || --- E'\'' || 'drop' || E'\'' || ' AND rule_action<>' || --- E'\'' || 'reject' || E'\'' || ' AND rule_action<>' || E'\'' || 'deny' || E'\'' --- -- || ' GROUP BY rule_id' --- || ')'; --- FOR r_rule IN EXECUTE v_select_statement --- LOOP --- RETURN NEXT r_rule.rule_id; --- END LOOP; --- RETURN; --- END; --- $BODY$ LANGUAGE plpgsql; ----------------------------------------------------- --- FUNCTION: get_rule_ids --- Zweck: liefert Tabelle mit Regel-IDs zurueck, die den Filterkriterien entsprechen --- Used for: Account (Usage) Report --- Parameter1: Device-ID dessen Regelsatz untersucht wird (erforderlich) --- Parameter2: Zeitpunkt zu dem das Regelwerk angezeigt werden soll --- Parameter2: wenn NULL: Zeitpunkt = jetzt (also hoechste vorhandene Import-ID, des Devices) --- Parameter3: tenant-ID des Kunden, fuer den der Report generiert werden soll --- Parameter3: wenn NULL: keine Kunden-Filterung: liefere alle Regeln --- Parameter4: Filter resultierend aus Einschraenkungen des angemeldeten Benutzers (SQL as Text) --- RETURNS: Tabelle mit einer Spalte (rule_id) - --- CREATE OR REPLACE FUNCTION get_rule_ids(int4, "timestamp", int4, VARCHAR) RETURNS SETOF BIGINT AS --- $BODY$ --- DECLARE --- i_device_id ALIAS FOR $1; --- t_in_report_time ALIAS FOR $2; --- i_tenant_id ALIAS FOR $3; --- v_admin_view_filter ALIAS FOR $4; --- i_relevant_import_id BIGINT; -- ID des Imports, direkt vor dem Report-Zeitpunkt --- v_tenant_filter_ip_list VARCHAR; -- Filter-Liste mit allen IP-Bereichen des tenants --- v_tenant_filter_ip_list_negated VARCHAR; -- Filter-Liste mit allen IP-Bereichen des tenants fuer negierte Faelle --- r_rule RECORD; -- temp. Variable fuer Rule-ID --- t_report_time TIMESTAMP; -- Zeitpunkt des Reports (jetzt, wenn t_in_report_time IS NULL) --- v_sql_get_rules_with_tenant_src_ips VARCHAR; -- SQL-Code zum Holen der Rule-IDs mit Quellen im tenant-Bereich --- v_sql_get_rules_with_tenant_dst_ips VARCHAR; -- SQL-Code zum Holen der Rule-IDs mit Zielen im tenant-Bereich --- v_error_str VARCHAR; --- v_dev_filter VARCHAR; -- filter for devices (true for all devices) --- v_import_filter VARCHAR; -- filter for imports --- v_select_statement VARCHAR; --- v_order_statement VARCHAR; --- BEGIN --- -- RAISE NOTICE 'get_rule_ids parameter device_id: %', i_device_id; --- -- RAISE NOTICE 'get_rule_ids parameter in_report_time: %', t_in_report_time; --- -- v_order_statement := ' ORDER BY dev_id, rule_number '; --- v_order_statement := ''; --- IF t_in_report_time IS NULL THEN -- no report time given, assuming now() --- t_report_time := now(); --- ELSE --- t_report_time := t_in_report_time; --- END IF; --- -- set filter: a) import filter, b) device filter --- IF i_device_id IS NULL THEN -- ueber alle Devices --- v_import_filter := get_previous_import_ids(t_report_time); --- IF v_import_filter = ' () ' THEN --- v_import_filter := ' FALSE '; --- ELSE --- v_import_filter := 'rule_order.control_id IN ' || get_previous_import_ids(t_report_time); --- END IF; --- v_dev_filter := ' TRUE '; --- ELSE --- i_relevant_import_id := get_previous_import_id(i_device_id, t_report_time); --- IF i_relevant_import_id IS NULL THEN --- v_error_str := 'device_id: ' || CAST(i_device_id AS VARCHAR) || ', time: ' || CAST(t_report_time AS VARCHAR); --- PERFORM error_handling('WARN_NO_IMP_ID_FOUND', v_error_str); --- v_import_filter := ' FALSE '; --- ELSE --- v_import_filter := 'rule_order.control_id = ' || CAST(i_relevant_import_id AS VARCHAR); --- END IF; --- v_dev_filter := 'rule_order.dev_id = ' || CAST(i_device_id AS VARCHAR); --- END IF; --- IF i_tenant_id IS NULL THEN -- einfacher Fall ohne tenant-Filter --- v_select_statement := 'SELECT rule_id FROM rule_order INNER JOIN device USING (dev_id) INNER JOIN management USING (mgm_id) WHERE ' || v_import_filter --- || ' AND ' || v_dev_filter || ' AND ' || v_admin_view_filter || v_order_statement; --- ELSE -- tenant-Filter --- v_tenant_filter_ip_list := get_tenant_ip_filter(i_tenant_id); --- v_tenant_filter_ip_list_negated := get_negated_tenant_ip_filter(i_tenant_id); --- v_sql_get_rules_with_tenant_src_ips := --- '(SELECT rule.rule_id FROM rule, rule_order, object,rule_from --- WHERE rule.rule_id = rule_from.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND rule_order.rule_id=rule.rule_id --- AND (((' || v_tenant_filter_ip_list || ') AND NOT rule.rule_src_neg) OR ((' || --- v_tenant_filter_ip_list_negated || ') AND rule.rule_src_neg))' || --- ' AND (rule.rule_id,object.obj_id) IN --- ( --- SELECT rule.rule_id,object.obj_id FROM rule_order,rule,rule_from,object --- LEFT JOIN objgrp_flat ON objgrp_flat_id=object.obj_id --- WHERE rule.rule_id = rule_from.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND rule_order.rule_id=rule.rule_id AND object.obj_id=rule_from.obj_id --- UNION --- SELECT rule.rule_id,objgrp_flat.objgrp_flat_member_id FROM rule_order,rule,rule_from,object --- LEFT JOIN objgrp_flat ON objgrp_flat_id=object.obj_id --- WHERE rule.rule_id = rule_from.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND rule_order.rule_id=rule.rule_id AND object.obj_id=rule_from.obj_id --- ) --- )'; --- v_sql_get_rules_with_tenant_dst_ips := --- '(SELECT rule.rule_id FROM rule,rule_order,object,rule_to WHERE rule.rule_id = rule_to.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || ' AND rule_order.rule_id=rule.rule_id --- AND (((' || v_tenant_filter_ip_list || ') AND NOT rule.rule_dst_neg) OR ((' || --- v_tenant_filter_ip_list_negated || ') AND rule.rule_dst_neg))' || --- ' AND (rule.rule_id,object.obj_id) in --- ( --- SELECT rule.rule_id,object.obj_id FROM rule_order,rule,rule_to,object --- LEFT JOIN objgrp_flat ON objgrp_flat_id=object.obj_id --- WHERE rule.rule_id = rule_to.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND rule_order.rule_id=rule.rule_id AND object.obj_id=rule_to.obj_id --- UNION --- SELECT rule.rule_id,objgrp_flat.objgrp_flat_member_id FROM rule_order,rule,rule_to,object --- LEFT JOIN objgrp_flat ON objgrp_flat_id=object.obj_id --- WHERE rule.rule_id = rule_to.rule_id --- AND ' || v_import_filter || ' AND ' || v_dev_filter || --- ' AND rule_order.rule_id=rule.rule_id AND object.obj_id=rule_to.obj_id --- ) --- )'; --- v_select_statement := 'SELECT rule_id FROM rule_order LEFT JOIN device USING (dev_id) LEFT JOIN management USING (mgm_id) WHERE rule_id IN (' || v_sql_get_rules_with_tenant_src_ips --- || ' UNION ' || v_sql_get_rules_with_tenant_dst_ips || ')' || ' AND ' || v_admin_view_filter || v_order_statement --- || ' GROUP BY rule_order.rule_id '; --- END IF; -- tenant_filter set - --- -- RAISE NOTICE 'get_rule_ids select: %', v_select_statement; --- FOR r_rule IN EXECUTE v_select_statement --- LOOP --- RETURN NEXT r_rule.rule_id; --- END LOOP; --- RETURN; --- END; --- $BODY$ --- LANGUAGE 'plpgsql' VOLATILE; - - --- CREATE OR REPLACE FUNCTION get_rule_ids_no_tenant_filter(int4, "timestamp", VARCHAR) RETURNS SETOF BIGINT AS --- $BODY$ --- DECLARE --- i_device_id ALIAS FOR $1; --- t_in_report_time ALIAS FOR $2; --- v_admin_view_filter ALIAS FOR $3; --- i_relevant_import_id BIGINT; -- ID des Imports, direkt vor dem Report-Zeitpunkt --- r_rule RECORD; -- temp. Variable fuer Rule-ID --- t_report_time TIMESTAMP; -- Zeitpunkt des Reports (jetzt, wenn t_in_report_time IS NULL) --- v_error_str VARCHAR; --- v_dev_filter VARCHAR; -- filter for devices (true for all devices) --- v_import_filter VARCHAR; -- filter for imports --- v_select_statement VARCHAR; --- v_order_statement VARCHAR; --- BEGIN --- v_order_statement := ''; --- IF t_in_report_time IS NULL THEN -- no report time given, assuming now() --- t_report_time := now(); --- ELSE --- t_report_time := t_in_report_time; --- END IF; --- -- set filter: a) import filter, b) device filter --- IF i_device_id IS NULL THEN -- ueber alle Devices --- v_import_filter := get_previous_import_ids(t_report_time); --- IF v_import_filter = ' () ' THEN --- v_import_filter := ' FALSE '; --- ELSE --- v_import_filter := 'rule_order.control_id IN ' || get_previous_import_ids(t_report_time); --- END IF; --- v_dev_filter := ' TRUE '; --- ELSE --- i_relevant_import_id := get_previous_import_id(i_device_id, t_report_time); --- IF i_relevant_import_id IS NULL THEN --- v_error_str := 'device_id: ' || CAST(i_device_id AS VARCHAR) || ', time: ' || CAST(t_report_time AS VARCHAR); --- PERFORM error_handling('WARN_NO_IMP_ID_FOUND', v_error_str); --- v_import_filter := ' FALSE '; --- ELSE --- v_import_filter := 'rule_order.control_id = ' || CAST(i_relevant_import_id AS VARCHAR); --- END IF; --- v_dev_filter := 'rule_order.dev_id = ' || CAST(i_device_id AS VARCHAR); --- END IF; --- v_select_statement := 'SELECT rule_id FROM rule_order INNER JOIN device USING (dev_id) INNER JOIN management USING (mgm_id) WHERE ' || v_import_filter --- || ' AND ' || v_dev_filter || ' AND ' || v_admin_view_filter || v_order_statement; --- FOR r_rule IN EXECUTE v_select_statement --- LOOP --- RETURN NEXT r_rule.rule_id; --- END LOOP; --- RETURN; --- END; --- $BODY$ --- LANGUAGE 'plpgsql' VOLATILE; - -CREATE OR REPLACE FUNCTION get_import_ids_for_time (TIMESTAMP) RETURNS SETOF BIGINT AS $$ -DECLARE - t_import_time ALIAS FOR $1; - r_mgm RECORD; - i_ctrl_id BIGINT; -BEGIN - FOR r_mgm IN - SELECT mgm_id FROM management - LOOP - SELECT INTO i_ctrl_id MAX(control_id) FROM import_control WHERE mgm_id=r_mgm.mgm_id - AND start_time<=t_import_time AND NOT stop_time IS NULL AND successful_import; - IF FOUND AND NOT i_ctrl_id IS NULL THEN --- RAISE NOTICE 'ctrl_id found: %', i_ctrl_id; - RETURN NEXT i_ctrl_id; - END IF; - END LOOP; - RETURN; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: rule_src_contains_tenant_obj --- Zweck: prueft, ob in den Quellen ein Objekt enthalten ist, das zum Kunden-Dunstkreis gehoert --- Parameter1: rule_id --- Parameter2: id des relevanten Imports --- Parameter3: tenant_id fuer Filterung innerhalb der Regel --- RETURNS: wahr, wenn in den Quellen der Regeln ein tenant-relevantes Objekt enthalten ist --- -CREATE OR REPLACE FUNCTION rule_src_contains_tenant_obj (BIGINT, INTEGER) RETURNS BOOLEAN AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - i_tenant_id ALIAS FOR $2; - r_obj RECORD; -- object - v_tenant_ip_filter VARCHAR; -BEGIN - IF is_rule_src_negated(i_rule_id) THEN - v_tenant_ip_filter := get_negated_tenant_ip_filter(i_tenant_id); - ELSE - v_tenant_ip_filter := get_tenant_ip_filter(i_tenant_id); - END IF; - FOR r_obj IN EXECUTE - 'SELECT obj_id FROM object WHERE (obj_id IN (SELECT * FROM get_exploded_src_of_rule(' || - CAST(i_rule_id AS VARCHAR) || '))) AND (' || v_tenant_ip_filter || ')' - LOOP - RETURN TRUE; - END LOOP; - RETURN FALSE; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- version ohne import_id --- FUNCTION: rule_dst_contains_tenant_obj --- Zweck: prueft, ob in den Zielen ein Objekt enthalten ist, das zum Kunden-Dunstkreis gehoert --- Parameter1: rule_id --- Parameter2: tenant_id fuer Filterung innerhalb der Regel --- RETURNS: wahr, wenn in den Zielen der Regeln ein tenant-relevantes Objekt enthalten ist --- -CREATE OR REPLACE FUNCTION rule_dst_contains_tenant_obj (BIGINT, INTEGER) RETURNS BOOLEAN AS $$ -DECLARE - i_rule_id ALIAS FOR $1; - i_tenant_id ALIAS FOR $2; - r_rule RECORD; -- rule to be returned - v_tenant_ip_filter VARCHAR; -BEGIN - IF is_rule_dst_negated(i_rule_id) THEN - v_tenant_ip_filter := get_negated_tenant_ip_filter(i_tenant_id); - ELSE - v_tenant_ip_filter := get_tenant_ip_filter(i_tenant_id); - END IF; - FOR r_rule IN EXECUTE - 'SELECT obj_id FROM object WHERE (obj_id IN (SELECT * FROM get_exploded_dst_of_rule(' || - CAST(i_rule_id AS VARCHAR) || '))) AND (' || v_tenant_ip_filter || ')' - LOOP - RETURN TRUE; - END LOOP; - RETURN FALSE; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: obj_belongs_to_tenant --- Zweck: prueft, ob das NW-Objekt zum tenant-Bereich gehoert --- Parameter1: obj_id --- Parameter2: tenant_id --- RETURNS: wahr, wenn object zum tenant mit tenant_id gehoert --- -CREATE OR REPLACE FUNCTION obj_belongs_to_tenant (BIGINT, INTEGER) RETURNS BOOLEAN AS $$ -DECLARE - i_obj_id ALIAS FOR $1; - i_tenant_id ALIAS FOR $2; - r_obj RECORD; -- zu pruefendes Objekt - v_tenant_filter_ip_list VARCHAR; -BEGIN - v_tenant_filter_ip_list := get_tenant_ip_filter(i_tenant_id); --- RAISE INFO 'tenant: %', i_tenant_id; --- RAISE INFO 'tenant_filter: %', v_tenant_filter_ip_list; - FOR r_obj IN EXECUTE - 'SELECT obj_id FROM object WHERE (obj_id IN (SELECT * FROM explode_objgrp(' || i_obj_id || - '))) AND ('|| v_tenant_filter_ip_list || ')' - LOOP --- RAISE INFO 'obj: %', r_obj.obj_id; - RETURN TRUE; - END LOOP; - RETURN FALSE; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: obj_neg_belongs_to_tenant --- Zweck: prueft, ob die Negation des NW-Objekts zum tenant-Bereich gehoert --- Parameter1: obj_id --- Parameter2: tenant_id --- RETURNS: wahr, wenn das Komplement von object zum tenant mit tenant_id gehoert --- -CREATE OR REPLACE FUNCTION obj_neg_belongs_to_tenant (BIGINT, INTEGER) RETURNS BOOLEAN AS $$ -DECLARE - i_obj_id ALIAS FOR $1; - i_tenant_id ALIAS FOR $2; - r_obj RECORD; -- zu pruefendes Objekt - v_tenant_filter_ip_list_neg VARCHAR; -BEGIN - v_tenant_filter_ip_list_neg := get_negated_tenant_ip_filter(i_tenant_id); - FOR r_obj IN EXECUTE - 'SELECT obj_id FROM object WHERE (obj_id IN (SELECT * FROM explode_objgrp(' || i_obj_id || - '))) AND ('|| v_tenant_filter_ip_list_neg || ')' - LOOP - RETURN TRUE; - END LOOP; - RETURN FALSE; -END; -$$ LANGUAGE plpgsql; - ----------------------------------------------------- --- FUNCTION: flatten_obj_list --- Zweck: gibt zu einer Liste von Objek-IDs die aufgeloeste Liste zurueck --- Zweck: die auch alle Mitglieder enthaelt --- Parameter1: Array of Object-IDs --- RETURNS: Array of Object-IDs --- -CREATE OR REPLACE FUNCTION flatten_obj_list (BIGINT[]) RETURNS BIGINT[] AS $$ -DECLARE - ar_obj_ids ALIAS FOR $1; - r_obj RECORD; - ar_obj_ids_result BIGINT[]; - i BIGINT; - i_array_size BIGINT; -BEGIN - ar_obj_ids_result := '{}'; - i_array_size := array_upper(ar_obj_ids,1); - FOR i IN 0..i_array_size-1 LOOP - ar_obj_ids_result := array_append(ar_obj_ids_result, ar_obj_ids[i]); - FOR r_obj IN - SELECT objgrp_flat_member_id FROM objgrp_flat WHERE objgrp_flat_id=ar_obj_ids[i] - LOOP - ar_obj_ids_result := array_append(ar_obj_ids_result, r_obj.objgrp_flat_member_id); - END LOOP; - END LOOP; - RETURN ar_obj_ids_result; -END; -$$ LANGUAGE plpgsql; - - ----------------------------------------------------- --- FUNCTION: get_rule_src --- Zweck: liefert alle Quellen der Regel als setof zurueck --- Parameter1: rule_id --- Parameter2: tenant_id fuer Filterung innerhalb der Regel --- Parameter3: Zeitpunkt --- RETURNS: Tabelle mit allen src-obj_ids der Regel fuer Report --- --- CREATE OR REPLACE FUNCTION get_rule_src (BIGINT, INTEGER, TIMESTAMP) RETURNS SETOF BIGINT AS $$ --- DECLARE --- i_rule_id ALIAS FOR $1; --- i_tenant_id ALIAS FOR $2; --- t_time ALIAS FOR $3; --- r_obj RECORD; -- temp. object --- i_import_id BIGINT; --- i_mgm_id INTEGER; --- BEGIN --- SELECT INTO i_mgm_id device.mgm_id FROM rule_order LEFT JOIN device USING (dev_id) WHERE rule_id=i_rule_id LIMIT 1; --- i_import_id := get_import_id_for_mgmt_at_time(i_mgm_id,t_time); --- IF i_tenant_id IS NULL THEN --- -- RAISE NOTICE 'import: %', i_import_id; --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_from WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND --- rule.rule_id=rule_from.rule_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- ELSE --- -- do the filtering --- IF rule_dst_contains_tenant_obj(i_rule_id, i_tenant_id) THEN -- alle Quellen anzeigen --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_from WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND --- rule.rule_id=rule_from.rule_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- ELSE -- filtern - nur tenant-Objekte anzeigen --- IF is_rule_src_negated(i_rule_id) THEN --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_from WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND --- rule.rule_id=rule_from.rule_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_neg_belongs_to_tenant(r_obj.obj_id, i_tenant_id) THEN --- RETURN NEXT r_obj.obj_id; --- END IF; --- END LOOP; --- ELSE --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_from WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND --- rule.rule_id=rule_from.rule_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_belongs_to_tenant(r_obj.obj_id, i_tenant_id) THEN --- RETURN NEXT r_obj.obj_id; --- END IF; --- END LOOP; --- END IF; --- END IF; --- END IF; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - --- ---------------------------------------------------- --- -- FUNCTION: get_rule_dst --- -- Zweck: liefert alle Ziele der Regel als setof zurueck --- -- Parameter1: rule_id --- -- Parameter2: relevante import id --- -- Parameter3: tenant_id fuer Filterung innerhalb der Regel --- -- RETURNS: Tabele mit allen dst-obj_ids der Regel fuer Report --- -- --- -- CREATE OR REPLACE FUNCTION get_rule_dst (BIGINT, INTEGER, TIMESTAMP) RETURNS SETOF BIGINT AS $$ --- CREATE OR REPLACE FUNCTION get_rule_dst (BIGINT, INTEGER, TIMESTAMP) RETURNS SETOF BIGINT AS $$ --- DECLARE --- i_rule_id ALIAS FOR $1; --- i_tenant_id ALIAS FOR $2; --- t_time ALIAS FOR $3; --- i_import_id BIGINT; --- r_obj RECORD; -- rule to be returned --- i_mgm_id INTEGER; --- BEGIN --- SELECT INTO i_mgm_id device.mgm_id FROM rule_order LEFT JOIN device USING (dev_id) WHERE rule_id=i_rule_id LIMIT 1; --- i_import_id := get_import_id_for_mgmt_at_time(i_mgm_id,t_time); --- IF i_tenant_id IS NULL THEN --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_to WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND --- rule.rule_id=rule_to.rule_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- ELSE -- do the filtering --- IF rule_src_contains_tenant_obj(i_rule_id, i_tenant_id) THEN -- alle Quellen anzeigen --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_to WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND --- rule.rule_id=rule_to.rule_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.obj_id; --- END LOOP; --- ELSE -- filtern - nur tenant-Objekte anzeigen --- IF is_rule_dst_negated(i_rule_id) THEN --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_to WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND --- rule.rule_id=rule_to.rule_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_neg_belongs_to_tenant(r_obj.obj_id, i_tenant_id) THEN --- RETURN NEXT r_obj.obj_id; --- END IF; --- END LOOP; --- ELSE --- FOR r_obj IN --- SELECT obj_id FROM rule,rule_to WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND --- rule.rule_id=rule_to.rule_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_belongs_to_tenant(r_obj.obj_id, i_tenant_id) THEN --- RETURN NEXT r_obj.obj_id; --- END IF; --- END LOOP; --- END IF; --- END IF; --- END IF; --- RETURN; --- END; --- $$ LANGUAGE plpgsql; - - - ----------------------------------------------------- --- FUNCTION: get_rule_src_flat --- Zweck: liefert alle Quellen (und deren Gruppen-Mitglieder) der Regel als setof zurueck --- Parameter1: rule_id --- Parameter2: tenant_id fuer Filterung innerhalb der Regel --- Parameter3: Zeitpunkt --- RETURNS: Tabelle mit allen src-obj_ids der Regel fuer Report --- --- Function: get_rule_src(integer, integer, timestamp without time zone) - --- DROP FUNCTION get_rule_src(integer, integer, timestamp without time zone); - --- CREATE OR REPLACE FUNCTION get_rule_src_flat (BIGINT, integer, timestamp without time zone) --- RETURNS SETOF BIGINT AS --- $BODY$ --- DECLARE --- i_rule_id ALIAS FOR $1; --- i_tenant_id ALIAS FOR $2; --- t_time ALIAS FOR $3; --- r_obj RECORD; -- temp. object --- i_import_id BIGINT; --- i_mgm_id INTEGER; --- BEGIN --- SELECT INTO i_mgm_id device.mgm_id FROM rule_order LEFT JOIN device USING (dev_id) WHERE rule_id=i_rule_id LIMIT 1; --- i_import_id := get_import_id_for_mgmt_at_time(i_mgm_id,t_time); --- IF i_tenant_id IS NULL OR rule_dst_contains_tenant_obj(i_rule_id, i_tenant_id) THEN --- -- RAISE NOTICE 'import: %', i_import_id; --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_from USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END LOOP; --- ELSE -- filtern - nur tenant-Objekte anzeigen --- IF is_rule_src_negated(i_rule_id) THEN --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_from USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_neg_belongs_to_tenant(r_obj.objgrp_flat_member_id, i_tenant_id) THEN --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END IF; --- END LOOP; --- ELSE --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_from USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rf_last_seen>=i_import_id AND rf_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_belongs_to_tenant(r_obj.objgrp_flat_member_id, i_tenant_id) THEN --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END IF; --- END LOOP; --- END IF; --- END IF; --- RETURN; --- END; --- $BODY$ --- LANGUAGE 'plpgsql' VOLATILE --- COST 100 --- ROWS 1000; - ----------------------------------------------------- --- FUNCTION: get_rule_dst_flat --- Zweck: liefert alle Ziele der Regel (und alle Gruppenmitglieder davon) als setof zurueck --- Parameter1: rule_id --- Parameter2: relevante import id --- Parameter3: tenant_id fuer Filterung innerhalb der Regel --- RETURNS: Tabele mit allen dst-obj_ids der Regel fuer Report --- --- CREATE OR REPLACE FUNCTION get_rule_dst_flat (BIGINT, INTEGER, timestamp) RETURNS SETOF INTEGER AS $$ --- Function: get_rule_src(integer, integer, timestamp without time zone) - --- DROP FUNCTION get_rule_src(BIGINT, integer, timestamp without time zone); - --- CREATE OR REPLACE FUNCTION get_rule_dst_flat (BIGINT, integer, timestamp without time zone) --- RETURNS SETOF BIGINT AS --- $BODY$ --- DECLARE --- i_rule_id ALIAS FOR $1; --- i_tenant_id ALIAS FOR $2; --- t_time ALIAS FOR $3; --- r_obj RECORD; -- temp. object --- i_import_id BIGINT; --- i_mgm_id INTEGER; --- BEGIN --- SELECT INTO i_mgm_id device.mgm_id FROM rule_order LEFT JOIN device USING (dev_id) WHERE rule_id=i_rule_id LIMIT 1; --- i_import_id := get_import_id_for_mgmt_at_time(i_mgm_id,t_time); --- IF i_tenant_id IS NULL OR rule_src_contains_tenant_obj(i_rule_id, i_tenant_id) THEN --- -- RAISE NOTICE 'import: %', i_import_id; --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_to USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END LOOP; --- ELSE -- filtern - nur tenant-Objekte anzeigen --- IF is_rule_dst_negated(i_rule_id) THEN --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_to USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_neg_belongs_to_tenant(r_obj.objgrp_flat_member_id, i_tenant_id) THEN --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END IF; --- END LOOP; --- ELSE --- FOR r_obj IN --- SELECT objgrp_flat_member_id FROM rule LEFT JOIN rule_to USING (rule_id) --- LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat.objgrp_flat_id) --- WHERE rt_last_seen>=i_import_id AND rt_create<=i_import_id AND rule.rule_id=i_rule_id --- LOOP --- IF obj_belongs_to_tenant(r_obj.objgrp_flat_member_id, i_tenant_id) THEN --- RETURN NEXT r_obj.objgrp_flat_member_id; --- END IF; --- END LOOP; --- END IF; --- END IF; --- RETURN; --- END; --- $BODY$ --- LANGUAGE 'plpgsql' VOLATILE --- COST 100 --- ROWS 1000; - --- Function: get_changed_newrules(refcursor, _int4) - --- DROP FUNCTION get_changed_newrules(refcursor, _int4); - -CREATE OR REPLACE FUNCTION get_changed_newrules(refcursor, _int4) - RETURNS refcursor AS -$BODY$ -DECLARE - cursor_result ALIAS FOR $1; - log_rule_ids ALIAS FOR $2; - BEGIN - OPEN cursor_result FOR - SELECT changelog_rule.*, rule.rule_num,rule.rule_id,action_name,track_name,from_zone.zone_name,to_zone.zone_name,rule.* - FROM changelog_rule,stm_track,stm_action,rule - LEFT JOIN zone as from_zone ON rule.rule_from_zone=from_zone.zone_id - LEFT JOIN zone as to_zone ON rule.rule_to_zone=to_zone.zone_id - WHERE rule.action_id=stm_action.action_id - AND rule.track_id=stm_track.track_id - AND rule.rule_id = changelog_rule.new_rule_id - AND changelog_rule.log_rule_id = ANY (log_rule_ids) - ORDER BY changelog_rule.log_rule_id; - RETURN cursor_result; -END; -$BODY$ - LANGUAGE 'plpgsql' VOLATILE; - --- Function: get_changed_oldrules(refcursor, _int4) - --- DROP FUNCTION get_changed_oldrules(refcursor, _int4); - -CREATE OR REPLACE FUNCTION get_changed_oldrules(refcursor, _int4) - RETURNS refcursor AS -$BODY$ -DECLARE - cursor_result ALIAS FOR $1; - log_rule_ids ALIAS FOR $2; - BEGIN - OPEN cursor_result FOR - SELECT changelog_rule.*, rule.rule_num,rule.rule_id,action_name,track_name,from_zone.zone_name,to_zone.zone_name,rule.* - FROM changelog_rule,stm_track,stm_action,rule - LEFT JOIN zone as from_zone ON rule.rule_from_zone=from_zone.zone_id - LEFT JOIN zone as to_zone ON rule.rule_to_zone=to_zone.zone_id - WHERE rule.action_id=stm_action.action_id - AND rule.track_id=stm_track.track_id - AND rule.rule_id = changelog_rule.old_rule_id - AND changelog_rule.log_rule_id = ANY (log_rule_ids) - ORDER BY changelog_rule.log_rule_id; - RETURN cursor_result; -END; -$BODY$ - LANGUAGE 'plpgsql' VOLATILE; - ----------------------------------------------------- --- FUNCTION: get_undocumented_changelog_entries --- Zweck: liefert eine Tabelle mit allen Feldern von changelog_$1 zurueck, die 'undocumented' sind --- Parameter1: table_name (object,service,user,rule) --- RETURNS: Tabelle mit allen Feldern der Eintraege von changelog_$1 zurueck, die 'undocumented' sind --- -CREATE OR REPLACE FUNCTION get_undocumented_changelog_entries(VARCHAR) RETURNS SETOF RECORD AS $$ -DECLARE - v_table ALIAS FOR $1; - r_chlog RECORD; - v_sql VARCHAR; -BEGIN --- RAISE NOTICE 'sql'; - v_sql := 'SELECT * FROM changelog_' || v_table || ' WHERE NOT documented ORDER BY change_action'; --- RAISE NOTICE 'sql: %', v_sql; - FOR r_chlog IN EXECUTE - v_sql - LOOP - RETURN NEXT r_chlog; - END LOOP; - RETURN; -END; -$$ LANGUAGE plpgsql; - diff --git a/roles/database/files/sql/idempotent/fworch-rule-import.sql b/roles/database/files/sql/idempotent/fworch-rule-import.sql index bbc252455..3f5cea085 100644 --- a/roles/database/files/sql/idempotent/fworch-rule-import.sql +++ b/roles/database/files/sql/idempotent/fworch-rule-import.sql @@ -407,6 +407,7 @@ BEGIN -- IF non_security_relevant_change(r_existing, r_to_import) THEN IF ( NOT ( -- from here: non-security-relevant changes are_equal(r_existing.rule_name,r_to_import.rule_name) AND + are_equal(r_existing.rule_custom_fields,r_to_import.rule_custom_fields) AND are_equal(r_existing.rule_head_text, r_to_import.rule_head_text) AND are_equal(r_existing.rule_comment, r_to_import.rule_comment) )) THEN @@ -459,14 +460,14 @@ BEGIN (mgm_id,rule_name,rule_num,rule_ruleid,rule_uid,rule_disabled,rule_src_neg,rule_dst_neg,rule_svc_neg, action_id,track_id,rule_src,rule_dst,rule_svc,rule_src_refs,rule_dst_refs,rule_svc_refs,rule_action,rule_track,rule_installon,rule_time, rule_from_zone,rule_to_zone,rule_comment,rule_implied,rule_head_text,last_change_admin, - rule_create,rule_last_seen, dev_id, parent_rule_id, parent_rule_type, access_rule, nat_rule) + rule_create,rule_last_seen, dev_id, parent_rule_id, parent_rule_type, access_rule, nat_rule, rule_custom_fields) VALUES (i_mgm_id,r_to_import.rule_name,i_rule_num,r_to_import.rule_ruleid,r_to_import.rule_uid, r_to_import.rule_disabled,r_to_import.rule_src_neg,r_to_import.rule_dst_neg,r_to_import.rule_svc_neg, i_action_id,i_track_id,r_to_import.rule_src,r_to_import.rule_dst,r_to_import.rule_svc, r_to_import.rule_src_refs,r_to_import.rule_dst_refs,r_to_import.rule_svc_refs, lower(r_to_import.rule_action),r_to_import.rule_track,r_to_import.rule_installon,r_to_import.rule_time, i_fromzone,i_tozone, r_to_import.rule_comment,r_to_import.rule_implied,r_to_import.rule_head_text,i_admin_id, - i_control_id,i_control_id, i_dev_id, i_parent_rule_id, i_parent_rule_type, b_access_rule, b_nat_rule) + i_control_id,i_control_id, i_dev_id, i_parent_rule_id, i_parent_rule_type, b_access_rule, b_nat_rule, r_to_import.rule_custom_fields) RETURNING rule_id INTO i_new_rule_id; EXCEPTION WHEN OTHERS THEN RAISE EXCEPTION 'rule_change_change exception while inserting rule: diff --git a/roles/database/files/sql/idempotent/fworch-rule-recert.sql b/roles/database/files/sql/idempotent/fworch-rule-recert.sql new file mode 100644 index 000000000..53e1b16c5 --- /dev/null +++ b/roles/database/files/sql/idempotent/fworch-rule-recert.sql @@ -0,0 +1,268 @@ +-- adjust rule/owner entries in recertification table + +-- select * from recert_refresh_one_owner_one_mgm(2,1,NULL::TIMESTAMP); +-- select * from recert_refresh_per_management(1); + +-- this refresh trigger will only be called when deleting open recerts from recertification table +-- (once per statement, not per row) + + + + +-- fundamental function to check owner <--> rule mapping using the existing view +-- "view_rule_with_owner" +CREATE OR REPLACE FUNCTION recert_owner_responsible_for_rule (i_owner_id INTEGER, i_rule_id BIGINT) RETURNS BOOLEAN AS $$ +DECLARE + i_id BIGINT; +BEGIN + -- check if this is the super owner: + SELECT INTO i_id id FROM owner WHERE id=i_owner_id AND is_default; + IF FOUND THEN -- this is the super owner + SELECT INTO i_id rule_id FROM view_rule_with_owner WHERE owner_id IS NULL AND rule_id=i_rule_id; + IF FOUND THEN + RAISE DEBUG '%', 'rule found for super owner ' || i_rule_id; + RETURN TRUE; + ELSE + RETURN FALSE; + END IF; + ELSE -- standard owner + SELECT INTO i_id rule_id FROM view_rule_with_owner WHERE owner_id=i_owner_id AND rule_id=i_rule_id; + IF FOUND THEN + RETURN TRUE; + ELSE + RETURN FALSE; + END IF; + END IF; +END; +$$ LANGUAGE plpgsql; + +-- this function deletes existing (future) open recert entries and inserts the new ones into the recertificaiton table +-- the new recert date will only replace an existing one, if it is closer (smaller) +CREATE OR REPLACE FUNCTION recert_refresh_one_owner_one_mgm + (i_owner_id INTEGER, i_mgm_id INTEGER, t_requested_next_recert_date TIMESTAMP) RETURNS VOID AS $$ +DECLARE + r_rule RECORD; + i_recert_entry_id BIGINT; + b_super_owner BOOLEAN := FALSE; + t_rule_created TIMESTAMP; + t_current_next_recert_date TIMESTAMP; + t_next_recert_date_by_interval TIMESTAMP; + t_rule_last_recertified TIMESTAMP; + t_next_recert_date TIMESTAMP; + i_recert_inverval INTEGER; + b_never_recertified BOOLEAN := FALSE; + b_no_current_next_recert_date BOOLEAN := FALSE; + b_super_owner_exists BOOLEAN := FALSE; + i_previous_import BIGINT; + i_current_import_id BIGINT; + i_super_owner_id INT; + i_current_owner_id_tmp INT; +BEGIN + IF i_owner_id IS NULL OR i_mgm_id IS NULL THEN + IF i_owner_id IS NULL THEN + RAISE WARNING 'found undefined owner_id in recert_refresh_one_owner_one_mgm'; + ELSE -- mgm_id NULL + RAISE WARNING 'found undefined mgm_id in recert_refresh_one_owner_one_mgm'; + END IF; + ELSE + -- get id of previous import: + SELECT INTO i_current_import_id control_id FROM import_control WHERE mgm_id=i_mgm_id AND stop_time IS NULL; + SELECT INTO i_previous_import * FROM get_previous_import_id_for_mgmt(i_mgm_id,i_current_import_id); + IF NOT FOUND OR i_previous_import IS NULL THEN + i_previous_import := -1; -- prevent match for previous import + END IF; + + SELECT INTO i_super_owner_id id FROM owner WHERE is_default; + IF FOUND THEN + b_super_owner_exists := TRUE; + END IF; + + SELECT INTO i_current_owner_id_tmp id FROM owner WHERE id=i_owner_id AND is_default; + IF FOUND THEN + b_super_owner := TRUE; + END IF; + + SELECT INTO i_recert_inverval recert_interval FROM owner WHERE id=i_owner_id; + + FOR r_rule IN + SELECT rule_uid, rule_id FROM rule WHERE mgm_id=i_mgm_id AND (active OR NOT active AND rule_last_seen=i_previous_import) + LOOP + + IF recert_owner_responsible_for_rule (i_owner_id, r_rule.rule_id) THEN + + -- collects dates + SELECT INTO t_current_next_recert_date next_recert_date FROM recertification + WHERE owner_id=i_owner_id AND rule_id=r_rule.rule_id AND recert_date IS NULL; + + IF NOT FOUND THEN + b_no_current_next_recert_date := TRUE; + END IF; + + SELECT INTO t_rule_last_recertified MAX(recert_date) + FROM recertification + WHERE rule_id=r_rule.rule_id AND NOT recert_date IS NULL; + + IF NOT FOUND OR t_rule_last_recertified IS NULL THEN -- no prior recertification, use initial rule import date + b_never_recertified := TRUE; + SELECT INTO t_rule_created rule_metadata.rule_created + FROM rule + LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id) + WHERE rule_id=r_rule.rule_id; + END IF; + + IF t_requested_next_recert_date IS NULL THEN + -- if the currenct next recert date is before the intended fixed input date, ignore it + IF b_never_recertified THEN + t_next_recert_date := t_rule_created + make_interval (days => i_recert_inverval); + ELSE + t_next_recert_date := t_rule_last_recertified + make_interval (days => i_recert_inverval); + END IF; + ELSE + t_next_recert_date := t_requested_next_recert_date; + END IF; + + -- do not set next recert date later than actually calculated date + IF NOT b_no_current_next_recert_date THEN + IF t_next_recert_date>t_current_next_recert_date THEN + t_next_recert_date := t_current_next_recert_date; + END IF; + END IF; + + -- delete old recert entry: + DELETE FROM recertification WHERE owner_id=i_owner_id AND rule_id=r_rule.rule_id AND recert_date IS NULL; + + -- add new recert entry: + IF b_super_owner THEN -- special case for super owner (convert NULL to ID) + INSERT INTO recertification (rule_metadata_id, next_recert_date, rule_id, ip_match, owner_id) + SELECT rule_metadata_id, + t_next_recert_date AS next_recert_date, + rule_id, + matches as ip_match, + i_owner_id AS owner_id + FROM view_rule_with_owner + LEFT JOIN rule USING (rule_id) + LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id) + WHERE view_rule_with_owner.rule_id=r_rule.rule_id AND view_rule_with_owner.owner_id IS NULL; + ELSE + INSERT INTO recertification (rule_metadata_id, next_recert_date, rule_id, ip_match, owner_id) + SELECT rule_metadata_id, + t_next_recert_date AS next_recert_date, + rule_id, + matches as ip_match, + i_owner_id AS owner_id + FROM view_rule_with_owner + LEFT JOIN rule USING (rule_id) + LEFT JOIN rule_metadata ON (rule.rule_uid=rule_metadata.rule_uid AND rule.dev_id=rule_metadata.dev_id) + WHERE view_rule_with_owner.rule_id=r_rule.rule_id AND view_rule_with_owner.owner_id=i_owner_id; + END IF; + ELSE + -- delete old outdated recert entry if owner is not responsible any more + DELETE FROM recertification WHERE owner_id=i_owner_id AND rule_id=r_rule.rule_id AND recert_date IS NULL; + END IF; + END LOOP; + + -- -- finally, when not super user - recalculate super user recert entries - since these might change with each owner change + -- IF NOT b_super_owner AND b_super_owner_exists THEN + -- PERFORM recert_refresh_one_owner_one_mgm (i_super_owner_id, i_mgm_id, t_requested_next_recert_date); + -- END IF; + END IF; +END; +$$ LANGUAGE plpgsql; + + +-- function used during import of a single management config +CREATE OR REPLACE FUNCTION recert_refresh_per_management (i_mgm_id INTEGER) RETURNS VOID AS $$ +DECLARE + r_owner RECORD; +BEGIN + BEGIN + FOR r_owner IN + SELECT id, name FROM owner + LOOP + PERFORM recert_refresh_one_owner_one_mgm (r_owner.id, i_mgm_id, NULL::TIMESTAMP); + END LOOP; + EXCEPTION WHEN OTHERS THEN + RAISE EXCEPTION 'Exception caught in recert_refresh_per_management while handling owner %', r_owner.name; + END; + RETURN; +END; +$$ LANGUAGE plpgsql; + + +-- this function returns a table of future recert entries +-- but does not write them into the recertification table +CREATE OR REPLACE FUNCTION recert_get_one_owner_one_mgm + (i_owner_id INTEGER, i_mgm_id INTEGER) + RETURNS SETOF recertification AS +$$ +DECLARE + b_super_owner BOOLEAN := FALSE; + i_recert_entry_id INTEGER; + i_super_owner_interval INTEGER; +BEGIN + SELECT INTO i_recert_entry_id id FROM owner WHERE id=i_owner_id AND is_default; + IF FOUND THEN + b_super_owner := TRUE; + END IF; + + -- ignore rule_id/owner_id combinations with existing decertification entries + -- owner_id=0 and not recertified and NOT recert_date is null + IF b_super_owner THEN + SELECT INTO i_super_owner_interval recert_interval FROM OWNER WHERE is_default; + + RETURN QUERY + SELECT DISTINCT + NULL::bigint AS id, + M.rule_metadata_id, + R.rule_id, + V.matches::VARCHAR as ip_match, + 0::int as owner_id, + NULL::VARCHAR AS user_dn, + FALSE::BOOLEAN AS recertified, + NULL::TIMESTAMP AS recert_date, + NULL::VARCHAR AS comment, + MAX((SELECT MAX(value)::TIMESTAMP AS next_recert_date + FROM ( + SELECT I.start_time::timestamp + make_interval (days => o.recert_interval) AS value + UNION + SELECT C.recert_date + make_interval (days => o.recert_interval) AS value + ) AS temp_table)) + FROM + view_rule_with_owner V + LEFT JOIN rule R USING (rule_id) + LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid AND R.dev_id=M.dev_id) + LEFT JOIN owner O ON (O.id=0) + LEFT JOIN import_control I ON (R.rule_create=I.control_id) + LEFT JOIN recertification C ON (M.rule_metadata_id=C.rule_metadata_id) + WHERE V.owner_id IS NULL AND R.mgm_id=i_mgm_id AND R.active AND (recert_date IS NULL OR (NOT recert_date IS NULL AND recertified)) + GROUP BY M.rule_metadata_id, R.rule_id, V.matches; + ELSE + RETURN QUERY + SELECT + NULL::bigint AS id, + M.rule_metadata_id, + R.rule_id, + V.matches::VARCHAR as ip_match, + i_owner_id, + NULL::VARCHAR AS user_dn, + FALSE::BOOLEAN AS recertified, + NULL::TIMESTAMP AS recert_date, + NULL::VARCHAR AS comment, + MAX((SELECT MAX(value)::TIMESTAMP AS next_recert_date + FROM ( + SELECT I.start_time::timestamp + make_interval (days => o.recert_interval) AS value + UNION + SELECT C.recert_date + make_interval (days => o.recert_interval) AS value + ) AS temp_table)) + FROM + view_rule_with_owner V + LEFT JOIN rule R USING (rule_id) + LEFT JOIN rule_metadata M ON (R.rule_uid=M.rule_uid AND R.dev_id=M.dev_id) + LEFT JOIN owner O ON (V.owner_id=O.id) + LEFT JOIN import_control I ON (R.rule_create=I.control_id) + LEFT JOIN recertification C ON (M.rule_metadata_id=C.rule_metadata_id) + WHERE V.owner_id=i_owner_id AND R.mgm_id=i_mgm_id AND R.active AND (recert_date IS NULL OR (NOT recert_date IS NULL AND recertified)) + GROUP BY M.rule_metadata_id, R.rule_id, V.matches; + END IF; +END; +$$ LANGUAGE plpgsql STABLE; diff --git a/roles/database/files/sql/idempotent/fworch-rule-refs.sql b/roles/database/files/sql/idempotent/fworch-rule-refs.sql index beddbb1bb..67685e326 100644 --- a/roles/database/files/sql/idempotent/fworch-rule-refs.sql +++ b/roles/database/files/sql/idempotent/fworch-rule-refs.sql @@ -128,7 +128,7 @@ DECLARE v_error_str VARCHAR; BEGIN RAISE DEBUG 'f_add_single_rule_from_element - 1 starting for %', v_element; - i_at_sign_pos := instr(v_element,'@'); + SELECT INTO i_at_sign_pos POSITION('@' IN v_element); IF i_at_sign_pos > 0 THEN -- User-Gruppen enthalten v_usergroup_name := substr(v_element,0,i_at_sign_pos); v_src_obj := substr(v_element,i_at_sign_pos+1); @@ -237,7 +237,7 @@ DECLARE r_debug RECORD; BEGIN - i_at_sign_pos := instr(v_element,'@'); + SELECT INTO i_at_sign_pos POSITION('@' IN v_element); IF i_at_sign_pos > 0 THEN -- User-Gruppen enthalten v_usergroup_name := substr(v_element,0,i_at_sign_pos); v_dst_obj := substr(v_element,i_at_sign_pos+1); diff --git a/roles/database/files/sql/idempotent/fworch-svc-import.sql b/roles/database/files/sql/idempotent/fworch-svc-import.sql index ef453374c..7f66a9982 100644 --- a/roles/database/files/sql/idempotent/fworch-svc-import.sql +++ b/roles/database/files/sql/idempotent/fworch-svc-import.sql @@ -16,7 +16,9 @@ CREATE OR REPLACE FUNCTION public.import_svc_main( BIGINT, boolean) - RETURNS void AS + RETURNS void + LANGUAGE plpgsql + AS $BODY$ DECLARE i_current_import_id ALIAS FOR $1; -- ID des aktiven Imports @@ -70,9 +72,7 @@ BEGIN END IF; RETURN; END; -$BODY$ - LANGUAGE plpgsql VOLATILE - COST 100; +$BODY$; ALTER FUNCTION public.import_svc_main(BIGINT, boolean) OWNER TO fworch; ---------------------------------------------------- @@ -132,7 +132,9 @@ CREATE OR REPLACE FUNCTION public.import_svc_single( BIGINT, integer, boolean) - RETURNS void AS + RETURNS void + LANGUAGE plpgsql + AS $BODY$ DECLARE i_control_id ALIAS FOR $1; @@ -341,8 +343,6 @@ BEGIN END IF; RETURN; END; -$BODY$ - LANGUAGE plpgsql VOLATILE - COST 100; +$BODY$; ALTER FUNCTION public.import_svc_single(BIGINT, integer, BIGINT, integer, boolean) OWNER TO fworch; diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql index 075c0264a..47eaf9131 100644 --- a/roles/database/files/sql/idempotent/fworch-texts.sql +++ b/roles/database/files/sql/idempotent/fworch-texts.sql @@ -12,6 +12,182 @@ INSERT INTO txt VALUES ('English', 'English', 'English'); INSERT INTO txt VALUES ('German', 'German', 'Deutsch'); INSERT INTO txt VALUES ('German', 'English', 'German'); +-- enum values +INSERT INTO txt VALUES ('master', 'German', 'Master'); +INSERT INTO txt VALUES ('master', 'English', 'Master'); +INSERT INTO txt VALUES ('access', 'German', 'Zugriff'); +INSERT INTO txt VALUES ('access', 'English', 'Access'); +INSERT INTO txt VALUES ('generic', 'German', 'Generisch'); +INSERT INTO txt VALUES ('generic', 'English', 'Generic'); +INSERT INTO txt VALUES ('rule_modify', 'German', 'Regel ändern'); +INSERT INTO txt VALUES ('rule_modify', 'English', 'Modify Rule'); +INSERT INTO txt VALUES ('rule_delete', 'German', 'Regel löschen'); +INSERT INTO txt VALUES ('rule_delete', 'English', 'Delete Rule'); +INSERT INTO txt VALUES ('group_create', 'German', 'Gruppe anlegen'); +INSERT INTO txt VALUES ('group_create', 'English', 'Create Group'); +INSERT INTO txt VALUES ('group_modify', 'German', 'Gruppe ändern'); +INSERT INTO txt VALUES ('group_modify', 'English', 'Modify Group'); +INSERT INTO txt VALUES ('group_delete', 'German', 'Gruppe löschen'); +INSERT INTO txt VALUES ('group_delete', 'English', 'Delete Group'); +INSERT INTO txt VALUES ('new_interface', 'German', 'Neue Schnittstelle'); +INSERT INTO txt VALUES ('new_interface', 'English', 'New Interface'); +INSERT INTO txt VALUES ('None', 'German', 'Keine(r/s)'); +INSERT INTO txt VALUES ('None', 'English', 'None'); +INSERT INTO txt VALUES ('OnSet', 'German', 'Beim Erreichen'); +INSERT INTO txt VALUES ('OnSet', 'English', 'On set'); +INSERT INTO txt VALUES ('OnLeave', 'German', 'Beim Verlassen'); +INSERT INTO txt VALUES ('OnLeave', 'English', 'On leave'); +INSERT INTO txt VALUES ('OfferButton', 'German', 'Schaltfläche anbieten'); +INSERT INTO txt VALUES ('OfferButton', 'English', 'Offer button'); +INSERT INTO txt VALUES ('OwnerChange', 'German', 'Eigentümerwechsel'); +INSERT INTO txt VALUES ('OwnerChange', 'English', 'Owner Change'); +INSERT INTO txt VALUES ('OnAssignment', 'German', 'Bei Zuweisung'); +INSERT INTO txt VALUES ('OnAssignment', 'English', 'On Assignment'); +INSERT INTO txt VALUES ('DoNothing', 'German', 'Keine Aktion'); +INSERT INTO txt VALUES ('DoNothing', 'English', 'Do Nothing'); +INSERT INTO txt VALUES ('AutoPromote', 'German', 'Autom. Weiterleitung'); +INSERT INTO txt VALUES ('AutoPromote', 'English', 'Auto-forward'); +INSERT INTO txt VALUES ('AddApproval', 'German', 'Genehmigung hinzufügen'); +INSERT INTO txt VALUES ('AddApproval', 'English', 'Add approval'); +INSERT INTO txt VALUES ('SetAlert', 'German', 'Alarm auslösen'); +INSERT INTO txt VALUES ('SetAlert', 'English', 'Set alert'); +INSERT INTO txt VALUES ('TrafficPathAnalysis', 'German', 'Pfadanalyse'); +INSERT INTO txt VALUES ('TrafficPathAnalysis', 'English', 'Path Analysis'); +INSERT INTO txt VALUES ('ExternalCall', 'German', 'Externer Aufruf'); +INSERT INTO txt VALUES ('ExternalCall', 'English', 'External call'); +INSERT INTO txt VALUES ('SendEmail', 'German', 'Email verschicken'); +INSERT INTO txt VALUES ('SendEmail', 'English', 'Send email'); +INSERT INTO txt VALUES ('CreateConnection', 'German', 'Verbindung anlegen'); +INSERT INTO txt VALUES ('CreateConnection', 'English', 'Create Connection'); +INSERT INTO txt VALUES ('UpdateConnectionOwner','German', 'Verbindungseigentümer ändern'); +INSERT INTO txt VALUES ('UpdateConnectionOwner','English', 'Update Connection Owner'); +INSERT INTO txt VALUES ('UpdateConnectionRelease','German', 'Verbindung veröffentlichen'); +INSERT INTO txt VALUES ('UpdateConnectionRelease','English','Publish Connection'); +INSERT INTO txt VALUES ('DisplayConnection', 'German', 'Verbindung darstellen'); +INSERT INTO txt VALUES ('DisplayConnection', 'English', 'Display Connection'); +INSERT INTO txt VALUES ('Ticket', 'German', 'Ticket'); +INSERT INTO txt VALUES ('Ticket', 'English', 'Ticket'); +INSERT INTO txt VALUES ('RequestTask', 'German', 'fachlicher Auftrag'); +INSERT INTO txt VALUES ('RequestTask', 'English', 'Request Task'); +INSERT INTO txt VALUES ('ImplementationTask', 'German', 'Implementierungs-Auftrag'); +INSERT INTO txt VALUES ('ImplementationTask', 'English', 'Implementation Task'); +INSERT INTO txt VALUES ('Approval', 'German', 'Genehmigung'); +INSERT INTO txt VALUES ('Approval', 'English', 'Approval'); +INSERT INTO txt VALUES ('never', 'German', 'Niemals'); +INSERT INTO txt VALUES ('never', 'English', 'Never'); +INSERT INTO txt VALUES ('onlyForOneDevice', 'German', 'Nur eines wenn Gerät vorhanden'); +INSERT INTO txt VALUES ('onlyForOneDevice', 'English', 'Only one if device available'); +INSERT INTO txt VALUES ('forEachDevice', 'German', 'Für jedes Gerät'); +INSERT INTO txt VALUES ('forEachDevice', 'English', 'For each device'); +INSERT INTO txt VALUES ('enterInReqTask', 'German', 'Gerät im Antrag eingeben'); +INSERT INTO txt VALUES ('enterInReqTask', 'English', 'Enter device in request'); +INSERT INTO txt VALUES ('afterPathAnalysis', 'German', 'Nach Pfadanalyse'); +INSERT INTO txt VALUES ('afterPathAnalysis', 'English', 'After path analysis'); +INSERT INTO txt VALUES ('WriteToDeviceList', 'German', 'In Geräteliste eintragen'); +INSERT INTO txt VALUES ('WriteToDeviceList', 'English', 'Write to device list'); +INSERT INTO txt VALUES ('DisplayFoundDevices', 'German', 'Gefundene Geräte darstellen'); +INSERT INTO txt VALUES ('DisplayFoundDevices', 'English', 'Display found devices'); +INSERT INTO txt VALUES ('Sunday', 'German', 'Sonntag'); +INSERT INTO txt VALUES ('Sunday', 'English', 'Sunday'); +INSERT INTO txt VALUES ('Monday', 'German', 'Montag'); +INSERT INTO txt VALUES ('Monday', 'English', 'Monday'); +INSERT INTO txt VALUES ('Tuesday', 'German', 'Dienstag'); +INSERT INTO txt VALUES ('Tuesday', 'English', 'Tuesday'); +INSERT INTO txt VALUES ('Wednesday', 'German', 'Mittwoch'); +INSERT INTO txt VALUES ('Wednesday', 'English', 'Wednesday'); +INSERT INTO txt VALUES ('Thursday', 'German', 'Donnerstag'); +INSERT INTO txt VALUES ('Thursday', 'English', 'Thursday'); +INSERT INTO txt VALUES ('Friday', 'German', 'Freitag'); +INSERT INTO txt VALUES ('Friday', 'English', 'Friday'); +INSERT INTO txt VALUES ('Saturday', 'German', 'Samstag'); +INSERT INTO txt VALUES ('Saturday', 'English', 'Saturday'); +INSERT INTO txt VALUES ('Rules', 'German', 'Regel-Report'); +INSERT INTO txt VALUES ('Rules', 'English', 'Rules Report'); +INSERT INTO txt VALUES ('Changes', 'German', 'Changes-Report'); +INSERT INTO txt VALUES ('Changes', 'English', 'Changes Report'); +INSERT INTO txt VALUES ('Statistics', 'German', 'Statistik-Report'); +INSERT INTO txt VALUES ('Statistics', 'English', 'Statistics Report'); +INSERT INTO txt VALUES ('NatRules', 'German', 'NAT-Regel-Report'); +INSERT INTO txt VALUES ('NatRules', 'English', 'NAT Rules Report'); +INSERT INTO txt VALUES ('ResolvedRules', 'German', 'Regel-Report (aufgelöst)'); +INSERT INTO txt VALUES ('ResolvedRules', 'English', 'Rules Report (resolved)'); +INSERT INTO txt VALUES ('ResolvedRulesTech', 'German', 'Regel-Report (technisch)'); +INSERT INTO txt VALUES ('ResolvedRulesTech', 'English', 'Rules Report (technical)'); +INSERT INTO txt VALUES ('Recertification', 'German', 'Rezertifizierungs-Report'); +INSERT INTO txt VALUES ('Recertification', 'English', 'Recertification Report'); +INSERT INTO txt VALUES ('ResolvedChanges', 'German', 'Changes-Report (aufgelöst)'); +INSERT INTO txt VALUES ('ResolvedChanges', 'English', 'Changes Report (resolved)'); +INSERT INTO txt VALUES ('ResolvedChangesTech', 'German', 'Changes-Report (technisch)'); +INSERT INTO txt VALUES ('ResolvedChangesTech', 'English', 'Changes Report (technical)'); +INSERT INTO txt VALUES ('UnusedRules', 'German', 'Unbenutzte-Regel-Report'); +INSERT INTO txt VALUES ('UnusedRules', 'English', 'Unused Rules Report'); +INSERT INTO txt VALUES ('Connections', 'German', 'Verbindungs-Report'); +INSERT INTO txt VALUES ('Connections', 'English', 'Connections Report'); +INSERT INTO txt VALUES ('mixed', 'German', 'Gemischt'); +INSERT INTO txt VALUES ('mixed', 'English', 'Mixed'); +INSERT INTO txt VALUES ('exclusive', 'German', 'Exklusiv'); +INSERT INTO txt VALUES ('exclusive', 'English', 'Exclusive'); +INSERT INTO txt VALUES ('AppRole', 'German', 'App Rolle'); +INSERT INTO txt VALUES ('AppRole', 'English', 'App Role'); +INSERT INTO txt VALUES ('AppZone', 'German', 'Anwendungszone'); +INSERT INTO txt VALUES ('AppZone', 'English', 'App Zone'); +INSERT INTO txt VALUES ('NetworkZone', 'German', 'Netzwerkzone'); +INSERT INTO txt VALUES ('NetworkZone', 'English', 'Network Zone'); +INSERT INTO txt VALUES ('NetworkArea', 'German', 'Netzwerkarea'); +INSERT INTO txt VALUES ('NetworkArea', 'English', 'Network Area'); +INSERT INTO txt VALUES ('Connection', 'German', 'Verbindung'); +INSERT INTO txt VALUES ('Connection', 'English', 'Connection'); +INSERT INTO txt VALUES ('AppServer', 'German', 'App Server'); +INSERT INTO txt VALUES ('AppServer', 'English', 'App Server'); +INSERT INTO txt VALUES ('ServiceGroup', 'German', 'Dienstgruppe'); +INSERT INTO txt VALUES ('ServiceGroup', 'English', 'Service Group'); +INSERT INTO txt VALUES ('Service', 'German', 'Dienst'); +INSERT INTO txt VALUES ('Service', 'English', 'Service'); +INSERT INTO txt VALUES ('Insert', 'German', 'Einfügen'); +INSERT INTO txt VALUES ('Insert', 'English', 'Insert'); +INSERT INTO txt VALUES ('Update', 'German', 'Ändern'); +INSERT INTO txt VALUES ('Update', 'English', 'Update'); +INSERT INTO txt VALUES ('Delete', 'German', 'Löschen'); +INSERT INTO txt VALUES ('Delete', 'English', 'Delete'); +INSERT INTO txt VALUES ('Assign', 'German', 'Zuweisen'); +INSERT INTO txt VALUES ('Assign', 'English', 'Assign'); +INSERT INTO txt VALUES ('Unassign', 'German', 'Zuweisung aufheben'); +INSERT INTO txt VALUES ('Unassign', 'English', 'Unassign'); +INSERT INTO txt VALUES ('MarkDeleted', 'German', 'Als gelöscht markieren'); +INSERT INTO txt VALUES ('MarkDeleted', 'English', 'Mark Deleted'); +INSERT INTO txt VALUES ('Reactivate', 'German', 'Reaktivieren'); +INSERT INTO txt VALUES ('Reactivate', 'English', 'Reactivate'); +INSERT INTO txt VALUES ('SimpleText', 'German', 'Einfacher Text (kein Änderungsreport)'); +INSERT INTO txt VALUES ('SimpleText', 'English', 'Simple Text (no Change Report)'); +INSERT INTO txt VALUES ('HtmlInBody', 'German', 'Html in Email'); +INSERT INTO txt VALUES ('HtmlInBody', 'English', 'Html in email body'); +INSERT INTO txt VALUES ('PdfAsAttachment', 'German', 'Pdf als Anhang'); +INSERT INTO txt VALUES ('PdfAsAttachment', 'English', 'Pdf as Attachment'); +INSERT INTO txt VALUES ('HtmlAsAttachment', 'German', 'Html als Anhang'); +INSERT INTO txt VALUES ('HtmlAsAttachment', 'English', 'Html as Attachment'); +INSERT INTO txt VALUES ('CsvAsAttachment', 'German', 'Csv als Anhang'); +INSERT INTO txt VALUES ('CsvAsAttachment', 'English', 'Csv as Attachment'); +INSERT INTO txt VALUES ('JsonAsAttachment', 'German', 'Json als Anhang'); +INSERT INTO txt VALUES ('JsonAsAttachment', 'English', 'Json as Attachment'); +INSERT INTO txt VALUES ('CurrentHandler', 'German', 'Aktueller Bearbeiter'); +INSERT INTO txt VALUES ('CurrentHandler', 'English', 'Current handler'); +INSERT INTO txt VALUES ('RecentHandler', 'German', 'Vorheriger Bearbeiter'); +INSERT INTO txt VALUES ('RecentHandler', 'English', 'Recent handler'); +INSERT INTO txt VALUES ('AssignedGroup', 'German', 'Zugewiesene Gruppe'); +INSERT INTO txt VALUES ('AssignedGroup', 'English', 'Assigned Group'); +INSERT INTO txt VALUES ('OwnerMainResponsible', 'German', 'Eigentümer Hauptverantwortlicher'); +INSERT INTO txt VALUES ('OwnerMainResponsible', 'English', 'Owner Main Responsible'); +INSERT INTO txt VALUES ('AllOwnerResponsibles', 'German', 'Eigentümer alle Verantwortlichen'); +INSERT INTO txt VALUES ('AllOwnerResponsibles', 'English', 'Owner all responsibles'); +INSERT INTO txt VALUES ('Requester', 'German', 'Antragsteller'); +INSERT INTO txt VALUES ('Requester', 'English', 'Requester'); +INSERT INTO txt VALUES ('Approver', 'German', 'Genehmiger'); +INSERT INTO txt VALUES ('Approver', 'English', 'Approver'); +INSERT INTO txt VALUES ('LastCommenter', 'German', 'Letzter Kommentierender'); +INSERT INTO txt VALUES ('LastCommenter', 'English', 'Last commenter'); +INSERT INTO txt VALUES ('AllCommenters', 'German', 'Alle Kommentierenden'); +INSERT INTO txt VALUES ('AllCommenters', 'English', 'All commenters'); + -- general INSERT INTO txt VALUES ('cancel', 'German', 'Abbrechen'); INSERT INTO txt VALUES ('cancel', 'English', 'Cancel'); @@ -29,6 +205,8 @@ INSERT INTO txt VALUES ('set', 'German', 'Setzen'); INSERT INTO txt VALUES ('set', 'English', 'Set'); INSERT INTO txt VALUES ('add', 'German', 'Hinzufügen'); INSERT INTO txt VALUES ('add', 'English', 'Add'); +INSERT INTO txt VALUES ('commit_changes', 'German', 'Änderungen übernehmen'); +INSERT INTO txt VALUES ('commit_changes', 'English', 'Commit changes'); INSERT INTO txt VALUES ('autodiscover', 'German', 'Sync'); INSERT INTO txt VALUES ('autodiscover', 'English', 'Sync'); INSERT INTO txt VALUES ('assign', 'German', 'Zuordnen'); @@ -81,7 +259,7 @@ INSERT INTO txt VALUES ('old_password', 'German', 'Altes Passwort'); INSERT INTO txt VALUES ('old_password', 'English', 'Old Password'); INSERT INTO txt VALUES ('new_password', 'German', 'Neues Passwort'); INSERT INTO txt VALUES ('new_password', 'English', 'New Password'); -INSERT INTO txt VALUES ('jwt_expiry_title', 'German', 'JWT läuft bald ab'); +INSERT INTO txt VALUES ('jwt_expiry_title', 'German', 'JWT läuft bald ab'); INSERT INTO txt VALUES ('jwt_expiry_title', 'English', 'JWT about to expire'); INSERT INTO txt VALUES ('jwt_expiry_text', 'German', 'Ihr Jwt (Session Token) ist kurz davor abzulaufen. Bitte geben Sie ihr Passwort ein, um einen neuen Jwt zu erzeugen.'); INSERT INTO txt VALUES ('jwt_expiry_text', 'English', 'Your jwt (session token) is about to expire. Please enter your password to generate a new jwt.'); @@ -145,32 +323,26 @@ INSERT INTO txt VALUES ('whats_new_in_version', 'German', 'Was ist neu in Firew INSERT INTO txt VALUES ('whats_new_in_version', 'English', 'Release notes Firewall Orchestrator version'); INSERT INTO txt VALUES ('whats_new_facts', 'German', '
    -
  • 100% Open Source - passen Sie Firewall Orchestrator an Ihre Bedürfnisse an. Machen Sie mit. - Der Quellcode kann auf GitHub eingesehen und heruntergeladen werden.
    • -
  • GraphQL API für Automatisierungen
    • -
  • Firewall-Regel Rezertifizierungsworkflow - beseitigen Sie ihre Altlasten und erfüllen Sie aktuelle regulatorische Anforderungen.
    • -
  • Für FortiManager und CheckPoint (Stand-Alone & MDS Manager) Auto Discovery
    • -
  • Monitoring und Alerting Modul
    • -
  • Neues Workflow module zum Beantragen von Änderungen
    • -
  • Cisco FirePower Import-Module
    • -
  • Unterstützung für Debian Testing Betriebssystem
    • -
  • Beginn Routing/Interface Pfad Analyse (zunächst nur Fortinet)
    • -
  • Neue Report-Typen: Regeln (aufgelöst), Regeln technisch (alle Gruppe werden in Bestandteile aufgelöst; Report-Export als "Single Table")
    • +
  • Modellierung von Soll-Kommunikationsprofilen z.B. nach Anwendung getrennt (Know Your Application)
    • +
  • UI: In der Weboberfläche des Modellierungsmoduls können die Bedienflöchen wahlweise als Texte oder Icons angezeigt werden (konfigurierbar pro Nutzer)
    • +
  • Importer: Erste (PoC-)Version des VMware NSX Import-Moduls
    • +
  • API: Neues Customizing-Skript für Bulk-Konfiguration via API
    • +
  • Datenbanksicherheit: Alle Passwörter in der Datenbank sind nun verschlüsselt. Breaking change (nur für Entwickler): Zum Debuggen muss die folgende Datei lokal auf dem vscode-System angelegt werden (bei Verwendung von "-e testkeys=true": + /etc/fworch/secrets/main_key - Inhalt: "not4production..not4production.."
    • +
  • Details: siehe + https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md
'); INSERT INTO txt VALUES ('whats_new_facts', 'English', '
    -
  • 100% Open Source - adjust Firewall Orchestrator to your needs. Join the community and contribute. - The code can be viewed/downloaded from GitHub
    • -
  • GraphQL API for automation
    • -
  • Firewall rule recertification workflow - remove unnecessary rules and meet current regulatory requirements.
    • -
  • Device Auto Discovery functionality
    • -
  • Introduction of Monitoring and Alerting module
    • -
  • Introduction of workflow module for requesting changes
    • -
  • New Cisco FirePower import module
    • -
  • Support for new operating system Debian testing
    • -
  • Start routing/interface (currently implemented for fortinet only) import and path analysis
    • -
  • New report types: resolved rules, technical rules (report without group objects, exporting into pure rule tables without additional object tables)
    • +
  • Modelling module for defining target communication profiles for segregated networks (e.g. per application: Know Your Application)
    • +
  • UI: iconifying modelling UI buttons (can now use icons instead of text buttons - configurable per user)
    • +
  • Importer: first version of VMware NSX import module
    • +
  • API: adding customizing script for bulk configs via API
    • +
  • Database security: all credentials in the database are now encrypted - breaking change (for developer debugging only): add the following local file when using -e testkeys=true: + /etc/fworch/secrets/main_key with content "not4production..not4production.."
    • +
  • Details: see + https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md
'); @@ -178,13 +350,16 @@ INSERT INTO txt VALUES ('getting_started', 'German', 'Einstiegshilfe'); INSERT INTO txt VALUES ('getting_started', 'English', 'Quick start'); INSERT INTO txt VALUES ('getting_started_facts', 'German', ' Die folgenden Hauptmenüpunkte stehen (je nach Rollenzugehörigkeit) zur Verfügung:
    -
  • Reporting: Erlaubt das Generieren verschiedener Reports
    • -
  • Scheduling: Zeitlich terminierte (wiederkehrende) Report-Generierung
    • -
  • Archiv: Zugriff auf (per Scheduling) generierte Reports
    • +
  • Reporting: Erlaubt das einmalige Generieren verschiedener Reports sowie eine regelmäß Generierung
    • +
  • Workflow: Ticketsystem zur Beantragung von Änderungen
  • Rezertifizierung: Workflow zur Bereinigung des Regelwerks um nicht mehr benötigte Regeln
    • +
  • Modellierung: Erlaubt die verteilte Modellierung von Kommunikationsverbindungen (Soll-Zustand)
    • +
  • Netzanalyse: Pfadanalyse - welche Firewalls liegen zwischen zwei IP-Adressen?
    • +
  • Compliance: Definition von Zonenmatrix und Zugriffs-Compliance
    • +
  • Monitoring: Alarmierung, Log-Files, Import-Status, ...
  • Hilfeseiten: Benutzerhandbuch
  • Einstellungen: Alle Einstellungen wie z.B. Sprache der Benutzeroberfläche oder - das Einbinden Ihrer eigenen Firewall-Systeme. + das Einbinden Ihrer eigenen Firewall-Systeme.
    N.B. Stellen Sie sicher, dass Sie alle Demo-Daten (insbesondere die Demo-User) löschen (mit Hilfe der "Beispieldaten löschen" Option in den Einstellungen), bevor Sie in den produktiven Betrieb übergehen, da andernfalls ggf. Ihre Daten mit Default-Logins angezeigt werden könnten.
  • Abmelden: Firewall Orchestrator verlassen
    • @@ -193,13 +368,16 @@ Die folgenden Hauptmenüpunkte stehen (je nach Rollenzugehörigkeit) zur INSERT INTO txt VALUES ('getting_started_facts', 'English', ' The following top-level menu items are available (depending on role memberships):
      -
    • Reporting: Ad-hoc generation of all available reports
      • -
    • Scheduling: Setup (recurring) report generation
      • -
    • Archive: Access your (scheduled) reports
      • -
    • Recertification: Workflow for removing unnecessary rules from your rulebases
      • +
    • Reporting: Ad-hoc generation and scheduling of reports
      • +
    • Workflow: Ticketing system for requesting and processing firewall changes
      • +
    • Recertification: Rulebase sanitization by continuously cleaning up existing rules
      • +
    • Modelling: Allows for distributed modelling of network connections (target state)
      • +
    • Network Analysis: Path analysis - which firewall is crossed when routing between two IP addresses?
      • +
    • Compliance: Defining zone matrix and access compliance
      • +
    • Monitoring: Alarms, log files, import status, ...
    • Help: Manual pages
    • Settings: All settings like e.g. language of the user interface or - integration of your own firewalls. + integration of your own firewalls.
      N.B. Please make sure to delete all demo data (using the "Remove sample data" option under settings) before using Firewall Orchestrator with production data. Otherwise you might expose your data by providing default accounts.
      • @@ -242,10 +420,18 @@ Choose from the following contact options: '); -- reporting +INSERT INTO txt VALUES ('report', 'German', 'Report'); +INSERT INTO txt VALUES ('report', 'English', 'Report'); INSERT INTO txt VALUES ('report_type', 'German', 'Report-Typ'); INSERT INTO txt VALUES ('report_type', 'English', 'Report Type'); INSERT INTO txt VALUES ('report_time', 'German', 'Report-Zeit'); INSERT INTO txt VALUES ('report_time', 'English', 'Report Time'); +INSERT INTO txt VALUES ('tenant_view', 'German', 'Mandantenansicht'); +INSERT INTO txt VALUES ('tenant_view', 'English', 'Tenant View'); +INSERT INTO txt VALUES ('unused_days', 'German', 'Unbenutzt seit (in Tagen)'); +INSERT INTO txt VALUES ('unused_days', 'English', 'Unused since (in days)'); +INSERT INTO txt VALUES ('generation', 'German', 'Generierung'); +INSERT INTO txt VALUES ('generation', 'English', 'Generation'); INSERT INTO txt VALUES ('change', 'German', 'Ändern'); INSERT INTO txt VALUES ('change', 'English', 'Change'); INSERT INTO txt VALUES ('shortcut', 'German', 'Abkürzung'); @@ -284,6 +470,16 @@ INSERT INTO txt VALUES ('check_times', 'German', 'Prüfung Datumswerte'); INSERT INTO txt VALUES ('check_times', 'English', 'Check time values'); INSERT INTO txt VALUES ('select_device', 'German', 'Device(s) auswählen'); INSERT INTO txt VALUES ('select_device', 'English', 'Select device(s)'); +INSERT INTO txt VALUES ('tenant_vis_devices', 'German', 'Mandanten-Firewalls'); +INSERT INTO txt VALUES ('tenant_vis_devices', 'English', 'Tenant firewalls'); +INSERT INTO txt VALUES ('edit_vis_devices', 'German', 'Devices für Mandant'); +INSERT INTO txt VALUES ('edit_vis_devices', 'English', 'Devices for tenant'); +INSERT INTO txt VALUES ('hide', 'German', 'versteckt'); +INSERT INTO txt VALUES ('hide', 'English', 'hidden'); +INSERT INTO txt VALUES ('shared', 'German', 'geteilt'); +INSERT INTO txt VALUES ('shared', 'English', 'shared'); +INSERT INTO txt VALUES ('unfiltered', 'German', 'ungefiltert'); +INSERT INTO txt VALUES ('unfiltered', 'English', 'unfiltered'); INSERT INTO txt VALUES ('select_all', 'German', 'Alle auswählen'); INSERT INTO txt VALUES ('select_all', 'English', 'Select all'); INSERT INTO txt VALUES ('clear_all', 'German', 'Auswahl leeren'); @@ -312,6 +508,14 @@ INSERT INTO txt VALUES ('download_html', 'German', 'als HTML herunterladen'); INSERT INTO txt VALUES ('download_html', 'English', 'Download HTML'); INSERT INTO txt VALUES ('download_json', 'German', 'als JSON herunterladen'); INSERT INTO txt VALUES ('download_json', 'English', 'Download JSON'); +INSERT INTO txt VALUES ('page_format', 'German', 'Seitenformat'); +INSERT INTO txt VALUES ('page_format', 'English', 'Page Format'); +INSERT INTO txt VALUES ('width', 'German', 'Breite (mm)'); +INSERT INTO txt VALUES ('width', 'English', 'Width (mm)'); +INSERT INTO txt VALUES ('height', 'German', 'Höhe (mm)'); +INSERT INTO txt VALUES ('height', 'English', 'Height (mm)'); +INSERT INTO txt VALUES ('includes_json', 'German', '(beinhaltet JSON)'); +INSERT INTO txt VALUES ('includes_json', 'English', '(includes JSON)'); INSERT INTO txt VALUES ('save_as_template', 'German', 'Als Vorlage speichern'); INSERT INTO txt VALUES ('save_as_template', 'English', 'Save as Template'); INSERT INTO txt VALUES ('no_device_selected', 'German', 'Kein Device ausgewählt.'); @@ -362,8 +566,10 @@ INSERT INTO txt VALUES ('total_no_obj_mgt', 'German', 'Gesamtzahl der Objekte INSERT INTO txt VALUES ('total_no_obj_mgt', 'English', 'Total number of Objects per Management'); INSERT INTO txt VALUES ('no_rules_gtw', 'German', 'Anzahl Regeln pro Gateway'); INSERT INTO txt VALUES ('no_rules_gtw', 'English', 'Number of Rules per Gateway'); -INSERT INTO txt VALUES ('negated', 'German', 'negated'); -INSERT INTO txt VALUES ('negated', 'English', 'negiert'); +INSERT INTO txt VALUES ('negated', 'German', 'nicht'); +INSERT INTO txt VALUES ('negated', 'English', 'not'); +INSERT INTO txt VALUES ('network_object', 'German', 'Netzwerkobjekt'); +INSERT INTO txt VALUES ('network_object', 'English', 'Network Object'); INSERT INTO txt VALUES ('network_objects', 'German', 'Netzwerkobjekte'); INSERT INTO txt VALUES ('network_objects', 'English', 'Network Objects'); INSERT INTO txt VALUES ('network_services', 'German', 'Netzwerkdienste'); @@ -374,12 +580,18 @@ INSERT INTO txt VALUES ('user_objects', 'German', 'Nutzerobjekte'); INSERT INTO txt VALUES ('user_objects', 'English', 'User objects'); INSERT INTO txt VALUES ('rules', 'German', 'Regeln'); INSERT INTO txt VALUES ('rules', 'English', 'Rules'); -INSERT INTO txt VALUES ('resolvedrules', 'German', 'Regeln (aufgelöst)'); -INSERT INTO txt VALUES ('resolvedrules', 'English', 'Rules (resolved)'); -INSERT INTO txt VALUES ('resolvedrulestech', 'German', 'Regeln (technisch)'); -INSERT INTO txt VALUES ('resolvedrulestech', 'English', 'Rules (technical)'); INSERT INTO txt VALUES ('changes', 'German', 'Änderungen'); INSERT INTO txt VALUES ('changes', 'English', 'Changes'); +INSERT INTO txt VALUES ('used_objects', 'German', 'Benutzte Objekte'); +INSERT INTO txt VALUES ('used_objects', 'English', 'Used Objects'); +INSERT INTO txt VALUES ('unused_objects', 'German', 'Unbenutzte Objekte'); +INSERT INTO txt VALUES ('inused_objects', 'English', 'Unused Objects'); +INSERT INTO txt VALUES ('rule_deleted', 'German', 'Regel gelöscht'); +INSERT INTO txt VALUES ('rule_deleted', 'English', 'Rule deleted'); +INSERT INTO txt VALUES ('rule_added', 'German', 'Regel hinzugefügt'); +INSERT INTO txt VALUES ('rule_added', 'English', 'Rule added'); +INSERT INTO txt VALUES ('rule_modified', 'German', 'Regel modifiziert'); +INSERT INTO txt VALUES ('rule_modified', 'English', 'Rule modified'); INSERT INTO txt VALUES ('statistics', 'German', 'Statistik'); INSERT INTO txt VALUES ('statistics', 'English', 'Statistics'); INSERT INTO txt VALUES ('natrules', 'German', 'NAT-Regeln'); @@ -410,8 +622,6 @@ INSERT INTO txt VALUES ('source_zone', 'German', 'Quellzone'); INSERT INTO txt VALUES ('source_zone', 'English', 'Source Zone'); INSERT INTO txt VALUES ('destination_zone', 'German', 'Zielzone'); INSERT INTO txt VALUES ('destination_zone', 'English', 'Destination Zone'); -INSERT INTO txt VALUES ('anything_but', 'German', 'alles ausser'); -INSERT INTO txt VALUES ('anything_but', 'English', 'anything but'); INSERT INTO txt VALUES ('enabled', 'German', 'Aktiviert'); INSERT INTO txt VALUES ('enabled', 'English', 'Enabled'); INSERT INTO txt VALUES ('uid', 'German', 'UID'); @@ -460,20 +670,22 @@ INSERT INTO txt VALUES ('delete_template', 'German', 'Löschen der Vor INSERT INTO txt VALUES ('delete_template', 'English', 'Delete Report Template'); INSERT INTO txt VALUES ('no_changes_found', 'German', 'Keine Changes gefunden!'); INSERT INTO txt VALUES ('no_changes_found', 'English', 'No changes found!'); -INSERT INTO txt VALUES ('rules_report', 'German', 'Regel-Report'); -INSERT INTO txt VALUES ('rules_report', 'English', 'Rules Report'); -INSERT INTO txt VALUES ('natrules_report', 'German', 'NAT-Regel-Report'); -INSERT INTO txt VALUES ('natrules_report', 'English', 'NAT Rules Report'); -INSERT INTO txt VALUES ('changes_report', 'German', 'Changes-Report'); -INSERT INTO txt VALUES ('changes_report', 'English', 'Changes Report'); -INSERT INTO txt VALUES ('statistics_report', 'German', 'Statistik-Report'); -INSERT INTO txt VALUES ('statistics_report', 'English', 'Statistics Report'); -INSERT INTO txt VALUES ('resolved_rules_report','German', 'Regel-Report (aufgelöst)'); -INSERT INTO txt VALUES ('resolved_rules_report','English', 'Rules Report (resolved)'); INSERT INTO txt VALUES ('generated_on', 'German', 'Erstellt am'); INSERT INTO txt VALUES ('generated_on', 'English', 'Generated on'); INSERT INTO txt VALUES ('date_of_config', 'German', 'Zeit der Konfiguration'); INSERT INTO txt VALUES ('date_of_config', 'English', 'Time of configuration'); +INSERT INTO txt VALUES ('create_delete_ticket', 'German', 'Löschantrag stellen'); +INSERT INTO txt VALUES ('create_delete_ticket', 'English', 'Create Delete Ticket'); +INSERT INTO txt VALUES ('rules_to_delete', 'German', 'Zu löschende Regeln'); +INSERT INTO txt VALUES ('rules_to_delete', 'English', 'Rules to delete'); +INSERT INTO txt VALUES ('delete_unused_rule', 'German', 'Unbenutzte Regel löschen'); +INSERT INTO txt VALUES ('delete_unused_rule', 'English', 'Delete unused rule'); +INSERT INTO txt VALUES ('delete_unused_rules', 'German', 'Unbenutzte Regeln löschen'); +INSERT INTO txt VALUES ('delete_unused_rules', 'English', 'Delete unused rules'); +INSERT INTO txt VALUES ('network', 'German', 'Netzwerk'); +INSERT INTO txt VALUES ('network', 'English', 'network'); +INSERT INTO txt VALUES ('ip_range', 'German', 'Ip-Bereich'); +INSERT INTO txt VALUES ('ip_range', 'English', 'Ip Range'); -- schedule INSERT INTO txt VALUES ('schedule', 'German', 'Terminplan'); @@ -484,8 +696,8 @@ INSERT INTO txt VALUES ('repeat_interval', 'German', 'Wiederholungsintervall') INSERT INTO txt VALUES ('repeat_interval', 'English', 'Repeat Interval'); INSERT INTO txt VALUES ('template', 'German', 'Vorlage'); INSERT INTO txt VALUES ('template', 'English', 'Template'); -INSERT INTO txt VALUES ('owner', 'German', 'Eigentümer'); -INSERT INTO txt VALUES ('owner', 'English', 'Owner'); +INSERT INTO txt VALUES ('schedule_owner', 'German', 'Eigentümer'); +INSERT INTO txt VALUES ('schedule_owner', 'English', 'Owner'); INSERT INTO txt VALUES ('active', 'German', 'Aktiv'); INSERT INTO txt VALUES ('active', 'English', 'Active'); INSERT INTO txt VALUES ('count', 'German', 'Zähler'); @@ -506,7 +718,7 @@ INSERT INTO txt VALUES ('Months', 'German', 'Monat(e)'); INSERT INTO txt VALUES ('Months', 'English', 'Month(s)'); INSERT INTO txt VALUES ('Years', 'German', 'Jahr(e)'); INSERT INTO txt VALUES ('Years', 'English', 'Year(s)'); -INSERT INTO txt VALUES ('schedule_fetch', 'German', 'Abholen der Termine'); +INSERT INTO txt VALUES ('schedule_fetch', 'German', 'Laden der Termine'); INSERT INTO txt VALUES ('schedule_fetch', 'English', 'Report Schedule Fetch'); INSERT INTO txt VALUES ('save_scheduled_report','German', 'Termin speichern'); INSERT INTO txt VALUES ('save_scheduled_report','English', 'Save scheduled report'); @@ -514,6 +726,10 @@ INSERT INTO txt VALUES ('edit_scheduled_report','German', 'Termin bearbeiten'); INSERT INTO txt VALUES ('edit_scheduled_report','English', 'Edit scheduled report'); INSERT INTO txt VALUES ('delete_scheduled_report','German', 'Termin löschen'); INSERT INTO txt VALUES ('delete_scheduled_report','English','Delete scheduled report'); +INSERT INTO txt VALUES ('schedule_tile', 'German', 'Terminplan'); +INSERT INTO txt VALUES ('schedule_tile', 'English', 'Report schedule'); +INSERT INTO txt VALUES ('schedule_upd_err_msg', 'German', 'Das Laden der terminierten Reports führte zu einem Fehler.'); +INSERT INTO txt VALUES ('schedule_upd_err_msg', 'English', 'Loading the scheduled reports resulted in an error.'); -- archive INSERT INTO txt VALUES ('download', 'German', 'Herunterladen'); @@ -536,6 +752,10 @@ INSERT INTO txt VALUES ('fetch_report', 'German', 'Erstellten Report holen INSERT INTO txt VALUES ('fetch_report', 'English', 'Fetch downloads of generated report'); INSERT INTO txt VALUES ('delete_report', 'German', 'Erstellten Report löschen'); INSERT INTO txt VALUES ('delete_report', 'English', 'Delete generated report'); +INSERT INTO txt VALUES ('archive_tile', 'German', 'Report Archivierung'); +INSERT INTO txt VALUES ('archive_tile', 'English', 'Report archiving'); +INSERT INTO txt VALUES ('archive_upd_err_msg', 'German', 'Das Laden der archivierten Reports führte zu einem Fehler.'); +INSERT INTO txt VALUES ('archive_upd_err_msg', 'English', 'Loading the archived reports resulted in an error.'); -- workflow INSERT INTO txt VALUES ('request', 'German', 'Antrag'); @@ -580,6 +800,8 @@ INSERT INTO txt VALUES ('state', 'German', 'Status'); INSERT INTO txt VALUES ('state', 'English', 'State'); INSERT INTO txt VALUES ('tasks', 'German', 'Aufgaben'); INSERT INTO txt VALUES ('tasks', 'English', 'Tasks'); +INSERT INTO txt VALUES ('display_task', 'German', 'Aufgabe darstellen'); +INSERT INTO txt VALUES ('display_task', 'English', 'Display task'); INSERT INTO txt VALUES ('add_task', 'German', 'Aufgabe hinzufügen'); INSERT INTO txt VALUES ('add_task', 'English', 'Add task'); INSERT INTO txt VALUES ('save_task', 'German', 'Aufgabe speichern'); @@ -676,6 +898,8 @@ INSERT INTO txt VALUES ('assign_to', 'German', 'Weiterleiten an'); INSERT INTO txt VALUES ('assign_to', 'English', 'Assign to'); INSERT INTO txt VALUES ('assign_group', 'German', 'Gruppe zuweisen'); INSERT INTO txt VALUES ('assign_group', 'English', 'Assign group'); +INSERT INTO txt VALUES ('assign_owner', 'German', 'Eigentümer zuweisen'); +INSERT INTO txt VALUES ('assign_owner', 'English', 'Assign Owner'); INSERT INTO txt VALUES ('assigned', 'German', 'Zugewiesen'); INSERT INTO txt VALUES ('assigned', 'English', 'Assigned'); INSERT INTO txt VALUES ('back_to', 'German', 'Zurück zu'); @@ -696,6 +920,8 @@ INSERT INTO txt VALUES ('all_gateways', 'German', 'Alle Gateways'); INSERT INTO txt VALUES ('all_gateways', 'English', 'All Gateways'); INSERT INTO txt VALUES ('insert_ip', 'German', 'IP einfügen'); INSERT INTO txt VALUES ('insert_ip', 'English', 'Insert IP'); +INSERT INTO txt VALUES ('insert_port', 'German', 'Port einfügen'); +INSERT INTO txt VALUES ('insert_port', 'English', 'Insert port'); INSERT INTO txt VALUES ('state_actions', 'German', 'Statusaktionen'); INSERT INTO txt VALUES ('state_actions', 'English', 'State Actions'); INSERT INTO txt VALUES ('add_action', 'German', 'Aktion hinzufügen'); @@ -738,66 +964,14 @@ INSERT INTO txt VALUES ('button_text', 'German', 'Schaltertext'); INSERT INTO txt VALUES ('button_text', 'English', 'Button Text'); INSERT INTO txt VALUES ('path_analysis', 'German', 'Pfadanalyse'); INSERT INTO txt VALUES ('path_analysis', 'English', 'Path analysis'); - --- enum values -INSERT INTO txt VALUES ('master', 'German', 'Master'); -INSERT INTO txt VALUES ('master', 'English', 'Master'); -INSERT INTO txt VALUES ('access', 'German', 'Zugriff'); -INSERT INTO txt VALUES ('access', 'English', 'Access'); -INSERT INTO txt VALUES ('generic', 'German', 'Generisch'); -INSERT INTO txt VALUES ('generic', 'English', 'Generic'); -INSERT INTO txt VALUES ('rule_modify', 'German', 'Regel ändern'); -INSERT INTO txt VALUES ('rule_modify', 'English', 'Modify Rule'); -INSERT INTO txt VALUES ('rule_delete', 'German', 'Regel löschen'); -INSERT INTO txt VALUES ('rule_delete', 'English', 'Delete Rule'); -INSERT INTO txt VALUES ('group_create', 'German', 'Gruppe anlegen'); -INSERT INTO txt VALUES ('group_create', 'English', 'Create Group'); -INSERT INTO txt VALUES ('group_modify', 'German', 'Gruppe ändern'); -INSERT INTO txt VALUES ('group_modify', 'English', 'Modify Group'); -INSERT INTO txt VALUES ('group_delete', 'German', 'Gruppe löschen'); -INSERT INTO txt VALUES ('group_delete', 'English', 'Delete Group'); -INSERT INTO txt VALUES ('None', 'German', 'Keine(r/s)'); -INSERT INTO txt VALUES ('None', 'English', 'None'); -INSERT INTO txt VALUES ('OnSet', 'German', 'Beim Erreichen'); -INSERT INTO txt VALUES ('OnSet', 'English', 'On set'); -INSERT INTO txt VALUES ('OnLeave', 'German', 'Beim Verlassen'); -INSERT INTO txt VALUES ('OnLeave', 'English', 'On leave'); -INSERT INTO txt VALUES ('OfferButton', 'German', 'Schaltfläche anbieten'); -INSERT INTO txt VALUES ('OfferButton', 'English', 'Offer button'); -INSERT INTO txt VALUES ('DoNothing', 'German', 'Keine Aktion'); -INSERT INTO txt VALUES ('DoNothing', 'English', 'Do Nothing'); -INSERT INTO txt VALUES ('AutoPromote', 'German', 'Autom. Weiterleitung'); -INSERT INTO txt VALUES ('AutoPromote', 'English', 'Auto-forward'); -INSERT INTO txt VALUES ('AddApproval', 'German', 'Genehmigung hinzufügen'); -INSERT INTO txt VALUES ('AddApproval', 'English', 'Add approval'); -INSERT INTO txt VALUES ('SetAlert', 'German', 'Alarm auslösen'); -INSERT INTO txt VALUES ('SetAlert', 'English', 'Set alert'); -INSERT INTO txt VALUES ('TrafficPathAnalysis', 'German', 'Pfadanalyse'); -INSERT INTO txt VALUES ('TrafficPathAnalysis', 'English', 'Path Analysis'); -INSERT INTO txt VALUES ('ExternalCall', 'German', 'Externer Aufruf'); -INSERT INTO txt VALUES ('ExternalCall', 'English', 'External call'); -INSERT INTO txt VALUES ('Ticket', 'German', 'Ticket'); -INSERT INTO txt VALUES ('Ticket', 'English', 'Ticket'); -INSERT INTO txt VALUES ('RequestTask', 'German', 'fachlicher Auftrag'); -INSERT INTO txt VALUES ('RequestTask', 'English', 'Request Task'); -INSERT INTO txt VALUES ('ImplementationTask', 'German', 'Implementierungs-Auftrag'); -INSERT INTO txt VALUES ('ImplementationTask', 'English', 'Implementation Task'); -INSERT INTO txt VALUES ('Approval', 'German', 'Genehmigung'); -INSERT INTO txt VALUES ('Approval', 'English', 'Approval'); -INSERT INTO txt VALUES ('never', 'German', 'Niemals'); -INSERT INTO txt VALUES ('never', 'English', 'Never'); -INSERT INTO txt VALUES ('onlyForOneDevice', 'German', 'Nur eines wenn Gerät vorhanden'); -INSERT INTO txt VALUES ('onlyForOneDevice', 'English', 'Only one if device available'); -INSERT INTO txt VALUES ('forEachDevice', 'German', 'Für jedes Gerät'); -INSERT INTO txt VALUES ('forEachDevice', 'English', 'For each device'); -INSERT INTO txt VALUES ('enterInReqTask', 'German', 'Gerät im Antrag eingeben'); -INSERT INTO txt VALUES ('enterInReqTask', 'English', 'Enter device in request'); -INSERT INTO txt VALUES ('afterPathAnalysis', 'German', 'Nach Pfadanalyse'); -INSERT INTO txt VALUES ('afterPathAnalysis', 'English', 'After path analysis'); -INSERT INTO txt VALUES ('WriteToDeviceList', 'German', 'In Geräteliste eintragen'); -INSERT INTO txt VALUES ('WriteToDeviceList', 'English', 'Write to device list'); -INSERT INTO txt VALUES ('DisplayFoundDevices', 'German', 'Gefundene Geräte darstellen'); -INSERT INTO txt VALUES ('DisplayFoundDevices', 'English', 'Display found devices'); +INSERT INTO txt VALUES ('all_my_owners', 'German', 'Alle meine Eigentümer'); +INSERT INTO txt VALUES ('all_my_owners', 'English', 'All my owners'); +INSERT INTO txt VALUES ('assigned_to_me', 'German', 'Mir zugeordnet'); +INSERT INTO txt VALUES ('assigned_to_me', 'English', 'Assigned to me'); +INSERT INTO txt VALUES ('select_owner', 'German', 'Eigentümer auswählen'); +INSERT INTO txt VALUES ('select_owner', 'English', 'Select Owner'); +INSERT INTO txt VALUES ('ticket_id', 'German', 'Ticket-Id'); +INSERT INTO txt VALUES ('ticket_id', 'English', 'Ticket Id'); -- network analysis INSERT INTO txt VALUES ('network_analysis', 'German', 'Netzanalyse'); @@ -828,6 +1002,8 @@ INSERT INTO txt VALUES ('load_rules', 'German', 'Regeln anzeigen'); INSERT INTO txt VALUES ('load_rules', 'English', 'Show Rules'); INSERT INTO txt VALUES ('execute_selected', 'German', 'Ausgewählte Aktionen ausführen'); INSERT INTO txt VALUES ('execute_selected', 'English', 'Execute Selected Actions'); +INSERT INTO txt VALUES ('missing_owner_id', 'German', 'Fehlende Eigentümer ID'); +INSERT INTO txt VALUES ('missing_owner_id', 'English', 'missing owner id'); INSERT INTO txt VALUES ('next_recert', 'German', 'Datum nächste Rezertifizierung'); INSERT INTO txt VALUES ('next_recert', 'English', 'Next Recertification Date'); INSERT INTO txt VALUES ('last_recertifier', 'German', 'Letzter Rezertifizierer'); @@ -844,6 +1020,14 @@ INSERT INTO txt VALUES ('last_certify_date', 'German', 'Datum der letzten R INSERT INTO txt VALUES ('last_certify_date', 'English', 'Last recertification date'); INSERT INTO txt VALUES ('marked_to_be_removed', 'German', 'Als zu löschen markiert'); INSERT INTO txt VALUES ('marked_to_be_removed', 'English', 'Marked to be removed'); +INSERT INTO txt VALUES ('recert_history', 'German', 'Rezertifizierungshistorie'); +INSERT INTO txt VALUES ('recert_history', 'English', 'Recertification history'); +INSERT INTO txt VALUES ('recertified_by', 'German', 'rezertifiziert von'); +INSERT INTO txt VALUES ('recertified_by', 'English', 'recertified by'); +INSERT INTO txt VALUES ('decertified_by', 'German', 'dezertifiziert von'); +INSERT INTO txt VALUES ('decertified_by', 'English', 'decertified by'); +INSERT INTO txt VALUES ('as_owner', 'German', 'als Eigentümer'); +INSERT INTO txt VALUES ('as_owner', 'English', 'as Owner'); INSERT INTO txt VALUES ('decert_date', 'German', 'Dezertifizierungsdatum'); INSERT INTO txt VALUES ('decert_date', 'English', 'Decertification date'); INSERT INTO txt VALUES ('recert_comment', 'German', 'Zertifizierungskommentar'); @@ -860,6 +1044,252 @@ INSERT INTO txt VALUES ('show_any_match', 'German', 'Any-Regeln anzeigen INSERT INTO txt VALUES ('show_any_match', 'English', 'show any rules'); INSERT INTO txt VALUES ('single_line_per_rule', 'German', 'eine Zeile pro Regel'); INSERT INTO txt VALUES ('single_line_per_rule', 'English', 'one line per rule'); +INSERT INTO txt VALUES ('recalc_recerts', 'German', 'Neuberechnung offene Rezertifizierungen'); +INSERT INTO txt VALUES ('recalc_recerts', 'English', 'Recalculate open recertifications'); +INSERT INTO txt VALUES ('recalc_now', 'German', 'Jetzt neu berechnen'); +INSERT INTO txt VALUES ('recalc_now', 'English', 'Recalculate now'); +INSERT INTO txt VALUES ('at_startup', 'German', 'Beim Hochfahren'); +INSERT INTO txt VALUES ('at_startup', 'English', 'At startup'); +INSERT INTO txt VALUES ('daily', 'German', 'Täglich'); +INSERT INTO txt VALUES ('daily', 'English', 'Daily'); + +-- network modelling +INSERT INTO txt VALUES ('network_modelling', 'German', 'Netzwerkmodellierung'); +INSERT INTO txt VALUES ('network_modelling', 'English', 'Network Modelling'); +INSERT INTO txt VALUES ('modelling', 'German', 'Modellierung'); +INSERT INTO txt VALUES ('modelling', 'English', 'Modelling'); +INSERT INTO txt VALUES ('application', 'German', 'Applikation'); +INSERT INTO txt VALUES ('application', 'English', 'Application'); +INSERT INTO txt VALUES ('applications', 'German', 'Applikationen'); +INSERT INTO txt VALUES ('applications', 'English', 'Applications'); +INSERT INTO txt VALUES ('library', 'German', 'Bibliothek'); +INSERT INTO txt VALUES ('library', 'English', 'Library'); +INSERT INTO txt VALUES ('app_server', 'German', 'App Server'); +INSERT INTO txt VALUES ('app_server', 'English', 'App Server'); +INSERT INTO txt VALUES ('app_servers', 'German', 'App Server'); +INSERT INTO txt VALUES ('app_servers', 'English', 'App Servers'); +INSERT INTO txt VALUES ('app_role', 'German', 'App Rolle'); +INSERT INTO txt VALUES ('app_role', 'English', 'App Role'); +INSERT INTO txt VALUES ('app_roles', 'German', 'App Rollen'); +INSERT INTO txt VALUES ('app_roles', 'English', 'App Roles'); +INSERT INTO txt VALUES ('preview', 'German', 'Vorschau'); +INSERT INTO txt VALUES ('preview', 'English', 'Preview'); +INSERT INTO txt VALUES ('comm_profile', 'German', 'Kommunikationsprofil'); +INSERT INTO txt VALUES ('comm_profile', 'English', 'Communication Profile'); +INSERT INTO txt VALUES ('connection', 'German', 'Verbindung'); +INSERT INTO txt VALUES ('connection', 'English', 'Connection'); +INSERT INTO txt VALUES ('connections', 'German', 'Verbindungen'); +INSERT INTO txt VALUES ('connections', 'English', 'Connections'); +INSERT INTO txt VALUES ('add_connection', 'German', 'Verbindung hinzufügen'); +INSERT INTO txt VALUES ('add_connection', 'English', 'Add Connection'); +INSERT INTO txt VALUES ('edit_connection', 'German', 'Verbindung bearbeiten'); +INSERT INTO txt VALUES ('edit_connection', 'English', 'Edit Connection'); +INSERT INTO txt VALUES ('save_connection', 'German', 'Verbindung speichern'); +INSERT INTO txt VALUES ('save_connection', 'English', 'Save Connection'); +INSERT INTO txt VALUES ('delete_connection', 'German', 'Verbindung löschen'); +INSERT INTO txt VALUES ('delete_connection', 'English', 'Delete Connection'); +INSERT INTO txt VALUES ('remove_connection', 'German', 'Verbindung entfernen'); +INSERT INTO txt VALUES ('remove_connection', 'English', 'Remove Connection'); +INSERT INTO txt VALUES ('add_interface', 'German', 'Schnittstelle hinzufügen'); +INSERT INTO txt VALUES ('add_interface', 'English', 'Add Interface'); +INSERT INTO txt VALUES ('delete_interface', 'German', 'Schnittstelle löschen'); +INSERT INTO txt VALUES ('delete_interface', 'English', 'Delete Interface'); +INSERT INTO txt VALUES ('func_reason', 'German', 'Fachliche Begründung'); +INSERT INTO txt VALUES ('func_reason', 'English', 'Functional Reason'); +INSERT INTO txt VALUES ('to_source', 'German', 'Zu Quelle'); +INSERT INTO txt VALUES ('to_source', 'English', 'To Source'); +INSERT INTO txt VALUES ('to_dest', 'German', 'Zu Ziel'); +INSERT INTO txt VALUES ('to_dest', 'English', 'To Destination'); +INSERT INTO txt VALUES ('to_service', 'German', 'Zu Dienst'); +INSERT INTO txt VALUES ('to_service', 'English', 'To Service'); +INSERT INTO txt VALUES ('data_inconsistent', 'German', 'Daten inkonsistent'); +INSERT INTO txt VALUES ('data_inconsistent', 'English', 'Data inconsistent'); +INSERT INTO txt VALUES ('add_app_role', 'German', 'Neue App Rolle'); +INSERT INTO txt VALUES ('add_app_role', 'English', 'New App Role'); +INSERT INTO txt VALUES ('edit_app_role', 'German', 'App Rolle bearbeiten'); +INSERT INTO txt VALUES ('edit_app_role', 'English', 'Edit App Role'); +INSERT INTO txt VALUES ('save_app_role', 'German', 'App Rolle speichern'); +INSERT INTO txt VALUES ('save_app_role', 'English', 'Save App Role'); +INSERT INTO txt VALUES ('delete_app_role', 'German', 'App Rolle löschen'); +INSERT INTO txt VALUES ('delete_app_role', 'English', 'Delete App Role'); +INSERT INTO txt VALUES ('display_app_role', 'German', 'App Rolle darstellen'); +INSERT INTO txt VALUES ('display_app_role', 'English', 'Display App Role'); +INSERT INTO txt VALUES ('to_app_role', 'German', 'Zu App Rolle'); +INSERT INTO txt VALUES ('to_app_role', 'English', 'To App Role'); +INSERT INTO txt VALUES ('display_app_server', 'German', 'App Server darstellen'); +INSERT INTO txt VALUES ('display_app_server', 'English', 'Display App Server'); +INSERT INTO txt VALUES ('add_service', 'German', 'Dienst hinzufügen'); +INSERT INTO txt VALUES ('add_service', 'English', 'Add Service'); +INSERT INTO txt VALUES ('edit_service', 'German', 'Dienst bearbeiten'); +INSERT INTO txt VALUES ('edit_service', 'English', 'Edit Service'); +INSERT INTO txt VALUES ('save_service', 'German', 'Dienst speichern'); +INSERT INTO txt VALUES ('save_service', 'English', 'Save Service'); +INSERT INTO txt VALUES ('delete_service', 'German', 'Dienst löschen'); +INSERT INTO txt VALUES ('delete_service', 'English', 'Delete Service'); +INSERT INTO txt VALUES ('ext_request', 'German', 'Externer Antrag'); +INSERT INTO txt VALUES ('ext_request', 'English', 'External Request'); +INSERT INTO txt VALUES ('area', 'German', 'Area'); +INSERT INTO txt VALUES ('area', 'English', 'Area'); +INSERT INTO txt VALUES ('interface', 'German', 'Schnittstelle'); +INSERT INTO txt VALUES ('interface', 'English', 'Interface'); +INSERT INTO txt VALUES ('interfaces', 'German', 'Schnittstellen'); +INSERT INTO txt VALUES ('interfaces', 'English', 'Interfaces'); +INSERT INTO txt VALUES ('provided_interfaces', 'German', 'Bereitgestellte Schnittstellen'); +INSERT INTO txt VALUES ('provided_interfaces', 'English', 'Provided Interfaces'); +INSERT INTO txt VALUES ('remove_interface', 'German', 'Schnittstelle entfernen'); +INSERT INTO txt VALUES ('remove_interface', 'English', 'Remove Interface'); +INSERT INTO txt VALUES ('display_interface', 'German', 'Schnittstelle darstellen'); +INSERT INTO txt VALUES ('display_interface', 'English', 'Display Interface'); +INSERT INTO txt VALUES ('request_interface', 'German', 'Schnittstelle anfordern'); +INSERT INTO txt VALUES ('request_interface', 'English', 'Request Interface'); +INSERT INTO txt VALUES ('requested_interface', 'German', 'Angeforderte Schnittstelle'); +INSERT INTO txt VALUES ('requested_interface', 'English', 'Requested Interface'); +INSERT INTO txt VALUES ('interface_requested', 'German', 'Schnittstelle angefordert'); +INSERT INTO txt VALUES ('interface_requested', 'English', 'Interface requested'); +INSERT INTO txt VALUES ('use', 'German', 'Benutzen'); +INSERT INTO txt VALUES ('use', 'English', 'Use'); +INSERT INTO txt VALUES ('services_group', 'German', 'Dienstgruppe'); +INSERT INTO txt VALUES ('services_group', 'English', 'Service Group'); +INSERT INTO txt VALUES ('services_groups', 'German', 'Dienstgruppen'); +INSERT INTO txt VALUES ('services_groups', 'English', 'Service Groups'); +INSERT INTO txt VALUES ('to_services_group', 'German', 'Zu Dienstgruppe'); +INSERT INTO txt VALUES ('to_services_group', 'English', 'To Service Group'); +INSERT INTO txt VALUES ('add_service_group', 'German', 'Dienstgruppe hinzufügen'); +INSERT INTO txt VALUES ('add_service_group', 'English', 'Add Service Group'); +INSERT INTO txt VALUES ('edit_service_group', 'German', 'Dienstgruppe bearbeiten'); +INSERT INTO txt VALUES ('edit_service_group', 'English', 'Edit Service Group'); +INSERT INTO txt VALUES ('save_service_group', 'German', 'Dienstgruppe speichern'); +INSERT INTO txt VALUES ('save_service_group', 'English', 'Save Service Group'); +INSERT INTO txt VALUES ('delete_service_group', 'German', 'Dienstgruppe löschen'); +INSERT INTO txt VALUES ('delete_service_group', 'English', 'Delete Service Group'); +INSERT INTO txt VALUES ('display_service_group','German', 'Dienstgruppe darstellen'); +INSERT INTO txt VALUES ('display_service_group','English', 'Display Service Group'); +INSERT INTO txt VALUES ('add_app_server', 'German', 'Neuer App Server'); +INSERT INTO txt VALUES ('add_app_server', 'English', 'New App Server'); +INSERT INTO txt VALUES ('edit_app_server', 'German', 'App Server bearbeiten'); +INSERT INTO txt VALUES ('edit_app_server', 'English', 'Edit App Server'); +INSERT INTO txt VALUES ('save_app_server', 'German', 'App Server speichern'); +INSERT INTO txt VALUES ('save_app_server', 'English', 'Save App Server'); +INSERT INTO txt VALUES ('delete_app_server', 'German', 'App Server löschen'); +INSERT INTO txt VALUES ('delete_app_server', 'English', 'Delete App Server'); +INSERT INTO txt VALUES ('created_by', 'German', 'Erstellt von'); +INSERT INTO txt VALUES ('created_by', 'English', 'Created by'); +INSERT INTO txt VALUES ('requested_by', 'German', 'Beantragt von'); +INSERT INTO txt VALUES ('requested_by', 'English', 'Requested by'); +INSERT INTO txt VALUES ('log_change', 'German', 'Änderung loggen'); +INSERT INTO txt VALUES ('log_change', 'English', 'Log Change'); +INSERT INTO txt VALUES ('show_history', 'German', 'Änderungshistorie'); +INSERT INTO txt VALUES ('show_history', 'English', 'Show History'); +INSERT INTO txt VALUES ('changed_by', 'German', 'Geändert von'); +INSERT INTO txt VALUES ('changed_by', 'English', 'Changed by'); +INSERT INTO txt VALUES ('object_id', 'German', 'Objekt-Id'); +INSERT INTO txt VALUES ('object_id', 'English', 'Object Id'); +INSERT INTO txt VALUES ('predef_services', 'German', 'Vordefinierte Dienste'); +INSERT INTO txt VALUES ('predef_services', 'English', 'Predefined Services'); +INSERT INTO txt VALUES ('common_areas', 'German', 'Gemeinsame Netzwerkareas'); +INSERT INTO txt VALUES ('common_areas', 'English', 'Common Network Areas'); +INSERT INTO txt VALUES ('search_interface', 'German', 'Schnittstelle suchen'); +INSERT INTO txt VALUES ('search_interface', 'English', 'Search Interface'); +INSERT INTO txt VALUES ('used_interface', 'German', 'Genutzte Schnittstelle'); +INSERT INTO txt VALUES ('used_interface', 'English', 'Used Interface'); +INSERT INTO txt VALUES ('reactivate', 'German', 'Reaktivieren'); +INSERT INTO txt VALUES ('reactivate', 'English', 'Reactivate'); +INSERT INTO txt VALUES ('search_nw_object', 'German', 'Netzwerkobjekt suchen'); +INSERT INTO txt VALUES ('search_nw_object', 'English', 'Search Network Object'); +INSERT INTO txt VALUES ('remove_nw_object', 'German', 'Netzwerkobjekt entfernen'); +INSERT INTO txt VALUES ('remove_nw_object', 'English', 'Remove Network Object'); +INSERT INTO txt VALUES ('is_in_use', 'German', 'Wird benutzt'); +INSERT INTO txt VALUES ('is_in_use', 'English', 'Is in use'); +INSERT INTO txt VALUES ('deactivate', 'German', 'Deaktivieren'); +INSERT INTO txt VALUES ('deactivate', 'English', 'Deactivate'); +INSERT INTO txt VALUES ('common_service', 'German', 'Common Service'); +INSERT INTO txt VALUES ('common_service', 'English', 'Common Service'); +INSERT INTO txt VALUES ('common_services', 'German', 'Common Services'); +INSERT INTO txt VALUES ('common_services', 'English', 'Common Services'); +INSERT INTO txt VALUES ('own_common_services', 'German', 'Eigene Common Services'); +INSERT INTO txt VALUES ('own_common_services', 'English', 'Own Common Services'); +INSERT INTO txt VALUES ('global_common_services','German', 'Globale Common Services'); +INSERT INTO txt VALUES ('global_common_services','English', 'Global Common Services'); +INSERT INTO txt VALUES ('add_common_service', 'German', 'Common Service hinzufügen'); +INSERT INTO txt VALUES ('add_common_service', 'English', 'Add Common Service'); +INSERT INTO txt VALUES ('regular_connection', 'German', 'Standard-Verbindung'); +INSERT INTO txt VALUES ('regular_connection', 'English', 'Regular Connection'); +INSERT INTO txt VALUES ('regular_connections', 'German', 'Standard-Verbindungen'); +INSERT INTO txt VALUES ('regular_connections', 'English', 'Regular Connections'); +INSERT INTO txt VALUES ('show_all', 'German', 'Alle darstellen'); +INSERT INTO txt VALUES ('show_all', 'English', 'Show all'); +INSERT INTO txt VALUES ('as_source', 'German', 'Als Quelle'); +INSERT INTO txt VALUES ('as_source', 'English', 'As Source'); +INSERT INTO txt VALUES ('send_email', 'German', 'Email senden'); +INSERT INTO txt VALUES ('send_email', 'English', 'Send email'); +INSERT INTO txt VALUES ('from_ticket', 'German', 'Von Ticket'); +INSERT INTO txt VALUES ('from_ticket', 'English', 'From Ticket'); +INSERT INTO txt VALUES ('display_ticket', 'German', 'Antrag darstellen'); +INSERT INTO txt VALUES ('display_ticket', 'English', 'Display Ticket'); +INSERT INTO txt VALUES ('edit_ticket', 'German', 'Antrag bearbeiten'); +INSERT INTO txt VALUES ('edit_ticket', 'English', 'Edit Ticket'); +INSERT INTO txt VALUES ('publish', 'German', 'Veröffentlichen'); +INSERT INTO txt VALUES ('publish', 'English', 'Publish'); +INSERT INTO txt VALUES ('published', 'German', 'Veröffentlicht'); +INSERT INTO txt VALUES ('published', 'English', 'Published'); +INSERT INTO txt VALUES ('interface_description','German', 'Schnittstellenbeschreibung'); +INSERT INTO txt VALUES ('interface_description','English', 'Interface description'); +INSERT INTO txt VALUES ('owner', 'German', 'Eigentümer'); +INSERT INTO txt VALUES ('owner', 'English', 'Owner'); +INSERT INTO txt VALUES ('app_server_types', 'German', 'App-Server-Typen'); +INSERT INTO txt VALUES ('app_server_types', 'English', 'App Server Types'); +INSERT INTO txt VALUES ('default_app_server_type','German', 'Standardtyp'); +INSERT INTO txt VALUES ('default_app_server_type','English','Default Type'); + +-- compliance +INSERT INTO txt VALUES ('compliance', 'German', 'Compliance'); +INSERT INTO txt VALUES ('compliance', 'English', 'Compliance'); +INSERT INTO txt VALUES ('network_zones', 'German', 'Netzwerkzonen'); +INSERT INTO txt VALUES ('network_zones', 'English', 'Network zones'); +INSERT INTO txt VALUES ('matrix', 'German', 'Matrix'); +INSERT INTO txt VALUES ('matrix', 'English', 'Matrix'); +INSERT INTO txt VALUES ('checks', 'German', 'Überprüfung'); +INSERT INTO txt VALUES ('checks', 'English', 'Checks'); +INSERT INTO txt VALUES ('check', 'German', 'Überprüfen'); +INSERT INTO txt VALUES ('check', 'English', 'Check'); +INSERT INTO txt VALUES ('zone_comm_matrix', 'German', 'Netzwerkzonen-Kommunikationsmatrix'); +INSERT INTO txt VALUES ('zone_comm_matrix', 'English', 'Network zone communication matrix'); +INSERT INTO txt VALUES ('network_zone_config', 'German', 'Netzwerkzonen-Konfiguration'); +INSERT INTO txt VALUES ('network_zone_config', 'English', 'Network zone configuration'); +INSERT INTO txt VALUES ('network_zone_check', 'German', 'Netzwerkzonen-Complianceprüfung'); +INSERT INTO txt VALUES ('network_zone_check', 'English', 'Network zone compliance check'); +INSERT INTO txt VALUES ('allowed_communication','German', 'Erlaubte Kommunikation'); +INSERT INTO txt VALUES ('allowed_communication','English', 'Allowed communication'); +INSERT INTO txt VALUES ('subzones', 'German', 'Subzonen'); +INSERT INTO txt VALUES ('subzones', 'English', 'Subzones'); +INSERT INTO txt VALUES ('superzone', 'German', 'Superzone'); +INSERT INTO txt VALUES ('superzone', 'English', 'Superzone'); +INSERT INTO txt VALUES ('edit_zone_title', 'German', 'Netzwerkzone editieren'); +INSERT INTO txt VALUES ('edit_zone_title', 'English', 'Edit network zone'); +INSERT INTO txt VALUES ('add_ip_addresses', 'German', 'IP Adresse(n) hinzufügen'); +INSERT INTO txt VALUES ('add_ip_addresses', 'English', 'Add IP Addresses'); +INSERT INTO txt VALUES ('delete_zone_title', 'German', 'Netzwerkzone löschen'); +INSERT INTO txt VALUES ('delete_zone_title', 'English', 'Delete network zone'); +INSERT INTO txt VALUES ('delete_zone_text', 'German', 'Sind Sie sich sicher, dass sie die Netzwerkzone % löschen wollen?'); +INSERT INTO txt VALUES ('delete_zone_text', 'English', 'Are you sure you want to delete the network zone %?'); +INSERT INTO txt VALUES ('to', 'German', 'Nach'); +INSERT INTO txt VALUES ('to', 'English', 'To'); +INSERT INTO txt VALUES ('allowed_comm_dests', 'German', 'Erlaubte Kommunikation (Nach)'); +INSERT INTO txt VALUES ('allowed_comm_dests', 'English', 'Allowed communication (to)'); +INSERT INTO txt VALUES ('allowed_comm_srcs', 'German', 'Erlaubte Kommunikation (Von)'); +INSERT INTO txt VALUES ('allowed_comm_srcs', 'English', 'Allowed communication (from)'); +INSERT INTO txt VALUES ('relogin', 'German', 'Erneut anmelden'); +INSERT INTO txt VALUES ('relogin', 'English', 'Re-Login'); +INSERT INTO txt VALUES ('relogin_error', 'German', 'Fehler bei der erneuten Anmeldung'); +INSERT INTO txt VALUES ('relogin_error', 'English', 'Re-Login error'); +INSERT INTO txt VALUES ('internet_local_zone', 'German', 'Internet / Lokal'); +INSERT INTO txt VALUES ('internet_local_zone', 'English', 'Internet / Local'); +INSERT INTO txt VALUES ('rule_conform', 'German', 'Regelkonform'); +INSERT INTO txt VALUES ('rule_conform', 'English', 'In accordance with the rules'); +INSERT INTO txt VALUES ('rule_violations', 'German', 'Regelverletzungen'); +INSERT INTO txt VALUES ('rule_violations', 'English', 'Rule violations'); +INSERT INTO txt VALUES ('no_network_zones', 'German', 'Es existieren bisher keine Netzwerkzonen. Bitte legen Sie diese im Abschnitt "Konfiguration" an.'); +INSERT INTO txt VALUES ('no_network_zones', 'English', 'No network zones exist yet. Please create them in the "Configuration" section.'); -- settings INSERT INTO txt VALUES ('devices', 'German', 'Geräte'); @@ -880,12 +1310,30 @@ INSERT INTO txt VALUES ('groups', 'German', 'Interne Gruppen'); INSERT INTO txt VALUES ('groups', 'English', 'Internal Groups'); INSERT INTO txt VALUES ('roles', 'German', 'Rollen'); INSERT INTO txt VALUES ('roles', 'English', 'Roles'); -INSERT INTO txt VALUES ('defaults', 'German', 'Voreinstellungen'); -INSERT INTO txt VALUES ('defaults', 'English', 'Defaults'); +INSERT INTO txt VALUES ('defaults', 'German', 'Weitere Einstellungen'); +INSERT INTO txt VALUES ('defaults', 'English', 'Further settings'); INSERT INTO txt VALUES ('standards', 'German', 'Standardeinstellungen'); INSERT INTO txt VALUES ('standards', 'English', 'Defaults'); INSERT INTO txt VALUES ('password_policy', 'German', 'Passworteinstellungen'); INSERT INTO txt VALUES ('password_policy', 'English', 'Password Policy'); +INSERT INTO txt VALUES ('email_settings', 'German', 'Email-Einstellungen'); +INSERT INTO txt VALUES ('email_settings', 'English', 'Email settings'); +INSERT INTO txt VALUES ('importer_settings', 'German', 'Importer-Einstellungen'); +INSERT INTO txt VALUES ('importer_settings', 'English', 'Importer settings'); +INSERT INTO txt VALUES ('edit_email', 'German', 'Email-Einstellungen editieren'); +INSERT INTO txt VALUES ('edit_email', 'English', 'Edit email settings'); +INSERT INTO txt VALUES ('email_sender', 'German', 'Email-Absendeadresse'); +INSERT INTO txt VALUES ('email_sender', 'English', 'Email sender address'); +INSERT INTO txt VALUES ('email_auth_user', 'German', 'Email-Nutzer'); +INSERT INTO txt VALUES ('email_auth_user', 'English', 'Email auth user'); +INSERT INTO txt VALUES ('email_auth_pwd', 'German', 'Email-Nutzer Passwort'); +INSERT INTO txt VALUES ('email_auth_pwd', 'English', 'Email user password'); +INSERT INTO txt VALUES ('email_enc_method', 'German', 'Email-Verschlüsselung'); +INSERT INTO txt VALUES ('email_enc_method', 'English', 'Email encryption'); +INSERT INTO txt VALUES ('use_dummy_email_address','German', 'Dummy-Email-Addresse nutzen'); +INSERT INTO txt VALUES ('use_dummy_email_address','English','Use dummy email address'); +INSERT INTO txt VALUES ('dummy_email_address', 'German', 'Dummy-Email-Addresse'); +INSERT INTO txt VALUES ('dummy_email_address', 'English', 'Dummy email address'); INSERT INTO txt VALUES ('state_definitions', 'German', 'Statusdefinitionen'); INSERT INTO txt VALUES ('state_definitions', 'English', 'State Definitions'); INSERT INTO txt VALUES ('state_matrix', 'German', 'Statusmatrix'); @@ -928,8 +1376,6 @@ INSERT INTO txt VALUES ('domain_uid', 'German', 'Domain UID'); INSERT INTO txt VALUES ('domain_uid', 'English', 'Domain UID'); INSERT INTO txt VALUES ('super_manager', 'German', 'Multi Domain Manager'); INSERT INTO txt VALUES ('super_manager', 'English', 'Multi Domain Manager'); -INSERT INTO txt VALUES ('no_super_manager', 'German', 'kein Multi Domain Manager'); -INSERT INTO txt VALUES ('no_super_manager', 'English', 'no Multi Domain Manager'); INSERT INTO txt VALUES ('importer_host', 'German', 'Importer Host'); INSERT INTO txt VALUES ('importer_host', 'English', 'Importer Host'); INSERT INTO txt VALUES ('import_disabled', 'German', 'Import Deaktiviert'); @@ -1002,7 +1448,7 @@ INSERT INTO txt VALUES ('err_since_last_succ', 'German', 'Fehler seit letztem INSERT INTO txt VALUES ('err_since_last_succ', 'English', 'Errors since last successful import'); INSERT INTO txt VALUES ('remove_sample_data', 'German', 'Beispieldaten löschen'); INSERT INTO txt VALUES ('remove_sample_data', 'English', 'Remove Sample Data'); -INSERT INTO txt VALUES ('refresh', 'German', 'Neu anzeigen'); +INSERT INTO txt VALUES ('refresh', 'German', 'Aktualisieren'); INSERT INTO txt VALUES ('refresh', 'English', 'Refresh'); INSERT INTO txt VALUES ('add_new_user', 'German', 'Neuen Nutzer hinzufügen'); INSERT INTO txt VALUES ('add_new_user', 'English', 'Add new user'); @@ -1034,7 +1480,7 @@ INSERT INTO txt VALUES ('remove_user', 'German', 'Nutzer entfernen'); INSERT INTO txt VALUES ('remove_user', 'English', 'Remove user'); INSERT INTO txt VALUES ('get_user_from_ldap', 'German', 'Nutzer von LDAP holen'); INSERT INTO txt VALUES ('get_user_from_ldap', 'English', 'Get user from LDAP'); -INSERT INTO txt VALUES ('select_from_ldap', 'German', 'von LDAP auswählen'); +INSERT INTO txt VALUES ('select_from_ldap', 'German', 'Von LDAP auswählen'); INSERT INTO txt VALUES ('select_from_ldap', 'English', 'Select from LDAP'); INSERT INTO txt VALUES ('synchronize', 'German', 'Mit LDAP Synchronisieren'); INSERT INTO txt VALUES ('synchronize', 'English', 'Synchronize to LDAP'); @@ -1047,11 +1493,11 @@ INSERT INTO txt VALUES ('user', 'English', 'User'); INSERT INTO txt VALUES ('group', 'German', 'Gruppe'); INSERT INTO txt VALUES ('group', 'English', 'Group'); INSERT INTO txt VALUES ('owner_group', 'German', 'Eigentümergruppe'); -INSERT INTO txt VALUES ('owner_group', 'English', 'Owner group'); +INSERT INTO txt VALUES ('owner_group', 'English', 'Owner Group'); INSERT INTO txt VALUES ('into_ldap', 'German', 'in LDAP'); INSERT INTO txt VALUES ('into_ldap', 'English', 'into LDAP'); -INSERT INTO txt VALUES ('from_ldap', 'German', 'von LDAP'); -INSERT INTO txt VALUES ('from_ldap', 'English', 'from LDAP'); +INSERT INTO txt VALUES ('from_ldap', 'German', 'Von LDAP'); +INSERT INTO txt VALUES ('from_ldap', 'English', 'From LDAP'); INSERT INTO txt VALUES ('search_pattern', 'German', 'Suchmuster'); INSERT INTO txt VALUES ('search_pattern', 'English', 'Search Pattern'); INSERT INTO txt VALUES ('internal_group', 'German', 'Interne Gruppe'); @@ -1070,6 +1516,8 @@ INSERT INTO txt VALUES ('edit_ldap', 'German', 'LDAP-Verbindung bear INSERT INTO txt VALUES ('edit_ldap', 'English', 'Edit LDAP connection'); INSERT INTO txt VALUES ('test_connection', 'German', 'Verbindung testen'); INSERT INTO txt VALUES ('test_connection', 'English', 'Test connection'); +INSERT INTO txt VALUES ('test_email_connection','German', 'Email-Verbindung testen'); +INSERT INTO txt VALUES ('test_email_connection','English', 'Test email connection'); INSERT INTO txt VALUES ('address', 'German', 'Adresse'); INSERT INTO txt VALUES ('address', 'English', 'Address'); INSERT INTO txt VALUES ('tenant_level', 'German', 'Mandantenebene'); @@ -1120,10 +1568,16 @@ INSERT INTO txt VALUES ('sessionTimeout', 'German', 'Sitzungs-Timeout (in INSERT INTO txt VALUES ('sessionTimeout', 'English', 'Session timeout (in minutes)'); INSERT INTO txt VALUES ('sessionTimeoutNoticePeriod', 'German','Benachrichtigung vor Sitzungs-Timeout (in Minuten)'); INSERT INTO txt VALUES ('sessionTimeoutNoticePeriod', 'English','Warning before session timeout (in minutes)'); +INSERT INTO txt VALUES ('uiHostName', 'German', 'Hostname der UI'); +INSERT INTO txt VALUES ('uiHostName', 'English', 'UI Hostname'); INSERT INTO txt VALUES ('maxMessages', 'German', 'Max Anzahl Nachrichten'); INSERT INTO txt VALUES ('maxMessages', 'English', 'Max number of messages'); INSERT INTO txt VALUES ('messageViewTime', 'German', 'Nachrichten-Anzeigedauer (in Sekunden)'); INSERT INTO txt VALUES ('messageViewTime', 'English', 'Message view time (in seconds)'); +INSERT INTO txt VALUES ('unusedTolerance', 'German', 'Als unbenutzt gewertet nach (in Tagen)'); +INSERT INTO txt VALUES ('unusedTolerance', 'English', 'Regarded as unused from (in days)'); +INSERT INTO txt VALUES ('creationTolerance', 'German', 'Toleranz ab Erzeugungsdatum (in Tagen)'); +INSERT INTO txt VALUES ('creationTolerance', 'English', 'Tolerance from creation date (in days)'); INSERT INTO txt VALUES ('dataRetentionTime', 'German', 'Datenaufbewahrungszeit (in Tagen)'); INSERT INTO txt VALUES ('dataRetentionTime', 'English', 'Data retention time (in days)'); INSERT INTO txt VALUES ('dailyCheckStartAt', 'German', 'Startzeit täglicher Check'); @@ -1140,6 +1594,20 @@ INSERT INTO txt VALUES ('importSuppressCertificateWarnings', 'German', 'Ze INSERT INTO txt VALUES ('importSuppressCertificateWarnings', 'English', 'Suppress certificate warnings'); INSERT INTO txt VALUES ('fwApiElementsPerFetch','German', 'FW API - Pro Abruf geholte Elemente'); INSERT INTO txt VALUES ('fwApiElementsPerFetch','English', 'FW API - Elements per fetch'); +INSERT INTO txt VALUES ('impChangeNotifyRecipients','German', 'Empfänger-Email-Adressen für Änderungen'); +INSERT INTO txt VALUES ('impChangeNotifyRecipients','English', 'Recipient email addresses for change notifications'); +INSERT INTO txt VALUES ('impChangeNotifySubject', 'German', 'Titel der Änderungsbenachrichtigung'); +INSERT INTO txt VALUES ('impChangeNotifySubject', 'English', 'Subject of change notification emails'); +INSERT INTO txt VALUES ('impChangeNotifyBody', 'German', 'Text der Änderungsbenachrichtigung'); +INSERT INTO txt VALUES ('impChangeNotifyBody', 'English', 'Body of change notification emails'); +INSERT INTO txt VALUES ('impChangeNotifyActive', 'German', 'Änderungsbenachrichtigung aktiv?'); +INSERT INTO txt VALUES ('impChangeNotifyActive', 'English', 'Change notification active?'); +INSERT INTO txt VALUES ('impChangeNotifyType','German', 'Änderungsbenachrichtigungstyp'); +INSERT INTO txt VALUES ('impChangeNotifyType','English', 'Change notification type'); +INSERT INTO txt VALUES ('impChangeNotifySleepTime','German','Änderungsbenachrichtigungs-Intervall (in Sekunden)'); +INSERT INTO txt VALUES ('impChangeNotifySleepTime','English','Change notification sleep time (in seconds)'); +INSERT INTO txt VALUES ('impChangeNotifyStartAt', 'German','Änderungsbenachrichtigungs-Start'); +INSERT INTO txt VALUES ('impChangeNotifyStartAt', 'English','Change notification start at'); INSERT INTO txt VALUES ('autoDiscoverSleepTime','German', 'Autodiscover-Intervall (in Stunden)'); INSERT INTO txt VALUES ('autoDiscoverSleepTime','English', 'Auto-discovery sleep time (in hours)'); INSERT INTO txt VALUES ('autoDiscoverStartAt', 'German', 'Autodiscover-Start'); @@ -1154,18 +1622,54 @@ INSERT INTO txt VALUES ('ruleRemovalGracePeriod','German', 'Frist zum Lösc INSERT INTO txt VALUES ('ruleRemovalGracePeriod','English', 'Rule Removal Grace Period (in days)'); INSERT INTO txt VALUES ('commentRequired', 'German', 'Kommentar Pflichtfeld'); INSERT INTO txt VALUES ('commentRequired', 'English', 'Comment Required'); +INSERT INTO txt VALUES ('recAutocreateDeleteTicket','German','Autom. Anlegen Löschantrag'); +INSERT INTO txt VALUES ('recAutocreateDeleteTicket','English','Autocreate delete rule ticket'); +INSERT INTO txt VALUES ('recDeleteRuleTicketTitle','German','Titel für Löschantrag'); +INSERT INTO txt VALUES ('recDeleteRuleTicketTitle','English','Title for delete rule ticket'); +INSERT INTO txt VALUES ('recDeleteRuleTicketReason','German','Grund für Löschantrag'); +INSERT INTO txt VALUES ('recDeleteRuleTicketReason','English','Reason for delete rule ticket'); +INSERT INTO txt VALUES ('recDeleteRuleReqTaskTitle','German','Titel für Löschauftrag'); +INSERT INTO txt VALUES ('recDeleteRuleReqTaskTitle','English','Title for delete rule task'); +INSERT INTO txt VALUES ('recDeleteRuleReqTaskReason','German','Grund für Löschauftrag'); +INSERT INTO txt VALUES ('recDeleteRuleReqTaskReason','English','Reason for delete rule task'); +INSERT INTO txt VALUES ('recDeleteRuleTicketPriority','German','Priorität für Löschantrag'); +INSERT INTO txt VALUES ('recDeleteRuleTicketPriority','English','Priority for delete rule ticket'); +INSERT INTO txt VALUES ('recDeleteRuleInitState','German', 'Initialer Status für Löschantrag'); +INSERT INTO txt VALUES ('recDeleteRuleInitState','English', 'Initial state for delete rule ticket'); +INSERT INTO txt VALUES ('recCheckActive', 'German','Rezert Check - aktiv'); +INSERT INTO txt VALUES ('recCheckActive', 'English','Recert Check - active'); +INSERT INTO txt VALUES ('recCheckEmailSubject', 'German','Rezert Check - Email Betreff'); +INSERT INTO txt VALUES ('recCheckEmailSubject', 'English','Recert Check - Email subject'); +INSERT INTO txt VALUES ('recCheckEmailUpcomingText','German','Rezert Check - Text anstehend'); +INSERT INTO txt VALUES ('recCheckEmailUpcomingText','English','Recert Check - text upcoming'); +INSERT INTO txt VALUES ('recCheckEmailOverdueText','German','Rezert Check - Text überfällig'); +INSERT INTO txt VALUES ('recCheckEmailOverdueText','English','Recert Check - text overdue'); +INSERT INTO txt VALUES ('recert_check_every', 'German', 'Rezert Check alle'); +INSERT INTO txt VALUES ('recert_check_every', 'English', 'Recert Check every'); +INSERT INTO txt VALUES ('each_on', 'German', 'jeweils am'); +INSERT INTO txt VALUES ('each_on', 'English', 'each on'); +INSERT INTO txt VALUES ('undefined', 'German', 'nicht definiert'); +INSERT INTO txt VALUES ('undefined', 'English', 'undefined'); INSERT INTO txt VALUES ('reqAvailableTaskTypes','German', 'Verfügbare Auftragstypen'); INSERT INTO txt VALUES ('reqAvailableTaskTypes','English', 'Available Task Types'); +INSERT INTO txt VALUES ('reqOwnerBased', 'German', 'Eigentümerbasiert'); +INSERT INTO txt VALUES ('reqOwnerBased', 'English', 'Owner based'); +INSERT INTO txt VALUES ('reqReducedView', 'German', 'Eingeschränkte Darstellung'); +INSERT INTO txt VALUES ('reqReducedView', 'English', 'Reduced view'); INSERT INTO txt VALUES ('reqAllowObjectSearch', 'German', 'Objektsuche erlauben'); INSERT INTO txt VALUES ('reqAllowObjectSearch', 'English', 'Allow object search'); INSERT INTO txt VALUES ('reqAllowManualOwnerAdmin','German', 'Manuelle Eigentümerverwaltung erlauben'); INSERT INTO txt VALUES ('reqAllowManualOwnerAdmin','English','Allow manual owner administration'); +INSERT INTO txt VALUES ('ruleOwnershipMode', 'German', 'Regel-Eigentümerschaftsmodus'); +INSERT INTO txt VALUES ('ruleOwnershipMode', 'English', 'Rule Ownership Mode'); INSERT INTO txt VALUES ('reqPriorities', 'German', 'Prioritäten'); INSERT INTO txt VALUES ('reqPriorities', 'English', 'Priorities'); INSERT INTO txt VALUES ('reqAutoCreateImplTasks','German', 'Autom. Erzeugen von Implementierungs-Aufträgen'); INSERT INTO txt VALUES ('reqAutoCreateImplTasks','English', 'Auto-create implementation tasks'); INSERT INTO txt VALUES ('reqActivatePathAnalysis','German', 'Pfadanalyse aktivieren'); INSERT INTO txt VALUES ('reqActivatePathAnalysis','English','Activate Path Analysis'); +INSERT INTO txt VALUES ('reqShowCompliance', 'German', 'Compliance-Modul anzeigen'); +INSERT INTO txt VALUES ('reqShowCompliance', 'English', 'Show Compliance Module'); INSERT INTO txt VALUES ('numeric_prio', 'German', 'Numerische Priorität'); INSERT INTO txt VALUES ('numeric_prio', 'English', 'Numeric Priority'); INSERT INTO txt VALUES ('ticket_deadline', 'German', 'Ticket-Deadline (in Tagen)'); @@ -1188,6 +1692,10 @@ INSERT INTO txt VALUES ('group_action', 'German', 'Gruppenaktion'); INSERT INTO txt VALUES ('group_action', 'English', 'Group Action'); INSERT INTO txt VALUES ('email', 'German', 'Email'); INSERT INTO txt VALUES ('email', 'English', 'Email'); +INSERT INTO txt VALUES ('firstname', 'German', 'Vorname'); +INSERT INTO txt VALUES ('firstname', 'English', 'First name'); +INSERT INTO txt VALUES ('lastname', 'German', 'Nachname'); +INSERT INTO txt VALUES ('lastname', 'English', 'Last name'); INSERT INTO txt VALUES ('last_login', 'German', 'Letzte Anmeldung'); INSERT INTO txt VALUES ('last_login', 'English', 'Last Login'); INSERT INTO txt VALUES ('last_pw_change', 'German', 'Letzte Passwortänderung'); @@ -1316,6 +1824,8 @@ INSERT INTO txt VALUES ('lowest_end_state', 'German', 'Niedrigster Ausgang INSERT INTO txt VALUES ('lowest_end_state', 'English', 'Lowest exit state'); INSERT INTO txt VALUES ('derived_state', 'German', 'Abgeleiteter Status'); INSERT INTO txt VALUES ('derived_state', 'English', 'Derived state'); +INSERT INTO txt VALUES ('select_action', 'German', 'Aktion auswählen'); +INSERT INTO txt VALUES ('select_action', 'English', 'Select action'); INSERT INTO txt VALUES ('owners', 'German', 'Eigentümer'); INSERT INTO txt VALUES ('owners', 'English', 'Owners'); INSERT INTO txt VALUES ('add_owner', 'German', 'Eigentümer hinzufügen'); @@ -1324,19 +1834,94 @@ INSERT INTO txt VALUES ('edit_owner', 'German', 'Eigentümer bea INSERT INTO txt VALUES ('edit_owner', 'English', 'Edit owner'); INSERT INTO txt VALUES ('delete_owner', 'German', 'Eigentümer löschen'); INSERT INTO txt VALUES ('delete_owner', 'English', 'Delete owner'); -INSERT INTO txt VALUES ('recert_interval', 'German', 'Rezertifzierungsintervall (in Tagen)'); -INSERT INTO txt VALUES ('recert_interval', 'English', 'Recertification interval (in days)'); +INSERT INTO txt VALUES ('recert_interval', 'German', 'Rezertintervall (in Tagen)'); +INSERT INTO txt VALUES ('recert_interval', 'English', 'Recert Interval (in days)'); INSERT INTO txt VALUES ('ext_app_id', 'German', 'Externe Anwendungs-Id'); INSERT INTO txt VALUES ('ext_app_id', 'English', 'External Application Id'); +INSERT INTO txt VALUES ('comm_svc_possible', 'German', 'Common Service zugelassen'); +INSERT INTO txt VALUES ('comm_svc_possible', 'English', 'Common Service Possible'); INSERT INTO txt VALUES ('dn', 'German', 'Vollständiger Name'); INSERT INTO txt VALUES ('dn', 'English', 'Distinguished Name'); +INSERT INTO txt VALUES ('main_responsible', 'German', 'Hauptverantwortlicher (DN)'); +INSERT INTO txt VALUES ('main_responsible', 'English', 'Main responsible person (DN)'); INSERT INTO txt VALUES ('set_default', 'German', 'als Vorgabewert setzen'); INSERT INTO txt VALUES ('set_default', 'English', 'Set as Default'); INSERT INTO txt VALUES ('reset_to_default', 'German', 'auf Vorgabewerte zurücksetzen'); INSERT INTO txt VALUES ('reset_to_default', 'English', 'Reset to Default'); INSERT INTO txt VALUES ('option', 'German', 'Option'); INSERT INTO txt VALUES ('option', 'English', 'Option'); - +INSERT INTO txt VALUES ('customize_texts', 'German', 'Texte anpassen'); +INSERT INTO txt VALUES ('customize_texts', 'English', 'Customize Texts'); +INSERT INTO txt VALUES ('ignore_helptexts', 'German', 'Hilfetexte ignorieren'); +INSERT INTO txt VALUES ('ignore_helptexts', 'English', 'Ignore help texts'); +INSERT INTO txt VALUES ('case_sensitive', 'German', 'Schreibungsabhängig'); +INSERT INTO txt VALUES ('case_sensitive', 'English', 'Case Sensitive'); +INSERT INTO txt VALUES ('key', 'German', 'Schlüssel'); +INSERT INTO txt VALUES ('key', 'English', 'Key'); +INSERT INTO txt VALUES ('text', 'German', 'Text'); +INSERT INTO txt VALUES ('text', 'English', 'Text'); +INSERT INTO txt VALUES ('custom_text', 'German', 'Angepasster Text'); +INSERT INTO txt VALUES ('custom_text', 'English', 'Custom Text'); +INSERT INTO txt VALUES ('allowServerInConn', 'German', 'Server in Verbindung erlauben'); +INSERT INTO txt VALUES ('allowServerInConn', 'English', 'Allow Servers in Connection'); +INSERT INTO txt VALUES ('allowServiceInConn', 'German', 'Einfache Dienste in Verbindung erlauben'); +INSERT INTO txt VALUES ('allowServiceInConn', 'English', 'Allow Simple Services in Connection'); +INSERT INTO txt VALUES ('overviewDisplayLines', 'German', 'Max. Anzahl Zeilen in Übersicht'); +INSERT INTO txt VALUES ('overviewDisplayLines', 'English', 'Max. Number of Rows in Overview'); +INSERT INTO txt VALUES ('reducedProtocolSet', 'German', 'Reduzierten Protokollset darstellen'); +INSERT INTO txt VALUES ('reducedProtocolSet', 'English', 'Display reduced Protocol set'); +INSERT INTO txt VALUES ('importAppDataPath', 'German', 'Pfad und Name von Appdaten-Import (ohne Endung)'); +INSERT INTO txt VALUES ('importAppDataPath', 'English', 'Path and Name of App data import (without ending)'); +INSERT INTO txt VALUES ('importAppDataSleepTime','German', 'Import Appdaten-Intervall (in Stunden)'); +INSERT INTO txt VALUES ('importAppDataSleepTime','English', 'Import App data sleep time (in hours)'); +INSERT INTO txt VALUES ('importAppDataStartAt', 'German', 'Import Appdaten-Start'); +INSERT INTO txt VALUES ('importAppDataStartAt', 'English', 'Import App data start at'); +INSERT INTO txt VALUES ('importSubnetDataPath', 'German', 'Pfad und Name von Subnetzdaten-Import (ohne Endung)'); +INSERT INTO txt VALUES ('importSubnetDataPath', 'English', 'Path and Name of subnet data import (without ending)'); +INSERT INTO txt VALUES ('importSubnetDataSleepTime','German','Import Subnetzdaten-Intervall (in Stunden)'); +INSERT INTO txt VALUES ('importSubnetDataSleepTime','English','Import Subnet data sleep time (in hours)'); +INSERT INTO txt VALUES ('importSubnetDataStartAt','German', 'Import Subnetzdaten-Start'); +INSERT INTO txt VALUES ('importSubnetDataStartAt','English','Import Subnet data start at'); +INSERT INTO txt VALUES ('networkAreaRequired', 'German', 'Netzwerkarea vorgeschrieben'); +INSERT INTO txt VALUES ('networkAreaRequired', 'English', 'Network Area Required'); +INSERT INTO txt VALUES ('modReqInterfaceName', 'German', 'Name der beantragten Schnittstelle'); +INSERT INTO txt VALUES ('modReqInterfaceName', 'English', 'Name of requested interface'); +INSERT INTO txt VALUES ('modReqEmailSubject', 'German', 'Titel der Antragsbenachrichtigung'); +INSERT INTO txt VALUES ('modReqEmailSubject', 'English', 'Subject of request emails'); +INSERT INTO txt VALUES ('modReqEmailBody', 'German', 'Text der Antragsbenachrichtigung'); +INSERT INTO txt VALUES ('modReqEmailBody', 'English', 'Body of request emails'); +INSERT INTO txt VALUES ('modReqTicketTitle', 'German', 'Titel des Schnittstellentickets'); +INSERT INTO txt VALUES ('modReqTicketTitle', 'English', 'Title of interface request ticket'); +INSERT INTO txt VALUES ('modReqTaskTitle', 'German', 'Titel des Schnittstellenauftrags'); +INSERT INTO txt VALUES ('modReqTaskTitle', 'English', 'Title of interface request task'); +INSERT INTO txt VALUES ('fixedPartLength', 'German', 'Länge fixer Teil'); +INSERT INTO txt VALUES ('fixedPartLength', 'English', 'Fixed Part Length'); +INSERT INTO txt VALUES ('freePartLength', 'German', 'Länge freier Teil'); +INSERT INTO txt VALUES ('freePartLength', 'English', 'Free Part Length'); +INSERT INTO txt VALUES ('useAppPart', 'German', 'Eigentümernamen verwenden'); +INSERT INTO txt VALUES ('useAppPart', 'English', 'Use Owner Name'); +INSERT INTO txt VALUES ('networkAreaPattern', 'German', 'Muster Netzwerkarea'); +INSERT INTO txt VALUES ('networkAreaPattern', 'English', 'Network Area Pattern'); +INSERT INTO txt VALUES ('appRolePattern', 'German', 'Muster App Rolle'); +INSERT INTO txt VALUES ('appRolePattern', 'English', 'App Role Pattern'); +INSERT INTO txt VALUES ('import_source', 'German', 'Importquelle'); +INSERT INTO txt VALUES ('import_source', 'English', 'Import Source'); +INSERT INTO txt VALUES ('modelling_settings', 'German', 'Modellierungseinstellungen'); +INSERT INTO txt VALUES ('modelling_settings', 'English', 'Modelling Settings'); +INSERT INTO txt VALUES ('modIconify', 'German', 'Nutzung von Piktogrammen'); +INSERT INTO txt VALUES ('modIconify', 'English', 'Prefer use of Icons'); +INSERT INTO txt VALUES ('use_in_src', 'German', 'in Quelle'); +INSERT INTO txt VALUES ('use_in_src', 'English', 'in Source'); +INSERT INTO txt VALUES ('use_in_dst', 'German', 'in Ziel'); +INSERT INTO txt VALUES ('use_in_dst', 'English', 'in Destination'); +INSERT INTO txt VALUES ('email_subject', 'German', 'Email-Betreff'); +INSERT INTO txt VALUES ('email_subject', 'English', 'Email subject'); +INSERT INTO txt VALUES ('email_body', 'German', 'Email-Inhalt'); +INSERT INTO txt VALUES ('email_body', 'English', 'Email body'); +INSERT INTO txt VALUES ('email_to', 'German', 'An'); +INSERT INTO txt VALUES ('email_to', 'English', 'To'); +INSERT INTO txt VALUES ('email_cc', 'German', 'CC'); +INSERT INTO txt VALUES ('email_cc', 'English', 'CC'); -- monitoring INSERT INTO txt VALUES ('open_alerts', 'German', 'Offene Alarme'); @@ -1441,6 +2026,10 @@ INSERT INTO txt VALUES ('daily_sample_data_check','German', 'Täglicher Chec INSERT INTO txt VALUES ('daily_sample_data_check','English','Scheduled Daily Sample Data Check'); INSERT INTO txt VALUES ('daily_importer_check', 'German', 'Täglicher Check der Importer'); INSERT INTO txt VALUES ('daily_importer_check', 'English', 'Scheduled Daily Importer Check'); +INSERT INTO txt VALUES ('daily_recert_check', 'German', 'Täglicher Rezertifizierungs-Check'); +INSERT INTO txt VALUES ('daily_recert_check', 'English', 'Scheduled Daily Recertification Check'); +INSERT INTO txt VALUES ('emails_sent', 'German', ' Emails versendet'); +INSERT INTO txt VALUES ('emails_sent', 'English', ' emails sent'); INSERT INTO txt VALUES ('scheduled_autodiscovery','German', 'Termingesteuerte Autodiscovery'); INSERT INTO txt VALUES ('scheduled_autodiscovery','English','Scheduled Autodiscovery'); INSERT INTO txt VALUES ('manual_autodiscovery', 'German', 'Manuelle Autodiscovery'); @@ -1449,7 +2038,14 @@ INSERT INTO txt VALUES ('changes_found', 'German', ' Änderungen gef INSERT INTO txt VALUES ('changes_found', 'English', ' changes found'); INSERT INTO txt VALUES ('found_no_changes', 'German', 'keine Änderungen gefunden'); INSERT INTO txt VALUES ('found_no_changes', 'English', 'no changes found'); - +INSERT INTO txt VALUES ('scheduled_app_import', 'German', 'Termingesteuerter App-Import'); +INSERT INTO txt VALUES ('scheduled_app_import', 'English', 'Scheduled App Import'); +INSERT INTO txt VALUES ('scheduled_subnet_import','German', 'Termingesteuerter Subnetz-Import'); +INSERT INTO txt VALUES ('scheduled_subnet_import','English','Scheduled Subnet Import'); +INSERT INTO txt VALUES ('imp_change_notification','German', 'Änderungsbenachrichtigung'); +INSERT INTO txt VALUES ('imp_change_notification','English','Import Change Notification'); +INSERT INTO txt VALUES ('credentials', 'German', 'Login-Daten'); +INSERT INTO txt VALUES ('credentials', 'English', 'Credentials'); -- help pages INSERT INTO txt VALUES ('report_types', 'German', 'Report-Typen'); @@ -1523,13 +2119,33 @@ INSERT INTO txt VALUES ('task_types', 'English', 'Task Types'); INSERT INTO txt VALUES ('state_handling', 'German', 'Status-Verwaltung'); INSERT INTO txt VALUES ('state_handling', 'English', 'State Handling'); INSERT INTO txt VALUES ('checklist', 'German', 'Checkliste'); -INSERT INTO txt VALUES ('checklist', 'English', 'Checklist'); +INSERT INTO txt VALUES ('checklist', 'English', 'Checklist'); +INSERT INTO txt VALUES ('requirements', 'German', 'Voraussetzungen'); +INSERT INTO txt VALUES ('requirements', 'English', 'Requirements'); +INSERT INTO txt VALUES ('recert_logic', 'German', 'Logik und Konfiguration'); +INSERT INTO txt VALUES ('recert_logic', 'English', 'Logic and Configuration'); +INSERT INTO txt VALUES ('configuration', 'German', 'Konfiguration'); +INSERT INTO txt VALUES ('configuration', 'English', 'Configuration'); +INSERT INTO txt VALUES ('owner_import', 'German', 'Eigentümer-Import'); +INSERT INTO txt VALUES ('owner_import', 'English', 'Owner Import'); +INSERT INTO txt VALUES ('import_interfaces', 'German', 'Import-Schnittstellen'); +INSERT INTO txt VALUES ('import_interfaces', 'English', 'Import Interfaces'); +INSERT INTO txt VALUES ('import_app_data', 'German', 'Applikationsdaten-Import'); +INSERT INTO txt VALUES ('import_app_data', 'English', 'Application Data Import'); +INSERT INTO txt VALUES ('import_subnet_data', 'German', 'Subnetzdaten-Import'); +INSERT INTO txt VALUES ('import_subnet_data', 'English', 'Subnet Data Import'); +INSERT INTO txt VALUES ('general', 'German', 'Allgemein'); +INSERT INTO txt VALUES ('general', 'English', 'General'); +INSERT INTO txt VALUES ('naming_convention', 'German', 'Namenskonvention'); +INSERT INTO txt VALUES ('naming_convention', 'English', 'Naming Convention'); + -- text codes (roughly) categorized: -- U: user texts (explanation or confirmation texts) -- E: error texts -- A: Api errors -- T: texts from external sources (Ldap, other database tables) +-- C: Contextual Info (Tooltips) -- H: help pages -- 0000-0999: General -- 1000-1999: Reporting @@ -1542,9 +2158,27 @@ INSERT INTO txt VALUES ('checklist', 'English', 'Checklist'); -- 5200-5299: authorization -- 5300-5399: defaults -- 5400-5499: personal settings +-- 5500-5599: workflow module -- 6000-6999: API -- 7000-7999: Monitoring -- 8000-8999: Workflow +-- 9000-9999: Modelling + +-- generic success messages +INSERT INTO txt VALUES ('S_add_title', 'German', 'Erstellen erfolgreich'); +INSERT INTO txt VALUES ('S_add_title', 'English', 'Creation successful'); +INSERT INTO txt VALUES ('S_add_message', 'German', 'Das Erstellen des Elements wurde erfolgreich abgeschlossen.'); +INSERT INTO txt VALUES ('S_add_message', 'English', 'The creation of the element has been completed successfully.'); + +INSERT INTO txt VALUES ('S_modify_title', 'German', 'Modifizieren erfolgreich'); +INSERT INTO txt VALUES ('S_modify_title', 'English', 'Modification successful'); +INSERT INTO txt VALUES ('S_modify_message', 'German', 'Das Modifizieren des Elements wurde erfolgreich abgeschlossen.'); +INSERT INTO txt VALUES ('S_modify_message', 'English', 'The modification of the element has been completed successfully.'); + +INSERT INTO txt VALUES ('S_delete_title', 'German', 'Löschen erfolgreich'); +INSERT INTO txt VALUES ('S_delete_title', 'English', 'Deletion successful'); +INSERT INTO txt VALUES ('S_delete_message', 'German', 'Das Löschen des Elements wurde erfolgreich abgeschlossen.'); +INSERT INTO txt VALUES ('S_delete_message', 'English', 'The deletion of the element has been completed successfully.'); -- user messages INSERT INTO txt VALUES ('U0001', 'German', 'Eingabetext wurde um nicht erlaubte Zeichen gekürzt'); @@ -1637,6 +2271,8 @@ INSERT INTO txt VALUES ('U5216', 'German', 'Anzeige und Verwaltung aller Eigent INSERT INTO txt VALUES ('U5216', 'English', 'Show and administrate all owners'); INSERT INTO txt VALUES ('U5217', 'German', 'Sind sie sicher, dass sie folgenden Eigentümer löschen wollen: '); INSERT INTO txt VALUES ('U5217', 'English', 'Are you sure you want to delete owner: '); +INSERT INTO txt VALUES ('U5218', 'German', 'Löscht alle Beispiel-Eigentümer (auf "_demo" endend)'); +INSERT INTO txt VALUES ('U5218', 'English', 'Deletes all sample owners (ending with "_demo")'); INSERT INTO txt VALUES ('U5301', 'German', 'Einstellungen geändert.'); INSERT INTO txt VALUES ('U5301', 'English', 'Settings changed.'); @@ -1644,6 +2280,8 @@ INSERT INTO txt VALUES ('U5302', 'German', 'Einstellungen geändert.'); INSERT INTO txt VALUES ('U5302', 'English', 'Policy changed.'); INSERT INTO txt VALUES ('U5303', 'German', '* Einstellungen können vom Nutzer in den persönlichen Einstellungen überschrieben werden.'); INSERT INTO txt VALUES ('U5303', 'English', '* Settings can be overwritten by user in personal settings.'); +INSERT INTO txt VALUES ('U5304', 'German', '* Einstellungen können vom Nutzer in den persönlichen Einstellungen oder in den Eigentümer-Einstellungen überschrieben werden.'); +INSERT INTO txt VALUES ('U5304', 'English', '* Settings can be overwritten by user in personal settings or by the owner settings.'); INSERT INTO txt VALUES ('U5311', 'German', 'Verwaltung der Standard-Voreinstellungen für alle Nutzer und einige technische Parameter'); INSERT INTO txt VALUES ('U5311', 'English', 'Set default values for all users and some technical parameters'); INSERT INTO txt VALUES ('U5312', 'German', 'Verwaltung der Passwortregeln'); @@ -1660,9 +2298,19 @@ INSERT INTO txt VALUES ('U5317', 'German', 'Verwaltung der Aktionsdefinitionen INSERT INTO txt VALUES ('U5317', 'English', 'Set the action definitions of the workflows. Be careful when changing workflow already in use!'); INSERT INTO txt VALUES ('U5318', 'German', 'Sind sie sicher, dass sie die Einstellungen zurücksetzen wollen? Änderungen an den Workflows gehen verloren.'); INSERT INTO txt VALUES ('U5318', 'English', 'Are you sure you want to reset the settings? Changes on workflows get lost.'); +INSERT INTO txt VALUES ('U5319', 'German', 'Server für ausgehende Emails zur Benachrichtigung verwalten.'); +INSERT INTO txt VALUES ('U5319', 'English', 'Manage email server for outgoing user notifications.'); +INSERT INTO txt VALUES ('U5320', 'German', 'Mehrere Email-Adressen mit Komma trennen'); +INSERT INTO txt VALUES ('U5320', 'English', 'Multiple email addresses can be separated by using commas'); +INSERT INTO txt VALUES ('U5321', 'German', 'Anzeige und Überschreiben aller dargestellten Texte'); +INSERT INTO txt VALUES ('U5321', 'English', 'Show and overwrite all shown texts'); +INSERT INTO txt VALUES ('U5322', 'German', 'Verwaltung der Voreinstellungen für die Netzwerk-Modellierung'); +INSERT INTO txt VALUES ('U5322', 'English', 'Administration of default settings for network modelling'); INSERT INTO txt VALUES ('U5401', 'German', 'Passwort geändert.'); INSERT INTO txt VALUES ('U5401', 'English', 'Password changed.'); +INSERT INTO txt VALUES ('U5402', 'German', 'Test-Email gesendet.'); +INSERT INTO txt VALUES ('U5402', 'English', 'Test email sent.'); INSERT INTO txt VALUES ('U5411', 'German', 'Änderung des persönlichen Anmeldepassworts'); INSERT INTO txt VALUES ('U5411', 'English', 'Change your personal login password'); INSERT INTO txt VALUES ('U5412', 'German', 'Einstellung der bevorzugten Sprache'); @@ -1671,6 +2319,8 @@ INSERT INTO txt VALUES ('U5413', 'German', 'Anpassung der persönlichen Rep INSERT INTO txt VALUES ('U5413', 'English', 'Adapt your personal reporting settings'); INSERT INTO txt VALUES ('U5414', 'German', 'Anpassung der persönlichen Rezertifizierungseinstellungen'); INSERT INTO txt VALUES ('U5414', 'English', 'Adapt your personal recertification settings'); +INSERT INTO txt VALUES ('U5415', 'German', 'Anpassung der persönlichen Modellierungseinstellungen'); +INSERT INTO txt VALUES ('U5415', 'English', 'Adapt your personal modelling settings'); INSERT INTO txt VALUES ('U5501', 'German', 'Sind sie sicher, dass sie folgenden Status löschen wollen: '); INSERT INTO txt VALUES ('U5501', 'English', 'Are you sure you want to delete state: '); @@ -1681,8 +2331,8 @@ INSERT INTO txt VALUES ('U7001', 'German', 'Überblick der Ereignisse im Fi INSERT INTO txt VALUES ('U7001', 'English', 'Alerts and events inside Firewall Orchestrator'); INSERT INTO txt VALUES ('U7002', 'German', 'Daten sind dann verloren. Erwägen Sie eine Deaktivierung.'); INSERT INTO txt VALUES ('U7002', 'English', 'Data will be lost. Consider deactivation.'); -INSERT INTO txt VALUES ('U7003', 'German', 'Löscht alle Beispieldaten (auf "_demo" endend): Managements, Login-Daten, Gateways, Nutzer, Mandanten, Gruppen'); -INSERT INTO txt VALUES ('U7003', 'English', 'Deletes all sample data (ending with "_demo"): managements, credentials, gateways, users, tenants, groups'); +INSERT INTO txt VALUES ('U7003', 'German', 'Löscht alle Beispieldaten (auf "_demo" endend): Managements, Login-Daten, Gateways, Nutzer, Mandanten, Gruppen, Eigentümer'); +INSERT INTO txt VALUES ('U7003', 'English', 'Deletes all sample data (ending with "_demo"): managements, credentials, gateways, users, tenants, groups, owners'); INSERT INTO txt VALUES ('U7101', 'German', 'Archiv der Alarme mit Bestätigungen'); INSERT INTO txt VALUES ('U7101', 'English', 'View the past alerts with acknowledgements'); INSERT INTO txt VALUES ('U7201', 'German', 'Archiv der Importer-Nachrichten'); @@ -1694,13 +2344,60 @@ INSERT INTO txt VALUES ('U7401', 'English', 'View the past autodiscovery message INSERT INTO txt VALUES ('U7501', 'German', 'Archiv der Nachrichten der täglichen Checks'); INSERT INTO txt VALUES ('U7501', 'English', 'View the past daily check messages'); -INSERT INTO txt VALUES ('U8001', 'German', 'Sind sie sicher, dass sie löschen wollen: '); +INSERT INTO txt VALUES ('U8001', 'German', 'Sind sie sicher, dass sie Folgendes löschen wollen: '); INSERT INTO txt VALUES ('U8001', 'English', 'Are you sure you want to delete: '); INSERT INTO txt VALUES ('U8002', 'German', 'Neue Genehmigung zum Auftrag hinzugefügt.'); INSERT INTO txt VALUES ('U8002', 'English', 'New approval added to task.'); INSERT INTO txt VALUES ('U8003', 'German', 'Sind sie sicher, dass sie abbrechen wollen? Bereits erzeugte Aufträge gehen verloren.'); INSERT INTO txt VALUES ('U8003', 'English', 'Are you sure you want to cancel? Already Created tasks will be lost.'); +INSERT INTO txt VALUES ('U8004', 'German', 'Sind sie sicher, dass sie einen neuen Eigentümer zuweisen wollen? Zuständigkeiten können sich ändern.'); +INSERT INTO txt VALUES ('U8004', 'English', 'Are you sure you want to change owner? Responsibilities can be changed.'); + +INSERT INTO txt VALUES ('U9001', 'German', 'Sind sie sicher, dass sie folgende Verbindung löschen wollen: '); +INSERT INTO txt VALUES ('U9001', 'English', 'Are you sure you want to delete connection: '); +INSERT INTO txt VALUES ('U9002', 'German', 'Sind sie sicher, dass sie folgende App Rolle löschen wollen: '); +INSERT INTO txt VALUES ('U9002', 'English', 'Are you sure you want to delete App Role: '); +INSERT INTO txt VALUES ('U9003', 'German', 'Sind sie sicher, dass sie folgenden Dienst löschen wollen: '); +INSERT INTO txt VALUES ('U9003', 'English', 'Are you sure you want to delete service: '); +INSERT INTO txt VALUES ('U9004', 'German', 'Sind sie sicher, dass sie folgende Dienstgruppe löschen wollen: '); +INSERT INTO txt VALUES ('U9004', 'English', 'Are you sure you want to delete service group: '); +INSERT INTO txt VALUES ('U9005', 'German', 'Sind sie sicher, dass sie folgende App Server reaktivieren wollen: '); +INSERT INTO txt VALUES ('U9005', 'English', 'Are you sure you want to reactivate App Server: '); +INSERT INTO txt VALUES ('U9006', 'German', 'Sind sie sicher, dass sie folgendes Objekt aus der Auswahlliste löschen wollen: '); +INSERT INTO txt VALUES ('U9006', 'English', 'Are you sure you want to delete following object from selection list: '); +INSERT INTO txt VALUES ('U9007', 'German', 'Der folgende App Server wird verwendet. Sind sie sicher, dass sie ihn deaktivieren wollen: '); +INSERT INTO txt VALUES ('U9007', 'English', 'Following App Server is in use. Are you sure you want to deactivate it: '); +INSERT INTO txt VALUES ('U9008', 'German', 'Sind sie sicher, dass sie folgenden App Server löschen wollen: '); +INSERT INTO txt VALUES ('U9008', 'English', 'Are you sure you want to delete App Server: '); +INSERT INTO txt VALUES ('U9011', 'German', 'Benachrichtigung an App-Verantwortliche gesendet.'); +INSERT INTO txt VALUES ('U9011', 'English', 'Email sent to App responsibles.'); +INSERT INTO txt VALUES ('U9012', 'German', 'Bitte durch eigenen Text ersetzen'); +INSERT INTO txt VALUES ('U9012', 'English', 'Please replace by your own text'); +INSERT INTO txt VALUES ('U9013', 'German', 'Antrag-Status wurde geändert:'); +INSERT INTO txt VALUES ('U9013', 'English', 'Ticket promoted'); +INSERT INTO txt VALUES ('U9014', 'German', 'Sind sie sicher, dass sie folgende Schnittstelle löschen wollen: '); +INSERT INTO txt VALUES ('U9014', 'English', 'Are you sure you want to delete interface: '); + +-- generic error messages -- +INSERT INTO txt VALUES ('E_load_title', 'German', 'Fehler beim Laden'); +INSERT INTO txt VALUES ('E_load_title', 'English', 'Loading error'); +INSERT INTO txt VALUES ('E_load_message', 'German', 'Beim Laden der Elemente ist ein unerwarteter Fehler aufgetreten. Bitte melden Sie den Fehler, wenn er nicht erklärbar ist.'); +INSERT INTO txt VALUES ('E_load_message', 'English', 'An unexpected error occurred while loading the items. Please report the error if it cannot be resolved.'); + +INSERT INTO txt VALUES ('E_add_title', 'German', 'Fehler beim Erstellen'); +INSERT INTO txt VALUES ('E_add_title', 'English', 'Creation error'); +INSERT INTO txt VALUES ('E_add_message', 'German', 'Bei der Erstellung des Elements ist ein unerwarteter Fehler aufgetreten. Bitte melden Sie den Fehler, wenn er nicht erklärbar ist.'); +INSERT INTO txt VALUES ('E_add_message', 'English', 'An unexpected error occurred while creating the item. Please report the error if it cannot be resolved.'); +INSERT INTO txt VALUES ('E_modify_title', 'German', 'Fehler beim Modifizieren'); +INSERT INTO txt VALUES ('E_modify_title', 'English', 'Modification error'); +INSERT INTO txt VALUES ('E_modify_message', 'German', 'Bei der Modifizierung des Elements ist ein unerwarteter Fehler aufgetreten. Bitte melden Sie den Fehler, wenn er nicht erklärbar ist.'); +INSERT INTO txt VALUES ('E_modify_message', 'English', 'An unexpected error occurred while modifying the item. Please report the error if it cannot be resolved.'); + +INSERT INTO txt VALUES ('E_delete_title', 'German', 'Fehler beim Löschen'); +INSERT INTO txt VALUES ('E_delete_title', 'English', 'Deletion error'); +INSERT INTO txt VALUES ('E_delete_message', 'German', 'Bei der Löschung des Elements ist ein unerwarteter Fehler aufgetreten. Bitte melden Sie den Fehler, wenn er nicht erklärbar ist.'); +INSERT INTO txt VALUES ('E_delete_message', 'English', 'An unexpected error occurred while deleting the item. Please report the error if it cannot be resolved.'); -- error messages INSERT INTO txt VALUES ('E0001', 'German', 'Nicht klassifizierter Fehler: '); @@ -1742,6 +2439,8 @@ INSERT INTO txt VALUES ('E4002', 'German', 'Keine Regeln für die gewä INSERT INTO txt VALUES ('E4002', 'English', 'No rules found for given criteria'); INSERT INTO txt VALUES ('E4003', 'German', 'Keine Änderungen für die gewählten Kriterien gefunden'); INSERT INTO txt VALUES ('E4003', 'English', 'No changes found for given criteria'); +INSERT INTO txt VALUES ('E4004', 'German', 'Nutzungsdaten nicht unterstützt für: '); +INSERT INTO txt VALUES ('E4004', 'English', 'Usage data not supported for: '); INSERT INTO txt VALUES ('E5101', 'German', 'Löschen des Managements nicht erlaubt, da noch Gateways zugeordnet sind. Diese zuerst löschen wenn möglich'); INSERT INTO txt VALUES ('E5101', 'English', 'Deletion of management not allowed as there are related Gateways. Delete them first if possible'); @@ -1757,6 +2456,10 @@ INSERT INTO txt VALUES ('E5106', 'German', 'Management wurde bereits angelegt: INSERT INTO txt VALUES ('E5106', 'English', 'Management has already been created: '); INSERT INTO txt VALUES ('E5107', 'German', 'Gateway wurde bereits angelegt: '); INSERT INTO txt VALUES ('E5107', 'English', 'Gateway has already been created: '); +INSERT INTO txt VALUES ('E5108', 'German', 'Email-Adresse muss "@"-Zeichen enthalten.'); +INSERT INTO txt VALUES ('E5108', 'English', 'Email address must contain "@"-sign.'); +INSERT INTO txt VALUES ('E5109', 'German', 'Bitte keine Leerzeichen im Namen verwenden.'); +INSERT INTO txt VALUES ('E5109', 'English', 'Please do not use spaces in the name.'); INSERT INTO txt VALUES ('E5111', 'German', 'Es gibt bereits ein Gateway mit derselben Konfiguration und Import aktiviert'); INSERT INTO txt VALUES ('E5111', 'English', 'There is already a gateway in the same configuration with import enabled'); INSERT INTO txt VALUES ('E5112', 'German', 'Gateway konnte nicht angelegt werden'); @@ -1780,8 +2483,8 @@ INSERT INTO txt VALUES ('E5209', 'German', 'Nutzer konnten nicht geholt werden' INSERT INTO txt VALUES ('E5209', 'English', 'Users could not be fetched'); INSERT INTO txt VALUES ('E5210', 'German', 'Nutzer (Dn) existiert bereits'); INSERT INTO txt VALUES ('E5210', 'English', 'User (Dn) is already existing'); -INSERT INTO txt VALUES ('E5211', 'German', 'Name und Passwort müssen gefüllt sein'); -INSERT INTO txt VALUES ('E5211', 'English', 'Name and Password have to be filled'); +INSERT INTO txt VALUES ('E5211', 'German', 'Name, Passwort und initiale Rolle müssen gefüllt sein'); +INSERT INTO txt VALUES ('E5211', 'English', 'Name, password and initial role have to be filled'); INSERT INTO txt VALUES ('E5212', 'German', 'Unbekannter Mandant'); INSERT INTO txt VALUES ('E5212', 'English', 'Unknown tenant'); INSERT INTO txt VALUES ('E5213', 'German', 'Nutzer konnte nicht hinzugefügt werden'); @@ -1911,8 +2614,8 @@ INSERT INTO txt VALUES ('E5415', 'English', 'Password must contain at least one INSERT INTO txt VALUES ('E5421', 'German', 'Schlüssel nicht gefunden oder Wert nicht konvertierbar: Wert wird gesetzt auf: '); INSERT INTO txt VALUES ('E5421', 'English', 'Key not found or could not convert value to int: taking value: '); -INSERT INTO txt VALUES ('E6001', 'German', 'Der Relogin war nicht erfolgreich. Haben Sie ein falsches Passwort eingegeben? Schauen Sie für Details bitte in die Logs.'); -INSERT INTO txt VALUES ('E6001', 'English', 'Re-login unsuccessful. Did you enter a wrong password? See log for details!'); +INSERT INTO txt VALUES ('E6001', 'German', 'Der Re-Login war nicht erfolgreich. Haben Sie ein falsches Passwort eingegeben? Schauen Sie für Details bitte in die Logs.'); +INSERT INTO txt VALUES ('E6001', 'English', 'Re-login failed. Did you enter a wrong password? See log for details.'); INSERT INTO txt VALUES ('E7001', 'German', 'Aktion wurde bereits durchgeführt'); INSERT INTO txt VALUES ('E7001', 'English', 'Action has already been processed'); @@ -1951,7 +2654,46 @@ INSERT INTO txt VALUES ('E8011', 'German', 'Aktion konnte nicht angelegt werden INSERT INTO txt VALUES ('E8011', 'English', 'Action could not be created'); INSERT INTO txt VALUES ('E8012', 'German', 'Kommentar konnte nicht angelegt werden'); INSERT INTO txt VALUES ('E8012', 'English', 'Comment could not be created'); +INSERT INTO txt VALUES ('E8013', 'German', 'Regel-Uid ist auf diesem Gerät nicht vorhanden: '); +INSERT INTO txt VALUES ('E8013', 'English', 'Rule Uid does not exist on this device: '); +INSERT INTO txt VALUES ('E8014', 'German', 'Die Verarbeitung dieses Auftragstyps ist nicht aktiviert. Bitte Administrator kontaktieren.'); +INSERT INTO txt VALUES ('E8014', 'English', 'The handling of this Task Type is not activated. Please contact administrator.'); +INSERT INTO txt VALUES ('E8015', 'German', 'Eigentümer konnte nicht zugeordnet werden'); +INSERT INTO txt VALUES ('E8015', 'English', 'Owner could not be assigned'); +INSERT INTO txt VALUES ('E8016', 'German', 'Eigentümer konnte nicht entfernt werden'); +INSERT INTO txt VALUES ('E8016', 'English', 'Owner could not be removed'); + +INSERT INTO txt VALUES ('E8101', 'German', 'Email-Versand kann nicht getestet werden, da der aktuell angemeldete Nutzer keine Email-Adresse hinterlegt hat.'); +INSERT INTO txt VALUES ('E8101', 'English', 'Sending of emails cannot be tested because the logged-in user does not have an email address.'); +INSERT INTO txt VALUES ('E9001', 'German', 'Sie haben Modellier-Rechte für keine Applikation.'); +INSERT INTO txt VALUES ('E9001', 'English', 'You have no modeller rights for any application.'); +INSERT INTO txt VALUES ('E9002', 'German', 'Keine Area verfügbar.'); +INSERT INTO txt VALUES ('E9002', 'English', 'No areas available.'); +INSERT INTO txt VALUES ('E9003', 'German', 'Id schon vergeben. Bitte eine andere auswählen.'); +INSERT INTO txt VALUES ('E9003', 'English', 'Id already used. Please choose another.'); +INSERT INTO txt VALUES ('E9004', 'German', 'Dienst und Quelle oder Ziel müssen ausgefüllt sein.'); +INSERT INTO txt VALUES ('E9004', 'English', 'Service and source or Destination have to be filled.'); +INSERT INTO txt VALUES ('E9005', 'German', 'Der Schnittstellentyp kann nicht zwischen Quelle und Ziel geändert werden.'); +INSERT INTO txt VALUES ('E9005', 'English', 'The Interface type cannot be changed between Source and Destination.'); +INSERT INTO txt VALUES ('E9006', 'German', 'Quelle, Dienst und Ziel müssen gefüllt sein.'); +INSERT INTO txt VALUES ('E9006', 'English', 'Source, Service and Destination have to be filled.'); +INSERT INTO txt VALUES ('E9007', 'German', 'Dienst kann nicht gelöscht werden, da er in Benutzung ist: '); +INSERT INTO txt VALUES ('E9007', 'English', 'Service cannot be deleted because it is in use: '); +INSERT INTO txt VALUES ('E9008', 'German', 'Dienstgruppe kann nicht gelöscht werden, da sie in Benutzung ist: '); +INSERT INTO txt VALUES ('E9008', 'English', 'Service Group cannot be deleted because it is in use: '); +INSERT INTO txt VALUES ('E9009', 'German', 'App Rolle kann nicht gelöscht werden, da sie in Benutzung ist: '); +INSERT INTO txt VALUES ('E9009', 'English', 'App Role cannot be deleted because it is in use: '); +INSERT INTO txt VALUES ('E9010', 'German', 'IP-Adresse wurde schon verwendet.'); +INSERT INTO txt VALUES ('E9010', 'English', 'IP address is already used.'); +INSERT INTO txt VALUES ('E9011', 'German', 'Benachrichtigung an App-Verantwortliche konnte nicht gesendet werden.'); +INSERT INTO txt VALUES ('E9011', 'English', 'Email could not be sent to App responsibles.'); +INSERT INTO txt VALUES ('E9012', 'German', 'Die Schnittstelle sollte nicht in der eigenen App beantragt werden.'); +INSERT INTO txt VALUES ('E9012', 'English', 'Interface should not be requested in own App.'); +INSERT INTO txt VALUES ('E9013', 'German', 'Schnittstelle kann nicht gelöscht werden, da sie in Benutzung ist: '); +INSERT INTO txt VALUES ('E9013', 'English', 'Interface cannot be deleted because it is in use: '); +INSERT INTO txt VALUES ('E9014', 'German', 'Bitte zuerst die gemachten Änderungen speichern.'); +INSERT INTO txt VALUES ('E9014', 'English', 'Please save changes first.'); -- errors from Api INSERT INTO txt VALUES ('A0001', 'German', 'Ungültige Anmeldedaten. Nutzername darf nicht leer sein'); @@ -1984,7 +2726,7 @@ INSERT INTO txt VALUES ('T0011', 'German', 'Nutzer mit vollem Zugriff auf den F INSERT INTO txt VALUES ('T0011', 'English', 'users with full access rights to firewall orchestrator'); INSERT INTO txt VALUES ('T0012', 'German', 'Nutzer mit Berechtigung zum Rezertifizieren von Regeln'); INSERT INTO txt VALUES ('T0012', 'English', 'users that have the right to recertify rules'); -INSERT INTO txt VALUES ('T0013', 'German', 'NNutzer mit Berechtigung zum Anlegen von Anträgen'); +INSERT INTO txt VALUES ('T0013', 'German', 'Nutzer mit Berechtigung zum Anlegen von Anträgen'); INSERT INTO txt VALUES ('T0013', 'English', 'users that have the right to create requests'); INSERT INTO txt VALUES ('T0014', 'German', 'Nutzer mit Berechtigung zum Genehmigen von Anträgen'); INSERT INTO txt VALUES ('T0014', 'English', 'users that have the right to approve requests'); @@ -1994,6 +2736,8 @@ INSERT INTO txt VALUES ('T0016', 'German', 'Nutzer mit Berechtigung zum Impleme INSERT INTO txt VALUES ('T0016', 'English', 'users that have the right to implement requests'); INSERT INTO txt VALUES ('T0017', 'German', 'Nutzer mit Berechtigung zum Review von Aufträgen'); INSERT INTO txt VALUES ('T0017', 'English', 'users that have the right to review requests'); +INSERT INTO txt VALUES ('T0018', 'German', 'Nutzer mit Berechtigung zum Modellieren von Applikationen'); +INSERT INTO txt VALUES ('T0018', 'English', 'users that have the right to model applications'); -- template comments INSERT INTO txt VALUES ('T0101', 'German', 'Aktuell aktive Regeln aller Gateways'); @@ -2006,6 +2750,36 @@ INSERT INTO txt VALUES ('T0104', 'German', 'Alle Regeln, die offene Quellen, Zi INSERT INTO txt VALUES ('T0104', 'English', 'All pass rules that contain any as source, destination or service'); INSERT INTO txt VALUES ('T0105', 'German', 'Aktuell aktive NAT-Regeln aller Gateways'); INSERT INTO txt VALUES ('T0105', 'English', 'Currently active NAT rules of all gateways'); +INSERT INTO txt VALUES ('T0106', 'German', 'Aktuell aktive unbenutzte Regeln aller Gateways'); +INSERT INTO txt VALUES ('T0106', 'English', 'Currently active unused rules of all gateways'); +INSERT INTO txt VALUES ('T0107', 'German', 'Aktuell aktive Regeln, die zur Rezertifizierung anstehen'); +INSERT INTO txt VALUES ('T0107', 'English', 'Currently active rules with upcoming recertification'); + +-- Contextual Info (Tooltips) +INSERT INTO txt VALUES ('C9000', 'German', 'Dieses Objekt wurde deaktiviert und sollte von der App Rolle entfernt werden.'); +INSERT INTO txt VALUES ('C9000', 'English', 'This object was deactivated and should be removed from App Role.'); +INSERT INTO txt VALUES ('C9001', 'German', 'Dieses Objekt wurde deaktiviert und sollte von der Verbindung entfernt werden.'); +INSERT INTO txt VALUES ('C9001', 'English', 'This object was deactivated and should be removed from Connection.'); +INSERT INTO txt VALUES ('C9002', 'German', 'Dieser App Server wurde noch in keiner App Rolle oder Verbindung verwendet.'); +INSERT INTO txt VALUES ('C9002', 'English', 'This App Server was not used in any App Role or Connection.'); +INSERT INTO txt VALUES ('C9003', 'German', 'Diese App wurde deaktiviert.'); +INSERT INTO txt VALUES ('C9003', 'English', 'This app was deactivated.'); +INSERT INTO txt VALUES ('C9004', 'German', 'In dieser App wurden noch keine Verbindungen angelegt.'); +INSERT INTO txt VALUES ('C9004', 'English', 'In this app no connections have been created.'); +INSERT INTO txt VALUES ('C9005', 'German', 'Wählen Sie die App, in der die Schnittstelle voraussichtlich angelegt werden soll. Diese kann im Workflow ggf. noch geändert werden'); +INSERT INTO txt VALUES ('C9005', 'English', 'Select app where the interface presumably should be created. This may be changed within the workflow if necessary.'); +INSERT INTO txt VALUES ('C9006', 'German', 'Diese Schnittstelle als Quelle anlegen.'); +INSERT INTO txt VALUES ('C9006', 'English', 'Create this interface as source.'); +INSERT INTO txt VALUES ('C9007', 'German', 'Angefrage Schnittstelle - noch auf der Gegenseite zu modellieren!'); +INSERT INTO txt VALUES ('C9007', 'English', 'Requested interface - to be modelled in the counterpart!'); +INSERT INTO txt VALUES ('C9008', 'German', 'Angefrage Schnittstelle - bitte modellieren!'); +INSERT INTO txt VALUES ('C9008', 'English', 'Requested interface - please modell!'); +INSERT INTO txt VALUES ('C9009', 'German', 'Mit der Veröffentlichung wird die Schnittstelle für andere Modellierer sicht- und nutzbar. + Bei Rücknahme der Veröffentlichung ändert sich lediglich die Sichtbarkeit bei der Suche - für bereits vorhandene nutzende Verbindungen ändert sich nichts. +'); +INSERT INTO txt VALUES ('C9009', 'English', 'By publishing the interface is visible and usable for other modellers. + When reverting the publication, only the visibility in searches is changed - already using connections remain unchanged. +'); -- help pages INSERT INTO txt VALUES ('H0001', 'German', 'Firewall Orchestrator ist eine Anwendung zum Erzeugen und Verwalten von verschiedenen Reports aus Konfigurationsdaten verteilter Firewallsysteme. @@ -2026,6 +2800,7 @@ INSERT INTO txt VALUES ('H1001', 'German', 'Die erste Eingabezeile ist die Filt Nach klicken der "Report erstellen" Schaltfläche werden die Reportdaten im unteren Teil des Fensters dargestellt. In der Rechten Randleiste werden Details zu den markierten Objekten gezeigt.
      Der Report kann in verschiedenen Ausgabeformaten exportiert werden. + Mit Hilfe der Tabs am oberen Bildschirmrand kann zwischen der Report-Generierung, dem Report-Scheduling und dem Report-Archiv umgeschaltet werden. '); INSERT INTO txt VALUES ('H1001', 'English', 'The first input line is the filter line, where the parameters for the report creation are defined. It is subject to a special Filter Syntax. @@ -2034,6 +2809,7 @@ INSERT INTO txt VALUES ('H1001', 'English', 'The first input line is the filter After selecting the "Generate Report" button the Report Data is shown in the lower part of the window. In the Right Sidebar details about the selected objects are given.
      The report can be exported to different output formats. + Using the tabs at the top of the screen you may switch between report generation, report scheduling and the report archive. '); INSERT INTO txt VALUES ('H1101', 'German', '
    • Alle Filter sind schreibungsunabhängig.
    • Es gibt verschiedene Varianten für die meisten Schlüsselwörter, z.B. können DestinationPort-Filter geschrieben werden als: @@ -2041,10 +2817,11 @@ INSERT INTO txt VALUES ('H1101', 'German', '
    • Alle Filter sind schreibungsun
    • Alle Filterausdrücke müssen logisch mit den Operatoren: and, or, not miteinander kombiniert werden.
    • Klammern können genutzt werden, um die Filterausdrücke zu strukturieren.
    • Anführungszeichen (") können optional für Wertdefinitionen genutzt werden. Wenn Leerzeichen im Wert vorkommen (z.B. für Datum/Zeit-Werte), müssen sie genutzt werden.
      • -
    • Ein Gateway muss ausgewählt werden. Dies kann manuell oder über die linke Randleiste, von wo die Auswahl automatisch in den Filter integriert wird, erfolgen.
      • +
    • Muss ein Gateway ausgewählt werden, kann dies manuell oder über die linke Randleiste, von wo die Auswahl automatisch in den Filter integriert wird, erfolgen.
    • Zeitfilterung funktioniert zur Zeit nur für Zeitpunkte vor dem letzten Import, der einen Config Change gefunden hat.
    • Regeln werden immer in voller Tiefe durchsucht, d.h. alle Gruppen in Quell-, Ziel- und Dienstfeldern werden aufgelöst. Zur Zeit gibt es noch keine Möglichkeit, nur auf der obersten Regelebene zu suchen.
      • +
    • Auch Verbindungen können mit den entsprechenden Schlüsselwörtern für Quelle, Dienst und Ziel durchsucht werden.
      • '); INSERT INTO txt VALUES ('H1101', 'English', '
    • All filtering is case insensitive.
    • There are multiple variants for most keywords, e.g. DestinationPort filters can be written as: @@ -2052,10 +2829,11 @@ INSERT INTO txt VALUES ('H1101', 'English', '
    • All filtering is case insensit
    • All filter statements must be logically combined using either: and, or, not.
    • Brackets can be used for structuring the filter statement.
    • Quotation marks (") can be used optionally for the value definition. If there are white spaces in the value (e.g. for date/time values) the quotation marks have to be used.
      • -
    • A gateway has to be selected. This can be done manually or via the left sidebar, from where the selection is automatically integrated to the filter.
      • +
    • If a gateway has to be selected, this can be done manually or via the left sidebar, from where the selection is automatically integrated to the filter.
    • Time filtering currently only works for points in time before the last import that found a config change.
    • Rules are always deep-searched, meaning all groups in source, destination and service fields are resolved. There is currently no option to only search at the rule top-level.
      • +
    • Also connections can be filtered with the respective keywords for source, service and destination.
      • '); INSERT INTO txt VALUES ('H1102', 'German', 'Folgende Report-Typen stehen zur Auswahl:
        @@ -2063,9 +2841,16 @@ INSERT INTO txt VALUES ('H1102', 'German', 'Folgende Report-Typen stehen zur Au
      • Regeln (aufgelöst) - Anzeige von Zugriffsregeln, wobei sämtliche Gruppen in Quelle, Ziel und Dienst aufgelöst werden. Dies ermöglicht einen Export in einer einzigen Tabelle ohne Hilfstabellen, in denen die Objekt-Definitionen stehen. Default-Report-Zeitpunkt: jetzt
      • Regeln (technisch) - wie der aufgelöste Regel-Report, nur dass Objektnamen nicht angezeigt werden. Default-Report-Zeitpunkt: jetzt
        • +
      • Unbenutzte Regeln - Anzeige aller Regeln die das letztemal vor einem vorgegebenen Zeitpunkt benutzt wurden. Geräte, die keine Nutzungsinformation liefern, werden ignoriert. + Falls der Reporter auch die Rolle "requester" hat, wird bei Selektion ausgegebener Regeln eine Schaltfläche zur Erzeugung eines Löschantrags angeboten.
      • NAT-Regeln - Anzeige der NAT-Regeln und nicht der Zugriffsregeln. Default-Report-Zeitpunkt: jetzt
        • +
      • Rezertifizierung - Anzeige aller Regeln mit anstehenden Rezertifizierungen. Der Default-Report-Zeitraum kann in den Einstellungen gesetzt werden
      • Änderungen - Anzeige von Änderungen in einem bestimmten Zeitraum. Default-Report-Zeitraum: dieses Jahr
        • +
      • Änderungen (aufgelöst) - Anzeige von Änderungen in einem bestimmten Zeitraum, wobei sämtliche Gruppen in Quelle, Ziel und Dienst aufgelöst werden. Default-Report-Zeitraum: dieses Jahr
        • +
      • Änderungen (technisch)- wie der aufgelöste Änderungs-Report, nur dass Objektnamen nicht angezeigt werden. Default-Report-Zeitraum: dieses Jahr
      • Statistik - Anzeige von Statistikdaten über Anzahl von Objekten und Regeln. Default-Report-Zeitpunkt: jetzt
        • +
      • Verbindungen - Anzeige aller in einer Applikation modellierten Verbindungen, Schnittstellen und eigener Common Services mit zusätzlicher Auflistung aller hierin verwendeter Netzwerk- und Serviceobjekte. + Hinzu kommt eine Liste aller globalen Common Services.
      '); INSERT INTO txt VALUES ('H1102', 'English', 'Choose from the following report types: @@ -2073,9 +2858,16 @@ INSERT INTO txt VALUES ('H1102', 'English', 'Choose from the following report t
    • Rules - display access rules; default report time: now
    • Rules (resolved) - display access rules but not showing any group structure but only resolved group content. Default report time: now
    • Rules (technical) - display access rules, resolving groups and not showing object names. Default report time: now<
      • +
    • Unused Rules - display all rules where the rule last hit lies before a given time. Devices delivering no usage information are disregarded. + If the reporter has also a requester role, a button to create a delete rule request is offered after selecting reported rules.
    • NAT Rules - display NAT rules instead of access rules. Default report time: now
      • +
    • Recertification - display all rules where recertifications are upcoming. Default report interval can be defined in settings
    • Changes - display all changes in a defined time interval. Default report interval: this year
      • +
    • Changes (resolved) - display all changes in a defined time interval but not showing any group structure but only resolved group content. Default report interval: this year
      • +
    • Changes (technical) - display all changes in a defined time interval resolving groups and not showing object names. Default report interval: this year
    • Statistics - display statistical data on the number of objects and rules. Default report time: now
      • +
    • Connections - display of all connections, interfaces and Common Services modelled in an application with additional lists of all network and service objects used here. + Additionally a list of all global Common Services is given.
    '); INSERT INTO txt VALUES ('H1111', 'German', '
  • gateway (gw, firewall, fw, device, dev): Zusätzlich zu der in der Linken Randleiste zu tätigenden Auswahl spezifischer Devices @@ -2090,6 +2882,8 @@ INSERT INTO txt VALUES ('H1111', 'German', '
  • gateway (gw, firewall, fw, devi
  • action (act, enforce)
  • remove: Mögliche Werte: true/false. Wenn "true", werden nur dezertifizierte Regeln gesucht
  • recertdisplay (recertdisp): Definiert den Zeitraum für die Vorausschau (in Tagen) für die nächste Rezertifizierung. Nur Regeln in diesem Zeitfenster werden gesucht.
    • +
  • lasthit (last-hit, last-used, last-usage, last-use): Filtern nach Regel-Nutzung - aktuell unterstützt für FortiManager und Check Point >=R80.
    • +
  • not-used-for-days (unused, unused-days, not-used): nicht genutzt seit der vorgegebenen Anzahl von Tagen oder gar nicht
  • fulltext (full, fulltextsearch, fts, text, textsearch)
    • '); INSERT INTO txt VALUES ('H1111', 'English', '
  • gateway (gw, firewall, fw, device, dev): Additionally to the specific device selection in the left sidebar @@ -2104,6 +2898,8 @@ INSERT INTO txt VALUES ('H1111', 'English', '
  • gateway (gw, firewall, fw, devi
  • action (act, enforce)
  • remove: Possible Values: true/false. If "true", only decertified rules are searched
  • recertdisplay (recertdisp): Defines the lookahead period (in days) for next recertification. Only rules in this time range are searched.
    • +
  • lasthit (last-hit, last-used, last-usage, last-use): filter by rule usage - supported for FortiManager and Check Point >=R80 only.
    • +
  • not-used-for-days (unused, unused-days, not-used): not used for the given number of days or never
  • fulltext (full, fulltextsearch, fts, text, textsearch)
    • '); INSERT INTO txt VALUES ('H1131', 'German', '
  • and (&)
  • or (|)
  • not (!)
  • eq (=, :)
  • neq
  • (
  • )
    • '); @@ -2128,6 +2924,14 @@ INSERT INTO txt VALUES ('H1144', 'German', '
  • Filtern nach Gateways oder Man INSERT INTO txt VALUES ('H1144', 'English', '
  • filter for gateways or managements
    • gateway=forti and src=cactus
    • gateway=forti or gateway=check
    • not gateway=check
    '); +INSERT INTO txt VALUES ('H1145', 'German', '
  • Filtern nach letzter Verwendung der Regeln
      • +
    • lasthit<2023-01-01 - zeigt nur Regeln, die vor dem Jahr 2023 verwendet wurden sowie auch alle Regeln, die noch nie verwendet wurden
      • +
    • lasthit>2022-12-31 - zeigt nur Regeln, die in 2023 (oder später) verwendet wurden. Regeln ohne jegliche Verwendung werden nicht angezeigt.
    +'); +INSERT INTO txt VALUES ('H1145', 'English', '
  • filter for last hit of rules
      • +
    • lasthit<2023-01-01 - only shows rules with hits before the year 2023 including those rules which have no hits at all
      • +
    • lasthit>2022-12-31 - only shows rules which have hits in 2023 (or later). Rules without any hits are not shown.
    +'); INSERT INTO txt VALUES ('H1201', 'German', 'Vorlagen können genutzt werden, um wiederkehrende Reports zu definieren. Diese werden für das Scheduling benötigt. Jeder Nutzer kann seine eigenen Vorlagen definieren und sie mit anderen teilen.
    Beim Anlegen einer neuen Vorlage über die Schaltfläche "Als Vorlage speichern" wird ein Pop-Up-Fenster geöffnet, in dem Name und ein Kommentar vergeben werden können. @@ -2148,37 +2952,43 @@ INSERT INTO txt VALUES ('H1202', 'German', 'Um sie direkt in der UI zu nutzen, INSERT INTO txt VALUES ('H1202', 'English', 'For using them directly on the UI, devices have to be selected additionally. Used in scheduling, all devices are regarded as selected. These templates can be used as basis for the creation of own self-defined templates. '); -INSERT INTO txt VALUES ('H1211', 'German', 'Einfache Statistik: Etwas Statistik über Netzwerk-, Dienst- und Nutzerobjekte aller Devices.'); +INSERT INTO txt VALUES ('H1211', 'German', 'Basic Statistics: Etwas Statistik über Netzwerk-, Dienst- und Nutzerobjekte aller Devices.'); INSERT INTO txt VALUES ('H1211', 'English', 'Basic Statistics: Some statistics about network, service and user objects and rules of all devices.'); -INSERT INTO txt VALUES ('H1212', 'German', 'Compliance: Durchlassregeln mit "any": Alle Durchlassregeln, die "any" als Quelle, Ziel oder Dienst enthalten.'); +INSERT INTO txt VALUES ('H1212', 'German', 'Compliance: Pass rules with "any": Alle Durchlassregeln, die "any" als Quelle, Ziel oder Dienst enthalten.'); INSERT INTO txt VALUES ('H1212', 'English', 'Compliance: Pass rules with "any": All pass rules that contain "any" as source, destination or service.'); -INSERT INTO txt VALUES ('H1213', 'German', 'Aktuelle Regeln: Aktuell aktive Regeln aller ausgewählten Devices.'); +INSERT INTO txt VALUES ('H1213', 'German', 'Current Rules: Aktuell aktive Regeln aller ausgewählten Devices.'); INSERT INTO txt VALUES ('H1213', 'English', 'Current Rules: Currently active rules of all selected devices.'); -INSERT INTO txt VALUES ('H1214', 'German', 'Regeländerungen des aktuellen Jahres: Alle im aktuellen Jahr geänderten Regeln in den ausgewählten Devices.'); +INSERT INTO txt VALUES ('H1214', 'German', 'This year's Rule Changes: Alle im aktuellen Jahr geänderten Regeln in den ausgewählten Devices.'); INSERT INTO txt VALUES ('H1214', 'English', 'This year's Rule Changes: All rule change performed in the current year in the selected devices.'); -INSERT INTO txt VALUES ('H1215', 'German', 'Aktuelle NAT Regeln: Aktuell aktive NAT-Regeln aller ausgewählten Devices.'); +INSERT INTO txt VALUES ('H1215', 'German', 'Current NAT Rules: Aktuell aktive NAT-Regeln aller ausgewählten Devices.'); INSERT INTO txt VALUES ('H1215', 'English', 'Current NAT Rules: Currently active NAT rules of all selected devices.'); -INSERT INTO txt VALUES ('H1301', 'German', 'Direkt nach der Erzeugung oder vom Archiv aus können Reports in verschiedenen Ausgabeformaten exportiert werden:'); -INSERT INTO txt VALUES ('H1301', 'English', 'Directly after creation or from the archive reports can be exported to different output formats:'); -INSERT INTO txt VALUES ('H1302', 'German', '
  • pdf
  • html
  • csv (noch nicht unterstützt)
  • json
    • '); -INSERT INTO txt VALUES ('H1302', 'English', '
  • pdf
  • html
  • csv (currently not supported)
  • json
    • '); +INSERT INTO txt VALUES ('H1216', 'German', 'Last year's Unused Rules: Aktuell aktive und seit mindestens einem Jahr unbenutzte Regeln aller Gateways.'); +INSERT INTO txt VALUES ('H1216', 'English', 'Last year's Unused Rules: Currently active and for at least one year unused rules of all gateways.'); +INSERT INTO txt VALUES ('H1217', 'German', 'Next Month's Recertifications: Aktuell aktive Regeln, die im nächsten Monat zur Rezertifizierung anstehen.'); +INSERT INTO txt VALUES ('H1217', 'English', 'Next Month's Recertifications: Currently active rules with upcoming recertification next month.'); +INSERT INTO txt VALUES ('H1301', 'German', 'Direkt nach der Erzeugung oder vom Archiv aus können Reports in verschiedenen Ausgabeformaten exportiert werden:'); +INSERT INTO txt VALUES ('H1301', 'English', 'Directly after creation or from the archive reports can be exported to different output formats:'); +INSERT INTO txt VALUES ('H1302', 'German', '
  • pdf
  • html
  • csv (aktuell nur für die aufgelösten und technischen Report-Typen unterstützt)
  • json
    • '); +INSERT INTO txt VALUES ('H1302', 'English', '
  • pdf
  • html
  • csv (currently only supported for resolved and technical report types)
  • json
    • '); INSERT INTO txt VALUES ('H1303', 'German', 'Nach betätigen des "Report exportieren"-Auswahlfeldes kann eines oder mehrere dieser Formate ausgewählt werden. - Auch kann der Report mit einem Namen versehen und archiviert werden. + Bei Aktivierung der pdf-Ausgabe wird desweiteren das Seitenformat zur Auswahl angeboten.
    + Auch kann der Report mit einem Namen versehen und archiviert werden. Ein weiteres Ausgabefenster erlaubt dann das separate Abholen der ausgewählten Ausgabedateien. '); INSERT INTO txt VALUES ('H1303', 'English', 'After clicking the "Export Report" button one or more of them can be selected. - Also the possibility to name and save the report in the archive is given. + When selecting the pdf export, the page format is offered for selection.
    + Also the possibility to name and save the report in the archive is given. Another Popup allows then to download the selected output files separately. '); INSERT INTO txt VALUES ('H1401', 'German', 'Im unteren Teil der Hauptseite werden die Ausgabedaten des generierten Reports dargestellt. Unerwünschte Spalten können mit der jeweiligen "-" Schaltfläche ausgeblendet werden. Wenn dargestellt, können die Spalten auch zum Sortieren oder Filtern genutzt werden.
    - Die zur Verfügung stehenden Datenspalten sind: + Die in regelbasierten Reports zur Verfügung stehenden Datenspalten sind: '); INSERT INTO txt VALUES ('H1401', 'English', 'In the lower part of the main page the output data of the generated report is displayed. Unwanted columns can be removed by clicking on the respective "-" button. If diplayed the columns can be used for sorting or filtering.
    - The available data columns are: + The available data columns in rule based reports are: '); INSERT INTO txt VALUES ('H1402', 'German', '
  • Nummer
  • Name
  • Quellzone
  • Quelle
  • Zielzone
  • Ziel
  • Dienste
  • Aktion
  • Logging
  • Aktiviert
  • UID
  • Kommentar
    • @@ -2186,6 +2996,25 @@ INSERT INTO txt VALUES ('H1402', 'German', '
  • Nummer
  • Name
  • Que INSERT INTO txt VALUES ('H1402', 'English', '
  • Number
  • Name
  • Source Zone
  • Source
  • Destination Zone
  • Destination
  • Services
  • Action
  • Logging
  • Enabled
  • UID
  • Comment
    • '); +INSERT INTO txt VALUES ('H1403', 'German', 'Zusätzlich werden in einzelnen Reporttypen weitere Spalten dargestellt: +
      +
    • Changes Report: Änderungszeit, Änderungstyp (Regelnummerierung entfällt dafür)
      • +
    • Unbenutzte-Regel-Report: Letzter Treffer
      • +
    • NAT-Regel-Report: Umgesetzte Quelle, Umgesetztes Ziel, Umgesetzte Dienste
      • +
    • Rezertifizierungs-Report: Datum nächste Rezertifizierung, Eigentümer, IP-Adress-Übereinstimmung, Letzter Treffer
      • +
    • Verbindungs-Report: Hier werden die Spalten Nummer, Name, Fachliche Begründung, Quelle, Dienst und Ziel angeboten
      • +
    +'); +INSERT INTO txt VALUES ('H1403', 'English', 'Additionally in the different Report Types further columns are displayed: +
      +
    • Changes Report: Change Time, Change Type (but no rule numbering)
      • +
    • Unused Rules Report: Last Hit
      • +
    • NAT Rules Report: Translated Source, Translated Destination, Translated Services
      • +
    • Recertification Report: Next Recertification Date, Owner, IP address match, Last Hit
      • +
    • Connections report: Here the columns Number, Name, Functional Reason, Source, Service and Destination are offered.
      • +
    +'); + INSERT INTO txt VALUES ('H1501', 'German', 'Hier werden die fixen Kriterien für die Auswahl zur Reporterstellung dargestellt. Weiteren Kriterien können über die Filterleiste hinzugefügt werden. '); @@ -2198,11 +3027,13 @@ INSERT INTO txt VALUES ('H1503', 'German', 'Auflistung aller verfügbaren D Die Ansicht kann für unterschiedliche Nutzer entsprechend der Mandantenzuordnung variieren. Für eine Reporterstellung muss hier eine Auswahl getroffen werden. Die dargestellten Devices können ein- oder ausgeklappt werden. Ab welcher Mindestanzahl die Darstellung zu Beginn eingeklappt ist, kann individuell in den Reporting-Einstellungen definiert werden. + Im Unbenutzte-Regel-Report werden Devices, die keine Nutztungsinformationen liefern, bei Reporterstellung automatisch deselektiert. '); INSERT INTO txt VALUES ('H1503', 'English', 'Display of all available devices. This view may differ for the different users according to the tenant assignments. For the creation of a report a selection out of them has to be done. The displayed devices can be collapsed or expanded. In the Report Settings it is possible to define the minimum number, where the display starts collapsed. + In the Unused Rules Report devices not delivering usage information are deselected automatically during report creation. '); INSERT INTO txt VALUES ('H1504', 'German', 'Anzeige der gewählten Reportzeit bzw. des gewählten Reportzeitraums in Abhängigkeit vom gewählten Report-Typ. Vorgabewerte sind "jetzt" bzw. "dieses Jahr". Über die "Ändern"-Schaltfläche kann dies in einem entsprechenden Popup-Fenster angepasst werden: @@ -2216,24 +3047,64 @@ INSERT INTO txt VALUES ('H1505', 'German', 'Für Report-Typen, welche die A INSERT INTO txt VALUES ('H1505', 'English', 'For report types requiring a report time there are two options: Selecting a particular time with the date/time picker or using the default value "now". '); -INSERT INTO txt VALUES ('H1506', 'German', 'Für Report-Typen, die Zeitintervalle benötigen, kann gewählt werden zwischen:'); -INSERT INTO txt VALUES ('H1506', 'English', 'For report types requiring a time range a selection can be done between:'); +INSERT INTO txt VALUES ('H1506', 'German', 'Für Report-Typen, die Zeitintervalle benötigen (nicht Unbenutzte-Regel- und Rezertifizierungs-Report), kann gewählt werden zwischen:'); +INSERT INTO txt VALUES ('H1506', 'English', 'For report types requiring a time range (not Unused Rule or Recertification Report) a selection can be done between:'); INSERT INTO txt VALUES ('H1507', 'German', 'Vordefinierte Abkürzungen "dieses Jahr", "letztes Jahr", "dieser Monat", "letzter Monat", "diese Woche", "letzte Woche", "heute" oder "gestern"'); INSERT INTO txt VALUES ('H1507', 'English', 'Predefined shortcuts "this year", "last year", "this month", "last month", "this week", "last week", "today" or "yesterday"'); INSERT INTO txt VALUES ('H1508', 'German', 'Zeitintervalle in Tagen, Wochen, Monaten oder Jahren relativ zum aktuellen Zeitpunkt'); INSERT INTO txt VALUES ('H1508', 'English', 'Time intervals in days, weeks, months or years in relation to the actual time'); INSERT INTO txt VALUES ('H1509', 'German', 'Absolute Start- und Endezeiten. Beide Grenzen können durch setzen der "offen"-Markierung ausser Kraft gesetzt werden.'); INSERT INTO txt VALUES ('H1509', 'English', 'Absolute start and end times. Both limits can be separately omitted by setting the "open" checkbox.'); -INSERT INTO txt VALUES ('H1601', 'German', 'Die rechte Randleiste hat zwei Reiter: Unter "Alle" werden alle aktuell abgeholten Objekte dargestellt, - während unter "Regel" nur die in der Reportausgabe ausgewählten Regeln gezeigt werden.
    - Folgende Daten werden dargestellt, gruppiert nach den ausgewählten Devices: +INSERT INTO txt VALUES ('H1510', 'German', 'Nur beim Unbenutzte-Regel-Report: Unbenutzt seit: Hier wird die Anzahl von Tagen eingegeben, seitdem die anzuzeigenden Regeln nicht mehr benutzt wurden. + Regeln, die noch keine letzte Nutzung protokolliert haben, werden ebenfalls dargestellt, falls sie älter als eine in den Reporting-Einstellungen definierte Toleranzzeit sind. + Dort kann auch der Default-Wert für den Zeitraum der Nichtbenutzung gesetzt werden. +'); +INSERT INTO txt VALUES ('H1510', 'English', 'Only for Unused Rules Report: Unused since: Here the number of days is given, where the rules to be displayed have not be used. + Rules never used are also displayed if their creation date is older than a tolerance interval defined in the Report Settings. + There also the default value for the unused interval can be defined. +'); +INSERT INTO txt VALUES ('H1511', 'German', 'Nur beim Rezertifizierungs-Report: Rezertifizierungsparameter +
    • Fällig in: Hier wird festgelegt, wie weit die Suche nach zu rezertifizierenden Regeln gehen soll (in Tagen). + Der Default-Wert kann sowohl vom Administrator in den Allgemeinen + als auch vom jeweiligen Nutzer in den Persönlichen Rezertifizierungseinstellungen festgelegt werden.
      • +
    • Eigentümer: Hier kann aus den dem Nutzer zugeordneten Eigentümerschaften ausgewählt werden.
      • +
    • Any-Regeln anzeigen: Wenn das Häkchen gesetzt ist, werden auch Regeln mit Ip 0.0.0.0 in Quelle oder Ziel dargestellt. + Beim deselektieren wird ein exkludierender Ausdruck zur Filterzeile hinzugefügt.
    +'); +INSERT INTO txt VALUES ('H1511', 'English', 'Only for Recertification Report: Recertification Parameters +
    • Due within: Select how far ahead should be searched for rules to be recertified (in days). + The default value can be set by the administrator in the General + as well as in the Personal Recertification Settings by the user.
      • +
    • Owner: Select the certifying owner out of the ownerships related to the user.
      • +
    • Show any rules: If flag is set, rules with Ip 0.0.0.0 in source or destination are shown. + When deselecting an excluding statement is added to the filter line.
    +'); +INSERT INTO txt VALUES ('H1512', 'German', 'Nur beim Verbindungs-Report: Eigentümer: Hier kann aus den dem Nutzer zur Modellierung zugeordneten Eigentümerschaften ausgewählt werden. +'); +INSERT INTO txt VALUES ('H1512', 'English', 'Only for Connections Report: Owner: Select the modelling owner out of the ownerships related to the user. +'); +INSERT INTO txt VALUES ('H1601', 'German', 'Die rechte Randleiste hat mehrere Reiter, die je nach Report eingeblendet werden: Für regelbasierte Reports werden unter "Alle" sämtliche aktuell abgeholten Objekte dargestellt, + während unter "Report" nur die Objekte der im Report vorkommenden Regeln gezeigt werden. + Im Reiter "Regel" sind dann nur die Objekte der in der Reportausgabe ausgewählten Regeln dargestellt.
    + ("Alle"- und "Regel"-Reiter werden mit derselben Funktionalität auch im Rezertifizierungsdialog angeboten).
    + In eigentümerbasierten Reports erscheint der Reiter "Benutzte Objekte", in dem alle in den Verbindungen verwendeten Objekte aufgelistet werden.
    + Folgende Daten werden soweit verfügbar dargestellt, gruppiert nach den ausgewählten Devices: +'); +INSERT INTO txt VALUES ('H1601', 'English', 'There are several tabs shown in the right sidebar, depending on the report type: In rule based reports the "All" tab displays all currently fetched objects, + whereas in the "Report" tab only the objects of the rules of the report are shown. + In the "Rule" tab only objects of rules selected in the report output are dispalyed.
    + ("All" and "Rule" tab are also offered in the Recertification dialogue with the same functionality).
    + In owner based reports the Tab "Used Objects" is displayed, where all objects used in the connections are listed.
    + The following data are displayed if available, grouped by the selected devices: +'); +INSERT INTO txt VALUES ('H1602', 'German', '
  • Netzwerkobjekte: Name, Typ, IP, Zone, ggf. Gruppenmitglieder, zuletzt geändert, Kommentar
    • +
  • Dienste: Name, Typ, UID, Quellport, Zielport, Protokoll, Timeout, ggf. Gruppenmitglieder, zuletzt geändert, Kommentar
    • +
  • Nutzer: Name, Typ, UID, realer Name, ggf. Gruppenmitglieder, zuletzt geändert, Kommentar
    • +'); +INSERT INTO txt VALUES ('H1602', 'English', '
  • Network objects: Name, type, IP, zone, group members if applicable, last changed, comment
    • +
  • Services: Name, type, UID, source port, destination port, protocol, timeout, group members if applicable, last changed, comment
    • +
  • Users: Name, type, UID, real name, group members if applicable, last changed, comment
    • '); -INSERT INTO txt VALUES ('H1601', 'English', 'There are two Tabs shown in the right sidebar: The "All" tab displays all currently fetched objects, - while in the "Rule" tab only the objects of rules selected in the report output are shown.
    - The following data are displayed grouped by the selected devices: -'); -INSERT INTO txt VALUES ('H1602', 'German', '
  • Netzwerkobjekte
  • Dienste
  • Nutzer
    • '); -INSERT INTO txt VALUES ('H1602', 'English', '
  • Network objects
  • Services
  • Users
    • '); INSERT INTO txt VALUES ('H2001', 'German', 'Es können Reports für einen bestimmten Termin oder als wiederkehrende Aufträge festgelegt werden. Jeder Nutzer kann seine eigenen Terminpläne verwalten. @@ -2241,8 +3112,8 @@ INSERT INTO txt VALUES ('H2001', 'German', 'Es können Reports für ein INSERT INTO txt VALUES ('H2001', 'English', 'Reports can be scheduled for a given time or as recurring tasks. Every user can administrate his own report schedules. '); -INSERT INTO txt VALUES ('H2011', 'German', 'Name: Der Reportname, der im Archiv wiederzufinden ist.'); -INSERT INTO txt VALUES ('H2011', 'English', 'Name: The report name to be found in the Archive.'); +INSERT INTO txt VALUES ('H2011', 'German', 'Name: Der Reportname, der im Archiv wiederzufinden ist.'); +INSERT INTO txt VALUES ('H2011', 'English', 'Name: The report name to be found in the Archive.'); INSERT INTO txt VALUES ('H2012', 'German', 'Startdatum und -zeit: Erste Ausführung des Terminauftrags. Bitte einige Minuten im voraus wählen, wenn die Ausführung noch heute erfolgen soll, da es einen Zeitverzug von einigen Minuten durch den Timer geben kann. '); @@ -2277,52 +3148,50 @@ INSERT INTO txt VALUES ('H2018', 'English', 'Count: Counts how many reports have INSERT INTO txt VALUES ('H3001', 'German', 'Hier sind die archivierten Reports mit Name sowie Informationen zu Erzeugungsdatum, Typ, Vorlage (nur bei termingesteuerten Reports), Eigentümer sowie eine kurze Beschreibung des Inhalts zu finden. Sie können zum einen durch Export manuell erzeugter Reports durch Setzen des "Archiv"-Kennzeichens in Export Report erzeugt werden. - Zum anderen finden sich hier auch die durch das Scheduling erzeugten Reports. + Zum anderen finden sich hier auch die durch das Scheduling erzeugten Reports. Die archivierten Reports können von hier heruntergeladen oder gelöscht werden. '); INSERT INTO txt VALUES ('H3001', 'English', 'Here the archived reports can be found with name and information about creation date, type, template (only at scheduled reports), owner and a short description about the content. They may be created on the one hand by exporting manually created reports with setting the flag "Archive" in Export Report. - On the other hand here also the reports created by the Scheduling can be found. + On the other hand here also the reports created by the Scheduling can be found. It is possible to download or delete these archived reports. '); -INSERT INTO txt VALUES ('H4001', 'German', 'In diesem Abschnitt können Regeln re- oder dezertifiziert werden. Dafür wird die Rolle "recertifier" (oder "admin") benötigt.'); -INSERT INTO txt VALUES ('H4001', 'English', 'In this part rules can be re- or decertified. For this the role "recertifier" (or "admin") is necessary.'); INSERT INTO txt VALUES ('H4011', 'German', 'Im ersten Schritt muss ein Report mit den demnächst zu rezertifizierenden Regeln geladen werden. Der Zeitraum für die Vorausschau kann im Feld "Fällig in" gewählt werden. - Diese wird im "Rezertifizierungsanzeigeintervall" in den Rezertifizierungseinstellungen bzw. - in den Standardeinstellungen initialisiert. + Diese wird im "Rezertifizierungsanzeigeintervall" in den persönlichen bzw. + in den allgemeinen Rezertifizierungseinstellungen initialisiert. Desweiteren müssen die zu betrachtenden Geräte in der linken Randleiste ausgewählt werden. '); INSERT INTO txt VALUES ('H4011', 'English', 'In the first step a report of upcoming rules to be certified has to be loaded. The lookahead period for this can be chosen in the "Due within" field. It is initialized by the settings value "Recertification Display Period" in the - Recertification Settings resp. Default Settings. + personal resp. general Recertification Settings. Also the regarded devices have to be chosen in the left sidebar. '); INSERT INTO txt VALUES ('H4012', 'German', 'Der Report zeigt nun alle Regeln, die im gewählten Zeitraum zertifiziert werden müssen. Das Rezertifizierungsdatum wird errechnet aus dem letzten Rezertifizierungsdatum (falls unbekannt, wird das Erzeugungsdatum der Regel genommen) - und dem Rezertifizierungsintervall, welches in den Standardeinstellungen definiert wurde. + und dem Rezertifizierungsintervall, welches in den Rezertifizierungseinstellungen definiert wurde. Rezertifizierungen, die in den nächsten Tagen (definiert im Rezertifizierungserinnerungsintervall in den Standardeinstellungen) fällig sind, werden in gelb, überfällige Rezertifizierungen in rot unterlegt. Zusätzlich wird der letzte Rezertifizierer dargestellt ("unbekannt" zeigt an, dass noch keine Rezertifizierung stattgefunden hat). '); INSERT INTO txt VALUES ('H4012', 'English', 'The report shows all rules that are upcoming for recertification within the selected interval. The recertification date is computed from the last recertification date (if unknown the rule creation date is taken) - and the Recertification Period, defined in the Default Settings. + and the Recertification Period, defined in the Recertification Settings. Recertifications upcoming in the next days (defined in the Recertification Notice Period in the Default Settings) are marked in yellow, overdue recertifications in red. Additionally the last recertifier is mentioned ("unknown" indicates that there has been no recertification so far). '); INSERT INTO txt VALUES ('H4013', 'German', 'Der Rezertifizierer hat nun die Möglichkeit alle zu re- oder dezertifizierenden Regeln zu markieren. Durch klicken der "Ausgewählte Aktionen ausführen"-Schaltfläche wird zunächst ein Kommentar abgefragt. - Dieser ist ein Pflichtfeld, wenn "Kommentar Pflichtfeld" in den Standardeinstellungen gesetzt wurde. + Dieser ist ein Pflichtfeld, wenn "Kommentar Pflichtfeld" in den Rezertifizierungseinstellungen gesetzt wurde. Nach der Bestätigung werden alle markierten Re- und Dezertifizierungen in einem Schritt ausgeführt. Danach werden nur noch die verbleibenden anstehenden Rezertifizierungen angezeigt. '); INSERT INTO txt VALUES ('H4013', 'English', 'The recertifier has now the possibility to mark each of the displayed rules for recertification or decertification. After clicking the "Execute Selected Actions" button a comment is requested. - This has to be filled, if the setting "Comment Required" in Default Settings is activated. + This has to be filled, if the setting "Comment Required" in Recertification Settings is activated. When confirmed all selected re- and decertifications are executed in on step. After that only the remaining open certifications are displayed. '); @@ -2331,6 +3200,373 @@ INSERT INTO txt VALUES ('H4014', 'English', 'Decertified rules can be displayed INSERT INTO txt VALUES ('H4021', 'German', 'Dieses Rezertifizierungsszenario ist als Basis für weitere angepasste Abläufe vorgesehen.'); INSERT INTO txt VALUES ('H4021', 'English', 'This recertification scenario is intended to be a base for further customized workflows.'); +INSERT INTO txt VALUES ('H4031', 'German', 'In diesem Modul können Nutzer Firewall-Regeln re- oder dezertifizieren. + Dafür wird die Rolle "recertifier" benötigt. Auditor- und Admin-Nutzer können hier nur lesend auf die anstehenden Rezertifizierungen zugreifen.
    + Aktuell gibt es zwei verschiedene Optionen: +
      +
    1. In der einfachen Variante kann ein Nutzer mit recertifier Rolle jede beliebige Regel rezertifizieren. + Diese Option eignet sich üblicherweise nur für kleine Installationen mit wenigen Firewall-Regeln. +
      2. +
    2. In größeren Umgebungen ist es sinnvoll, die Rezertifizierung dezentral zu organisieren. + Dafür wird eine Eigentümerstruktur unterstützt, die einer Liste von Eigentümern die Verantwortlichkeit für jeweils einen Teil des Netzwerks in Form von IP-Adressen bzw. IP-Subnetzen zuweist. + Dies kann z.B. eine Aufteilung auf Applikationsbasis sein, es ist aber genauso auch eine Unterteilung nach Subnetzen auf Basis von Betriebseinheiten denkbar. + Je nach Quelle und Ziel sind alle Eigentümer, die für einen Teil der Regel in Form von IP-Adressen verantwortlich sind, auch für die Rezertifizierung der Regel verantwortlich. + Es ist also im Allgemeinen eine Gruppe von Eigentümern für die Rezertifizierung einer Regel verantwortlich. +
      3. +
    + Eine Regel gilt erst dann als vollständig rezertifiziert, wenn alle Eigentümer die Regel rezertifiziert haben.
    + Im Reporting-Modul steht außerdem ein Rezertifizierungs-Report zur Verfügung. + Desweiteren kann in den Einstellungen konfiguriert werden, dass bei Dezertifizierung durch alle Eigentümer automatisch ein Löschauftrag erzeugt wird. +'); +INSERT INTO txt VALUES ('H4031', 'English', ' + In this module, users can recertify or decertify firewall rules. + The "recertifier" role is required for this. Auditor and admin users have read-only access to the pending recertifications here.
    + Currently there are two different options: +
      +
    1. In the simple variant, a user with recertifier role can recertify any rule. + This option is usually suitable only for small installations with few firewall rules. +
      2. +
    2. In larger environments, it makes sense to organize recertification in a decentralized manner. + For this purpose, an ownership structure is supported that assigns responsibility for a part of the network in the form of IP addresses or IP subnets to a list of owners. + This can, for example, be a division on an application basis, but a subdivision by subnets based on operating units is just as conceivable. + Depending on the source and destination, all owners who are responsible for a part of the rule in the form of IP addresses are also responsible for recertifying the rule. + Thus, in general, a group of owners is responsible for the recertification of a rule. +
      3. +
    + A rule is not considered fully recertified until all owners have recertified the rule.
    + A recertification report is also available in the reporting module. + Furtheron it can be configured in the settings that after decertification by all owners a delete request is created automatically. +'); + +INSERT INTO txt VALUES ('H4032', 'German', ' +Für das ordnungsgemäße Funktionieren des Rezertifzierungsprozesses sind die folgenden Konfigurationen einmalig zu Beginn vorzunehmen. +

    +

    Berechtigungen

    +
      +
    • Angemeldete Nutzer müssen die Rolle "Recertifier" besitzen
      • +
    • Angemeldete Nutzer müssen Mitglied eines Eigentümers sein (entweder direkt unter "Hauptverantwortlicher (DN)" oder als Mitglieder einer Eigentümergruppe)
      • +
    +

    Konfiguration der Eigentümer

    + Möchte man keine Verteilung der Zuständigkeit auf mehrere Eigentümer vornehmen, so ist es ausreichend, dem Eigentümer "Super-Owner" eine Gruppe von Rezertifizierern zuzuordnen, + die für die Rezertifizierung aller Firewall-Regeln verantwortlich sind. + Um den Super-Owner editieren zu können, + ist im Menü "Einstellungen" - "Weitere Einstellungen" - "Standardeinstellungen" die Option "Manuelle Eigentümerverwaltung erlauben" zu aktivieren. +

    + Soll hingegen eine dezentrale Struktur aufgebaut werden, so können die Eigentümer entweder im Firewall Orchestrator selbst definiert werden (nicht empfohlen) + oder aber man importiert eine im Unternehmen vorhandene Eigentümerliste, wodurch der Pflegeaufwand zum Aktuell-Halten dieser Zuordnung nicht dem Betreiber der Firewall-Infrastruktur zufällt. +
    + Es wird hierbei empfohlen, im Menü "Einstellungen" - "Weitere Einstellungen" - "Standardeinstellungen" die Option "Manuelle Eigentümerverwaltung erlauben" zu deaktivieren, + um sicherzustellen, dass keine lokalen Änderungen vorgenommen werden, sondern die Eigentümer-Pflege ausschließlich im externen Tool stattfindet. +
    + Für die Verwaltung in einem externen System ist der Import der Eigentümer und deren IP-Adressen via + Firewall Orchestrator API vorzunehmen. +

    + Die Definition der Eigentümer im Firewall Orchestrator selbst ist recht simpel. + Hierzu muss lediglich im Menü "Einstellungen" - "Weitere Einstellungen" - "Standardeinstellungen" die Option "Manuelle Eigentümerverwaltung erlauben" aktiviert werden. +
    + Anschließend ist es im Menü "Einstellungen" - "Eigentümer" möglich, Eigentümer manuell hinzuzufügen, zu bearbeiten oder zu löschen. +
+'); +INSERT INTO txt VALUES ('H4032', 'English', ' +For the proper functioning of the recertification process, the following configurations must be made once at the beginning. +

+

Permissions

+
    +
  • Logged in users must have the role "Recertier"
    • +
  • Logged in users must be members of an owner (either directly under "Full name*:" or as members of an owner group)
    • +
+

Owner configuration

+ If one does not want to distribute responsibility among several owners, it is sufficient to assign a group of recertifiers to the "Super-Owner" owner, + who are responsible for the recertification of all firewall rules. + To be able to edit the super-owner + the "Allow manual owner management" option must be enabled in the "Settings" - "Additional settings" - "Default settings" menu. +

+ If, on the other hand, a decentralized structure is to be set up, the owners can either be defined in the Firewall Orchestrator itself (not recommended) + or you can import an existing list of owners in the company, which means that the maintenance effort for keeping this assignment up to date does not fall to the operator of the firewall infrastructure. +
+ In this case, it is recommended to deactivate the "Allow manual owner administration" option in the "Settings" - "Additional settings" - "Default settings" menu, + to ensure that no local changes are made, but that owner maintenance takes place exclusively in the external tool. +
+ For management in an external system, importing owners and their IP addresses should be done via the + Firewall Orchestrator API. +

+ Defining the owners in Firewall Orchestrator itself is quite simple. + All that is required is to activate the "Allow manual owner administration" option in the "Settings" - "Additional settings" - "Default settings" menu. +
+ After that, in the "Settings" - "Owners" menu it is possible to add, edit or delete owners manually. + +'); + +INSERT INTO txt VALUES ('H4033', 'German', ' +Zum Testen der Rezertifizierungsfunktionalität werden standardmäßig einige Demo-Daten zur Verfügung gestellt. +
+Das sind sowohl Nutzer (userX_demo) als auch Eigentümer (ownerX_demo). +
+Login erfolgt mit user1_demo (Passwort cactus1) oder user2_demo (Passwort cactus2) +

+
    +
  1. + Im ersten Schritt kann in der linken Randleiste eine Filterung vorgenommen werden (Fälligkeit der Rezertifizierung, Eigentümer, Firewall-Geräte) + und anschließend mit der Schaltfläche "Regeln anzeigen" eine Liste der zu rezertifizierenden Regeln generiert werden. +
    2. +
  2. + Der Zeitraum für die Vorausschau kann im Feld "Fällig in" gewählt werden. + Der Default-Wert kann über Verändern des "Rezertifizierungsanzeigeintervalls" in den persönlichen bzw. in den allgemeinen Rezertifizierungseinstellungen gesetzt werden. +
    3. +
  3. + Bei Rezertifizierungen, die überfällig sind, wird das Datum in rot angezeigt.
    + Der Rezertifizierer hat nun die Möglichkeit, beliebige zu re- oder dezertifizierenden Regeln zu markieren.
    + Durch klicken der "Ausgewählte Aktionen ausführen"-Schaltfläche wird zunächst ein (optionaler - konfigurierbar) Kommentar abgefragt, und + nach Bestätigung werden alle markierten Re- und Dezertifizierungen in einem Schritt ausgeführt.
    + Anschließend werden nur noch die verbliebenen anstehenden Rezertifizierungen angezeigt. +
    4. +
  4. + Sollte die Option zum Re- bzw. Dezertifizierung nicht angezeigt werden, + sollten die Berechtigungen überprüft werden bzw. wenn der Nutzer Mitglied mehrerer Eigentümergruppen ist, + muss zunächst einer der Eigentümer ausgewählt werden, um speziell für diesen rezertifizieren zu können.
    + In diesem Fall empfiehlt es sich für einen Eigentümer nach dem anderen zu rezertifizieren. +
    5. +
+'); +INSERT INTO txt VALUES ('H4033', 'English', ' +To test the recertification functionality, some demo data is provided by default. +
+These are both users (userX_demo) and owners (ownerX_demo). +
+Login with user1_demo (password cactus1) or user2_demo (password cactus2) +

+
    +
  1. + In the first step, a filtering can be made in the left sidebar (recertification due date, owner, firewall devices). + and then a list of rules to be recertified can be generated using the "Show rules" button. +
    2. +
  2. + The period for the preview can be selected in the "Due within" field. + The default value can be set by changing the "Recertification display interval" in the personal or in the general recertification settings. +
    3. +
  3. + For recertifications that are overdue, the date is displayed in red.
    + The recertifier now has the option to mark any rules to be re- or decertified.
    + By clicking the "Execute selected actions" button, a (optional - configurable) comment will be requested first, and + after confirmation all marked recertifications and decertifications are executed in one step.
    + Afterwards, only the remaining pending recertifications are displayed. +
    4. +
  4. + If the option to recertify or decertify is not displayed, the permissions should be checked or if the user is a member of several owner groups, + one of the owners must be selected first in order to be able to recertify specifically for this owner.
    + In this case, it is recommended for one owner at a time to recertify. +
    5. +
+'); + +INSERT INTO txt VALUES ('H4034', 'German', ' +

IP-Adress-Matching

+ Jede Regel (Quelle und Ziel) wird mit den für einen Eigentümer definierten IP-Adressen auf Überlappung geprüft.
+ Bei einer Überlappung ist der Eigentümer für die Rezertifizierung der Regel verantwortlich und ein entsprechender Eintrag wird + abhängig vom Rezertifizierungsintervall des Eigentümers erzeugt. +

+ Alle Regeln, die Netzwerkobjekte enthalten, die keinem Eigentümer zugeordnet werden können, sind automatisch dem Super-Owner zugewiesen. +
+ Dieser ist somit für deren Rezertifzierung verantwortlich. +

+

Fälligkeitsdatum

+ Das Rezertifizierungsdatum wird errechnet aus dem letzten Rezertifizierungsdatum (falls unbekannt, wird das Erzeugungsdatum der Regel genommen) + und dem Rezertifizierungsintervall des jeweiligen Eigentümers. +

+

Konfiguration

+ Siehe auch Rezertifizierungseinstellungen. +

+ Es ist möglich, die einmal nächtliche laufende Neuberechnung der anstehenden Rezertifizierungen manuell anzustoßen. +
+ Hierzu dient die Schaltfläche Einstellungen - Weitere Einstellungen - Rezertifizierung - "Neuberechnung offene Rezertifizierungen". +'); +INSERT INTO txt VALUES ('H4034', 'English', ' +

IP Adress Matching

+ Each rule (source and destination) is checked for overlap with the IP addresses defined for an owner.
+ In case of an overlap, the owner is responsible for the recertification of the rule and a corresponding entry will be + generated depending on the recertification interval of the owner. +

+ All rules that contain network objects that cannot be assigned to an owner are automatically assigned to the super-owner. +
+ The latter is thus responsible for their recertification. +

+

Due Date

+ The recertification date is calculated from the last recertification date (if unknown, the creation date of the rule is taken) + and the recertification interval defined for the respective owner. +

+ + Also see Recertification Settings. +

+ It is possible to manually trigger the once-a-night running recalculation of pending recertifications. +
+ The button Settings - Further settings - Recertification - "Recalculation of open recertifications" is used for this purpose. +'); + +INSERT INTO txt VALUES ('H4035', 'German', ' +Der initiale Owner-Import via API kann mit folgendem beispielhaften API-Befehl mit admin-Berechtigungen erfolgen: +

+
+mutation addOwners($owners:[owner_insert_input!]!) {
+  insert_owner(
+    objects: $owners
+  ) {
+    returning {
+      id
+    }
+  }
+}
+
+
+Variablen +
+
+{
+  "owners": [
+      {
+        "name": "5",
+        "recert_interval": 365,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-5",
+        "owner_networks": {"data": [{"ip": "10.5.0.0/16"},{"ip": "10.9.0.0/16"}]}
+      },
+      {
+        "name": "6",
+        "recert_interval": 30,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-6",
+        "owner_networks": {"data": [{"ip": "10.6.0.0/16"}]}
+      },
+      {
+        "name": "7",
+        "recert_interval": 90,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-7",
+        "owner_networks": {"data": [{"ip": "10.7.0.0/16"}]}
+      }
+  ]
+}
+
+

+ +Einzelne Owner können auch beispielsweise mit folgendem API-Befehl aktualisiert werden: +

+
+mutation addSingleOwner {
+  insert_owner(
+    objects: [
+      {
+        name: "sechs"
+        recert_interval: 222
+        dn: "a"
+        group_dn: "b"
+        app_id_external: "app-sechs"
+        owner_networks: {
+          data: [{ ip: "10.69.0.0/16" }, { ip: "10.9.0.0/16" }]
+          on_conflict: {
+            constraint: owner_network_ip_unique
+            update_columns: [ip]
+          }
+        }
+      }
+    ]
+    on_conflict: {
+      constraint: owner_name_unique
+      update_columns: [recert_interval, dn, group_dn]
+    }
+  ) {
+    returning {
+      id
+    }
+  }
+}
+
+'); +INSERT INTO txt VALUES ('H4035', 'English', ' +The initial owner import via API can be done using the following examplary API command (with admin permissions): +

+
+mutation addOwners($owners:[owner_insert_input!]!) {
+  insert_owner(
+    objects: $owners
+  ) {
+    returning {
+      id
+    }
+  }
+}
+
+
+Variables +
+
+{
+  "owners": [
+      {
+        "name": "5",
+        "recert_interval": 365,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-5",
+        "owner_networks": {"data": [{"ip": "10.5.0.0/16"},{"ip": "10.9.0.0/16"}]}
+      },
+      {
+        "name": "6",
+        "recert_interval": 30,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-6",
+        "owner_networks": {"data": [{"ip": "10.6.0.0/16"}]}
+      },
+      {
+        "name": "7",
+        "recert_interval": 90,
+        "dn":"x",
+        "group_dn":"x",
+        "app_id_external": "app-7",
+        "owner_networks": {"data": [{"ip": "10.7.0.0/16"}]}
+      }
+  ]
+}
+
+

+ +Single owners can be updated using the following API command: +

+
+mutation addSingleOwner {
+  insert_owner(
+    objects: [
+      {
+        name: "sechs"
+        recert_interval: 222
+        dn: "a"
+        group_dn: "b"
+        app_id_external: "app-sechs"
+        owner_networks: {
+          data: [{ ip: "10.69.0.0/16" }, { ip: "10.9.0.0/16" }]
+          on_conflict: {
+            constraint: owner_network_ip_unique
+            update_columns: [ip]
+          }
+        }
+      }
+    ]
+    on_conflict: {
+      constraint: owner_name_unique
+      update_columns: [recert_interval, dn, group_dn]
+    }
+  ) {
+    returning {
+      id
+    }
+  }
+}
+
+'); + INSERT INTO txt VALUES ('H5001', 'German', 'In diesem Abschnitt werden die Setup- und Verwaltungseinstellungen behandelt. Die meisten Einstellungen können nur von Nutzern mit der Administrator-Rolle gesehen und geändert werden. Der Auditor kann zwar die Einstellungen sehen, da er aber keine Schreibrechte hat, sind alle Schaltflächen, die zu Änderungen führen würden, deaktiviert. @@ -2341,43 +3577,50 @@ INSERT INTO txt VALUES ('H5001', 'English', 'In the settings section the setup a '); INSERT INTO txt VALUES ('H5011', 'German', 'Im ersten Kapitel "Geräte" wird das Setup der Datenquellen behandelt: Die Abschnitte Managements und Gateways dienen der Definition der verbundenen Hardware. + Hinzu kommt die Verwaltung der Import-Zugangsdaten. '); INSERT INTO txt VALUES ('H5011', 'English', 'In the first chapter "Devices" the setup of the report data sources is done: The sections Managements and Gateways are for the definition of the connected hardware. + Additionally there is the administration of the Import Credentials. '); INSERT INTO txt VALUES ('H5012', 'German', 'Das Kapitel "Berechtigungen" bietet die Funktionalität für die Nutzerverwaltung: In LDAP-Verbindungen können externe Verbindungen zusätzlich zum internen LDAP definiert werden. Mandanten können definiert und mit spezifischen Gateways verknüpft werden. Interne oder externe Nutzer können zu Gruppen zusammengefasst - und zu Rollen zugeordnet werden. + und zu Rollen zugeordnet werden, ausserdem gibt es eine Übersicht der vorhandenen Eigentümer. '); INSERT INTO txt VALUES ('H5012', 'English', 'The chapter "Authorization" offers the functionality for the user administration: In LDAP Connections external connections besides the internal LDAP can be defined. Tenants can be defined and associated with specific gateways. Internal or external Users can be assigned to User Groups - and Roles + and Roles, additionally there is an overview of the owners. '); INSERT INTO txt VALUES ('H5013', 'German', 'Im Kapitel "Voreinstellungen" kann der Administrator Standardeinstellungen vornehmen, - die für alle Nutzer gelten, sowie die Passworteinstellungen definieren, welche für alle Passwortänderungen gültig sind. + die für alle Nutzer gelten, sowie die Email-, Importer- und + Passworteinstellungen definieren. Hinzu kommen die modulspezifischen + Allgemeinen Rezertifizierungs- und Modellierungseinstellungen. '); INSERT INTO txt VALUES ('H5013', 'English', 'In the "Defaults" chapter the administrator can define Default Values applicable to all users - and set a Password Policy valid for all password changes. + and define email-, importer- and Password Policy settings. + Additionally there are the module specific General Recertification and Modelling Settings. '); INSERT INTO txt VALUES ('H5014', 'German', 'Das Kapitel "Persönlich" ist für alle Nutzer zugänglich. Hier können das individuelle Password, die bevorzugte Sprache und Reporting-Einstellungen gesetzt werden. - Nutzer mit Rezertifizierer-Rolle können auch ihre Rezertifizierungseinstellungen anpassen. + Nutzer mit Rezertifizierer-Rolle können auch ihre Rezertifizierungseinstellungen anpassen. + Das gleiche gilt für Modellierer in den Modellierungseinstellungen. '); INSERT INTO txt VALUES ('H5014', 'English', 'The "Personal" chapter is accessible by all users, where they can set their individual Password, Language and Reporting preferences. - Users with recertifier role have also the possibility to adjust their Recertification Setting. + Users with recertifier role have also the possibility to adjust their Recertification Setting. + Same for modellers in the Modelling Settings. '); INSERT INTO txt VALUES ('H5015', 'German', 'Das Kapitel "Workflow" dient dem Administrator, einen Workflow aufzusetzen. Dazu gehört die Definition der angebotenen Aktionen, der verwendeten Stati und den Statusübergängen in den zentralen Status-Matrizen. - In den Einstellungen können allgemeine Voreinstellungen zu den Workflows vorgenommen werden, ausserdem gibt es eine Übersicht der vorhandenen Eigentümer. + In den Einstellungen können allgemeine Voreinstellungen zu den Workflows vorgenommen werden. '); INSERT INTO txt VALUES ('H5015', 'English', 'The "Workflow" chapter helps the administrator to set up a workflow. This includes the definition of the offered actions, the used states, and the state transitions in the central state matrices. - In customizing general workflow settings can be done, additionally there is an overview of the owners. + In customizing general workflow settings can be done. '); INSERT INTO txt VALUES ('H5101', 'German', 'Admins können mehrere unterschiedliche Managements einrichten und verwalten.
@@ -2404,7 +3647,11 @@ INSERT INTO txt VALUES ('H5102', 'German', 'Folgende Firewallprodukte könn
  • Check Point R8x - SmartCenter
  • Check Point R8x - Multi Domain Server (MDS)
    • +
  • FortiGate stand-alone (via REST API)
  • FortiManager 5ff - FortiManager. Für diesen Management-Typ kann die komplette Struktur (ADOM, FortiGateway Devices) mittels AutoDiscovery automatisch ausgelesen werden.
    • +
  • Palo Alto Firewalls (nicht Panorama)
    • +
  • Azure Firewall
    • +
  • Cisco FirePower Management Center
@@ -2425,40 +3672,51 @@ INSERT INTO txt VALUES ('H5102', 'English', 'The following firewall products can
  • Check Point R8x - SmartCenter
  • Check Point R8x - MDS (Multi Domain Server)
    • +
  • FortiGate StandAlone (via REST API)
  • FortiManager 5ff - FortiManager - for this management type the complete infrastructure (ADOM, FortiGateway devices) can be auto discovered.
    • +
  • Palo Alto Firewalls (not Panorama)
    • +
  • Azure Firewall
    • +
  • Cisco FirePower Management Center
'); INSERT INTO txt VALUES ('H5103', 'German', 'Für Firewallgateways ohne separates Management oder im Falle, dass das zentrale Management nicht in den Firewall Orchestrator eingebunden werden kann, - werden die Details des Gateways als Management und gleichzeitig auch als Gateway eingetragen. + werden die Details des Gateways als Management und gleichzeitig auch als Gateway eingetragen.
+ Im Falle Fortigate Legacy (via ssh): Um einen vollständigen Datenimport zu gewährleisten, bitte in der Fortigate config den Seitenumbruch deaktivieren, damit beim Kommando "show full-configuration" die komplette Config ausgegeben wird. '); INSERT INTO txt VALUES ('H5103', 'English', 'For firewall gateways without a separate management or in case the central management cannot be integrated into Firewall Orchestrator - you may enter the details of the gateway here as a management system as well and then add it again as a gateway. + you may enter the details of the gateway here as a management system as well and then add it again as a gateway.
+ In the case of legacy Fortigate (via ssh): To get the entire data imported, disable pagination in the Fortigate config to allow get command "show full-configuration" to retrieve the complete config. '); INSERT INTO txt VALUES ('H5104', 'German', 'Wenn Beispieldaten (definiert durch die Endung "_demo" vom Namen) existieren, wird eine Schaltfläche angezeigt, um diese und alle verknüpften Gateways zu löschen.'); INSERT INTO txt VALUES ('H5104', 'English', 'If there are sample data (defined by the ending "_demo" of the name), a button is displayed to delete them and all related gateways.'); INSERT INTO txt VALUES ('H5111', 'German', 'Name*: Name des Managements.
Für die meisten Firewalls ist dies ein willkürlicher Name. Ausnahmen sind direkt verbundene Gateways von Fortigate, Netscreen und Juniper. Hier muss der Name des Firewallgateways eingetragen werden.
+ Da es zu Problemen mit dem perl-Importer kommen kann, sollten Leerzeichen im Namen von Legacy-Systemen nicht verwendet werden. Ein Management dessen Name mit "_demo" endet, wird beim Betätigen der "Beispieldaten löschen"-Schaltfläche gelöscht. '); INSERT INTO txt VALUES ('H5111', 'English', 'Name*: Name of the mangement.
For most firewalls this is an arbitrary name. Exceptions are Fortigate, Netscreen and Juniper directly connected gateways. Here the name give needs to be the name of the firewall gateway.
+ Do not use spaces in the management name of legacy systems as perl importer cannot cope with spaces here. A management whose name ends with "_demo" will be deleted when using the "Remove Sample Data" button. '); INSERT INTO txt VALUES ('H5112', 'German', 'Kommentar: Optionale Beschreibung des Managements.'); INSERT INTO txt VALUES ('H5112', 'English', 'Comment: Optional description of this management.'); INSERT INTO txt VALUES ('H5113', 'German', 'Gerätetyp*: bitte das korrekte Produkt von der Liste auswählen (siehe oben)'); INSERT INTO txt VALUES ('H5113', 'English', 'Device Type*: Select correct product from a list of available types, see above.'); -INSERT INTO txt VALUES ('H5114', 'German', 'Hostname*: Adresse des Hosts (entweder IP-Addresse oder auflösbarer Name). +INSERT INTO txt VALUES ('H5114', 'German', 'Hostname*: Adresse des Hosts (entweder IP-Addresse oder auflösbarer Name).
+ Wenn die native Konfiguration eines Firewall-Systems als JSON-Datei zu Testzwecken eingelesen werden soll, ist hier die URI in einem der folgenden Formate anzugeben:
+ https://..., http://..., file://...
Für Check Point R8x MDS Installationen die Addresse des MDS-Servers für alle Domains benutzen.
- Für Fortinet, Barradua, Juniper muss die IP vom auflösbaren Namen des Firewallgateways spezifiziert werden. + Für alle Firewall-Plattformen, die kein separates Management-System besitzen, muss die IP oder der auflösbare Name des Firewallgateways spezifiziert werden. '); -INSERT INTO txt VALUES ('H5114', 'English', 'Hostname*: Address of the host (either IP address or resolvable name). +INSERT INTO txt VALUES ('H5114', 'English', 'Hostname*: Address of the host (either IP address or resolvable name).
+ For reading the native firewall config from a JSON file (for testing purposes), enter the URI of the file (https://..., http://..., file://...)
For Check Point R8x MDS installations use the address of the MDS server for all domains.
- For Fortinet, Barradua, Juniper you need to specify the IP or resolvable name of the firewall gateway. + For all firewall platforms which do not possess a separate management, use the IP address or the resolvable name of the firewall gateway. '); INSERT INTO txt VALUES ('H5115', 'German', 'Port*: Port-Nummer des Hosts.
Wenn das Ziel Check Point R8x, FortiManager, Azure oder Cisco FirePower ist, wird die Verbindung via API aufgebaut. Die Standard-Port-Nummer ist 443. Denken Sie daran, den API-Zugang auf Ihrem Firewall Managment zu aktivieren.
@@ -2469,12 +3727,11 @@ INSERT INTO txt VALUES ('H5115', 'English', 'Port*: Port number of the host.
If the target any other platform Firewall Orchestrator needs ssh-based access. The default port number here is 22. '); INSERT INTO txt VALUES ('H5116', 'German', 'Login-Daten*: Zugangsdaten für den Import-Nutzer des Managements.
- Hier kann ein Satz Zugangsdaten ausgewählt werden, der zum Login auf dem Management dient. + Hier kann ein Satz Zugangsdaten ausgewählt werden, der zum Login auf dem Management dient. '); INSERT INTO txt VALUES ('H5116', 'English', 'Import Credentials*: User/Password combination for logging into the management.
- Choose a set of credentials which will be used to get the management''s configuration. + Choose a set of credentials which will be used to get the management''s configuration. '); - INSERT INTO txt VALUES ('H5119', 'German', 'Domain: Firewall Domain Name
für Check Point R8x MDS / Fortimanager Installationen, andernfall leer lassen. '); @@ -2494,13 +3751,27 @@ INSERT INTO txt VALUES ('H5122', 'English', 'Import Disabled: Flag if the data i INSERT INTO txt VALUES ('H5123', 'German', 'Nicht sichtbar: Wenn gesetzt ist dieses Management nicht mit Standard-Reporter-Rolle sichtbar.'); INSERT INTO txt VALUES ('H5123', 'English', 'Hide in UI: If set, this management is not visible to the standard reporter role.'); -INSERT INTO txt VALUES ('H5130', 'German', 'Hier werden die Zugangsdaten fü den Import der Firewall-Konfigurationen verwaltet. +INSERT INTO txt VALUES ('H5130', 'German', 'Hier werden die Zugangsdaten für den Import der Firewall-Konfigurationen verwaltet. Diese können auch für den Zugriff auf mehrere Firewall-Managements verwendet werden. -Ein Löschen is erst möglich, wenn die Zugangsdaten nirgends verwendet werden. +Ein Löschen ist erst möglich, wenn die Zugangsdaten nirgends mehr verwendet werden. +
+ Für den FortiGate Stand-Alone Import via REST API: +
    +
  1. Im FortiGate Web Interface: Erstelle ein Read Only Admin Profile z.B. "ro_admin"
    2. +
  2. Im FortiGate Web Interface: Erstelle einen "REST API Admin" e.g. "fworch" mit "ro_admin" Profil und kopiere den API Schlüssel
    3. +
  3. In der Firewall Orchestrator WebUI: erstelle neue Import Login-Daten mit username "fworch" und Passwort = API Schlüssel
    4. +
'); INSERT INTO txt VALUES ('H5130', 'English', 'Manage credentials for importing firewall configuration data. Credentials can be used for logging in to one or multiple firewall managements. Credentials can only be deleted when they are not used for importing any management. +
+ For FortiGate stand-alone import via REST API: +
    +
  1. In FortiGate Web UI: Create Read Only Admin Profile e.g. "ro_admin"
    2. +
  2. In FortiGate Web UI: Create new "REST API Admin" e.g. "fworch" with "ro_admin" profile and copy API key
    3. +
  3. In Firewall Orchestrator UI create new credentials with username "fworch" and password = API key
    4. +
'); INSERT INTO txt VALUES ('H5131', 'German', 'Name*: Ein beliebiger Name, der diese Zugangsdaten eindeutig beschreibt. '); @@ -2514,23 +3785,25 @@ INSERT INTO txt VALUES ('H5132', 'English', 'Username*: The user used to login t This user needs to be created on the firewall system in advance and needs full read access to the system.
On Check Point R8x we recommend using the predefined "Read Only All" profile (both global and domain management) for the user. '); -INSERT INTO txt VALUES ('H5135', 'German', 'Schlüsselpaar*: Handelt es sich bei diesen Login-Daten um ein SSH Public-Key Paar oder um Standard ein Standard-Passwort. +INSERT INTO txt VALUES ('H5133', 'German', 'Privater Schlüssel* / Passwort*: Für den ssh-Zugang hier den privaten ssh-Schlüssel hinterlegen (Schlüssel muss unverschlüsselt und ohne Passphrase sein). + Bitte für ssh-basierten legacy FortiGate Zugriff kein RSA benutzen, da es hier ein Problem mit RSA-Schlüsseln zu geben scheint.
+ Für den API-Zugang ist hier das Passwort des API-Nutzers einzutragen. '); -INSERT INTO txt VALUES ('H5135', 'English', 'Key Pair*: Do these credentials consist of a private/public SSH key pair or do they contain a standard password. -'); -INSERT INTO txt VALUES ('H5133', 'German', 'Privater Schlüssel* / Passwort*: Für den ssh-Zugang hier den privaten ssh-Schlüssel hinterlegen (Schlüssel muss unverschlüsselt und ohne Passphrase sein)
- Für den API-Zugang ist dies das Passwort des API-Nutzers. -'); -INSERT INTO txt VALUES ('H5133', 'English', 'Login Secret* / Password*: For ssh access enter the private ssh key (key needs to be unencrypted without passphrase)
- For API access this is the password of the API user. +INSERT INTO txt VALUES ('H5133', 'English', 'Login Secret* / Password*: For ssh access enter the private ssh key (key needs to be unencrypted without passphrase). + For legacy ssh based FortiGate, do not use RSA as there seems to be a problem with RSA keys.
+ For API access insert the password of the API user here. '); INSERT INTO txt VALUES ('H5134', 'German', 'Öffentlicher Schlüssel: Dieses Feld muss nur für Netscreen-Firewalls gefüllt werden - dieses System benötigt auch den öffentlichen Schlüssel zum Anmelden.'); INSERT INTO txt VALUES ('H5134', 'English', 'Public Key: This field only needs to be filled for netscreen firewalls - this system also needs the public key for successful login.'); -INSERT INTO txt VALUES ('H5136', 'German', 'Cloud Client ID: Nur für Cloud Instanzen (Azure) benötigt - für alle anderen Plattformen kann dieses Feld leer gelassen werden. +INSERT INTO txt VALUES ('H5135', 'German', 'Schlüsselpaar*: Handelt es sich bei diesen Login-Daten um ein SSH Public-Key Paar oder um ein Standard-Passwort. +'); +INSERT INTO txt VALUES ('H5135', 'English', 'Key Pair*: Do these credentials consist of a private/public SSH key pair or do they contain a standard password. +'); +INSERT INTO txt VALUES ('H5136', 'German', 'Cloud Client ID: Nur für Cloud Instanzen (Azure) benötigt - für alle anderen Plattformen kann dieses Feld leer gelassen werden. '); INSERT INTO txt VALUES ('H5136', 'English', 'Cloud Client ID: If you have a cloud installation (e.g. Azure) - enter your Azure client ID here. For all other installations, leave this field empty. '); -INSERT INTO txt VALUES ('H5137', 'German', 'Cloud Client Secret: Nur für Cloud Instanzen (Azure) benötigt - für alle anderen Plattformen kann dieses Feld leer gelassen werden. +INSERT INTO txt VALUES ('H5137', 'German', 'Cloud Client Secret: Nur für Cloud Instanzen (Azure) benötigt - für alle anderen Plattformen kann dieses Feld leer gelassen werden. '); INSERT INTO txt VALUES ('H5137', 'English', 'Cloud Client Secret: If you have a cloud installation (e.g. Azure) - enter your Azure client secret here. For all other installations, leave this field empty. '); @@ -2543,8 +3816,8 @@ INSERT INTO txt VALUES ('H5141', 'English', 'Admins can create and administrate The clone button helps defining new gateways by copying the data from existing ones. Before saving at least one of the parameters Device Type, Management or Rulebase has to be different from the existing gateways if the Import Disabled flag is not set. '); -INSERT INTO txt VALUES ('H5151', 'German', 'Name*: Name des Gateways. Für Fortinet muss dies der reale Name des Firewallgateways sein wie in der Config definiert.'); -INSERT INTO txt VALUES ('H5151', 'English', 'Name*: Name of the Gateway. For Fortinet this must be the real name of the firewall gateway as defined in the config.'); +INSERT INTO txt VALUES ('H5151', 'German', 'Name*: Name des Gateways. Für Legacy Fortinet (ssh) muss dies der reale Name des Firewallgateways sein wie in der Config definiert.'); +INSERT INTO txt VALUES ('H5151', 'English', 'Name*: Name of the Gateway. For legacy Fortinet (ssh) this must be the real name of the firewall gateway as defined in the config.'); INSERT INTO txt VALUES ('H5152', 'German', 'Kommentar: Optionaler Kommentar zu diesem Gateway.'); INSERT INTO txt VALUES ('H5152', 'English', 'Comment: Optional comment regarding this gateway.'); INSERT INTO txt VALUES ('H5153', 'German', 'Gerätetyp*: Auswahlliste der verfügbaren Typen. Für die verfügbaren Typen siehe @@ -2559,18 +3832,18 @@ INSERT INTO txt VALUES ('H5155', 'German', 'Lokale Rulebase* / Lokales Package*
  • Für Check Point R8x kommt hierhin der Name der top level Zugriffsschicht (default ist "Network").
  • Für Check Point R8x MDS wird hier der Name der global policy Schicht eingetragen, gefolgt vom Namen der domain policy, gertrennt durch "/", z.B. "global-policy-layer-name/domain-policy-layer-name".
    • -
  • Für Fortinet-Systeme muss jedes Gateway (auch jede vdom) als separates Management mit einem einzelnen Gateway eingeragen werden. - Bei vdoms sind sowohl Management-Name, Gateway-Name als auch Regelwerksname wie folgt zu bilden: Systemname___vdom-Name (Trennzeichen: 3x Unterstrich) -
    • +
  • Für Legacy Fortinet-Systeme muss jedes Gateway (auch jede vdom) als separates Management mit einem einzelnen Gateway eingeragen werden. + Bei vdoms sind sowohl Management-Name, Gateway-Name als auch Regelwerksname wie folgt zu bilden: Systemname___vdom-Name (Trennzeichen: 3x Unterstrich)
    • +
  • Im Falle von FortiGate Stand-Alone (Import via REST API) wird dieses Feld automatisch ausgefüllt.
'); INSERT INTO txt VALUES ('H5155', 'English', 'Local Rulebase* / Local Package*: Enter the name of the rulebase here.
  • For Check Point R8x the top level access layer name goes here (default is "Network").
  • For Check Point R8x MDS enter the name of the global policy layer followed by the name of the domain policy separated by "/", e.g. "global-policy-layer-name/domain-policy-layer-name".
    • -
  • For Fortinet systems every gateway (and every vdom) must be defined as a separate management system with a single gateway. - When dealing with vdoms set management name, gateway name and rulebase name as follows: system name___vdom name (separator: 3x underscore) -
    • +
  • For legacy Fortinet systems every gateway (and every vdom) must be defined as a separate management system with a single gateway. + When dealing with vdoms set management name, gateway name and rulebase name as follows: system name___vdom name (separator: 3x underscore)
    • +
  • For FortiGatte stand-alne (import via REST API) this field is filled-in automatically.
'); INSERT INTO txt VALUES ('H5156', 'German', 'Globale Rulebase / Globales Package: Hier wird der Name der Globalen Rulebase hinterlegt.'); @@ -2589,7 +3862,7 @@ INSERT INTO txt VALUES ('H5171', 'English', 'The status of the import jobs for t Managements which show anomalies (which would also lead to alerts in the Daily Check) are highlighted in red and listed first, followed by running imports highlighted in yellow, finally the remaining managements. '); -INSERT INTO txt VALUES ('H5181', 'German', 'Neu anzeigen: Aktualisiert die dargestellten Daten.'); +INSERT INTO txt VALUES ('H5181', 'German', 'Aktualisieren: Aktualisiert die dargestellten Daten.'); INSERT INTO txt VALUES ('H5181', 'English', 'Refresh: Updates the displayed data.'); INSERT INTO txt VALUES ('H5182', 'German', 'Details: Für das ausgewählte Management wird hier eine genauere Übersicht über die Import-Ids, Start/Stop-Zeiten, Dauer und Fehler des ersten, letzten erfolgreichen und letzten Imports gegeben, sowie die Anzahl der Fehler seit dem letzten erfolgreichen Import. @@ -2639,7 +3912,7 @@ INSERT INTO txt VALUES ('H5213', 'English', 'Tls: Flag if TLS is used for commun INSERT INTO txt VALUES ('H5214', 'German', 'Mandantenebene: Wenn Mandanten Teil des Distinguished Name (Dn) des Nutzers sind, definiert diese Zahl die Pfadtiefe, wo dieser zu finden ist. Das beginnt mit 1 für das erste Element von rechts. Wenn keine Mandanten genutzt werden, auf 0 setzen. '); -INSERT INTO txt VALUES ('H5214', 'English', 'Tenant Level: If tenants are part of the distinguished names (Dn) of the user, this number defines the level in the path, where they are found. +INSERT INTO txt VALUES ('H5214', 'English', 'Tenant Level: If tenants are part of the distinguished name (Dn) of the user, this number defines the level in the path, where they are found. Starting with 1 for the first Dn element from the right. Set to 0 if no tenants are used. '); INSERT INTO txt VALUES ('H5215', 'German', 'Typ*: Implementierungstyp des Ldap, welcher die Syntax des Zugangs festlegt. Zur Zeit werden "OpenLdap" und "ActiveDirectory" unterstützt. @@ -2704,6 +3977,8 @@ INSERT INTO txt VALUES ('H5247', 'German', 'Superadmin: Zeigt an, dass es sich INSERT INTO txt VALUES ('H5247', 'English', 'Superadmin: Flag indicating the superadmin.'); INSERT INTO txt VALUES ('H5248', 'German', 'Gateways: Alle mit diesem Mandanten verknüpften Gateways.'); INSERT INTO txt VALUES ('H5248', 'English', 'Gateways: All gateways related to this tenant.'); +INSERT INTO txt VALUES ('H5249', 'German', 'IP-Adressen: Im Editiermodus können einem Mandanten (ausser dem Globalen Mandanten) zwecks Filterung IP-Adressen zugeordnet werden.'); +INSERT INTO txt VALUES ('H5249', 'English', 'IP Addresses: In the edit mode IP addresses can be assigned to the tenant (except global tenant) for the purpose of filtering.'); INSERT INTO txt VALUES ('H5261', 'German', 'Hier werden alle dem System bekannten Nutzer dargestellt. Das sind alle im internen Ldap angelegten Nutzer, sowie Nutzer von externen Ldaps, die sich schon mindestens einmal angemeldet haben.
Der Administrator kann Nutzer anlegen, ändern oder löschen. Beim Anlegen besteht auch die Möglichkeit, sofort Gruppen- und Rollenzugehörigkeiten festzulegen. @@ -2744,24 +4019,36 @@ INSERT INTO txt VALUES ('H5278', 'English', 'Pwd Chg Req: Flag that the user has The flag is set when a new user is added or when the admin has reset the password, except for users with auditor role, because that role is not allowed to make any changes in the system. '); +INSERT INTO txt VALUES ('H5279', 'German', 'Von LDAP: Ldap, in dem der Nutzer angelegt ist. Dies kann sowohl das interne, als auch ein in den Ldap-Einstellungen definiertes externes Ldap sein.'); +INSERT INTO txt VALUES ('H5279', 'English', 'From LDAP: Ldap, where the user is registered. This can be the internal as well as an external Ldap as defined in the Ldap Settings.'); +INSERT INTO txt VALUES ('H5280', 'German', 'In LDAP: Ldap, in dem der Nutzer angelegt werden soll. Angeboten werden sowohl das interne, als auch alle in den Ldap-Einstellungen definierten externen Ldaps, in denen Schreibrechte bestehen.'); +INSERT INTO txt VALUES ('H5280', 'English', 'Into LDAP: Ldap, where the user should be registered. Offered are the internal as well as all external Ldaps as defined in the Ldap Settings, where write permissions are given.'); +INSERT INTO txt VALUES ('H5281', 'German', 'Vorname: Vorname des Benutzers.'); +INSERT INTO txt VALUES ('H5281', 'English', 'First name: The user''s given name.'); +INSERT INTO txt VALUES ('H5282', 'German', 'Nachname: Nachname des Benutzers.'); +INSERT INTO txt VALUES ('H5282', 'English', 'Surname: The user''s surname.'); INSERT INTO txt VALUES ('H5301', 'German', 'Der Admin kann Nutzergruppen im internen Ldap definieren. Dabei besteht die Möglichkeit, sie gleich einer Rolle zuzuordnen. Weitere Rollenzuordnungen können dann unter Rollen erfolgen.
- Wenn Beispieldaten (definiert durch die Endung "_demo" vom Gruppennamen) existieren, wird eine Schaltfläche angezeigt, um diese zu löschen. - Die Löschung ist nicht möglich, wenn Nutzer, die nicht als Beispielnutzer gekennzeichnet sind (Name endet nicht auf "_demo"), der Gruppe zugeordnet sind. '); INSERT INTO txt VALUES ('H5301', 'English', 'Groups of users can be defined by the admin in the internal Ldap. When adding there is the possibility to assign a role membership. Further memberships can be administrated in the roles section.
- If there are sample data (defined by the ending "_demo" of the group name), a button is displayed to delete them. +'); +INSERT INTO txt VALUES ('H5302', 'German', 'Wenn Beispieldaten (definiert durch die Endung "_demo" vom Gruppennamen) existieren, wird eine Schaltfläche angezeigt, um diese zu löschen. + Die Löschung ist nicht möglich, wenn Nutzer, die nicht als Beispielnutzer gekennzeichnet sind (Name endet nicht auf "_demo"), der Gruppe zugeordnet sind. +'); +INSERT INTO txt VALUES ('H5302', 'English', 'If there are sample data (defined by the ending "_demo" of the group name), a button is displayed to delete them. The deletion is only possible, if there are no non-sample users (user name not ending with "_demo") assigned to the group. '); INSERT INTO txt VALUES ('H5311', 'German', 'Gruppenaktionen: Hier können selbstdefinierte Gruppen geändert (zur Zeit nur umbenannt) oder gelöscht werden.'); INSERT INTO txt VALUES ('H5311', 'English', 'Group actions: Here is the possibility to edit (currently only rename) or delete self defined user groups.'); -INSERT INTO txt VALUES ('H5312', 'German', 'Nutzeraktionen: Hier können dem System bekannte Nutzer (siehe Nutzereinstellungen) der Gruppe zugeordnet oder von dieser entfernt werden.'); -INSERT INTO txt VALUES ('H5312', 'English', 'User actions: Here users known to the system (see User settings) can be assigned to or removed from the user groups.'); +INSERT INTO txt VALUES ('H5312', 'German', 'Nutzeraktionen: Hier können dem System bekannte Nutzer (siehe Nutzereinstellungen) oder aus einem zu durchsuchenden Ldap der Gruppe zugeordnet bzw. von dieser entfernt werden.'); +INSERT INTO txt VALUES ('H5312', 'English', 'User actions: Here users known to the system (see User settings) or searched from an Ldap can be assigned to resp. removed from the user groups.'); INSERT INTO txt VALUES ('H5313', 'German', 'Name: Name der Nutzergruppe.'); INSERT INTO txt VALUES ('H5313', 'English', 'Name: Name of the user group.'); INSERT INTO txt VALUES ('H5314', 'German', 'Nutzer: Liste der der Gruppe zugeordneten Nutzer.'); INSERT INTO txt VALUES ('H5314', 'English', 'Users: List of assigned users to the group.'); +INSERT INTO txt VALUES ('H5315', 'German', 'Eigentümergruppe: Kann für die Eigentümerverwaltung beim Rezertifizieren oder Modellieren verwendet werden.'); +INSERT INTO txt VALUES ('H5315', 'English', 'Owner Group: Can be used for owner administration in recertification or modelling modules.'); INSERT INTO txt VALUES ('H5331', 'German', 'Alle definierten Rollen werden mit einer kurzen Erklärung dargestellt.
Der Admin kann Nutzer oder Nutzergruppen den Rollen zuweisen bzw. von diesen entfernen. '); @@ -2796,8 +4083,8 @@ INSERT INTO txt VALUES ('H5352', 'German', 'Auswahl aus der Liste der bekannten INSERT INTO txt VALUES ('H5352', 'English', 'Select from the list of known users also displayed in the users settings.'); INSERT INTO txt VALUES ('H5353', 'German', 'Auswahl aus der Liste der internen Gruppen, wie sie in den Gruppeneinstellungen dargestellt wird.'); INSERT INTO txt VALUES ('H5353', 'English', 'Select from the list of internal groups also displayed in the groups settings.'); -INSERT INTO txt VALUES ('H5361', 'German', 'Reporting und Rezertifizierung (regelbasiert): reporter, reporter-viewall, recertifier'); -INSERT INTO txt VALUES ('H5361', 'English', 'Reporting and recertification (rule based): reporter, reporter-viewall, recertifier'); +INSERT INTO txt VALUES ('H5361', 'German', 'Reporting, Modellierung und Rezertifizierung (regelbasiert): reporter, reporter-viewall, modeller, recertifier'); +INSERT INTO txt VALUES ('H5361', 'English', 'Reporting, modelling and recertification (rule based): reporter, reporter-viewall, modeller, recertifier'); INSERT INTO txt VALUES ('H5362', 'German', 'Workflow: requester, approver, planner, implementer, reviewer'); INSERT INTO txt VALUES ('H5362', 'English', 'Workflow: requester, approver, planner, implementer, reviewer'); INSERT INTO txt VALUES ('H5363', 'German', 'Übergeordnete Rollen: admin, fw-admin, auditor, (anonymous)'); @@ -2816,10 +4103,10 @@ INSERT INTO txt VALUES ('H5411', 'German', 'Standardsprache: Die Sprache, die n INSERT INTO txt VALUES ('H5411', 'English', 'Default Language: The language which every user gets at first login. After login each user can define its own preferred language. '); -INSERT INTO txt VALUES ('H5412', 'German', 'Pro Abruf geholte Elemente: Definiert die (maximale) Anzahl der Objekte, die bei der Reporterzeugung und beim Aufbau der rechten Randleiste in einem Schritt geholt werden. +INSERT INTO txt VALUES ('H5412', 'German', 'UI - Pro Abruf geholte Elemente: Definiert die (maximale) Anzahl der Objekte, die bei der Reporterzeugung und beim Aufbau der rechten Randleiste in einem Schritt geholt werden. Dies kann genutzt werden, um die Performanz zu optimieren, wenn nötig. '); -INSERT INTO txt VALUES ('H5412', 'English', 'Elements per fetch: Defines the (maximum) number of objects which are fetched in one step for the report creation and the build up of the right sidebar. +INSERT INTO txt VALUES ('H5412', 'English', 'UI - Elements per fetch: Defines the (maximum) number of objects which are fetched in one step for the report creation and the build up of the right sidebar. This can be used to optimize performance if necessary. '); INSERT INTO txt VALUES ('H5413', 'German', 'Max initiale Abrufe rechte Randleiste: Definiert die (maximale) Anzahl an Abrufen während der Initialisierung der rechten Randleiste. @@ -2836,8 +4123,8 @@ INSERT INTO txt VALUES ('H5414', 'English', 'Completely auto-fill right sidebar: '); INSERT INTO txt VALUES ('H5415', 'German', 'Datenaufbewahrungszeit (in Tagen): Legt fest, wie lange die Daten in der Datenbank gehalten werden (wird noch nicht unterstützt).'); INSERT INTO txt VALUES ('H5415', 'English', 'Data retention time (in days): Defines how long the data is kept in the database (currently not supported).'); -INSERT INTO txt VALUES ('H5416', 'German', 'Importintervall (in Sekunden): Zeitintervall zwischen zwei Imports (wird noch nicht unterstützt)'); -INSERT INTO txt VALUES ('H5416', 'English', 'Import sleep time (in seconds): Time between import loops (currently not supported).'); +INSERT INTO txt VALUES ('H5416', 'German', 'Änderungsbenachrichtigung via Email:'); +INSERT INTO txt VALUES ('H5416', 'English', 'Change notification via email:'); INSERT INTO txt VALUES ('H5417', 'German', 'Rezertifizierungsintervall (in Tagen): Maximale Zeit, nach der eine Regel rezertifiziert werden soll.'); INSERT INTO txt VALUES ('H5417', 'English', 'Recertification Period (in days): Maximum time, after when a rule should be recertified.'); INSERT INTO txt VALUES ('H5418', 'German', 'Rezertifizierungserinnerungsintervall (in Tagen): Zeit vor dem Fälligkeitsdatum, ab der eine Regel als fällig hervorgehoben werden soll.'); @@ -2852,26 +4139,48 @@ INSERT INTO txt VALUES ('H5422', 'German', 'Devices zu Beginn eingeklappt ab: L INSERT INTO txt VALUES ('H5422', 'English', 'Devices collapsed at beginning from: defines from which number of devices (managements + gateways) they are displayed collapsed in the left sidebar at beginning.'); INSERT INTO txt VALUES ('H5423', 'German', 'Nachrichten-Anzeigedauer (in Sekunden): legt fest, wie lange Erfolgs-Nachrichten dargestellt werden, bis sie automatisch ausgeblendet werden. Fehler-Nachrichten erscheinen dreimal so lange. Beim Wert 0 werden die Nachrichten nicht automatisch ausgeblendet. - Die Nutzer-Meldungen können auch danach noch unter UI-Nachrichten eingesehen werden. + Die Nutzer-Meldungen können auch danach noch im Monitoring unter UI-Nachrichten eingesehen werden. '); INSERT INTO txt VALUES ('H5423', 'English', 'Message view time (in seconds): defines how long success messages are displayed, until they fade out automatically. Error messages are displayed 3 times as long. Value 0 means that the messages do not fade out. - All user messages can still be reviewed at UI Messages. + All user messages can still be reviewed in the monitoring tab at UI Messages. '); INSERT INTO txt VALUES ('H5424', 'German', 'Startzeit täglicher Check: legt die Zeit fest, wann der tägliche Check durchgeführt werden soll.'); INSERT INTO txt VALUES ('H5424', 'English', 'Daily check start at: defines the time when the daily check should happen.'); -INSERT INTO txt VALUES ('H5425', 'German', 'FW API - Pro Abruf geholte Elemente: Definiert die (maximale) Anzahl der Objekte, die beim Import über die FWO-API in einem Schritt geholt werden. - Dies kann genutzt werden, um die Performanz zu optimieren, wenn nötig. -'); -INSERT INTO txt VALUES ('H5425', 'English', 'FW API - Elements per fetch: Defines the (maximum) number of objects which are fetched in one step during import via the FWO-API. - This can be used to optimize performance if necessary. -'); +INSERT INTO txt VALUES ('H5425', 'German', 'Hostname der UI: URL der UI, wird z. B. für Links in Email-Benachrichtigungen benötigt.'); +INSERT INTO txt VALUES ('H5425', 'English', 'UI Hostname: URL of the UI, needed e.g. for links in email notifications.'); INSERT INTO txt VALUES ('H5426', 'German', 'Autodiscover-Intervall (in Stunden): legt das Intervall fest, in dem die Autodiscovery durchgeführt werden soll.'); INSERT INTO txt VALUES ('H5426', 'English', 'Auto-discovery sleep time (in hours): defines the interval in which the autodiscovery should be performed.'); INSERT INTO txt VALUES ('H5427', 'German', 'Autodiscover-Start: legt eine Bezugszeit fest, ab dem die Intervalle für die Autodiscovery gerechnet werden.'); INSERT INTO txt VALUES ('H5427', 'English', 'Auto-discovery start at: defines a referential time from which the autodiscovery intervals are calculated.'); +INSERT INTO txt VALUES ('H5428', 'German', 'Rezert Check - aktiv: aktviere bzw. deaktiviere regelmäßige Prüfungen zur Versendung von Benachrichtigungs- oder Eskalations-Emails an die Eigentümer.'); +INSERT INTO txt VALUES ('H5428', 'English', 'Recert Check - active: enable or disable recurring recertification checks to send out notification or escalation emails to owners.'); +INSERT INTO txt VALUES ('H5429', 'German', 'Rezert Check alle: Abstand der Prüfungen für den Versand von Benachrichtigungs- oder Eskalations-Emails an die Eigentümer.'); +INSERT INTO txt VALUES ('H5429', 'English', 'Recert Check every: Interval between checks for recertification notifications.'); +INSERT INTO txt VALUES ('H5430', 'German', 'Rezert Check - Email Titel: Titel der Benachrichtigungs-Email.'); +INSERT INTO txt VALUES ('H5430', 'English', 'Recert Check - Email subject: Subject line of the notification email.'); INSERT INTO txt VALUES ('H5431', 'German', 'Der Administrator kann Vorgaben für Passwörter definieren, gegen die alle neuen Passwörter aller (internen) Nutzer geprüft werden.'); INSERT INTO txt VALUES ('H5431', 'English', 'The admin user can define a password policy, against which all new passwords of all (internal) users are checked.'); +INSERT INTO txt VALUES ('H5432', 'German', 'Rezert Check - Text überfällig: Textinhalt der Benachrichtigungsmail bei überfälligen Rezertifizierungen (Eskalation).'); +INSERT INTO txt VALUES ('H5432', 'English', 'Recert Check - text overdue: Email body of the notification email for overdue recertifications (escalation).'); + +INSERT INTO txt VALUES ('H5433', 'German', 'Autom. Anlegen Löschantrag: Soll automatisch ein Lösch-Ticket erzeugt werden, wenn eine Regel vollständig dezertifiziert wurde?'); +INSERT INTO txt VALUES ('H5433', 'English', 'Autocreate delete rule ticket: When a rule has been fully de-certified, should a delete ticket be automatically generated?'); +INSERT INTO txt VALUES ('H5434', 'German', 'Titel für Löschantrag: Titel des zu erzeugenden Lösch-Tickets.'); +INSERT INTO txt VALUES ('H5434', 'English', 'Title delete ticket: Subject line of the delete ticket to be generated.'); +INSERT INTO txt VALUES ('H5435', 'German', 'Grund für Löschantrag: Text für den Grund des zu erzeugenden Lösch-Tickets.'); +INSERT INTO txt VALUES ('H5435', 'English', 'Reason delete ticket: Text for the reason of the delete ticket to be generated.'); +INSERT INTO txt VALUES ('H5436', 'German', 'Titel für Löschauftrag: Titel der zu erzeugenden Löschaufgabe.'); +INSERT INTO txt VALUES ('H5436', 'English', 'Title delete rule task: Title of the delete task to be generated.'); +INSERT INTO txt VALUES ('H5437', 'German', 'Grund für Löschauftrag: Begründungstext für die zu erzeugende Löschaufgabe.'); +INSERT INTO txt VALUES ('H5437', 'English', 'Reason for delete rule task: Text for the reason of the delete task to be generated.'); +INSERT INTO txt VALUES ('H5438', 'German', 'Priorität für Löschantrag: Auswahl zwischen den Prio-Bezeichnungen wie in den Workflow-Einstellungen definiert (Vorgabe: Lowest, Low, Medium, High, Highest).'); +INSERT INTO txt VALUES ('H5438', 'English', 'Priority for delete rule ticket: Choose between existing priority labels as defined in workflow customizing(default: Lowest, Low, Medium, High, Highest).'); +INSERT INTO txt VALUES ('H5439', 'German', 'Initialer Status für Löschantrag: Standard="Draft"'); +INSERT INTO txt VALUES ('H5439', 'English', 'Initial state for delete rule ticket: default="Draft"'); +INSERT INTO txt VALUES ('H5440', 'German', 'Neuberechnen offene Rezertifizierungen: Auswahl, wann die Neuberechnung durchgeführt werden soll - beim Hochfahren, täglich via Scheduler oder jetzt (kann mehrere Minuten dauern).'); +INSERT INTO txt VALUES ('H5440', 'English', 'Recalculate open recertifications: Choose, when to do this: at startup, daily via scheduler or now (this may take several minutes).'); + INSERT INTO txt VALUES ('H5441', 'German', 'Mindestlänge: Minimale Länge des Passworts'); INSERT INTO txt VALUES ('H5441', 'English', 'Min Length: Minimal length of the password.'); INSERT INTO txt VALUES ('H5442', 'German', 'Grossbuchstaben enthalten: Das Passwort muss mindestens einen Grossbuchstaben enthalten.'); @@ -2882,6 +4191,16 @@ INSERT INTO txt VALUES ('H5444', 'German', 'Ziffern enthalten: Das Passwort mus INSERT INTO txt VALUES ('H5444', 'English', 'Number Required: There has to be at least one number in the password.'); INSERT INTO txt VALUES ('H5445', 'German', 'Sonderzeichen enthalten: Das Passwort muss mindestens ein Sonderzeichen enthalten. Mögliche Werte: !?(){}=~$%&#*-+.,_'); INSERT INTO txt VALUES ('H5445', 'English', 'Special Characters Required: There has to be at least one special character in the password. Possible values are: !?(){}=~$%&#*-+.,_'); +INSERT INTO txt VALUES ('H5446', 'German', 'Rezert Check - Text anstehend: Textinhalt der Benachrichtigungsmail bei demnächst anstehenden Rezertifizierungen.'); +INSERT INTO txt VALUES ('H5446', 'English', 'Recert Check - text upcoming: Email body of the notification email for upcoming recertifications.'); +INSERT INTO txt VALUES ('H5447', 'German', 'Als unbenutzt gewertet nach (in Tagen): Gibt den Zeitpunkt an, vor dem die letzte Nutzung der Regel für den Unbenutzte-Regel-Report in der Vergangenheit liegen muss.'); +INSERT INTO txt VALUES ('H5447', 'English', 'Regarded as unused from (in days): Defines the point in time, before which the last usage has to be in the past for the Unused Rules Report.'); +INSERT INTO txt VALUES ('H5448', 'German', 'Toleranz ab Erzeugungsdatum (in Tagen): Noch niemals benutzte Regeln werden im Unbenutzte-Regel-Report nur berücksichtigt, wenn sie vor dem durch den hier definierten Toleranzwert festgelegten Zeitpunkt erzeugt wurden.'); +INSERT INTO txt VALUES ('H5448', 'English', 'Tolerance from creation date (in days): Never used rules are only regarded in the Unused Rules Report, if they have been created before the point in time defined by this tolerance value.'); +INSERT INTO txt VALUES ('H5449', 'German', 'Sitzungs-Timeout (in Minuten): Zeit, nach der ein Nutzer automatisch aus der Sitzung ausgeloggt wird.'); +INSERT INTO txt VALUES ('H5449', 'English', 'Session timeout (in minutes): Time after which a user is logged out automatically.'); +INSERT INTO txt VALUES ('H5450', 'German', 'Benachrichtigung vor Sitzungs-Timeout (in Minuten): Intervall vor dem automatischen Logout, in dem eine Warnung ausgegeben wird.'); +INSERT INTO txt VALUES ('H5450', 'English', 'Warning before session timeout (in minutes): Interval before automatic logout when a warning message is displayed.'); INSERT INTO txt VALUES ('H5451', 'German', 'Jeder Nutzer (ausser Demo-Nutzer) kann sein eigenes Passwort ändern.
Bitte das alte Passwort einmal und das neue Passwort zweimal eingeben, um Eingabefehler zu vermeiden. Das neue Passwort muss sich vom alten unterscheiden und wird gegen die Passworteinstellungen geprüft. @@ -2890,6 +4209,13 @@ INSERT INTO txt VALUES ('H5451', 'English', 'Every user (except demo user) can c Please insert the old password once and the new password twice to avoid input mistakes. The new password has to be different from the old one and is checked against the Password Policy. '); +INSERT INTO txt VALUES ('H5452', 'German', 'Max erlaubte Importdauer (in Stunden): Obergrenze, welche Importdauer im täglichen Check noch als akzeptabel gewertet wird.'); +INSERT INTO txt VALUES ('H5452', 'English', 'Max allowed import duration (in hours): Upper limit for the accepted import duration in the daily check.'); +INSERT INTO txt VALUES ('H5453', 'German', 'Max erlaubtes Importintervall (in Stunden): Obergrenze, welcher Abstand zwischen zwei Imports im täglichen Check noch akzeptiert wird.'); +INSERT INTO txt VALUES ('H5453', 'English', 'Max import interval (in hours): Upper limit for the accepted interval between two imports in the daily check.'); +INSERT INTO txt VALUES ('H5454', 'German', 'Regel-Eigentümerschaftsmodus: (Gemischt/Exklusiv) Wird z. Zt. nicht genutzt.'); +INSERT INTO txt VALUES ('H5454', 'English', 'Rule Ownership Mode: (Mixed/Exclusive) Currently not in use.'); + INSERT INTO txt VALUES ('H5461', 'German', 'Jeder Nutzer kann seine eigene bevorzugte Sprache für die Anwendung einstellen.
Alle Texte werden in dieser Sprache dargestellt, soweit verfügbar. Wenn nicht, wird die Standardsprache verwendet. Wenn der Text auch dort nicht verfügbar ist, wird Englisch genutzt. Die Standardsprache beim ersten Anmelden kann vom Admin für alle Nutzer in den Standardeinstellungen definiert werden.

@@ -2912,7 +4238,84 @@ INSERT INTO txt VALUES ('H5481', 'German', 'Ein Rezertifizierer kann einige per INSERT INTO txt VALUES ('H5481', 'English', 'A recertifier can overwrite some personal settings for the recertification report. The default value is set by the admin in the Default Settings. '); - +INSERT INTO txt VALUES ('H5483', 'German', 'Änderungsbenachrichtigung aktiv: Sollen Emails bei festgestellten Änderungen versendet werden, ist diese + Einstellung zu aktivieren. Default-Wert = "inaktiv". +'); +INSERT INTO txt VALUES ('H5483', 'English', 'Change notification active?: When an import finds security relevant changes, should an email be sent out? + Default value = "inactive". +'); +INSERT INTO txt VALUES ('H5484', 'German', 'Änderungsbenachrichtigungstyp: Art und Umfang, in dem die Änderungsbenachrichtigung gesendet werden soll: +
    +
  • Einfacher Text (kein Änderungsreport): Es wird nur der hier definierte Text der Änderungsbenachrichtigung gesendet.
    • +
  • Html in Email: Ein Changes Report wird zu den im Import gefundenen Änderungen erstellt und in der email als Html versendet.
    • +
  • Pdf als Anhang: Ein Changes Report wird erstellt und der email als Pdf-Datei angehängt.
    • +
  • Html als Anhang: Ein Changes Report wird erstellt und der email als Html-Datei angehängt.
    • +
  • Json als Anhang: Ein Changes Report wird erstellt und der email als Json-Datei angehängt.
    • +
+'); +INSERT INTO txt VALUES ('H5484', 'English', 'Change notification type: Defines how and with which content the notification should be sent: +
    +
  • Simple Text (no Change Report): Only the body of change notification emails as defined below is sent.
    • +
  • Html in email body: A Changes Report is created and sent as Html in the email body
    • +
  • Pdf as Attachment: A Changes Report is created and attached to the email as Pdf file.
    • +
  • Html as Attachment: A Changes Report is created and attached to the email as Html file.
    • +
  • Json as Attachment: A Changes Report is created and attached to the email as Json file.
    • +
+'); +INSERT INTO txt VALUES ('H5485', 'German', 'Änderungsbenachrichtigungs-Intervall (in Sekunden): Zeit zwischen den Checks auf importierte Änderungen.'); +INSERT INTO txt VALUES ('H5485', 'English', 'Change notification sleep time (in seconds): Time between the checks for imported changes.'); +INSERT INTO txt VALUES ('H5486', 'German', 'Änderungsbenachrichtigungs-Start: Startzeit für die Checks auf importierte Änderungen.'); +INSERT INTO txt VALUES ('H5486', 'English', 'Change notification start at: Start time for the import change checks.'); +INSERT INTO txt VALUES ('H5487', 'German', 'Empfänger-Email-Adressen für Änderungen: Komma-separierte Liste von Email-Adressen, die bei festgestellter + sicherheitsrelevanter Änderung auf einem importierten Management benachrichtigt werden. Default-Wert = "leer". +'); +INSERT INTO txt VALUES ('H5487', 'English', 'Recipient email addresses for change notifications: A comma-separated list of email addresses, which will get information in the case of + security relevant changes found during import of a firewall management. Default value = "empty". +'); +INSERT INTO txt VALUES ('H5488', 'German', 'Titel der Änderungsbenachrichtigung: Betreffzeile der Benachrichtigungs-Email. Default-Wert = "leer".'); +INSERT INTO txt VALUES ('H5488', 'English', 'Subject of change notification emails: Subject line for notification emails. Default value = "empty".'); +INSERT INTO txt VALUES ('H5489', 'German', 'Text der Änderungsbenachrichtigung: Start des Email-Textes für alle Änderungsbenachrichtigungstypen. Die Email enthält danach stets + eine Liste der Namen und IDs der geänderten Managements sowie die Anzahl der festgestellten Änderungen. Default-Wert = "leer". +'); +INSERT INTO txt VALUES ('H5489', 'English', 'Body of change notification emails: Start of the email text for all change notification types. The email will subsequently always contain + a list of names and IDs of the changed firewall management as well as the number of changes. Default value = "empty". +'); +INSERT INTO txt VALUES ('H5491', 'German', 'Firewall Orchestrator kann Benachrichtigungen versenden, z.B. für anstehende Rezertifizierungen oder wenn beim Import Änderungen festgestellt wurden.'); +INSERT INTO txt VALUES ('H5491', 'English', 'Firewall Orchestrator is able to send out notifications, e.g. for upcoming recertifications or when an import found changes in the firewall configuration.
'); +INSERT INTO txt VALUES ('H5491a','German', 'Der Name oder die IP-Adresse des SMTP-Servers für ausgehende Emails wird im Feld "Adresse" eingetragen.'); +INSERT INTO txt VALUES ('H5491a','English', 'Enter the name of IP address of your outgoing SMTP server in the field Feld "Adress".'); +INSERT INTO txt VALUES ('H5491b','German', 'Der TCP-Port des SMTP-Servers (meist 25, 587 oder 465, abhängig von der verwendeten Verschlüsselung) wird im "Port"-Feld eingetragen.'); +INSERT INTO txt VALUES ('H5491b','English', 'The TCP port of the SMTP server (usually 25, 587 or 465, depending on the encryption method used) is entered in the "Port" field.'); +INSERT INTO txt VALUES ('H5491c','German', 'Anschließend wird die gewünschte Art der Verschlüsselung eingestellt (None=unverschlüsselt / StartTls / Tls)'); +INSERT INTO txt VALUES ('H5491c','English', 'Choose the desired encryption type (None=clear-text / StartTls / Tls)'); +INSERT INTO txt VALUES ('H5491d','German', 'Verlangt der SMTP-Server eine Authentisierung, so sind Email-Nutzer und Email-Nutzer-Passwort in den beiden Feldern einzutragen. Anderfalls können diese Felder leer gelassen werden.'); +INSERT INTO txt VALUES ('H5491d','English', 'If the SMTP server requires authentication, enter Email User name and password in the two fields. Otherwise leave empty.'); +INSERT INTO txt VALUES ('H5491e','German', 'Schließlich kann auch eine individuelle Absendeadresse im Feld "Email-Absendeadresse" konfiguriert werden.'); +INSERT INTO txt VALUES ('H5491e','English', 'Finally an individual sender address can be configured using the field "Email sender address".'); +INSERT INTO txt VALUES ('H5491f','German', 'Dummy-Email-Addresse nutzen: Zu Testzwecken werden alle ausgehenden emails (ausser der Test-Email) auf eine Emailaddresse umgeleitet.'); +INSERT INTO txt VALUES ('H5491f','English', 'Use dummy email address: For testing purpose all sent emails (except the test email) are redirected to a dummy email address.'); +INSERT INTO txt VALUES ('H5491g','German', 'Dummy-Email-Addresse: Addresse auf welche die Emails umgeleitet werden, wenn Umleitung aktiviert.'); +INSERT INTO txt VALUES ('H5491g','English', 'Dummy email address: Address where emails are directed, if redirection is activated.'); +INSERT INTO txt VALUES ('H5492','German', 'Verbindung testen: Es wird eine Test-email an die oben eingerichtete email-Adresse versandt.'); +INSERT INTO txt VALUES ('H5492','English', 'Test connection: A test email is sent to the above defined email address.'); +INSERT INTO txt VALUES ('H5495', 'German', 'Die folgenden Einstellungen wirken sich auf das Import-Modul (python) aus.'); +INSERT INTO txt VALUES ('H5495', 'English', 'The following settings apply to the Import Module (python)'); +INSERT INTO txt VALUES ('H5496', 'German', 'Importintervall (in Sekunden): Zeitintervall zwischen zwei Import-Läufen. Default-Wert = 40.'); +INSERT INTO txt VALUES ('H5496', 'English', 'Import sleep time (in seconds): Time between import loops; default value=40.'); +INSERT INTO txt VALUES ('H5497', 'German', 'Zertifikate beim Import prüfen: Sollen bei den API-Calls in Richtung der Firewalls nur gültige Zertifikate akzeptiert werden?. + Sollte nur auf "aktiv" gesetzt werden, wenn alle Firewalls offiziell signierte Zertifikate besitzen, + andernfalls ist ein Import nicht möglich. Default-Wert = "inaktiv". +'); +INSERT INTO txt VALUES ('H5497', 'English', 'Check certificates during import: During API calls towards Firewalls shall only valid certificates be accepted?. + This should only be set to "active" if all firewall API certificates are valid, otherwise an import will not be possible. + Default value = "inactive". +'); +INSERT INTO txt VALUES ('H5498', 'German', 'Zertifikatswarnungen unterdrücken: Sollen im Log Warnungen bei selbstsignierten oder ungültigen Zertifkaten auf zu importierenden + Firewalls ausgegeben werden? Default-Wert = "inaktiv". +'); +INSERT INTO txt VALUES ('H5498', 'English', 'Suppress certificate warnings: Shall warnings about invalid certificates be written to import log? Default value = "inactive".'); +INSERT INTO txt VALUES ('H5499', 'German', 'FW API - Pro Abruf geholte Elemente: Wie viele Objekte sollen beim Import per Firewall-API Call auf einmal geholt werden? Default-Wert = 150.'); +INSERT INTO txt VALUES ('H5499', 'English', 'FW API - Elements per fetch: How many objects/rules shall be fetched per API call from a firewall management? Default value = 150.'); INSERT INTO txt VALUES ('H5501', 'German', 'Aktionen müssen zuerst in den Einstellungen definiert werden und können dann den jeweiligen Stati zugeordnet werden. Die Aktion wird dann bei Eintreffen der hier definierten Bedingungen angeboten bzw. ausgeführt. '); @@ -2959,6 +4362,12 @@ INSERT INTO txt VALUES ('H5526', 'German', 'Pfadanalyse: Hier kann zwischen den INSERT INTO txt VALUES ('H5526', 'English', 'Path analysis: Here the options "Write to device list" or "Display found devices" can be selected. In the first case the list of devices in the request task is replaced by the devices found in the path analysis, in the second the result of the path analysis is only displayed in a separate window. '); +INSERT INTO txt VALUES ('H5527', 'German', 'Email verschicken: Es kann zwischen verschieden Optionen für den/die direkten Empfänger und Optional für die weiteren Empfänger im CC gewählt werden. + Ausserdem müssen Betreff und Text der Email-Benachrichtigung hier festgelegt werden. +'); +INSERT INTO txt VALUES ('H5527', 'English', 'Send Email: There are different options for the direct recipients and optionally for the recipients in Cc to be chosen. + Furtheron subject and body of the email message have to be defined here. +'); INSERT INTO txt VALUES ('H5531', 'German', 'Es könne beliebig viele neue Stati angelegt bzw. vorhandene Stati umbenannt, ggf. auch gelöscht werden. Die Namen und Nummern der Stati sind weitgehend frei wählbar. Zu beachten ist dabei, dass die Nummern zu den in den Status-Matrizen definierten Bereichen (Eingang, Bearbeitung, Ausgang) der jeweiligen Phasen passen. Da intern ausschliesslich die Nummern verarbeitet werden, sind auch doppelt vergebene Status-Namen (technisch) möglich. @@ -3040,13 +4449,19 @@ INSERT INTO txt VALUES ('H5564', 'English', 'Allow object search: During definit INSERT INTO txt VALUES ('H5565', 'German', 'Manuelle Eigentümerverwaltung erlauben: Es wird das manuelle Anlegen und Verwalten von Eigentümern durch den Administrator gestattet.'); INSERT INTO txt VALUES ('H5565', 'English', 'Allow manual owner administration: The manual creation and administration of owners can be permitted.'); INSERT INTO txt VALUES ('H5566', 'German', 'Autom. Erzeugen von Implementierungs-Aufträgen: Ist die Planungs-Phase nicht aktiviert, so müssen aus den vorhandenen fachlichen Aufträgen automatisch jeweils ein oder mehrere Implementierungs-Aufträge erzeugt werden. - Dafür kann zwischen folgenden Optionen gewählt werden: + Dafür kann zwischen folgenden Optionen gewählt werden (gilt nur für Auftragstyp "Zugriff"): '); INSERT INTO txt VALUES ('H5566', 'English', 'Auto-create implementation tasks: If the planning phase is not activated, one or more implementation tasks have to be created automatically from the request task. - Therefore the following options can be selected: + Therefore the following options can be selected (only valid for Task Type "access"): '); INSERT INTO txt VALUES ('H5567', 'German', 'Pfadanalyse aktivieren: Dem Planer werden Werkzeuge zur automatischen Pfadanalyse (Prüfung, Erzeugen von Implementierungsaufträgen, Bereinigung) zur Verfügung gestellt.'); INSERT INTO txt VALUES ('H5567', 'English', 'Activate Path Analysis: The planner gets access to tools for automatic path analysis (check, creation of implementation tasks, cleanup).'); +INSERT INTO txt VALUES ('H5568', 'German', 'Eigentümerbasiert: Darstellung der Anträge erfolgt nach Eigentümern. diese können gegenseitig zugewiesen werden.'); +INSERT INTO txt VALUES ('H5568', 'English', 'Owner based: Display of tickets by ownwer. They can be assigned to each other.'); +INSERT INTO txt VALUES ('H5569', 'German', 'Compliance-Modul anzeigen: Das Compliance-Modul wird auch für Nutzer in den Workflow-Rollen (requester, approver, planner, implementer, reviewer) dargestellt.'); +INSERT INTO txt VALUES ('H5569', 'English', 'Show Compliance Module: The Compliance module is also displayed for users in the workflow roles (requester, approver, planner, implementer, reviewer).'); +INSERT INTO txt VALUES ('H5570', 'German', 'Eingeschränkte Darstellung: Die Auswahlmöglichkeiten werden für den Nutzer auf ein Minimum reduziert (z.B. keine Ticketdarstellung in der Implementierungsphase).'); +INSERT INTO txt VALUES ('H5570', 'English', 'Reduced view: Selection possibilities for users are reuduced to minimum (e.g. no ticket display in Implementation Phase).'); INSERT INTO txt VALUES ('H5571', 'German', 'Niemals: Es wird kein Implementierungs-Auftrag erzeugt (nur sinnvoll, falls Implementierung und folgende Phasen nicht benötigt werden).'); INSERT INTO txt VALUES ('H5571', 'English', 'Never: No implementation task is created (only reasonable, if implementation and following phases are not needed).'); INSERT INTO txt VALUES ('H5572', 'German', 'Nur eines wenn Gerät vorhanden: Bei mindestens einem vorhandenen Gerät wird das erste der Liste eingetragen @@ -3065,12 +4480,195 @@ INSERT INTO txt VALUES ('H5574', 'English', 'Enter device in request: Default va '); INSERT INTO txt VALUES ('H5575', 'German', 'Nach Pfadanalyse: Für jedes bei der automatischen Pfadanalyse gefundene Gerät wird ein eigener Implementierungs-Auftrag angelegt.'); INSERT INTO txt VALUES ('H5575', 'English', 'After path analysis: For each device found in the automatic path analysis an own implementation task is created.'); -INSERT INTO txt VALUES ('H5581', 'German', 'In diesem Abschnitt können die vorhandenen Eigentümer eingesehen und administriert (falls in den Einstellungen aktiviert) werden. +INSERT INTO txt VALUES ('H5581', 'German', 'In diesem Abschnitt können die vorhandenen Eigentümer eingesehen und administriert (falls in den Einstellungen aktiviert) werden. + Die Eigentümerschaft muss Nutzern entweder direkt oder über Eigentümergruppen zugeordnet werden. Es ist geplant, die Eigentümerschaft mit der Zuständigkeit bei der Antragsstellung zu verknüpfen. '); INSERT INTO txt VALUES ('H5581', 'English', 'In this chapter the existing owners can be displayed and administrated (if activated in the Customizing Settings). + Ownership has to be assigned to users directly or via owner groups. It is planned to connect the ownership with responsiblity on request creation. '); +INSERT INTO txt VALUES ('H5582', 'German', 'Name: Name der Eigentümers'); +INSERT INTO txt VALUES ('H5582', 'English', 'Name: Owner name'); +INSERT INTO txt VALUES ('H5583', 'German', 'Hauptverantwortlicher (DN): Name und Ldap-Pfad des zugeordneten Nutzers. + Mindestens eines der Felder "Hauptverantwortlicher (DN)" oder "Gruppe" muss gefüllt sein. +'); +INSERT INTO txt VALUES ('H5583', 'English', 'Main responsible person (DN): Name and Ldap path of the associated user. + At least one of the fields "Main responsible person (DN)" or "Group" has to be filled. +'); +INSERT INTO txt VALUES ('H5584', 'German', 'Gruppe: Name und Ldap-Pfad der zugeordneten Nutzergruppe. + Die referenzierte Gruppe muss in den Gruppen-Einstellungen als Eigentümergruppe markiert sein. + Mindestens eines der Felder "Hauptverantwortlicher (DN)" oder "Gruppe" muss gefüllt sein. +'); +INSERT INTO txt VALUES ('H5584', 'English', 'Group: Name and Ldap path of the associated user group. + The referenced group has to be marked as owner group in the Group settings. + At least one of the fields "Main responsible person (DN)" or "Group" has to be filled. +'); +INSERT INTO txt VALUES ('H5585', 'German', 'Mandant: Der Mandant, dem der Eigentümer zugeordnet ist.'); +INSERT INTO txt VALUES ('H5585', 'English', 'Tenant: Tenant to which the owner is assigned to.'); +INSERT INTO txt VALUES ('H5586', 'German', 'Externe Anwendungs-Id: Id eines externen Eigentümers, vorgesehen für importierte Eigentümerschaften.'); +INSERT INTO txt VALUES ('H5586', 'English', 'External Application Id: Id of an external owner, which may be used for imported ownerships.'); +INSERT INTO txt VALUES ('H5587', 'German', 'Rezertintervall (in Tagen): Hier kann das in den Allgemeinen Rezertifizierungseinstellungen gesetzte Rezertifizierungsintervall für den aktuellen Eigentümer überschrieben werden.'); +INSERT INTO txt VALUES ('H5587', 'English', 'Recert Interval (in days): Here the recert interval set in the global recertification settings can be overwritten for the specific owner.'); +INSERT INTO txt VALUES ('H5588', 'German', 'Rezert Check alle: Hier kann das in den Allgemeinen Rezertifizierungseinstellungen gesetzte Rezert-Check-Intervall für den aktuellen Eigentümer überschrieben werden.'); +INSERT INTO txt VALUES ('H5588', 'English', 'Recert Check every: Here the recert check interval set in the global recertification settings can be overwritten for the specific owner.'); +INSERT INTO txt VALUES ('H5589', 'German', 'Regeln: Dem Eigentümer können hier einzelne Regeln, definiert durch Gateway und Regel-Uid, zugeordnet werden.'); +INSERT INTO txt VALUES ('H5589', 'English', 'Rules: specific rules, defined by gateway and rule Uid, can be assigned to the owner.'); +INSERT INTO txt VALUES ('H5590', 'German', 'IP-Adressen: Dem Eigentümer können hier einzelne IP-Adressen zugeordnet werden.'); +INSERT INTO txt VALUES ('H5590', 'English', 'IP Addresses: IP addresses can be assigned to the owner.'); +INSERT INTO txt VALUES ('H5591', 'German', 'Common Service zugelassen: Modellierern wird erlaubt, hier Common Services anzulegen.'); +INSERT INTO txt VALUES ('H5591', 'English', 'Common Service Possible: Allows modellers to create common services inside.'); +INSERT INTO txt VALUES ('H5592', 'German', 'Importquelle: Falls importiert das dort vergebene Label (sh. Modellierungseinstellungen).'); +INSERT INTO txt VALUES ('H5592', 'English', 'Import Source: If imported the label given there (see Modelling Settings).'); + +INSERT INTO txt VALUES ('H5601', 'German', 'Hier werden die Einstellungen für die Netzwerk-Modellierung verwaltet. + Dies betrifft Vordefinierte Dienste, Darstellung verschiedener Elemente, Definition von Namenskonventionen sowie Scheduling-Einstellungen für die zu importierenden Objekte: +'); +INSERT INTO txt VALUES ('H5601', 'English', 'On this page all types of modelling settings are administrated. + This includes Predefined Services, Display options of different elements, definition of naming conventions as well as scheduling settings for the objects to be imported: +'); +INSERT INTO txt VALUES ('H5602', 'German', 'Vordefinierte Dienste: Hier wird dem Administrator ein Menü angeboten, um Dienste und Gruppierungen von Diensten vorzudefinieren, + zu bearbeiten oder zu löschen. Diese stehen dann allen Applikationen zur Verfügung. +'); +INSERT INTO txt VALUES ('H5602', 'English', 'Predefined Services: Offers a menu to the administrator to define, change or delete predefined services or service groups. + These services are available for all applications. +'); +INSERT INTO txt VALUES ('H5603', 'German', 'Server in Verbindung erlauben: Steuert, ob in der Bibliothek neben den App Rollen auch App Server zur direkten Verwendung in den Verbindungen angeboten werden.'); +INSERT INTO txt VALUES ('H5603', 'English', 'Allow Servers in Connection: Controls, if App Servers are offered in the Library besides the App Roles for direct use in the connections.'); +INSERT INTO txt VALUES ('H5604', 'German', 'Einfache Dienste in Verbindung erlauben: Steuert, ob in der Bibliothek neben den Servicegruppen auch einfache Services zur direkten Verwendung in den Verbindungen angeboten werden.'); +INSERT INTO txt VALUES ('H5604', 'English', 'Allow Simple Services in Connection: Controls, if simple Services are offered in the Library besides the Service Groups for direct use in the connections.'); +INSERT INTO txt VALUES ('H5605', 'German', 'Max. Anzahl Zeilen in Übersicht: Definiert die Zeilenzahl innerhalb eines Eintrags in der Übersichtstabelle der Verbindungen, ab der die Elemente eingeklappt dargestellt werden. + Wird vom Administrator allgemein vorausgewählt, kann aber vom Nutzer in den persönlichen Einstellungen überschrieben werden. +'); +INSERT INTO txt VALUES ('H5605', 'English', 'Max. Number of Rows in Overview: Defines the number of rows inside an entry of the connections overview table, from which the elements are displayed retracted. + Generally set by the administrator but can be overwritten in the personal settings of the user. +'); +INSERT INTO txt VALUES ('H5606', 'German', 'Netzwerkarea vorgeschrieben: Wenn dieses Flag gesetzt ist, müssen die auszuwählenden App Server einer festen Area zugeordnet sein. + Es werden dann beim Zusammenstellen einer App Rolle in der Bibliothek nur die der aktuell ausgewählten Area zugehörigen App Server angeboten. + Für die Namensgebung der App Rolle wird dann die in den folgenden Punkten definierte Namenskonvention angewendet. +'); +INSERT INTO txt VALUES ('H5606', 'English', 'Network Area Required: If this flag is set, the App Servers used have to be associated to a fixed area. + When defining an App Role, only the App Servers belonging to the selected area are displayed in the library. + Naming of the App Role is then restricted to the naming convention defined in the following settings. +'); +INSERT INTO txt VALUES ('H5607', 'German', 'Länge fixer Teil: Länge des vorgebenen Teils des Namensmusters einer App Rolle (ohne den ggf. vorhandenen Eigentümerteil variabler Länge).'); +INSERT INTO txt VALUES ('H5607', 'English', 'Fixed Part Length: Length of the predefined part of the name pattern of an App Role (without the owner part of variable length if activated).'); +INSERT INTO txt VALUES ('H5608', 'German', 'Länge freier Teil: Länge des frei zu vergebenden Teils des Namens einer App Rolle (nur für den Namensvorschlag beim Neuanlegen relevant).'); +INSERT INTO txt VALUES ('H5608', 'English', 'Free Part Length: Length of the free part of the name pattern of an App Role (only relevant for name proposal during creation).'); +INSERT INTO txt VALUES ('H5609', 'German', 'Muster Netzwerkarea: Definiert, wie der Name einer Netzwerkarea beginnt (z.B "NA").'); +INSERT INTO txt VALUES ('H5609', 'English', 'Network Area Pattern: Defines the beginning of a network area name (e.g. "NA").'); +INSERT INTO txt VALUES ('H5610', 'German', 'Muster App Rolle: Definiert, wie der Name einer App Rolle beginnt (z.B. "AR"). + Zu einer Netzwerkarea (z.B. "NAxx") wird dann ein Name der App Rolle (z.B. "ARxx") mit der oben definierten Länge des fixen Teils vorgegeben. + Ist die Länge des Musters grösser als die Länge des fixen Teils, wird der überschüssige Teil nicht berücksichtigt. +'); +INSERT INTO txt VALUES ('H5610', 'English', 'App Role Pattern: Defines the beginning of an App Role name (e.g. "AR"). + According to an network area name (e.g. "NAxx"), an App Role name (e.g. "ARxx") is preset in the length of the fixed part defined above. + If the length of the pattern is greater than the fixed part length, the surplus part is ignored. +'); +INSERT INTO txt VALUES ('H5611', 'German', 'Pfad und Name von Appdaten-Import (ohne Endung): Hier werden die vollständigen Pfade für eventuell vorhandene Importskripte und -dateien eingegeben. + Der Importprozess prüft für jede der eingegebenen Datenquellen zunächst, ob ein Skript dieses Namens mit der Endung .py vorhanden ist, und führt dieses ggf. aus. + Anschliessend wird eine Datei desselben Namens mit der Endung .json gesucht und ggf. importiert. + Es gibt für den Import pro Datenquelle also sowohl die Möglichkeit, eine direkt zu importierende Datei zur Verfügung zu stellen, als auch ein Skript zur Datenabholung, + welches die benötigte Import-Datei erst erzeugt. Die Struktur der Importdatei wird unter Import-Schnittstellen beschrieben. +'); +INSERT INTO txt VALUES ('H5611', 'English', 'Path and Name of App data import (without ending): Here the full paths of provided import scripts and files are inserted. + The import process checks for each data source, if a script of this name with ending .py exists and executes it. + Then a file of this name with ending .json is searched and imported if found. + Thus there is the possibility for each data source to provide a file for direct import or a script to catch the import data and create the app data import file. + The structure of the import file is described at Import Interfaces. +'); +INSERT INTO txt VALUES ('H5612', 'German', 'Import Appdaten-Intervall (in Stunden): Zeitintervall zwischen zwei Appdaten-Import-Läufen. + Ein Wert 0 bedeutet, dass der Appdaten-Import deaktiviert ist. Default-Wert = 0. +'); +INSERT INTO txt VALUES ('H5612', 'English', 'Import App data sleep time (in hours): Time between App data import loops. + A value 0 means, that the App data import is deactivated. Default value = 0. +'); +INSERT INTO txt VALUES ('H5613', 'German', 'Import Appdaten-Start: Legt eine Bezugszeit fest, ab dem die Intervalle für die Appdaten-Importe gerechnet werden.'); +INSERT INTO txt VALUES ('H5613', 'English', 'Import App data start at: Defines a referential time from which the App data import intervals are calculated.'); +INSERT INTO txt VALUES ('H5614', 'German', 'Pfad und Name von Subnetzdaten-Import (ohne Endung): Hier wird der vollständige Pfad für ein eventuell vorhandenes Importskript oder einer Import-Datei eingegeben. + Der Importprozess prüft zunächst, ob ein Skript dieses Namens mit der Endung .py vorhanden ist, und führt dieses ggf. aus. Anschliessend wird eine Datei desselben Namens mit der Endung .json + gesucht und ggf. importiert. Es gibt für den Import also sowohl die Möglichkeit, eine direkt zu importierende Datei zur Verfügung zu stellen, als auch ein Skript zur Datenabholung, + welches die benötigte Import-Datei erst erzeugt. Die Struktur der Importdatei wird unter Import-Schnittstellen beschrieben. +'); +INSERT INTO txt VALUES ('H5614', 'English', 'Path and Name of subnet data import (without ending): Here the full path of a provided import script or file is inserted. + The import process checks, if a script of this name with ending .py exists and executes it. + Then a file of this name with ending .json is searched and imported if found. + Thus there is the possibility to provide a file for direct import or a script to catch the import data and create the subnet data import file. + The structure of the import file is described at Import Interfaces. +'); +INSERT INTO txt VALUES ('H5615', 'German', 'Import Subnetzdaten-Intervall (in Stunden): Zeitintervall zwischen zwei Subnetzdaten-Import-Läufen. + Ein Wert 0 bedeutet, dass der Subnetzdaten-Import deaktiviert ist. Default-Wert = 0. +'); +INSERT INTO txt VALUES ('H5615', 'English', 'Import Subnet data sleep time (in hours): Time between Subnet data import loops. + A value 0 means, that the Subnet data import is deactivated. Default value = 0. +'); +INSERT INTO txt VALUES ('H5616', 'German', 'Import Subnetzdaten-Start: Legt eine Bezugszeit fest, ab dem die Intervalle für die Subnetzdaten-Importe gerechnet werden.'); +INSERT INTO txt VALUES ('H5616', 'English', 'Import Subnet data start at: Import App data start at: Defines a referential time from which the Subnte data import intervals are calculated.'); +INSERT INTO txt VALUES ('H5617', 'German', 'Reduzierten Protokollset darstellen: Nur eine begrenzte Zahl von Protokollen wird zur Auswahl angeboten (TCP, UDP, ICMP).'); +INSERT INTO txt VALUES ('H5617', 'English', 'Display reduced Protocol set: Offer only a reduced number of protocols for selection (TCP, UDP, ICMP).'); +INSERT INTO txt VALUES ('H5618', 'German', 'Nutzung von Piktogrammen: Vorzugsweise Nutzung von Piktogrammen wo sinnvoll. Wird vom Administrator allgemein vorausgewählt, kann aber vom Nutzer in den persönlichen Einstellungen überschrieben werden.'); +INSERT INTO txt VALUES ('H5618', 'English', 'Prefer use of Icons: Use icons where reasonnable. Generally set by the administrator but can be overwritten in the personal settings of the user.'); +INSERT INTO txt VALUES ('H5619', 'German', 'Eigentümernamen verwenden: Der Name des Eigentümers fliesst in den mittleren Teil der Namenskonvention für App-Rollen ein.'); +INSERT INTO txt VALUES ('H5619', 'English', 'Use Owner Name: The name of the owner is used in the middle part of the naming convention for App Roles.'); +INSERT INTO txt VALUES ('H5620', 'German', 'Gemeinsame Netzwerkareas: Vom Administrator vorgegebene Netzwerkareas, welche von allen Verbindungen genutzt werden dürfen. + Sie sind in der Bibliothek immer sichtbar und stehen dann nicht mehr in der Liste der auszuwählenden Areas für Common Services. + Die beiden Auswahlfelder "in Quelle" und "in Ziel" legen fest, wo die Netzwerkarea genutzt werden darf. +'); +INSERT INTO txt VALUES ('H5620', 'English', 'Common Network Areas: Network areas defined by the administrator, which are permitted to be used by all connections. + They are visible in the object library and are not offered in the list of available areas for Common Services. + The flags "in Source" and "in Destination" determine, where the Common Network Areas are allowed to be used. +'); +INSERT INTO txt VALUES ('H5621', 'German', 'Ein Modellierer kann einige persönliche Voreinstellungen für die Darstellung der Modellierung überschreiben. + Ausgangswert ist der vom Admin in den Modellierungseinstellungen gesetzte Wert. +'); +INSERT INTO txt VALUES ('H5621', 'English', 'A modeller can overwrite some personal settings for the modelling layout. + The default value is set by the admin in the Modelling Settings. +'); +INSERT INTO txt VALUES ('H5622', 'German', 'Name der beantragten Schnittstelle: Namensvorschlag bei der Beantragung einer Schnittstelle. Kann vom Antragsteller noch geändert werden.'); +INSERT INTO txt VALUES ('H5622', 'English', 'Name of requested interface: Proposed name of the requested interface. Can be changed by the requester.'); +INSERT INTO txt VALUES ('H5623', 'German', 'Titel der Antragsbenachrichtigung: Betreff der Email-Benachrichtigung an die Beauftragten.'); +INSERT INTO txt VALUES ('H5623', 'English', 'Subject of request emails: Subject of the email to the addressed owners.'); +INSERT INTO txt VALUES ('H5624', 'German', 'Text der Antragsbenachrichtigung: Text der Email-Benachrichtigung an die Beauftragten. Wird noch durch Antragsteller (zu Beginn) und Beauftragtem (am Ende) ergänzt. + Hinzu kommt noch jeweils ein Link auf den Auftrag im Workflowmodul und auf die beauftragte Schnittstelle im Modellierungsmodul. +'); +INSERT INTO txt VALUES ('H5624', 'English', 'Body of request emails: Text of the email notification to the addressed owners. Will be appended by the requester (at the beginning) and the addressed owner (at the end). + Additionally links to the request in the Workflow module and the requested interface in the Modelling module are added. +'); +INSERT INTO txt VALUES ('H5625', 'German', 'Titel des Schnittstellentickets: Titel, mit dem ein neues Ticket zur Beantragung einer Schnittstelle angelegt wird.'); +INSERT INTO txt VALUES ('H5625', 'English', 'Title of interface request ticket: Title used for the new interface request ticket.'); +INSERT INTO txt VALUES ('H5626', 'German', 'Titel des Schnittstellenauftrags: Titel, mit dem ein neuer Auftrag im Ticket zur Beantragung einer Schnittstelle angelegt wird.'); +INSERT INTO txt VALUES ('H5626', 'English', 'Title of interface request ticket: Title used for the Task in the new interface request ticket.'); +INSERT INTO txt VALUES ('H5627', 'German', 'App-Server-Typen: Hier können beliebige App-Server-Typen mit Namen und Id definiert werden. Bitte jeweils neue Id vergeben. Vorsicht beim Löschen bereits verwendeter Typen! + Der Standard-typ ist immer vorhanden und wird beim Datenimport verwendet. Hier kann nur der dargestellte Name gesetzt werden. Zur manuellen Zuweisung zu einem App-Server kann er nicht verwendet werden. +'); +INSERT INTO txt VALUES ('H5627', 'English', 'App Server Types: Here any App Server Types can be defined with name and Id. Please use different Ids. Be careful when deleting types already in use! + The default type should always exist and is used during data import. Here only the displayed name can be chosen. It is not available for manual assignment to an App Server. +'); + +INSERT INTO txt VALUES ('H5701', 'German', 'Die in der Datenbank hinterlegten sprachabhängigen Texte können individuell überschrieben werden. + Dabei werden die vom System vorgegebenen Texte nicht geändert, sondern nur durch die hier definierten Texte - falls vorhanden - überblendet. + Die hier gemachten Änderungen werden in der UI beim nächsten Login sichtbar, bei Hilfetexten erst nach dem nächsten Restart. +'); +INSERT INTO txt VALUES ('H5701', 'English', 'The language dependent texts stored in the database can be overwritten individually. + In doing so, system texts are not changed but crossfaded by the texts defined here. The changes made here become visible in the UI with the next login, + help texts only after the next restart. +'); +INSERT INTO txt VALUES ('H5702', 'German', 'Im ersten Schritt muss die betroffene Sprache ausgewählt werden. Dann erscheint die Zeile zur eigentlichen Textsuche.'); +INSERT INTO txt VALUES ('H5702', 'English', 'In the first step the language to be handled has to be selected. Then the row for the text search appears.'); +INSERT INTO txt VALUES ('H5703', 'German', 'Bei Eingabe eines Suchstrings erscheinen alle hinterlegten Texte, welche diesen beinhalten. + Wird das Feld leer gelassen, erscheinen alle verfügbaren Texte der gewählten Sprache. Die Suche kann wahlweise auch schreibungsabhängig durchgeführt werden. + Durch das Setzen des "Hilfetexte ignorieren"-Flags werden die Hilfetexte (Schlüssel beginnend mit "H"), bei der Suche nicht berücksichtigt. +'); +INSERT INTO txt VALUES ('H5703', 'English', 'When entering a search string, all texts containing this are displayed. If left empty, all texts of the selected language are displayed. + Optionally the search can be case-sensitive. By setting the "Ignore Help Texts" flag all Help texts (Key beginning with "H") are disregarded. +'); +INSERT INTO txt VALUES ('H5704', 'German', 'In der Tabelle der Suchergebnisse können pro Schlüssel neue Texte definiert, + bereits vorhandene durch Setzen des "Löschen"-Flags zum Löschen vorgemerkt werden. Wird nur der Text entfernt, wird der Systemtext mit Leertext überschrieben! + Die Änderungen werden erst durch das Betätigen des "Speichern"-Knopfes wirksam. +'); +INSERT INTO txt VALUES ('H5704', 'English', 'In the table of search results new texts can be defined per key, existing texts can be marked for deletion by setting the "Delete" flag. + If only a text is removed, the system text will be overwritten by an empty text! All changes get effective only by pressing the "Save" button. +'); INSERT INTO txt VALUES ('H6001', 'German', 'Firewall Orchestrator verfügt über zwei APIs:
    @@ -3163,6 +4761,76 @@ INSERT INTO txt VALUES ('H6906', 'German', 'Anmelden zur Generierung eines g&uu INSERT INTO txt VALUES ('H6906', 'English', 'Login to get a JWT for the steps further below'); INSERT INTO txt VALUES ('H6907', 'German', 'Auflisten bereits vorhandener Reports im Archiv (hier der letzte generierte zum Schedule)'); INSERT INTO txt VALUES ('H6907', 'English', 'List generated reports in archive (here we get the last one generated for the respective schedule)'); +INSERT INTO txt VALUES ('H6921', 'German', 'Der Import von Applikationsdaten wird aus einer oder mehreren .json-Dateien mit den in den Modellierungseinstellungen definierten Pfaden und Namen gespeist. + Dort kann auch jeweils ein gleichnamiges Python-Skript (mit der Endung .py) zur Erzeugung eben dieser Dateien hinterlegt werden. Die .json-Datei hat die folgende Struktur: +'); +INSERT INTO txt VALUES ('H6921', 'English', 'The import of application data is fed from one or several .json files with paths and names defined in the Modelling Settings. + There also python scripts with the same names can be provided to create these files. The structure of the .json file is as following: +'); +INSERT INTO txt VALUES ('H6922', 'German', 'Die einzelnen Felder haben folgende Bedeutung: +
      +
    • app_id_external: Eindeutige Kennzeichnung der Applikation. Dies ist ggf. über verschiedene Importquellen hinweg sicherzustellen.
      • +
    • name: Dargestellter Name der Applikation.
      • +
    • main_user: Die DN der hauptverantwortlichen Person. Mindestens eines der Felder main_user, modellers oder modeller_groups sollte gefüllt sein, damit ein Zugriff + auf diese Applikation möglich ist. (Ansonsten muss dieses in den Eigentümer-Einstellungen manuell nachgeholt werden.)
      • +
    • modellers: Hier werden die DNs von allen zur Bearbeitung dieser Applikation Berechtigten angegeben.
      • +
    • modeller_groups: Hier können die DNs von Gruppen angegeben werden. Zur Zeit werden diese genauso wie die Einträge unter "modellers" behandelt.
      • +
    • criticality: Hier kann optional ein String zur Kennzeichnung der Kritikalität der Applikation definiert werden.
      • +
    • import_source: String zur Kennzeichnung der Importquelle. Dient zur Unterscheidung bei mehreren Quellen.
      • +
    • app_servers: Liste aller zur Applikation zugeordneten Host-Adressen. +
        +
      • name: Optionaler Name zur Darstellung
        • +
      • ip: IP-Adresse
        • +
      +
      • +
    +'); +INSERT INTO txt VALUES ('H6922', 'English', 'These fields have the following meaning: +
      +
    • app_id_external: Unique identification string of the application. This has to be ensured over several import sources.
      • +
    • name: Displayed name of the application.
      • +
    • main_user: DN of the main responsible person. At least one of the fields main_user, modellers or modeller_groups should be filled to ensure access + to the application. (Else this has to be ensured manually in the Owner Settings afterwards.)
      • +
    • modellers: Here the DNs of all persons authorized to work on this application have to be delivered.
      • +
    • modeller_groups: Here DNs of user groups can be delivered. Currently they are handled the same way as the entries in "modellers".
      • +
    • criticality: An optional string to mark the criticality of the application can be defined here.
      • +
    • import_source: String to identify the import source. Necessary to distinguish between several sources.
      • +
    • app_servers: List of all host addresses assigned to the application: +
        +
      • name: Optional name for display
        • +
      • ip: IP address
        • +
      +
      • +
    +'); +INSERT INTO txt VALUES ('H6931', 'German', 'Der Import von Subnetzdaten wird aus einer .json-Datei mit dem in den Modellierungseinstellungen definierten Pfad und Namen gespeist. + Dort kann auch ein gleichnamiges Python-Skript (mit der Endung .py) zur Erzeugung eben dieser Datei hinterlegt werden. Die .json-Datei hat die folgende Struktur: +'); +INSERT INTO txt VALUES ('H6931', 'English', 'The import of subnet data is fed from a .json file with path and name defined in the Modelling Settings. + There also a python script with the same name can be provided to create this file. the structure of the .json file is as following: +'); +INSERT INTO txt VALUES ('H6932', 'German', 'Die einzelnen Felder haben folgende Bedeutung: +
      +
    • name: Dargestellter Name der Area.
      • +
    • id_string: Eindeutige Kennzeichnung der Area.
      • +
    • subnets: Liste alle Subnetze der Area: +
    • name: Optionaler Name zur Darstellung.
      • +
    • ip: IP-Adresse oder Start-IP-Addresse, falls Bereiche definiert werden sollen.
      • +
    • ip_end: Ende-IP-Addresse, falls Bereiche definiert werden sollen. Sonst leer lassen oder denselben Wert wie in "ip" liefern.
      • + +
    +'); +INSERT INTO txt VALUES ('H6932', 'English', 'These fields have the following meaning: +
      +
    • name: Displayed name of the area
      • +
    • id_string: Unique identification string of the area.
      • +
    • subnets: List of all subnets of the area: +
    • name: Optional name for display.
      • +
    • ip: IP address or start IP address, if ranges are to be defined.
      • +
    • ip_end: end IP address, if ranges are to be defined. Else leave empty or fill with the same value as "ip".
      • + +
    +'); INSERT INTO txt VALUES ('H7001', 'German', 'Im diesem Reiter werden die Monitoringwerkzeuge zur Verfügung gestellt. Die meisten Abschnitte können nur von Nutzern mit den verschiedenen Administrator-Rollen gesehen und genutzt werden. @@ -3495,6 +5163,14 @@ INSERT INTO txt VALUES ('H8212', 'English', 'Access: Several fields are offered, '); INSERT INTO txt VALUES ('H8213', 'German', 'Die weiteren vorgesehenen Tasktypen "Gruppe anlegen", "Gruppe ändern" und "Gruppe löschen" können zwar aktiviert und genutzt werden, sind aber noch nicht mit spezifischen Feldern versehen.'); INSERT INTO txt VALUES ('H8213', 'English', 'Further task types "create group", "modify group" and "delete group" can be activated and used, but are not equipped with specific fields yet.'); +INSERT INTO txt VALUES ('H8214', 'German', 'Regel löschen: Hier muss zwingend das Gateway und die Uid der zu löschenden Regel eingegeben werden. + Diese wird gegen die tatsächlich auf dem Gateway vorhandenen Uids geprüft.
    + Dieser Auftragstyp wird auch bei der automatischen Erzeugung aus dem Unbenutzte-Regel-Report bzw. bei der Dezertifizierung verwendet. +'); +INSERT INTO txt VALUES ('H8214', 'English', 'Delete Rule: Mandatory input fields are the gateway and the Uid of the rule to be deleted. + The Uid is checked against the rules actually existing on the gateway.
    + This Task Type is also used for the automatic creation of delete requests in the Unused Rules Report resp. in the decertification workflow. +'); INSERT INTO txt VALUES ('H8301', 'German', 'Jeder Verarbeitungsschritt kann nur von Nutzern mit entsprechenden Rollen getätigt werden. Dabei können einzelnen Nutzern auch mehrere Rollen zufallen. Die Rollen können individuell oder über Gruppenzugehörigkeit zugewiesen werden. Hinzu kommt die Rolle des admin, welche einen Komplettzugriff erlaubt. Je nach Rolle des Bearbeiters sind nur die für ihn relevanten Teile der folgenden Rubriken sichtbar. @@ -4012,3 +5688,125 @@ INSERT INTO txt VALUES ('H8717', 'English', '

    7) Activate Planning phase

'); + +INSERT INTO txt VALUES ('H9001', 'German', 'Insbesondere in grösseren Netzwerken besteht der Bedarf, die vielfältigen Verbindungen zwischen den Teilnehmern zu modellieren, + um sie so einer weitergehenden Verwaltung zugänglich zu machen. Dieses Modul stellt die Hilfsmittel, bereits vorhandene Applikationen von anderen Systemen zu importieren + und ihre Elemente nach vorgegebenen Kriterien zu verknüpfen. Dadurch wird ein Kommunikationsprofil erzeugt, bestehend aus einem Satz von Verbindungen und Schnittstellen.

+ Zur Definition der Schnittstellen und Verbindungen wird auf der linken Seite eine Bibliothek bereitgestellt, in der zunächst die zur Applikation zugeordneten + (in der Regel aus Fremdsystemen importierten) Host-Adressen (App-Server) angeboten werden. Diese können im ersten Schritt zu App-Rollen gebündelt werden (sh. Netzwerkobjekte). + Die App-Rollen (und je nach Modellierungseinstellungen auch die App-Server selbst) können dann als Quelle oder Ziel in die zu erstellende Verbindung übertragen werden. + Hinzu können noch weitere Objekte (z. B. Netzwerke) kommen, und es können (interne und externe) Schnittstellen eingebunden werden.
+ Desweiteren werden in der Bibliothek vordefinierte (vom Administrator eingestellte) Dienste angeboten. Diese können durch selbst definierte Dienste ergänzt, + als Dienstgruppen gebündelt und dann in den zu definierenden Verbindungen verwendet werden.

+ Für das erstellte Kommunikationsprofil kann per Knopfdruck automatisch ein Verbindungs-Report erstellt werden. Er wird dann in dem Report-Modul dargestellt. + Dort stehen dann die vom Report-Modul bereitgestellten Funktionalitäten zur weiteren Eingrenzung mittels zusätzlicher Filter, Erzeugung von Vorlagen und Terminen, sowie der Archivierung zur Verfügung. +'); +INSERT INTO txt VALUES ('H9001', 'English', 'Especially in greater networks there is the demand to model the connections between the participants, + with the aim of further administration. This module provides tools to import already existing applications from other systems + and to connect their elements by predefined criteria. By doing this a communication profile is created, composed by a set of connections and interfaces.

+ To define interfaces and connections a library is provided on the left side, where at the beginning the host addresses (App Server) associated to the application + (which usually are imported from external systems) are offered. They can in a first step be bundled to App Roles (see Network Objects). + These App Roles (and depending on the Modelling Settings also the App Servers themselves) can be used as source or destination in the connections to be created. + Additionally further objects (e.g. networks) and (internal or external) interfaces can be integrated.
+ Furthermore the library offers predefined Services (inserted by the administrator). They can be complemented by self defined services, bundled as Service Groups, + and used in the connections.

+ For the communication profile a Connections Report can be created automatically. It is displayed in the Report module. + Here the reporting functionalities for further filtering, creation of templates and schedules, as well as archiving can be used. +'); +INSERT INTO txt VALUES ('H9011', 'German', 'Eine Applikation ist aus Sicht des Firewall Orchestrators ein Behälter, in dem aus zugeordneten Host-Adressen ein Kommunikationsprofil erstellt wird. + Sie wird in der Regel extern aus den Anforderungen und Gegebenheiten der jeweiligen Unternehmung definiert und kann über eine Importschnittstelle in den Firewall Orchestrator importiert + (oder auch manuell angelegt) werden. + Das Kommunikationsprofil besteht aus einem Satz von Schnittstellen und Verbindungen welche die Kommunikation sowohl intern als auch mit anderen Applikationen definieren.
+ Jeder Modellierer bekommt die ihm zugänglichen Applikationen dargestellt. D.h. +
    +
  • Der Nutzer muss die Rolle "Modellierer" besitzen (Voraussetzung, dass diese Seite überhaupt dargestellt wird). + Die Rollen können vom Administrator in den Rollen-Einstellungen gesetzt werden.
    • +
  • Die Applikationen wurden mit den entsprechenden Skripten importiert (Modelling-Einstellungen) + oder vom Administrator manuell angelegt (Eigentümer-Einstellungen).
    • +
  • Der Nutzer ist entweder in den Gruppen-Einstellungen der entsprechenden "ModellerGroup" der Applikation + (wird beim Import automatisch angelegt) oder in den Eigentümer-Einstellungen direkt zugeordnet.
    • +
+ Eine Applikation kann durch den Administrator in den Eigentümer-Einstellungen als "Common Service zugelassen" markiert werden. + Nur dann können auch Common Services angelegt werden. +'); +INSERT INTO txt VALUES ('H9011', 'English', 'An application is - from the perspective of the Firewall Orchestrator - a container, where a communication profile is defined on basis of associated host addresses. + Generally the application is defined externally by the requests and conditions of the enterprise and can be imported to the Firewall Orchestrator via import interface (or created manually). + The communication profile consists of a set of interfaces and connections, which define the communication both internally and to other applications.
+ For each modeller his accessible applications are displayed. That means +
    +
  • The user has to have the role "modeller" (precondition that this page is displayed at all). + Roles are set by the administrator in Role Settings.
    • +
  • Applications have been imported by respective scripts (Modelling Settings) + or manually created by the administrator (Owner Settings).
    • +
  • The user is assigned to the application via the appropriate "ModellerGroup" (automatically created by the import) + in the Group Settings or directly in the Owner Settings.
    • +
+ An application can be marked by the administrator as "Common Service Possible" in the Owner Settings. + Only in this case Common Services can be created in this application. +'); +INSERT INTO txt VALUES ('H9021', 'German', 'Verbindungen sind die Hauptbestandteile des Kommunikationsprofils. Es wird zwischen verschiedenen Arten von Verbindungen unterschieden:'); +INSERT INTO txt VALUES ('H9021', 'English', 'Connections are the main components of the communication profile. There are different types of connections:'); +INSERT INTO txt VALUES ('H9022', 'German', 'Schnittstellen: Sie dienen in erster Linie der Modellierung von (aus Sicht der Applikation) externen Verbindungen oder der Bündelung interner Objekte. + Es müssen in der Applikation neben dem Dienst entweder Quelle oder Ziel definiert werden. Die Schnittstellen werden in den anderen Applikationen + zur Auswahl angeboten und können dort in der Definition von eigenen Verbindungen verwendet werden. +'); +INSERT INTO txt VALUES ('H9022', 'English', 'Interfaces: They serve primarily the modelling of (relative to the application) external connections or the bundling of internal objects. + Besides the service either source or destination have to be defined in the application. The interfaces are offered to other applications to use + them in the definition of own connections. +'); +INSERT INTO txt VALUES ('H9023', 'German', 'Standard: Zentrale Objekte zur Modellierung der Kommunikationsverbindungen. Dabei müssen Quelle, Dienst und Ziel aus den in der Bibliothek + angebotenen Ntzwerkobjekten bzw. Services gewählt werden. Es können auch eigene oder externe Schnittstellen eingebunden werden. Dann müssen nur noch die "offenen Enden" + (je nach Schnittstelle Quelle oder Ziel) aus der Bibliothek hinzugefügt werden. +'); +INSERT INTO txt VALUES ('H9023', 'English', 'Connections: Essential objects for modelling the communication. Source, Service and Destination have to be selected from the network resp. service objects + offered in the library. Additionally own or external interfaces can be integrated. In this case only the "open ends" (source or destination, depending on the inetrface type) + have to be added from the library. +'); +INSERT INTO txt VALUES ('H9024', 'German', 'Common Services: Können nur definiert werden, wenn die Applikation durch den Administrator in den Eigentümer-Einstellungen + dafür freigegeben wurde. Sie sind formal wie normale Verbindungen aufgebaut, dürfen aber keine Schnittstellen verwenden. +'); +INSERT INTO txt VALUES ('H9024', 'English', 'Common Services: Can only be defined, if the application is marked as permitted in the Owner Settings by the administrator. + Formally they are structured as regular connections but are not allowed to use interfaces. +'); +INSERT INTO txt VALUES ('H9031', 'German', 'Netzwerkobjekte werden zur Definition von Quelle und Ziel der Verbindungen benötigt. Es wird zwischen verschiedenen Arten von Netzwerkobjekten unterschieden:'); +INSERT INTO txt VALUES ('H9031', 'English', 'Network objects are used to define source and destination of the connections. There are different types of network objects:'); +INSERT INTO txt VALUES ('H9032', 'German', 'App-Server: Die elementaren Bausteine (Host-Adressen), die der Applikation zugeordnet sind. Sie werden in der Regel mit den Applikationen importiert + (Import-Einstellungen, Import-Schnittstelle), können aber auch manuell vom Administrator angelegt werden. + Je nach Einstellung (abhängig von den jeweiligen Vorgaben des Unternehmens) können die App-Server direkt in die Verbindungen übernommen werden oder müssen zuerst in App-Rollen gebündelt werden. +'); +INSERT INTO txt VALUES ('H9032', 'English', 'App Server: Elementary components (host addresses) associated to the application. Usually they are imported with the applications + (Import Settings, Import Interface), but can also be created manually by the administrator. + Depending on the settings (according to company requirements) App Servers can be used directly in the connections or have to be bundled in App Roles first. +'); +INSERT INTO txt VALUES ('H9033', 'German', 'App-Rollen: Dienen der Bündelung von App-Servern. Falls in den Modellierungseinstellungen so vorgesehen, + müssen sie einer Netzwerkarea zugehören. Beim Erstellen der App-Rolle muss dann zunächst eine Area ausgewählt werden, nur von dieser werden dann die App-Server in der Bibliothek angeboten. + Die Namen der App-Rollen müssen dann einer ebenfalls in den Einstellungen vorgegebenen Namenskonvention folgen. +'); +INSERT INTO txt VALUES ('H9033', 'English', 'App Roles: Used for bundling of App Servers. If required in the Modelling Settings, + they have to belong to a network area. When creating an App Role, first a network area has to be selected, only App Servers belonging to this are are displayed then in the library. + Names of the App Roles have to comply to a naming convention, defined in the Modelling Settings. +'); +INSERT INTO txt VALUES ('H9034', 'German', 'Netzwerkareas: Werden über die Subnetzdaten-Importschnittstelle (Import-Einstellungen, Import-Schnittstelle) importiert. + Sie können aus der Bibliothek heraus gesucht, selektiert und anschliessend in Quelle oder Ziel der Verbindungen übernommen werden. +'); +INSERT INTO txt VALUES ('H9034', 'English', 'Network Areas: Are imported via the Subnet Data Import Interface (Import Settings, Import Interface). + They can be searched an selected from the library and then used for source and destination of the connections. +'); +INSERT INTO txt VALUES ('H9041', 'German', 'Es wird zwischen einfachen Diensten und Dienstgruppen unterschieden. In den Modellierungseinstellungen + kann festgelegt werden, dass nur Dienstgruppen in der Definition von Verbindungen genutzt werden können, ansonsten sind auch einfache Dienste zugelassen. +'); +INSERT INTO txt VALUES ('H9041', 'English', 'There is a differentiation between simple services and Service Groups. It can be defined in the Modelling Settings, + that only Service Groups are allowed to be used in the definition of connections, else also simple services are permitted. +'); +INSERT INTO txt VALUES ('H9042', 'German', 'Dienste: Einfache Dienste werden durch Port (einfach oder Intervall) und Protokoll definiert und können einen Namen zugewiesen bekommen. + Die Definition kann durch den Modellierer selbst vorgenommen werden, es können aber auch - falls vorhanden - vom Administrator vordefinierte Dienste verwendet werden. +'); +INSERT INTO txt VALUES ('H9042', 'English', 'Services: Simple services are defined by port (single or range) and protocol and can have a name assigned. + Definition can be done by the modeller, but also - if available - predefined services by the administrator can be used. +'); +INSERT INTO txt VALUES ('H9043', 'German', 'Dienstgruppen: In Dienstgruppen können die einfachen Dienste zusammengefasst werden. Hier muss ein Name vergeben werden, es können auch Kommentare hinzugefügt werden. + Auch hier kann die Definition durch den Modellierer selbst erfolgen oder auch vom Administrator vordefinierte Dienstgruppen verwendet werden. +'); +INSERT INTO txt VALUES ('H9043', 'English', 'Service Groups: Simple services can be bundled in Service Groups. A name has to be given to them, comments can be added. + Again definition can be done by the modeller, but also Service Groups predefined by the administrator can be used. +'); diff --git a/roles/database/files/sql/idempotent/fworch-views-changes.sql b/roles/database/files/sql/idempotent/fworch-views-changes.sql new file mode 100644 index 000000000..6e54c4489 --- /dev/null +++ b/roles/database/files/sql/idempotent/fworch-views-changes.sql @@ -0,0 +1,337 @@ + +--------------------------------------------------------------------------------------------- +-- object views +--------------------------------------------------------------------------------------------- +CREATE OR REPLACE VIEW view_obj_changes AS + SELECT + abs_change_id, + log_obj_id AS local_change_id, + ''::VARCHAR as change_request_info, + CAST('object' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_object.old_obj_id AS old_id, + changelog_object.new_obj_id AS new_id, + changelog_object.documented as change_documented, + changelog_object.change_type_id as change_type_id, + change_action as change_type, + changelog_obj_comment as change_comment, + obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + object.obj_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_object + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN object ON (old_obj_id=obj_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import + + UNION + + SELECT + abs_change_id, + log_obj_id AS local_change_id, + ''::VARCHAR as change_request_info, + CAST('object' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_object.old_obj_id AS old_id, + changelog_object.new_obj_id AS new_id, + changelog_object.documented as change_documented, + changelog_object.change_type_id as change_type_id, + change_action as change_type, + changelog_obj_comment as change_comment, + obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + object.obj_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_object + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN object ON (new_obj_id=obj_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; + + +--------------------------------------------------------------------------------------------- +-- user views +--------------------------------------------------------------------------------------------- + +CREATE OR REPLACE VIEW view_user_changes AS + SELECT + abs_change_id, + log_usr_id AS local_change_id, + change_request_info, + CAST('usr' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_user.old_user_id AS old_id, + changelog_user.new_user_id AS new_id, + changelog_user.documented as change_documented, + changelog_user.change_type_id as change_type_id, + change_action as change_type, + changelog_user_comment as change_comment, + user_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + usr.user_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_user + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN usr ON (old_user_id=user_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_user.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_user.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import + UNION + SELECT + abs_change_id, + log_usr_id AS local_change_id, + change_request_info, + CAST('usr' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_user.old_user_id AS old_id, + changelog_user.new_user_id AS new_id, + changelog_user.documented as change_documented, + changelog_user.change_type_id as change_type_id, + change_action as change_type, + changelog_user_comment as change_comment, + user_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + usr.user_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_user + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN usr ON (new_user_id=user_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_user.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_user.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; + +--------------------------------------------------------------------------------------------- +-- service views +--------------------------------------------------------------------------------------------- + +CREATE OR REPLACE VIEW view_svc_changes AS + SELECT + abs_change_id, + log_svc_id AS local_change_id, + change_request_info, + CAST('service' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_service.old_svc_id AS old_id, + changelog_service.new_svc_id AS new_id, + changelog_service.documented as change_documented, + changelog_service.change_type_id as change_type_id, + change_action as change_type, + changelog_svc_comment as change_comment, + svc_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + service.svc_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_service + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN service ON (old_svc_id=svc_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_service.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_service.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import + UNION + SELECT + abs_change_id, + log_svc_id AS local_change_id, + change_request_info, + CAST('service' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_service.old_svc_id AS old_id, + changelog_service.new_svc_id AS new_id, + changelog_service.documented as change_documented, + changelog_service.change_type_id as change_type_id, + change_action as change_type, + changelog_svc_comment as change_comment, + svc_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + service.svc_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_service + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN service ON (new_svc_id=svc_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_service.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_service.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; + +--------------------------------------------------------------------------------------------- +-- rule views +--------------------------------------------------------------------------------------------- + + +CREATE OR REPLACE VIEW view_rule_changes AS + SELECT -- first select for deleted rules (join over old_rule_id) + abs_change_id, + log_rule_id AS local_change_id, + change_request_info, + CAST('rule' AS VARCHAR) as change_element, + CAST('rule_element' AS VARCHAR) as change_element_order, + changelog_rule.old_rule_id AS old_id, + changelog_rule.new_rule_id AS new_id, + changelog_rule.documented as change_documented, + changelog_rule.change_type_id as change_type_id, + change_action as change_type, + changelog_rule_comment as change_comment, + rule_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + device.dev_name, + device.dev_id, + CAST(t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS VARCHAR) AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + CAST (t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS VARCHAR) AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + CAST((COALESCE (rule.rule_ruleid, rule.rule_uid) || ', Rulebase: ' || device.local_rulebase_name) AS VARCHAR) AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_rule + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN rule ON (old_rule_id=rule_id) + LEFT JOIN device ON (changelog_rule.dev_id=device.dev_id) + LEFT JOIN uiuser AS t_change_admin ON (t_change_admin.uiuser_id=changelog_rule.import_admin) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_rule.doku_admin=t_doku_admin.uiuser_id) + WHERE changelog_rule.change_action='D' AND change_type_id = 3 AND security_relevant AND successful_import + + UNION + + SELECT -- second select for changed or inserted rules (join over new_rule_id) + abs_change_id, + log_rule_id AS local_change_id, + change_request_info, + CAST('rule' AS VARCHAR) as change_element, + CAST('rule_element' AS VARCHAR) as change_element_order, + changelog_rule.old_rule_id AS old_id, + changelog_rule.new_rule_id AS new_id, + changelog_rule.documented as change_documented, + changelog_rule.change_type_id as change_type_id, + change_action as change_type, + changelog_rule_comment as change_comment, + rule_comment as obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + device.dev_name, + device.dev_id, + CAST(t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS VARCHAR) AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + CAST (t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS VARCHAR) AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + CAST((COALESCE (rule.rule_ruleid, rule.rule_uid) || ', Rulebase: ' || device.local_rulebase_name) AS VARCHAR) AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_rule + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN rule ON (new_rule_id=rule_id) + LEFT JOIN device ON (changelog_rule.dev_id=device.dev_id) + LEFT JOIN uiuser AS t_change_admin ON (t_change_admin.uiuser_id=changelog_rule.import_admin) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_rule.doku_admin=t_doku_admin.uiuser_id) + WHERE changelog_rule.change_action<>'D' AND change_type_id = 3 AND security_relevant AND successful_import; + +--------------------------------------------------------------------------------------------- +-- top level views +--------------------------------------------------------------------------------------------- + + +--- changes --------------------------------------------------------------------------------- + +CREATE OR REPLACE VIEW view_changes AS + (SELECT * FROM view_obj_changes) UNION + (SELECT * FROM view_rule_changes) UNION + (SELECT * FROM view_svc_changes) UNION + (SELECT * FROM view_user_changes) + ORDER BY change_time,mgm_name,change_admin,change_element_order; + +CREATE OR REPLACE VIEW view_reportable_changes AS + SELECT * FROM view_changes +-- WHERE change_type_id = 3 AND security_relevant + ORDER BY change_time,mgm_name,change_admin,change_element_order; + +-- einheitliche View auf source und destination aller regeln - Verwendung in ChangeList bei tenant-Filterung +CREATE OR REPLACE VIEW view_rule_source_or_destination AS + SELECT rule.rule_id, rule.rule_dst_neg AS rule_neg, objgrp_flat.objgrp_flat_member_id AS obj_id + FROM rule + LEFT JOIN rule_to USING (rule_id) + LEFT JOIN objgrp_flat ON rule_to.obj_id = objgrp_flat.objgrp_flat_id + LEFT JOIN object ON objgrp_flat.objgrp_flat_member_id = object.obj_id +UNION + SELECT rule.rule_id, rule.rule_src_neg AS rule_neg, objgrp_flat.objgrp_flat_member_id AS obj_id + FROM rule + LEFT JOIN rule_from USING (rule_id) + LEFT JOIN objgrp_flat ON rule_from.obj_id = objgrp_flat.objgrp_flat_id + LEFT JOIN object ON objgrp_flat.objgrp_flat_member_id = object.obj_id; + +-- views used for reporters, too +GRANT SELECT ON TABLE view_reportable_changes TO GROUP secuadmins, reporters; +GRANT SELECT ON TABLE view_changes TO GROUP secuadmins, reporters; +GRANT SELECT ON TABLE view_rule_source_or_destination TO GROUP secuadmins, reporters; diff --git a/roles/database/files/sql/idempotent/fworch-views-drop.sql b/roles/database/files/sql/idempotent/fworch-views-drop.sql deleted file mode 100644 index f166a88a8..000000000 --- a/roles/database/files/sql/idempotent/fworch-views-drop.sql +++ /dev/null @@ -1,16 +0,0 @@ --- $Id: iso-views-drop.sql,v 1.1.2.3 2011-05-11 08:02:26 tim Exp $ --- $Source: /home/cvs/iso/package/install/database/Attic/iso-views-drop.sql,v $ - -DROP VIEW view_undocumented_changes CASCADE; -DROP VIEW view_reportable_changes CASCADE; -DROP VIEW view_changes CASCADE; -DROP VIEW view_obj_changes CASCADE; -DROP VIEW view_user_changes CASCADE; -DROP VIEW view_svc_changes CASCADE; -DROP VIEW view_rule_changes CASCADE; -DROP VIEW view_undocumented_change_counter; -DROP VIEW view_documented_change_counter; -DROP VIEW view_change_counter; --- DROP VIEW view_import_status_successful CASCADE; -DROP VIEW view_import_status_errors CASCADE; -DROP VIEW view_device_names CASCADE; \ No newline at end of file diff --git a/roles/database/files/sql/idempotent/fworch-views-recert.sql b/roles/database/files/sql/idempotent/fworch-views-recert.sql new file mode 100644 index 000000000..dba7d166c --- /dev/null +++ b/roles/database/files/sql/idempotent/fworch-views-recert.sql @@ -0,0 +1,190 @@ +/* + logic for checking overlap of ip ranges: + not (end_ip1 < start_ip2 or start_ip1 > end_ip2) + = + end_ip1 >= start_ip2 and start_ip1 <= end_ip2 + + ip1 = owner_network.ip + ip2 = object.ip + + --> + owner_network.ip_end >= object.ip and owner_network.ip <= object.ip_end + + here: + --> + owner_network.ip_end >= o.obj_ip and owner_network.ip <= o.obj_ip_end + +*/ + + +DROP VIEW IF EXISTS v_rule_with_src_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_dst_owner CASCADE; +DROP VIEW IF EXISTS v_rule_with_ip_owner CASCADE; + +CREATE OR REPLACE VIEW v_active_access_allow_rules AS + SELECT * FROM rule r + WHERE r.active AND -- only show current (not historical) rules + r.access_rule AND -- only show access rules (no NAT) + r.rule_head_text IS NULL AND -- do not show header rules + NOT r.rule_disabled AND -- do not show disabled rules + NOT r.action_id IN (2,3,7); -- do not deal with deny rules + +CREATE OR REPLACE VIEW v_rule_ownership_mode AS + SELECT c.config_value as mode FROM config c + WHERE c.config_key = 'ruleOwnershipMode'; + +CREATE OR REPLACE VIEW v_rule_with_rule_owner AS + SELECT r.rule_id, ow.id as owner_id, ow.name as owner_name, 'rule' AS matches, + ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + FROM v_active_access_allow_rules r + LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid AND r.dev_id=met.dev_id) + LEFT JOIN rule_owner ro ON (ro.rule_metadata_id=met.rule_metadata_id) + LEFT JOIN owner ow ON (ro.owner_id=ow.id) + WHERE NOT ow.id IS NULL + GROUP BY r.rule_id, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + +CREATE OR REPLACE VIEW v_excluded_src_ips AS + SELECT distinct o.obj_ip + FROM v_rule_with_rule_owner r + LEFT JOIN rule_from rf ON (r.rule_id=rf.rule_id) + LEFT JOIN objgrp_flat of ON (rf.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + WHERE NOT o.obj_ip='0.0.0.0/0'; + +CREATE OR REPLACE VIEW v_excluded_dst_ips AS + SELECT distinct o.obj_ip + FROM v_rule_with_rule_owner r + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat of ON (rt.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + WHERE NOT o.obj_ip='0.0.0.0/0'; + + -- if start_ip1 <= end_ip2 and start_ip2 <= end_ip1: + -- overlap_start = max(start_ip1, start_ip2) + -- overlap_end = min(end_ip1, end_ip2) + -- return (overlap_start, overlap_end) + -- else: + -- return None # No overlap + +CREATE OR REPLACE VIEW v_rule_with_src_owner AS + SELECT + r.rule_id, ow.id as owner_id, ow.name as owner_name, + CASE + WHEN onw.ip = onw.ip_end + THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) -- Single IP overlap, removing netmask + ELSE + CASE WHEN -- range is a single network + host(broadcast(inet_merge(onw.ip, onw.ip_end))) = host (onw.ip_end) AND + host(inet_merge(onw.ip, onw.ip_end)) = host (onw.ip) + THEN + text(inet_merge(onw.ip, onw.ip_end)) + ELSE + CONCAT(SPLIT_PART(onw.ip::VARCHAR,'/', 1), '-', SPLIT_PART(onw.ip_end::VARCHAR, '/', 1)) + END + END AS matching_ip, + 'source' AS match_in, + ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + FROM v_active_access_allow_rules r + LEFT JOIN rule_from ON (r.rule_id=rule_from.rule_id) + LEFT JOIN objgrp_flat of ON (rule_from.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) + LEFT JOIN owner ow ON (onw.owner_id=ow.id) + LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid AND r.dev_id=met.dev_id) + WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND + CASE + when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_src_ips) + else NOT o.obj_ip IS NULL + END + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + +CREATE OR REPLACE VIEW v_rule_with_dst_owner AS + SELECT + r.rule_id, ow.id as owner_id, ow.name as owner_name, + CASE + WHEN onw.ip = onw.ip_end + THEN SPLIT_PART(CAST(onw.ip AS VARCHAR), '/', 1) -- Single IP overlap, removing netmask + ELSE + CASE WHEN -- range is a single network + host(broadcast(inet_merge(onw.ip, onw.ip_end))) = host (onw.ip_end) AND + host(inet_merge(onw.ip, onw.ip_end)) = host (onw.ip) + THEN + text(inet_merge(onw.ip, onw.ip_end)) + ELSE + CONCAT(SPLIT_PART(onw.ip::VARCHAR,'/', 1), '-', SPLIT_PART(onw.ip_end::VARCHAR, '/', 1)) + END + END AS matching_ip, + 'destination' AS match_in, + ow.recert_interval, met.rule_last_certified, met.rule_last_certifier + FROM v_active_access_allow_rules r + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat of ON (rt.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + LEFT JOIN owner_network onw ON (onw.ip_end >= o.obj_ip AND onw.ip <= o.obj_ip_end) + LEFT JOIN owner ow ON (onw.owner_id=ow.id) + LEFT JOIN rule_metadata met ON (r.rule_uid=met.rule_uid AND r.dev_id=met.dev_id) + WHERE r.rule_id NOT IN (SELECT distinct rwo.rule_id FROM v_rule_with_rule_owner rwo) AND + CASE + when (select mode from v_rule_ownership_mode) = 'exclusive' then (NOT o.obj_ip IS NULL) AND o.obj_ip NOT IN (select * from v_excluded_dst_ips) + else NOT o.obj_ip IS NULL + END + GROUP BY r.rule_id, o.obj_ip, o.obj_ip_end, onw.ip, onw.ip_end, ow.id, ow.name, met.rule_last_certified, met.rule_last_certifier; + +CREATE OR REPLACE VIEW v_rule_with_ip_owner AS + SELECT DISTINCT uno.rule_id, uno.owner_id, uno.owner_name, + string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches, + uno.recert_interval, uno.rule_last_certified, uno.rule_last_certifier + FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner AS src UNION SELECT DISTINCT * FROM v_rule_with_dst_owner AS dst) AS uno + GROUP BY uno.rule_id, uno.owner_id, uno.owner_name, uno.recert_interval, uno.rule_last_certified, uno.rule_last_certifier; + +CREATE OR REPLACE FUNCTION purge_view_rule_with_owner () RETURNS VOID AS $$ +DECLARE + r_temp_record RECORD; +BEGIN + select INTO r_temp_record schemaname, viewname from pg_catalog.pg_views + where schemaname NOT IN ('pg_catalog', 'information_schema') and viewname='view_rule_with_owner' + order by schemaname, viewname; + IF FOUND THEN + DROP VIEW IF EXISTS view_rule_with_owner CASCADE; + END IF; + DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner CASCADE; + RETURN; +END; +$$ LANGUAGE plpgsql; + +SELECT * FROM purge_view_rule_with_owner (); +DROP FUNCTION purge_view_rule_with_owner(); + +-- LargeOwnerChange: remove MATERIALIZED for small installations +CREATE MATERIALIZED VIEW view_rule_with_owner AS + SELECT DISTINCT ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, + r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, + r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, + r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule + FROM ( SELECT DISTINCT * FROM v_rule_with_rule_owner AS rul UNION SELECT DISTINCT * FROM v_rule_with_ip_owner AS ips) AS ar + LEFT JOIN rule AS r USING (rule_id) + GROUP BY ar.rule_id, ar.owner_id, ar.owner_name, ar.matches, ar.recert_interval, ar.rule_last_certified, ar.rule_last_certifier, + r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, + r.rule_action, r.rule_name, r.rule_comment, r.rule_track, r.rule_src_neg, r.rule_dst_neg, r.rule_svc_neg, + r.rule_head_text, r.rule_disabled, r.access_rule, r.xlate_rule, r.nat_rule; + +-- refresh materialized view view_rule_with_owner; + +------------------------- +-- recert refresh trigger + +create or replace function refresh_view_rule_with_owner() +returns trigger language plpgsql +as $$ +begin + refresh materialized view view_rule_with_owner; + return null; +end $$; + +drop trigger IF exists refresh_view_rule_with_owner_delete_trigger ON recertification CASCADE; + +create trigger refresh_view_rule_with_owner_delete_trigger +after delete on recertification for each statement +execute procedure refresh_view_rule_with_owner(); + +GRANT SELECT ON TABLE view_rule_with_owner TO GROUP secuadmins, reporters, configimporters; diff --git a/roles/database/files/sql/idempotent/fworch-views.sql b/roles/database/files/sql/idempotent/fworch-views.sql deleted file mode 100644 index 9e663b32a..000000000 --- a/roles/database/files/sql/idempotent/fworch-views.sql +++ /dev/null @@ -1,638 +0,0 @@ - ---------------------------------------------------------------------------------------------- --- object views ---------------------------------------------------------------------------------------------- -CREATE OR REPLACE VIEW view_obj_changes AS - SELECT - abs_change_id, - log_obj_id AS local_change_id, - get_request_str(CAST('object' as VARCHAR), changelog_object.log_obj_id) as change_request_info, - CAST('object' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_object.old_obj_id AS old_id, - changelog_object.new_obj_id AS new_id, - changelog_object.documented as change_documented, - changelog_object.change_type_id as change_type_id, - change_action as change_type, - changelog_obj_comment as change_comment, - obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - object.obj_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_object - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN object ON (old_obj_id=obj_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import - - UNION - - SELECT - abs_change_id, - log_obj_id AS local_change_id, - get_request_str('object', changelog_object.log_obj_id) as change_request_info, - CAST('object' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_object.old_obj_id AS old_id, - changelog_object.new_obj_id AS new_id, - changelog_object.documented as change_documented, - changelog_object.change_type_id as change_type_id, - change_action as change_type, - changelog_obj_comment as change_comment, - obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - object.obj_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_object - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN object ON (new_obj_id=obj_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; - - ---------------------------------------------------------------------------------------------- --- user views ---------------------------------------------------------------------------------------------- - -CREATE OR REPLACE VIEW view_user_changes AS - SELECT - abs_change_id, - log_usr_id AS local_change_id, - change_request_info, - CAST('usr' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_user.old_user_id AS old_id, - changelog_user.new_user_id AS new_id, - changelog_user.documented as change_documented, - changelog_user.change_type_id as change_type_id, - change_action as change_type, - changelog_user_comment as change_comment, - user_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - usr.user_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_user - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN usr ON (old_user_id=user_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_user.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_user.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import - UNION - SELECT - abs_change_id, - log_usr_id AS local_change_id, - change_request_info, - CAST('usr' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_user.old_user_id AS old_id, - changelog_user.new_user_id AS new_id, - changelog_user.documented as change_documented, - changelog_user.change_type_id as change_type_id, - change_action as change_type, - changelog_user_comment as change_comment, - user_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - usr.user_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_user - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN usr ON (new_user_id=user_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_user.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_user.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; - ---------------------------------------------------------------------------------------------- --- service views ---------------------------------------------------------------------------------------------- - -CREATE OR REPLACE VIEW view_svc_changes AS - SELECT - abs_change_id, - log_svc_id AS local_change_id, - change_request_info, - CAST('service' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_service.old_svc_id AS old_id, - changelog_service.new_svc_id AS new_id, - changelog_service.documented as change_documented, - changelog_service.change_type_id as change_type_id, - change_action as change_type, - changelog_svc_comment as change_comment, - svc_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - service.svc_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_service - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN service ON (old_svc_id=svc_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_service.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_service.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import - UNION - SELECT - abs_change_id, - log_svc_id AS local_change_id, - change_request_info, - CAST('service' AS VARCHAR) as change_element, - CAST('basic_element' AS VARCHAR) as change_element_order, - changelog_service.old_svc_id AS old_id, - changelog_service.new_svc_id AS new_id, - changelog_service.documented as change_documented, - changelog_service.change_type_id as change_type_id, - change_action as change_type, - changelog_svc_comment as change_comment, - svc_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - CAST(NULL AS VARCHAR) as dev_name, - CAST(NULL AS INTEGER) as dev_id, - t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - service.svc_name AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_service - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN service ON (new_svc_id=svc_id) - LEFT JOIN uiuser AS t_change_admin ON (changelog_service.import_admin=t_change_admin.uiuser_id) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_service.doku_admin=t_doku_admin.uiuser_id) - WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; - ---------------------------------------------------------------------------------------------- --- rule views ---------------------------------------------------------------------------------------------- - - -CREATE OR REPLACE VIEW view_rule_changes AS - SELECT -- first select for deleted rules (join over old_rule_id) - abs_change_id, - log_rule_id AS local_change_id, - change_request_info, - CAST('rule' AS VARCHAR) as change_element, - CAST('rule_element' AS VARCHAR) as change_element_order, - changelog_rule.old_rule_id AS old_id, - changelog_rule.new_rule_id AS new_id, - changelog_rule.documented as change_documented, - changelog_rule.change_type_id as change_type_id, - change_action as change_type, - changelog_rule_comment as change_comment, - rule_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - device.dev_name, - device.dev_id, - CAST(t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS VARCHAR) AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - CAST (t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS VARCHAR) AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - CAST((COALESCE (rule.rule_ruleid, rule.rule_uid) || ', Rulebase: ' || device.local_rulebase_name) AS VARCHAR) AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_rule - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN rule ON (old_rule_id=rule_id) - LEFT JOIN device ON (changelog_rule.dev_id=device.dev_id) - LEFT JOIN uiuser AS t_change_admin ON (t_change_admin.uiuser_id=changelog_rule.import_admin) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_rule.doku_admin=t_doku_admin.uiuser_id) - WHERE changelog_rule.change_action='D' AND change_type_id = 3 AND security_relevant AND successful_import - - UNION - - SELECT -- second select for changed or inserted rules (join over new_rule_id) - abs_change_id, - log_rule_id AS local_change_id, - change_request_info, - CAST('rule' AS VARCHAR) as change_element, - CAST('rule_element' AS VARCHAR) as change_element_order, - changelog_rule.old_rule_id AS old_id, - changelog_rule.new_rule_id AS new_id, - changelog_rule.documented as change_documented, - changelog_rule.change_type_id as change_type_id, - change_action as change_type, - changelog_rule_comment as change_comment, - rule_comment as obj_comment, - import_control.start_time AS change_time, - management.mgm_name AS mgm_name, - management.mgm_id AS mgm_id, - device.dev_name, - device.dev_id, - CAST(t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS VARCHAR) AS change_admin, - t_change_admin.uiuser_id AS change_admin_id, - CAST (t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS VARCHAR) AS doku_admin, - t_doku_admin.uiuser_id AS doku_admin_id, - security_relevant, - CAST((COALESCE (rule.rule_ruleid, rule.rule_uid) || ', Rulebase: ' || device.local_rulebase_name) AS VARCHAR) AS unique_name, - CAST (NULL AS VARCHAR) AS change_diffs, - CAST (NULL AS VARCHAR) AS change_new_element - FROM - changelog_rule - LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) - LEFT JOIN rule ON (new_rule_id=rule_id) - LEFT JOIN device ON (changelog_rule.dev_id=device.dev_id) - LEFT JOIN uiuser AS t_change_admin ON (t_change_admin.uiuser_id=changelog_rule.import_admin) - LEFT JOIN uiuser AS t_doku_admin ON (changelog_rule.doku_admin=t_doku_admin.uiuser_id) - WHERE changelog_rule.change_action<>'D' AND change_type_id = 3 AND security_relevant AND successful_import; - ---------------------------------------------------------------------------------------------- --- top level views ---------------------------------------------------------------------------------------------- - - ---- changes --------------------------------------------------------------------------------- - -CREATE OR REPLACE VIEW view_changes AS - (SELECT * FROM view_obj_changes) UNION - (SELECT * FROM view_rule_changes) UNION - (SELECT * FROM view_svc_changes) UNION - (SELECT * FROM view_user_changes) - ORDER BY change_time,mgm_name,change_admin,change_element_order; - -CREATE OR REPLACE VIEW view_undocumented_changes AS - SELECT * FROM view_changes - WHERE --- change_type_id = 3 AND security_relevant AND - NOT change_documented - ORDER BY change_time,mgm_name,change_admin,change_element_order; - -CREATE OR REPLACE VIEW view_reportable_changes AS - SELECT * FROM view_changes --- WHERE change_type_id = 3 AND security_relevant - ORDER BY change_time,mgm_name,change_admin,change_element_order; - --- Zusammenfassung aller geaenderten Element-IDs (erzeugt #(change_type='C') mehr Eintr�ge) --- erzeugt keine Dubletten unter der Praemisse, dass stets old_id<>new_id -CREATE OR REPLACE VIEW view_changes_by_changed_element_id AS - SELECT old_id as element_id, * FROM view_reportable_changes WHERE NOT old_id IS NULL - UNION - SELECT new_id as element_id, * FROM view_reportable_changes WHERE NOT new_id IS NULL; - --- slim view for counting number of changes - -CREATE OR REPLACE VIEW view_change_counter AS - (SELECT mgm_id,CAST(NULL AS INTEGER) as dev_id,import_admin,abs_change_id,documented FROM changelog_user WHERE change_type_id=3 AND security_relevant) - UNION - (SELECT mgm_id,CAST(NULL AS INTEGER) as dev_id,import_admin,abs_change_id,documented FROM changelog_object WHERE change_type_id=3 AND security_relevant) - UNION - (SELECT mgm_id,CAST(NULL AS INTEGER) as dev_id,import_admin,abs_change_id,documented FROM changelog_service WHERE change_type_id=3 AND security_relevant) - UNION - (SELECT mgm_id,dev_id,import_admin,abs_change_id,documented FROM changelog_rule WHERE change_type_id=3 AND security_relevant); - -CREATE OR REPLACE VIEW view_undocumented_change_counter AS - SELECT * FROM view_change_counter WHERE NOT documented; - -CREATE OR REPLACE VIEW view_documented_change_counter AS - SELECT * FROM view_change_counter WHERE documented; - --- einheitliche View auf source und destination aller regeln - Verwendung in ChangeList bei tenant-Filterung -CREATE OR REPLACE VIEW view_rule_source_or_destination AS - SELECT rule.rule_id, rule.rule_dst_neg AS rule_neg, objgrp_flat.objgrp_flat_member_id AS obj_id - FROM rule - LEFT JOIN rule_to USING (rule_id) - LEFT JOIN objgrp_flat ON rule_to.obj_id = objgrp_flat.objgrp_flat_id - LEFT JOIN object ON objgrp_flat.objgrp_flat_member_id = object.obj_id -UNION - SELECT rule.rule_id, rule.rule_src_neg AS rule_neg, objgrp_flat.objgrp_flat_member_id AS obj_id - FROM rule - LEFT JOIN rule_from USING (rule_id) - LEFT JOIN objgrp_flat ON rule_from.obj_id = objgrp_flat.objgrp_flat_id - LEFT JOIN object ON objgrp_flat.objgrp_flat_member_id = object.obj_id; - ---- import status ----------------------------------------------------------------------------- - -CREATE OR REPLACE VIEW view_import_status_successful AS - SELECT mgm_id, mgm_name, dev_typ_name, do_not_import, MAX(last_import) AS last_import, MAX(import_count_24hours) AS import_count_24hours FROM ( - SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, MAX(start_time) AS last_import, - COUNT(import_control.control_id) AS import_count_24hours - FROM management LEFT JOIN import_control ON (management.mgm_id=import_control.mgm_id) - LEFT JOIN stm_dev_typ USING (dev_typ_id) - WHERE start_time>(now() - interval '24 hours') AND successful_import AND NOT stop_time IS NULL - GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name - UNION - SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, MAX(start_time) AS last_import, - 0 AS import_count_24hours - FROM management LEFT JOIN import_control ON (management.mgm_id=import_control.mgm_id) - LEFT JOIN stm_dev_typ USING (dev_typ_id) - WHERE start_time<=(now() - interval '24 hours') AND successful_import AND NOT stop_time IS NULL - GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name - UNION - SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, NULL AS last_import, - 0 AS import_count_24hours - FROM management LEFT JOIN import_control USING (mgm_id) - LEFT JOIN stm_dev_typ USING (dev_typ_id) - WHERE successful_import IS NULL - GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name - ) AS foo GROUP BY mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name ORDER BY dev_typ_name, mgm_name; - -CREATE OR REPLACE VIEW view_import_status_errors AS - SELECT mgm_id, mgm_name, dev_typ_name, do_not_import, MAX(last_import) AS last_import, MAX(import_count_24hours) AS import_count_24hours, import_errors FROM ( - SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, MAX(start_time) AS last_import, - COUNT(import_control.control_id) AS import_count_24hours, import_control.import_errors - FROM management LEFT JOIN import_control ON (management.mgm_id=import_control.mgm_id) - LEFT JOIN stm_dev_typ USING (dev_typ_id) - WHERE start_time>(now() - interval '24 hours') AND NOT successful_import AND NOT stop_time IS NULL - GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name, import_errors --- UNION ALL --- SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, MAX(start_time) AS last_import, --- 0 AS import_count_24hours, NULL AS import_errors --- FROM management LEFT JOIN import_control ON (management.mgm_id=import_control.mgm_id) --- LEFT JOIN stm_dev_typ USING (dev_typ_id) --- WHERE start_time<=(now() - interval '24 hours') AND NOT successful_import --- GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name, import_errors - UNION - SELECT management.mgm_id, mgm_name, dev_typ_name, do_not_import, successful_import, NULL AS last_import, - 0 AS import_count_24hours, NULL AS import_errors - FROM management LEFT JOIN import_control USING (mgm_id) - LEFT JOIN stm_dev_typ USING (dev_typ_id) - WHERE successful_import IS NULL AND NOT stop_time IS NULL - GROUP BY management.mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name, import_errors - ) AS foo --- WHERE NOT import_errors IS NULL - GROUP BY mgm_id, mgm_name, successful_import, do_not_import, dev_typ_name, import_errors ORDER BY dev_typ_name, mgm_name; - -CREATE OR REPLACE VIEW view_import_status_table_unsorted AS - SELECT *, - CASE - WHEN import_is_active AND import_count_successful=0 AND import_count_errors>=5 THEN VARCHAR 'red' - WHEN (NOT import_is_active AND last_successful_import IS NULL AND last_import_with_errors IS NULL) - OR (last_successful_import>last_import_with_errors) THEN VARCHAR 'green' - WHEN (last_successful_import IS NULL AND last_import_with_errors IS NULL) - OR (last_successful_import>tenant_net_ip OR obj_ip=tenant_net_ip)) - OR (rule_dst_neg AND (NOT obj_ip<>tenant_net_ip AND NOT obj_ip=tenant_net_ip)) - ) - WHERE rule_head_text IS NULL - UNION - SELECT rule.rule_id, rule.rule_create, rule.rule_last_seen, tenant_network.tenant_id, rule.mgm_id, rule_order.dev_id - FROM rule - LEFT JOIN rule_order ON (rule.rule_id=rule_order.rule_id) - LEFT JOIN rule_from ON (rule.rule_id=rule_from.rule_id) - LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) - LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) - LEFT JOIN tenant_network ON - ( - (NOT rule_src_neg AND (obj_ip<>tenant_net_ip OR obj_ip=tenant_net_ip)) - OR (rule_src_neg AND (NOT obj_ip<>tenant_net_ip AND NOT obj_ip=tenant_net_ip)) - ) - WHERE rule_head_text IS NULL - ) AS x; -- GROUP BY rule_id,tenant_id,mgm_id,rule_create, rule_last_seen - --- examples for tenant filtering: --- select rule_id from view_tenant_rules where tenant_network.tenant_id=1 and rule.mgm_id=4 --- select rule_id,rule_create from view_tenant_rules where mgm_id=4 group by rule_id,rule_create -*/ - - -CREATE OR REPLACE VIEW view_device_names AS - SELECT 'Management: ' || mgm_name || ', Device: ' || dev_name AS dev_string, dev_id, mgm_id, dev_name, mgm_name FROM device LEFT JOIN management USING (mgm_id); - --- view for ip address filtering -DROP MATERIALIZED VIEW IF EXISTS nw_object_limits; -CREATE MATERIALIZED VIEW nw_object_limits AS - select obj_id, mgm_id, - host ( object.obj_ip )::cidr as first_ip, - CASE - WHEN object.obj_ip_end IS NULL - THEN host(broadcast(object.obj_ip))::cidr - ELSE host(broadcast(object.obj_ip_end))::cidr - END last_ip - from object; - --- adding indexes for view -Create index IF NOT EXISTS idx_nw_object_limits_obj_id on nw_object_limits (obj_id); -Create index IF NOT EXISTS idx_nw_object_limits_mgm_id on nw_object_limits (mgm_id); - - - -DROP MATERIALIZED VIEW IF EXISTS view_tenant_rules; -CREATE MATERIALIZED VIEW IF NOT EXISTS view_tenant_rules AS - select tenant_rules.* from ( - SELECT rule.*, tenant_network.tenant_id - FROM rule - LEFT JOIN rule_to ON (rule.rule_id=rule_to.rule_id) - LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat_id) - LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) - LEFT JOIN tenant_network ON - ( NOT rule_dst_neg AND (obj_ip>>=tenant_net_ip OR obj_ip<<=tenant_net_ip)) - WHERE rule_head_text IS NULL - UNION - SELECT rule.*, tenant_network.tenant_id - FROM rule - LEFT JOIN rule_from ON (rule.rule_id=rule_from.rule_id) - LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) - LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) - LEFT JOIN tenant_network ON - ( NOT rule_src_neg AND (obj_ip>>=tenant_net_ip OR obj_ip<<=tenant_net_ip) ) - WHERE rule_head_text IS NULL - ) AS tenant_rules; - --- adding indexes for view -Create index IF NOT EXISTS idx_view_tenant_rules_tenant_id on view_tenant_rules(tenant_id); -Create index IF NOT EXISTS idx_view_tenant_rules_mgm_id on view_tenant_rules(mgm_id); - -REFRESH MATERIALIZED VIEW view_tenant_rules; -GRANT SELECT ON TABLE view_tenant_rules TO GROUP secuadmins, reporters; -/* - - query filterRulesByTenant($importId: bigint) { - view_tenant_rules(where: {access_rule: {_eq: true}, rule_last_seen: {_gte: $importId}, rule_create: {_lte: $importId}}) { - rule_id - rule_src - rule_dst - rule_create - rule_last_seen - tenant_id - } - } - -*/ - --- example tenant_network data: --- insert into tenant_network (tenant_id, tenant_net_ip) values (123, '10.9.8.0/24'); - --- test query: --- select dev_id, rule_num_numeric, view_tenant_rules.rule_id, rule_src,rule_dst --- from view_tenant_rules --- where access_rule, tenant_id=123 and mgm_id=8 and rule_last_seen>=28520 --- order by dev_id asc, rule_num_numeric asc - - ----------------- --- recert views - -CREATE OR REPLACE VIEW v_active_access_allow_rules AS - SELECT * FROM rule r - WHERE r.active AND -- only show current (not historical) rules - r.access_rule AND -- only show access rules (no NAT) - r.rule_head_text IS NULL AND -- do not show header rules - NOT r.rule_disabled AND -- do not show disabled rules - NOT r.action_id IN (2,3,7); -- do not deal with deny rules - -CREATE OR REPLACE VIEW v_rule_with_src_owner AS - SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'source' AS match_in, owner.name as owner_name, - rule_metadata.rule_last_certified, rule_last_certifier - FROM v_active_access_allow_rules r - LEFT JOIN rule_from ON (r.rule_id=rule_from.rule_id) - LEFT JOIN objgrp_flat of ON (rule_from.obj_id=of.objgrp_flat_id) - LEFT JOIN object o ON (o.obj_typ_id<>2 AND of.objgrp_flat_member_id=o.obj_id) - LEFT JOIN owner_network ON (o.obj_ip>>=owner_network.ip OR o.obj_ip<<=owner_network.ip) - LEFT JOIN owner ON (owner_network.owner_id=owner.id) - LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) - GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; - -CREATE OR REPLACE VIEW v_rule_with_dst_owner AS - SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'destination' AS match_in, owner.name as owner_name, - rule_metadata.rule_last_certified, rule_last_certifier - FROM v_active_access_allow_rules r - LEFT JOIN rule_to ON (r.rule_id=rule_to.rule_id) - LEFT JOIN objgrp_flat of ON (rule_to.obj_id=of.objgrp_flat_id) - LEFT JOIN object o ON (o.obj_typ_id<>2 AND of.objgrp_flat_member_id=o.obj_id) - LEFT JOIN owner_network ON (o.obj_ip>>=owner_network.ip OR o.obj_ip<<=owner_network.ip) - LEFT JOIN owner ON (owner_network.owner_id=owner.id) - LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) - GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; - ---drop view view_rule_with_owner; -CREATE OR REPLACE VIEW view_rule_with_owner AS - SELECT DISTINCT r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, uno.rule_id, uno.owner_id, uno.owner_name, uno.rule_last_certified, uno.rule_last_certifier, - rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, - rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule, - string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches - FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner UNION SELECT DISTINCT * FROM v_rule_with_dst_owner ) AS uno - LEFT JOIN rule AS r USING (rule_id) - GROUP BY rule_id, owner_id, owner_name, rule_last_certified, rule_last_certifier, r.rule_from_zone, r.rule_to_zone, - r.dev_id, r.mgm_id, r.rule_uid, rule_num_numeric, track_id, action_id, rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, - rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule; - ---------------------------------------------------------------------------------------------- --- GRANTS on exportable Views ---------------------------------------------------------------------------------------------- - -GRANT SELECT ON TABLE view_rule_with_owner TO GROUP secuadmins, reporters; - --- views for secuadmins -GRANT SELECT ON TABLE view_change_counter TO GROUP secuadmins; -GRANT SELECT ON TABLE view_undocumented_change_counter TO GROUP secuadmins; -GRANT SELECT ON TABLE view_documented_change_counter TO GROUP secuadmins; -GRANT SELECT ON TABLE view_undocumented_changes TO GROUP secuadmins; - --- views used for reporters, too -GRANT SELECT ON TABLE view_reportable_changes TO GROUP secuadmins, reporters; -GRANT SELECT ON TABLE view_changes TO GROUP secuadmins, reporters; --- GRANT SELECT ON TABLE view_tenant_rules TO GROUP secuadmins, reporters; -GRANT SELECT ON TABLE view_changes_by_changed_element_id TO GROUP secuadmins, reporters; -GRANT SELECT ON TABLE view_device_names TO GROUP secuadmins, reporters; -GRANT SELECT ON TABLE view_rule_source_or_destination TO GROUP secuadmins, reporters; - --- view for import status -GRANT SELECT ON TABLE view_import_status_table TO fworch; -- {{fworch_home}}/bin/write_import_status_file.sh is run as fworch as it will also be invoked via cli -GRANT SELECT ON TABLE view_import_status_table TO GROUP secuadmins, reporters; -- not really neccessary diff --git a/roles/database/files/sql/idempotent/unused_fworch-views-tenant.sql b/roles/database/files/sql/idempotent/unused_fworch-views-tenant.sql new file mode 100644 index 000000000..7c6fc5c87 --- /dev/null +++ b/roles/database/files/sql/idempotent/unused_fworch-views-tenant.sql @@ -0,0 +1,47 @@ + + +--------------------------------------------------------------------------------------------- +-- tenant views +--------------------------------------------------------------------------------------------- + +-- examples for tenant filtering: +-- select rule_id from view_tenant_rules where tenant_network.tenant_id=1 and rule.mgm_id=4 +-- select rule_id,rule_create from view_tenant_rules where mgm_id=4 group by rule_id,rule_create + +-- DROP MATERIALIZED VIEW IF EXISTS view_tenant_rules; +-- CREATE MATERIALIZED VIEW IF NOT EXISTS view_tenant_rules AS +-- select tenant_rules.* from ( +-- SELECT rule.*, tenant_network.tenant_id +-- FROM rule +-- LEFT JOIN rule_to ON (rule.rule_id=rule_to.rule_id) +-- LEFT JOIN objgrp_flat ON (rule_to.obj_id=objgrp_flat_id) +-- LEFT JOIN object ON (objgrp_flat_member_id=object.obj_id) +-- LEFT JOIN tenant_network ON +-- ( NOT rule_dst_neg AND (obj_ip_end >= tenant_net_ip AND obj_ip <= tenant_net_ip_end)) +-- WHERE rule_head_text IS NULL +-- UNION +-- SELECT rule.*, tenant_network.tenant_id +-- FROM rule +-- LEFT JOIN rule_from ON (rule.rule_id=rule_from.rule_id) +-- LEFT JOIN objgrp_flat ON (rule_from.obj_id=objgrp_flat.objgrp_flat_id) +-- LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) +-- LEFT JOIN tenant_network ON +-- ( NOT rule_src_neg AND (obj_ip_end >= tenant_net_ip AND obj_ip <= tenant_net_ip_end) ) +-- WHERE rule_head_text IS NULL +-- ) AS tenant_rules; + +-- -- adding indexes for view +-- Create index IF NOT EXISTS idx_view_tenant_rules_tenant_id on view_tenant_rules(tenant_id); +-- Create index IF NOT EXISTS idx_view_tenant_rules_mgm_id on view_tenant_rules(mgm_id); + +-- REFRESH MATERIALIZED VIEW view_tenant_rules; +-- GRANT SELECT ON TABLE view_tenant_rules TO GROUP secuadmins, reporters; + +-- example tenant_network data: +-- insert into tenant_network (tenant_id, tenant_net_ip, tenant_net_ip_end) values (123, '10.9.8.0/32', '10.9.8.255/32'); + +-- test query: +-- select dev_id, rule_num_numeric, view_tenant_rules.rule_id, rule_src,rule_dst +-- from view_tenant_rules +-- where access_rule, tenant_id=123 and mgm_id=8 and rule_last_seen>=28520 +-- order by dev_id asc, rule_num_numeric asc \ No newline at end of file diff --git a/roles/database/files/upgrade/5.0.1.sql b/roles/database/files/upgrade/5.0.1.sql index 35f24b958..8b3528eba 100644 --- a/roles/database/files/upgrade/5.0.1.sql +++ b/roles/database/files/upgrade/5.0.1.sql @@ -12,5 +12,18 @@ Create table if not exists "report_schedule" primary key ("report_schedule_id") ); -Alter table if exists "report_schedule" add foreign key ("report_template_id") references "report_template" ("report_template_id") on update restrict on delete cascade; -Alter table if exists "report_schedule" if not exists add foreign key ("report_schedule_owner") references "uiuser" ("uiuser_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_schedule_report_template_id_fkey') + THEN + Alter table if exists "report_schedule" add foreign key ("report_template_id") references "report_template" ("report_template_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_schedule_report_schedule_owner_fkey') + THEN + Alter table if exists "report_schedule" if not exists add foreign key ("report_schedule_owner") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.0.3.sql b/roles/database/files/upgrade/5.0.3.sql index c6e52e12c..a60261436 100644 --- a/roles/database/files/upgrade/5.0.3.sql +++ b/roles/database/files/upgrade/5.0.3.sql @@ -1,4 +1,13 @@ Alter table "config" add column if not exists "config_user" Integer; Alter table "config" drop constraint if exists "config_pkey"; Alter table "config" add primary key ("config_key","config_user"); -Alter table "config" add foreign key ("config_user") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'config_config_user_fkey') + THEN + Alter table "config" add foreign key ("config_user") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.0.4.sql b/roles/database/files/upgrade/5.0.4.sql index 9ccfddd6a..b2556f2f7 100644 --- a/roles/database/files/upgrade/5.0.4.sql +++ b/roles/database/files/upgrade/5.0.4.sql @@ -1,4 +1,13 @@ -- adding report owner (do not allow for sharing of generated reports yet) Alter table "report" add column "report_owner_id" Integer Not Null; -Alter table "report" add foreign key ("report_owner_id") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_report_owner_id_fkey') + THEN + Alter table "report" add foreign key ("report_owner_id") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.0.5.sql b/roles/database/files/upgrade/5.0.5.sql index 4e3882e3e..5f7fcef5f 100644 --- a/roles/database/files/upgrade/5.0.5.sql +++ b/roles/database/files/upgrade/5.0.5.sql @@ -114,5 +114,18 @@ Alter table "request_user_change" ALTER COLUMN "log_usr_id" TYPE BIGINT; -- add some missing foreign keys -Alter table "usr" add foreign key ("user_create") references "import_control" ("control_id") on update restrict on delete cascade; -Alter table "usr" add foreign key ("user_last_seen") references "import_control" ("control_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'usr_user_create_fkey') + THEN + Alter table "usr" add foreign key ("user_create") references "import_control" ("control_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'usr_user_last_seen_fkey') + THEN + Alter table "usr" add foreign key ("user_last_seen") references "import_control" ("control_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.0.6.sql b/roles/database/files/upgrade/5.0.6.sql index 788298b76..40b33d597 100644 --- a/roles/database/files/upgrade/5.0.6.sql +++ b/roles/database/files/upgrade/5.0.6.sql @@ -1,3 +1,11 @@ Alter table "ldap_connection" ADD COLUMN "tenant_id" INTEGER; -- add foreign key ldap_connection --> tenant -Alter table "ldap_connection" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'ldap_connection_tenant_id_fkey') + THEN + Alter table "ldap_connection" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.1.03.sql b/roles/database/files/upgrade/5.1.03.sql index 113a35053..80e42753f 100644 --- a/roles/database/files/upgrade/5.1.03.sql +++ b/roles/database/files/upgrade/5.1.03.sql @@ -16,10 +16,28 @@ Create table IF NOT EXISTS "report_schedule_format" "report_schedule_id" BIGSERIAL, primary key ("report_schedule_format_name","report_schedule_id") ); -Alter table "report_schedule_format" add foreign key ("report_schedule_format_name") references "report_format" ("report_format_name") on update restrict on delete cascade; + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_schedule_format_report_schedule_format_name_fkey') + THEN + Alter table "report_schedule_format" add foreign key ("report_schedule_format_name") references "report_format" ("report_format_name") on update restrict on delete cascade; + END IF; +END $$; + Alter table "report_template" ADD COLUMN IF NOT EXISTS "report_template_owner" Integer; -Alter table "report_template" add foreign key ("report_template_owner") references "uiuser" ("uiuser_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_template_report_template_owner_fkey') + THEN + Alter table "report_template" add foreign key ("report_template_owner") references "uiuser" ("uiuser_id") on update restrict on delete cascade; + END IF; +END $$; Alter table "report_schedule" ADD COLUMN IF NOT EXISTS "report_schedule_active" Boolean Default TRUE; @@ -30,5 +48,13 @@ Alter table "report" ADD COLUMN IF NOT EXISTS "report_csv" text; Alter table "report" ADD COLUMN IF NOT EXISTS "report_html" text; Alter table "report" ALTER COLUMN "report_filetype" DROP NOT NULL; Alter table "report" ADD COLUMN IF NOT EXISTS "tenant_wide_visible" Integer; -Alter table "report" add foreign key ("tenant_wide_visible") references "tenant" ("tenant_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'report_tenant_wide_visible_fkey') + THEN + Alter table "report" add foreign key ("tenant_wide_visible") references "tenant" ("tenant_id") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/5.1.16.sql b/roles/database/files/upgrade/5.1.16.sql index 3ebe9ae47..c03a6499f 100644 --- a/roles/database/files/upgrade/5.1.16.sql +++ b/roles/database/files/upgrade/5.1.16.sql @@ -26,17 +26,65 @@ Create table if not exists "rule_user_resolved" primary key ("mgm_id","rule_id","user_id") ); -Alter table "rule_nwobj_resolved" add foreign key ("obj_id") references "object" ("obj_id") on update restrict on delete cascade; -Alter table "rule_nwobj_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; -Alter table "rule_nwobj_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; - -Alter table "rule_svc_resolved" add foreign key ("svc_id") references "service" ("svc_id") on update restrict on delete cascade; -Alter table "rule_svc_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; -Alter table "rule_svc_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; - -Alter table "rule_user_resolved" add foreign key ("user_id") references "usr" ("user_id") on update restrict on delete cascade; -Alter table "rule_user_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; -Alter table "rule_user_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_nwobj_resolved_obj_id_fkey') + THEN + Alter table "rule_nwobj_resolved" add foreign key ("obj_id") references "object" ("obj_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_nwobj_resolved_rule_id_fkey') + THEN + Alter table "rule_nwobj_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_nwobj_resolved_mgm_id_fkey') + THEN + Alter table "rule_nwobj_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; + END IF; + + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_svc_resolved_svc_id_fkey') + THEN + Alter table "rule_svc_resolved" add foreign key ("svc_id") references "service" ("svc_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_svc_resolved_rule_id_fkey') + THEN + Alter table "rule_svc_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_svc_resolved_mgm_id_fkey') + THEN + Alter table "rule_svc_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; + END IF; + + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_user_resolved_user_id_fkey') + THEN + Alter table "rule_user_resolved" add foreign key ("user_id") references "usr" ("user_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_user_resolved_rule_id_fkey') + THEN + Alter table "rule_user_resolved" add foreign key ("rule_id") references "rule" ("rule_id") on update restrict on delete cascade; + END IF; + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'rule_user_resolved_mgm_id_fkey') + THEN + Alter table "rule_user_resolved" add foreign key ("mgm_id") references "management" ("mgm_id") on update restrict on delete cascade; + END IF; +END $$; Grant insert on "rule_nwobj_resolved" to group "configimporters"; Grant insert on "rule_svc_resolved" to group "configimporters"; diff --git a/roles/database/files/upgrade/5.3.3.sql b/roles/database/files/upgrade/5.3.3.sql index c6b0e7bea..958e6ceb9 100644 --- a/roles/database/files/upgrade/5.3.3.sql +++ b/roles/database/files/upgrade/5.3.3.sql @@ -1,3 +1,13 @@ Alter table "ldap_connection" ADD COLUMN IF NOT EXISTS "ldap_name" Varchar; Alter table "uiuser" ADD COLUMN IF NOT EXISTS "ldap_connection_id" BIGINT; -Alter table "uiuser" add foreign key ("ldap_connection_id") references "ldap_connection" ("ldap_connection_id") on update restrict on delete cascade; + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'uiuser_ldap_connection_id_fkey') + THEN + Alter table "uiuser" add foreign key ("ldap_connection_id") references "ldap_connection" ("ldap_connection_id") on update restrict on delete cascade; + END IF; +END $$; + diff --git a/roles/database/files/upgrade/5.4.1.sql b/roles/database/files/upgrade/5.4.1.sql index 848b0ebb4..291e2f9a7 100644 --- a/roles/database/files/upgrade/5.4.1.sql +++ b/roles/database/files/upgrade/5.4.1.sql @@ -91,6 +91,7 @@ CREATE TRIGGER import_rule_rule_id_seq BEFORE INSERT ON import_rule FOR EACH ROW CREATE OR REPLACE FUNCTION import_config_from_jsonb () RETURNS TRIGGER + LANGUAGE plpgsql AS $BODY$ DECLARE import_id BIGINT; @@ -132,10 +133,7 @@ BEGIN RETURN NEW; END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; ALTER FUNCTION public.import_config_from_jsonb () OWNER TO fworch; diff --git a/roles/database/files/upgrade/5.6.3.sql b/roles/database/files/upgrade/5.6.3.sql index e0ba0bf22..ac3ccba36 100644 --- a/roles/database/files/upgrade/5.6.3.sql +++ b/roles/database/files/upgrade/5.6.3.sql @@ -12,6 +12,7 @@ DROP FUNCTION IF EXISTS import_config_from_jsonb (); CREATE OR REPLACE FUNCTION import_config_from_json () RETURNS TRIGGER + LANGUAGE plpgsql AS $BODY$ DECLARE import_id BIGINT; @@ -53,10 +54,7 @@ BEGIN RETURN NEW; END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; ALTER FUNCTION public.import_config_from_json () OWNER TO fworch; diff --git a/roles/database/files/upgrade/5.6.5.sql b/roles/database/files/upgrade/5.6.5.sql index 304320947..4cd0621ee 100644 --- a/roles/database/files/upgrade/5.6.5.sql +++ b/roles/database/files/upgrade/5.6.5.sql @@ -24,6 +24,7 @@ DROP TRIGGER IF EXISTS import_config_insert ON import_config CASCADE; CREATE OR REPLACE FUNCTION import_config_from_json () RETURNS TRIGGER + LANGUAGE plpgsql AS $BODY$ DECLARE import_id BIGINT; @@ -65,10 +66,7 @@ BEGIN END IF; RETURN NEW; END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; ALTER FUNCTION public.import_config_from_json () OWNER TO fworch; diff --git a/roles/database/files/upgrade/5.6.7.sql b/roles/database/files/upgrade/5.6.7.sql index a07fd834c..0c4992d08 100644 --- a/roles/database/files/upgrade/5.6.7.sql +++ b/roles/database/files/upgrade/5.6.7.sql @@ -11,6 +11,7 @@ ALTER TABLE import_config ADD COLUMN IF NOT EXISTS "debug_mode" Boolean Default CREATE OR REPLACE FUNCTION import_config_from_json () RETURNS TRIGGER + LANGUAGE plpgsql AS $BODY$ DECLARE import_id BIGINT; @@ -52,14 +53,12 @@ BEGIN END IF; RETURN NEW; END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; CREATE OR REPLACE FUNCTION debug_show_time (VARCHAR, TIMESTAMP) RETURNS TIMESTAMP + LANGUAGE plpgsql AS $BODY$ DECLARE v_event ALIAS FOR $1; -- description of the processed time @@ -67,19 +66,15 @@ DECLARE BEGIN RAISE NOTICE '% duration: %s', v_event, now()- t_import_start; --- RAISE NOTICE '% duration: %s', v_event, CAST((now()- t_import_start) AS VARCHAR); --- RAISE NOTICE 'duration of last step: %s', CAST(now()- t_import_start AS VARCHAR); RETURN now(); END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; DROP FUNCTION IF EXISTS public.import_all_main(BIGINT); DROP FUNCTION IF EXISTS public.import_all_main(BIGINT, BOOLEAN); CREATE OR REPLACE FUNCTION public.import_all_main(BIGINT, BOOLEAN) - RETURNS VARCHAR AS + LANGUAGE plpgsql + RETURNS VARCHAR AS $BODY$ DECLARE i_current_import_id ALIAS FOR $1; -- ID of the current import @@ -130,10 +125,10 @@ BEGIN LOOP SELECT INTO b_do_not_import do_not_import FROM device WHERE dev_id=r_dev.dev_id; IF NOT b_do_not_import THEN -- RAISE NOTICE 'importing %', r_dev.dev_name; - v_err_pos := 'import_rules of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ')'; + v_err_pos := 'import_rules of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ') '; IF (import_rules(r_dev.dev_id, i_current_import_id)) THEN -- returns true if rule order needs to be changed -- currently always returns true as each import needs a rule reordering - v_err_pos := 'import_rules_set_rule_num_numeric of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ')'; + v_err_pos := 'import_rules_set_rule_num_numeric of device ' || r_dev.dev_name || ' (Management: ' || CAST (i_mgm_id AS VARCHAR) || ') '; -- in case of any changes - adjust rule_num values in rulebase PERFORM import_rules_set_rule_num_numeric (i_current_import_id,r_dev.dev_id); END IF; @@ -183,9 +178,7 @@ BEGIN END; RETURN ''; END; -$BODY$ - LANGUAGE plpgsql VOLATILE - COST 100; +$BODY$; ALTER FUNCTION public.import_all_main(BIGINT, BOOLEAN) OWNER TO fworch; DO $$ @@ -370,7 +363,6 @@ DROP table if exists "tenant_object"; DROP table if exists "report_template_viewable_by_tenant"; --- Alter table "error_log" add foreign key ("error_id") references "error" ("error_id") on update restrict on delete cascade; drop table if exists "error_log"; -- index optimization diff --git a/roles/database/files/upgrade/5.7.2.sql b/roles/database/files/upgrade/5.7.2.sql index 27e776aa1..12c49ec93 100644 --- a/roles/database/files/upgrade/5.7.2.sql +++ b/roles/database/files/upgrade/5.7.2.sql @@ -66,6 +66,7 @@ CREATE TRIGGER gw_route_add BEFORE INSERT ON gw_route FOR EACH ROW EXECUTE PROCE CREATE OR REPLACE FUNCTION import_config_from_json () RETURNS TRIGGER + LANGUAGE plpgsql AS $BODY$ DECLARE i_mgm_id INTEGER; @@ -123,10 +124,7 @@ BEGIN END IF; RETURN NEW; END; -$BODY$ -LANGUAGE plpgsql -VOLATILE -COST 100; +$BODY$; ALTER FUNCTION public.import_config_from_json () OWNER TO fworch; DROP TRIGGER IF EXISTS import_config_insert ON import_config CASCADE; diff --git a/roles/database/files/upgrade/6.1.0.sql b/roles/database/files/upgrade/6.1.0.sql index 7354acff0..e69520105 100644 --- a/roles/database/files/upgrade/6.1.0.sql +++ b/roles/database/files/upgrade/6.1.0.sql @@ -21,67 +21,11 @@ ALTER TABLE import_credential ADD COLUMN IF NOT EXISTS cloud_client_secret VARCH ALTER TABLE owner DROP CONSTRAINT IF EXISTS owner_name_unique_in_tenant; ALTER TABLE owner ADD CONSTRAINT owner_name_unique_in_tenant UNIQUE ("name","tenant_id"); --- adding owner data -INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('ownerF_demo', 'ad-single-owner-f', 'ad-group-owner-f', false, 1, 30, '2022-12-01T00:00:00', '123') - ON CONFLICT DO NOTHING; -INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('ownerD_demo', 'ad-single-owner-d', 'ad-group-owner-d', false, 1, 30, '2022-12-01T00:00:00', '234') - ON CONFLICT DO NOTHING; -INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('defaultOwner_demo', 'ad-single-owner-default', 'ad-group-owner-default', true, 1, 30, '2022-12-01T00:00:00', '111') - ON CONFLICT DO NOTHING; - ---------------------------------------------------------------- - -DO $$ -BEGIN -IF NOT EXISTS((SELECT * FROM owner_network LEFT JOIN owner ON (owner.id=owner_network.owner_id) - WHERE owner.name='ownerF_demo' AND owner.tenant_id=1 AND owner_network.ip='10.222.0.0/27')) -THEN - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerF_demo' AND tenant_id=1), '10.222.0.0/27') - ON CONFLICT DO NOTHING; -END IF; -END $$; - -DO $$ -BEGIN -IF NOT EXISTS((SELECT * FROM owner_network LEFT JOIN owner ON (owner.id=owner_network.owner_id) - WHERE owner.name='ownerD_demo' AND owner.tenant_id=1 AND owner_network.ip='10.222.0.32/27')) -THEN - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerD_demo' AND tenant_id=1), '10.222.0.32/27') - ON CONFLICT DO NOTHING; -END IF; -END $$; - -DO $$ -BEGIN -IF NOT EXISTS((SELECT * FROM owner_network LEFT JOIN owner ON (owner.id=owner_network.owner_id) - WHERE owner.name='ownerF_demo' AND owner.tenant_id=1 AND owner_network.ip='10.0.0.0/27')) -THEN - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerF_demo' AND tenant_id=1), '10.0.0.0/27') - ON CONFLICT DO NOTHING; -END IF; -END $$; - -DO $$ -BEGIN -IF NOT EXISTS((SELECT * FROM owner_network LEFT JOIN owner ON (owner.id=owner_network.owner_id) - WHERE owner.name='ownerD_demo' AND owner.tenant_id=1 AND owner_network.ip='10.0.0.32/27')) -THEN - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerD_demo' AND tenant_id=1), '10.0.0.32/27') - ON CONFLICT DO NOTHING; -END IF; -END $$; - -- CREATE OR REPLACE VIEW v_active_access_rules AS -- SELECT * FROM rule r -- WHERE r.active AND r.access_rule AND NOT r.rule_disabled AND r.rule_head_text IS NULL; +DROP VIEW IF EXISTS v_active_access_allow_rules CASCADE; CREATE OR REPLACE VIEW v_active_access_allow_rules AS SELECT * FROM rule r WHERE r.active AND -- only show current (not historical) rules @@ -90,6 +34,7 @@ CREATE OR REPLACE VIEW v_active_access_allow_rules AS NOT r.rule_disabled AND -- do not show disabled rules NOT r.action_id IN (2,3,7); -- do not deal with deny rules +DROP VIEW IF EXISTS v_rule_with_src_owner CASCADE; CREATE OR REPLACE VIEW v_rule_with_src_owner AS SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'source' AS match_in, owner.name as owner_name, rule_metadata.rule_last_certified, rule_last_certifier @@ -102,6 +47,7 @@ CREATE OR REPLACE VIEW v_rule_with_src_owner AS LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; +DROP VIEW IF EXISTS v_rule_with_dst_owner CASCADE; CREATE OR REPLACE VIEW v_rule_with_dst_owner AS SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'destination' AS match_in, owner.name as owner_name, rule_metadata.rule_last_certified, rule_last_certifier @@ -114,6 +60,26 @@ CREATE OR REPLACE VIEW v_rule_with_dst_owner AS LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; +--necessary when changing materialized/non-mat. view +/* CREATE OR REPLACE FUNCTION purge_view_rule_with_owner () RETURNS VOID AS $$ +DECLARE + r_temp_record RECORD; +BEGIN + select INTO r_temp_record schemaname, viewname from pg_catalog.pg_views + where schemaname NOT IN ('pg_catalog', 'information_schema') and viewname='view_rule_with_owner' + order by schemaname, viewname; + IF FOUND THEN + DROP VIEW IF EXISTS view_rule_with_owner CASCADE; + END IF; + DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner CASCADE; + RETURN; +END; +$$ LANGUAGE plpgsql; + +SELECT * FROM purge_view_rule_with_owner (); +DROP FUNCTION purge_view_rule_with_owner(); +*/ + CREATE OR REPLACE VIEW view_rule_with_owner AS SELECT DISTINCT r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, uno.rule_id, uno.owner_id, uno.owner_name, uno.rule_last_certified, uno.rule_last_certifier, rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, diff --git a/roles/database/files/upgrade/6.1.2.sql b/roles/database/files/upgrade/6.1.2.sql index 52c0e8c74..2d2e0f26e 100644 --- a/roles/database/files/upgrade/6.1.2.sql +++ b/roles/database/files/upgrade/6.1.2.sql @@ -4,3 +4,51 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac VALUES (22,'Palo Alto Panorama','2023ff','Palo Alto','',true,true,false) ON CONFLICT DO NOTHING; insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) VALUES (23,'Palo Alto Management','2023ff','Palo Alto','',false,true,false) ON CONFLICT DO NOTHING; + +drop view if exists v_rule_with_src_owner cascade; +drop view if exists v_rule_with_dst_owner cascade; + + +CREATE OR REPLACE VIEW v_rule_with_src_owner AS + SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'source' AS match_in, owner.name as owner_name, + recert_interval, rule_metadata.rule_last_certified, rule_last_certifier + FROM v_active_access_allow_rules r + LEFT JOIN rule_from ON (r.rule_id=rule_from.rule_id) + LEFT JOIN objgrp_flat of ON (rule_from.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + LEFT JOIN owner_network ON (o.obj_ip>>=owner_network.ip OR o.obj_ip<<=owner_network.ip) + LEFT JOIN owner ON (owner_network.owner_id=owner.id) + LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) + WHERE NOT o.obj_ip IS NULL + GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; + +CREATE OR REPLACE VIEW v_rule_with_dst_owner AS + SELECT r.rule_id, owner.id as owner_id, owner_network.ip as matching_ip, 'destination' AS match_in, owner.name as owner_name, + recert_interval, rule_metadata.rule_last_certified, rule_last_certifier + FROM v_active_access_allow_rules r + LEFT JOIN rule_to ON (r.rule_id=rule_to.rule_id) + LEFT JOIN objgrp_flat of ON (rule_to.obj_id=of.objgrp_flat_id) + LEFT JOIN object o ON (of.objgrp_flat_member_id=o.obj_id) + LEFT JOIN owner_network ON (o.obj_ip>>=owner_network.ip OR o.obj_ip<<=owner_network.ip) + LEFT JOIN owner ON (owner_network.owner_id=owner.id) + LEFT JOIN rule_metadata ON (r.rule_uid=rule_metadata.rule_uid AND r.dev_id=rule_metadata.dev_id) + WHERE NOT o.obj_ip IS NULL + GROUP BY r.rule_id, matching_ip, owner.id, owner.name, rule_metadata.rule_last_certified, rule_last_certifier; + +--drop view view_rule_with_owner; +CREATE OR REPLACE VIEW view_rule_with_owner AS + SELECT DISTINCT r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, uno.rule_id, uno.owner_id, uno.owner_name, uno.rule_last_certified, uno.rule_last_certifier, + rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, + rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule, + string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches, + recert_interval + FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner UNION SELECT DISTINCT * FROM v_rule_with_dst_owner ) AS uno + LEFT JOIN rule AS r USING (rule_id) + GROUP BY rule_id, owner_id, owner_name, rule_last_certified, rule_last_certifier, r.rule_from_zone, r.rule_to_zone, recert_interval, + r.dev_id, r.mgm_id, r.rule_uid, rule_num_numeric, track_id, action_id, rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, + rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule; + +-- CREATE OR REPLACE VIEW view_recert_overdue_rules AS +-- SELECT * FROM view_rule_with_owner as rules +-- WHERE now()::DATE -recert_interval> (select max(recert_date) from recertification where recertified and owner_id=rules.owner_id); + diff --git a/roles/database/files/upgrade/6.1.3.sql b/roles/database/files/upgrade/6.1.3.sql new file mode 100644 index 000000000..3b58dd00a --- /dev/null +++ b/roles/database/files/upgrade/6.1.3.sql @@ -0,0 +1,61 @@ +ALTER TABLE recertification ADD COLUMN IF NOT EXISTS next_recert_date Timestamp; + +-- creating triggers for owner changes: + +CREATE OR REPLACE FUNCTION owner_change_triggered () + RETURNS TRIGGER + LANGUAGE plpgsql + AS $BODY$ +BEGIN + PERFORM recert_refresh_per_owner(NEW.id); + RETURN NEW; +END; +$BODY$; +ALTER FUNCTION public.owner_change_triggered () OWNER TO fworch; + + +DROP TRIGGER IF EXISTS owner_change ON owner CASCADE; + +CREATE TRIGGER owner_change + BEFORE INSERT OR UPDATE ON owner + FOR EACH ROW + EXECUTE PROCEDURE owner_change_triggered (); + +CREATE OR REPLACE FUNCTION owner_network_change_triggered () + RETURNS TRIGGER + LANGUAGE plpgsql + AS $BODY$ +BEGIN + PERFORM recert_refresh_per_owner(NEW.id); + RETURN NEW; +END; +$BODY$; +ALTER FUNCTION public.owner_network_change_triggered () OWNER TO fworch; + +DROP TRIGGER IF EXISTS owner_network_change ON owner_network CASCADE; + +CREATE TRIGGER owner_network_change + BEFORE INSERT OR UPDATE ON owner_network + FOR EACH ROW + EXECUTE PROCEDURE owner_network_change_triggered (); + + +--- refreshing future recert entries: + +CREATE OR REPLACE FUNCTION refresh_recert_entries () RETURNS VOID AS $$ +DECLARE + r_mgm RECORD; +BEGIN + FOR r_mgm IN SELECT mgm_id FROM management WHERE NOT do_not_import + LOOP + PERFORM recert_refresh_per_management(r_mgm.mgm_id); + END LOOP; + RETURN; +END; +$$ LANGUAGE plpgsql; + + +-- LargeOwnerChange: comment out the next line to not refresh recert entries during upgrade +SELECT * FROM refresh_recert_entries (); +DROP FUNCTION refresh_recert_entries(); + diff --git a/roles/database/files/upgrade/6.1.4.sql b/roles/database/files/upgrade/6.1.4.sql new file mode 100644 index 000000000..3e503951f --- /dev/null +++ b/roles/database/files/upgrade/6.1.4.sql @@ -0,0 +1,106 @@ +ALTER TABLE request.reqelement ALTER COLUMN original_nat_id TYPE bigint; +ALTER TABLE request.reqelement ADD COLUMN IF NOT EXISTS device_id int; +ALTER TABLE request.reqelement ADD COLUMN IF NOT EXISTS rule_uid varchar; +ALTER TABLE request.reqelement DROP CONSTRAINT IF EXISTS request_reqelement_device_foreign_key; +ALTER TABLE request.reqelement ADD CONSTRAINT request_reqelement_device_foreign_key FOREIGN KEY (device_id) REFERENCES device(dev_id) ON UPDATE RESTRICT ON DELETE CASCADE; + +ALTER TABLE request.implelement ALTER COLUMN original_nat_id TYPE bigint; +ALTER TABLE request.implelement ADD COLUMN IF NOT EXISTS rule_uid varchar; + +ALTER TYPE rule_field_enum ADD VALUE IF NOT EXISTS 'rule'; + +insert into config (config_key, config_value, config_user) VALUES ('recAutocreateDeleteTicket', 'False', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketTitle', 'Ticket Title', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketReason', 'Ticket Reason', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleReqTaskTitle', 'Task Title', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleReqTaskReason', 'Task Reason', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleTicketPriority', '3', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recDeleteRuleInitState', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailSubject', 'Upcoming rule recertifications', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailUpcomingText', 'The following rules are upcoming to be recertified:', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailOverdueText', 'The following rules are overdue to be recertified:', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recCheckActive', 'False', 0) ON CONFLICT DO NOTHING; + +ALTER TABLE owner ADD COLUMN IF NOT EXISTS last_recert_check Timestamp; +ALTER TABLE owner ADD COLUMN IF NOT EXISTS recert_check_params Varchar; + +drop index if exists only_one_future_recert_per_owner_per_rule; +create unique index if not exists only_one_future_recert_per_owner_per_rule on recertification(owner_id,rule_metadata_id,recert_date) + where recert_date IS NULL; + +ALTER TABLE owner_network DROP CONSTRAINT IF EXISTS owner_network_ip_unique; +ALTER TABLE owner_network ADD CONSTRAINT owner_network_ip_unique UNIQUE (owner_id, ip); + +ALTER TABLE owner DROP COLUMN IF EXISTS next_recert_date; + +Create index IF NOT EXISTS idx_object04 on object (obj_ip); +Create index IF NOT EXISTS idx_rule04 on rule (action_id); + +-- replacing view by materialized view +CREATE OR REPLACE FUNCTION purge_view_rule_with_owner () RETURNS VOID AS $$ +DECLARE + r_temp_record RECORD; +BEGIN + select INTO r_temp_record schemaname, viewname from pg_catalog.pg_views + where schemaname NOT IN ('pg_catalog', 'information_schema') and viewname='view_rule_with_owner' + order by schemaname, viewname; + IF FOUND THEN + DROP VIEW IF EXISTS view_rule_with_owner CASCADE; + END IF; + DROP MATERIALIZED VIEW IF EXISTS view_rule_with_owner CASCADE; + RETURN; +END; +$$ LANGUAGE plpgsql; + +SELECT * FROM purge_view_rule_with_owner (); +DROP FUNCTION purge_view_rule_with_owner(); + +-- LargeOwnerChange: uncomment to disable triggers (e.g. for large installations without recert needs) +-- ALTER TABLE owner DISABLE TRIGGER owner_change; +-- ALTER TABLE owner_network DISABLE TRIGGER owner_network_change; + +CREATE MATERIALIZED VIEW view_rule_with_owner AS + SELECT DISTINCT r.rule_num_numeric, r.track_id, r.action_id, r.rule_from_zone, r.rule_to_zone, r.dev_id, r.mgm_id, r.rule_uid, uno.rule_id, uno.owner_id, uno.owner_name, uno.rule_last_certified, uno.rule_last_certifier, + rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, + rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule, + string_agg(DISTINCT match_in || ':' || matching_ip::VARCHAR, '; ' order by match_in || ':' || matching_ip::VARCHAR desc) as matches, + recert_interval + FROM ( SELECT DISTINCT * FROM v_rule_with_src_owner UNION SELECT DISTINCT * FROM v_rule_with_dst_owner ) AS uno + LEFT JOIN rule AS r USING (rule_id) + GROUP BY rule_id, owner_id, owner_name, rule_last_certified, rule_last_certifier, r.rule_from_zone, r.rule_to_zone, recert_interval, + r.dev_id, r.mgm_id, r.rule_uid, rule_num_numeric, track_id, action_id, rule_action, rule_name, rule_comment, rule_track, rule_src_neg, rule_dst_neg, rule_svc_neg, + rule_head_text, rule_disabled, access_rule, xlate_rule, nat_rule; + +------------ +-- add new super owner + +DELETE FROM owner WHERE name='defaultOwner_demo'; +UPDATE owner SET is_default=false WHERE id>0; -- idempotence +INSERT INTO owner (id, name, dn, group_dn, is_default, recert_interval, app_id_external) +VALUES (0, 'super-owner', 'uid=admin,ou=tenant0,ou=operator,ou=user,dc=fworch,dc=internal', 'group-dn-for-super-owner', true, 365, 'NONE') +ON CONFLICT DO NOTHING; + +------------------------- +-- add recert refresh trigger + +create or replace function refresh_view_rule_with_owner() +returns trigger language plpgsql +as $$ +begin + refresh materialized view view_rule_with_owner; + return null; +end $$; + +drop trigger IF exists refresh_view_rule_with_owner_delete_trigger ON recertification CASCADE; + +create trigger refresh_view_rule_with_owner_delete_trigger +after delete on recertification for each statement +execute procedure refresh_view_rule_with_owner(); + +ALTER TABLE owner DROP CONSTRAINT IF EXISTS owner_name_key; +ALTER TABLE owner ADD CONSTRAINT owner_name_key UNIQUE (name); +ALTER TABLE owner DROP CONSTRAINT IF EXISTS owner_app_id_external_key; +ALTER TABLE owner ADD CONSTRAINT owner_app_id_external_key UNIQUE (app_id_external); +ALTER TABLE owner ALTER COLUMN app_id_external DROP NOT NULL; +insert into config (config_key, config_value, config_user) VALUES ('recRefreshStartup', 'False', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recRefreshDaily', 'False', 0) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/6.2.2.sql b/roles/database/files/upgrade/6.2.2.sql new file mode 100644 index 000000000..19222423e --- /dev/null +++ b/roles/database/files/upgrade/6.2.2.sql @@ -0,0 +1 @@ +alter table import_rule add column if not exists "last_hit" Timestamp; diff --git a/roles/database/files/upgrade/6.3.3.sql b/roles/database/files/upgrade/6.3.3.sql new file mode 100644 index 000000000..219eab49b --- /dev/null +++ b/roles/database/files/upgrade/6.3.3.sql @@ -0,0 +1,4 @@ +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (24,'FortiOS Management','REST','Fortinet','',false,true,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (25,'Fortinet FortiOS Gateway','REST','Fortinet','',false,false,false) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/6.5.0.sql b/roles/database/files/upgrade/6.5.0.sql new file mode 100644 index 000000000..156e57279 --- /dev/null +++ b/roles/database/files/upgrade/6.5.0.sql @@ -0,0 +1,53 @@ +--- Compliance Tables --- +create schema if not exists compliance; + +create table if not exists compliance.network_zone +( + id BIGSERIAL PRIMARY KEY, + name VARCHAR NOT NULL, + description VARCHAR NOT NULL, + super_network_zone_id bigint, + owner_id bigint +); + +create table if not exists compliance.network_zone_communication +( + from_network_zone_id bigint NOT NULL, + to_network_zone_id bigint NOT NULL +); + +create table if not exists compliance.ip_range +( + network_zone_id bigint NOT NULL, + ip_range_start inet NOT NULL, + ip_range_end inet NOT NULL, + PRIMARY KEY(network_zone_id, ip_range_start, ip_range_end) +); + + +--- Compliance Foreign Keys --- + +--- compliance.ip_range --- +ALTER TABLE compliance.ip_range DROP CONSTRAINT IF EXISTS compliance_ip_range_network_zone_foreign_key; +ALTER TABLE compliance.ip_range ADD CONSTRAINT compliance_ip_range_network_zone_foreign_key FOREIGN KEY (network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +--- compliance.network_zone --- +ALTER TABLE compliance.network_zone DROP CONSTRAINT IF EXISTS compliance_super_zone_foreign_key; +ALTER TABLE compliance.network_zone ADD CONSTRAINT compliance_super_zone_foreign_key FOREIGN KEY (super_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + +--- compliance.network_zone_communication --- +ALTER TABLE compliance.network_zone_communication DROP CONSTRAINT IF EXISTS compliance_from_network_zone_communication_foreign_key; +ALTER TABLE compliance.network_zone_communication DROP CONSTRAINT IF EXISTS compliance_to_network_zone_communication_foreign_key; +ALTER TABLE compliance.network_zone_communication ADD CONSTRAINT compliance_from_network_zone_communication_foreign_key FOREIGN KEY (from_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE compliance.network_zone_communication ADD CONSTRAINT compliance_to_network_zone_communication_foreign_key FOREIGN KEY (to_network_zone_id) REFERENCES compliance.network_zone(id) ON UPDATE RESTRICT ON DELETE CASCADE; + + +--- Compliance Constraints --- +CREATE EXTENSION IF NOT EXISTS btree_gist; +--- prevent overlapping ip address ranges in the same zone +ALTER TABLE compliance.ip_range DROP CONSTRAINT IF EXISTS exclude_overlapping_ip_ranges; +ALTER TABLE compliance.ip_range ADD CONSTRAINT exclude_overlapping_ip_ranges +EXCLUDE USING gist ( + network_zone_id WITH =, + numrange(ip_range_start - '0.0.0.0'::inet, ip_range_end - '0.0.0.0'::inet, '[]') WITH && +); diff --git a/roles/database/files/upgrade/6.5.1.sql b/roles/database/files/upgrade/6.5.1.sql new file mode 100644 index 000000000..a36e914c7 --- /dev/null +++ b/roles/database/files/upgrade/6.5.1.sql @@ -0,0 +1,2 @@ +insert into config (config_key, config_value, config_user) VALUES ('unusedTolerance', '400', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('creationTolerance', '90', 0) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/7.0.2.sql b/roles/database/files/upgrade/7.0.2.sql new file mode 100644 index 000000000..012701264 --- /dev/null +++ b/roles/database/files/upgrade/7.0.2.sql @@ -0,0 +1,41 @@ +INSERT INTO "report_template" ("report_filter","report_template_name","report_template_comment","report_template_owner", "report_parameters") +SELECT '','Last year''s Unused Rules','T0106', 0, + '{"report_type":10,"device_filter":{"management":[]}, + "time_filter": { + "is_shortcut": true, + "shortcut": "now", + "report_time": "2022-01-01T00:00:00.0000000+01:00", + "timerange_type": "SHORTCUT", + "shortcut_range": "this year", + "offset": 0, + "interval": "DAYS", + "start_time": "2022-01-01T00:00:00.0000000+01:00", + "end_time": "2022-01-01T00:00:00.0000000+01:00", + "open_start": false, + "open_end": false}, + "unused_filter": { + "creationTolerance": 0, + "unusedForDays": 365}}' +WHERE NOT EXISTS (SELECT * FROM report_template WHERE report_template_owner = 0 AND report_template_comment = 'T0106'); + +INSERT INTO "report_template" ("report_filter","report_template_name","report_template_comment","report_template_owner", "report_parameters") +SELECT '','Next Month''s Recertifications','T0107', 0, + '{"report_type":7,"device_filter":{"management":[]}, + "time_filter": { + "is_shortcut": true, + "shortcut": "now", + "report_time": "2022-01-01T00:00:00.0000000+01:00", + "timerange_type": "SHORTCUT", + "shortcut_range": "this year", + "offset": 0, + "interval": "DAYS", + "start_time": "2022-01-01T00:00:00.0000000+01:00", + "end_time": "2022-01-01T00:00:00.0000000+01:00", + "open_start": false, + "open_end": false}, + "recert_filter": { + "recertOwnerList": [], + "recertShowAnyMatch": true, + "recertificationDisplayPeriod": 30}}' +WHERE NOT EXISTS (SELECT * FROM report_template WHERE report_template_owner = 0 AND report_template_comment = 'T0107'); + diff --git a/roles/database/files/upgrade/7.1.2.sql b/roles/database/files/upgrade/7.1.2.sql new file mode 100644 index 000000000..0f8031806 --- /dev/null +++ b/roles/database/files/upgrade/7.1.2.sql @@ -0,0 +1 @@ +insert into stm_action (action_id,action_name) VALUES (29,'inform') ON CONFLICT DO NOTHING; -- cp diff --git a/roles/database/files/upgrade/7.2.1.sql b/roles/database/files/upgrade/7.2.1.sql new file mode 100644 index 000000000..5a55d8785 --- /dev/null +++ b/roles/database/files/upgrade/7.2.1.sql @@ -0,0 +1,2 @@ + +insert into config (config_key, config_value, config_user) VALUES ('ruleOwnershipMode', 'mixed', 0) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/7.2.2.sql b/roles/database/files/upgrade/7.2.2.sql new file mode 100644 index 000000000..747a16f8e --- /dev/null +++ b/roles/database/files/upgrade/7.2.2.sql @@ -0,0 +1,111 @@ +-- turning all CIDR objects into ranges +-- see https://github.com/CactuseSecurity/firewall-orchestrator/issues/2238 + +-- defining helper functions: +CREATE OR REPLACE FUNCTION get_first_ip_of_cidr (ip CIDR) + RETURNS CIDR + LANGUAGE 'plpgsql' IMMUTABLE COST 1 + AS +$BODY$ + BEGIN + IF is_single_ip(ip) THEN + RETURN ip; + ELSE + RETURN host(abbrev(ip)::cidr); + END IF; + END; +$BODY$; + +CREATE OR REPLACE FUNCTION get_last_ip_of_cidr (ip CIDR) + RETURNS CIDR + LANGUAGE 'plpgsql' IMMUTABLE COST 1 + AS +$BODY$ + BEGIN + IF is_single_ip(ip) THEN + RETURN ip; + ELSE + RETURN inet(host(broadcast(ip))); + END IF; + END; +$BODY$; + +CREATE OR REPLACE FUNCTION is_single_ip (ip CIDR) + RETURNS BOOLEAN + LANGUAGE 'plpgsql' IMMUTABLE COST 1 + AS +$BODY$ + BEGIN + RETURN masklen(ip)=32 AND family(ip)=4 OR masklen(ip)=128 AND family(ip)=6; + END; +$BODY$; + +CREATE OR REPLACE FUNCTION turn_all_cidr_objects_into_ranges () RETURNS VOID AS $$ +DECLARE + i_obj_id BIGINT; + r_obj RECORD; +BEGIN + +-- handling table object + FOR r_obj IN SELECT obj_id, obj_ip, obj_ip_end FROM object + LOOP + IF NOT is_single_ip(r_obj.obj_ip) OR r_obj.obj_ip_end IS NULL THEN + + UPDATE object SET obj_ip_end = get_last_ip_of_cidr(r_obj.obj_ip) WHERE obj_id=r_obj.obj_id; + UPDATE object SET obj_ip = get_first_ip_of_cidr(r_obj.obj_ip) WHERE obj_id=r_obj.obj_id; + END IF; + END LOOP; + + -- all network objects but groups must have ip addresses: + ALTER TABLE object DROP CONSTRAINT IF EXISTS object_obj_ip_not_null; + ALTER TABLE object DROP CONSTRAINT IF EXISTS object_obj_ip_end_not_null; + ALTER TABLE object ADD CONSTRAINT object_obj_ip_not_null CHECK (obj_ip IS NOT NULL OR obj_typ_id=2); + ALTER TABLE object ADD CONSTRAINT object_obj_ip_end_not_null CHECK (obj_ip_end IS NOT NULL OR obj_typ_id=2); + + ALTER TABLE object DROP CONSTRAINT IF EXISTS object_obj_ip_is_host; + ALTER TABLE object DROP CONSTRAINT IF EXISTS object_obj_ip_end_is_host; + ALTER TABLE object ADD CONSTRAINT object_obj_ip_is_host CHECK (is_single_ip(obj_ip)); + ALTER TABLE object ADD CONSTRAINT object_obj_ip_end_is_host CHECK (is_single_ip(obj_ip_end)); + +-- handling table owner_network + ALTER TABLE owner_network ADD COLUMN IF NOT EXISTS ip_end CIDR; + + FOR r_obj IN SELECT id, ip, ip_end FROM owner_network + LOOP + IF NOT is_single_ip(r_obj.ip) OR r_obj.ip_end IS NULL THEN + UPDATE owner_network SET ip_end = get_last_ip_of_cidr(r_obj.ip) WHERE id=r_obj.id; + UPDATE owner_network SET ip = get_first_ip_of_cidr(r_obj.ip) WHERE id=r_obj.id; + END IF; + END LOOP; + + ALTER TABLE owner_network DROP CONSTRAINT IF EXISTS owner_network_ip_end_not_null; + ALTER TABLE owner_network ADD CONSTRAINT owner_network_ip_end_not_null CHECK (ip_end IS NOT NULL); + +-- handling table tenant_network + FOR r_obj IN SELECT tenant_net_id, tenant_net_ip, tenant_net_ip_end FROM tenant_network + LOOP + IF is_single_ip(r_obj.tenant_net_ip) OR r_obj.tenant_net_ip_end IS NULL THEN + UPDATE tenant_network SET tenant_net_ip_end = inet(host(broadcast(r_obj.tenant_net_ip))) WHERE tenant_net_id=r_obj.tenant_net_id; + UPDATE tenant_network SET tenant_net_ip = inet(abbrev(r_obj.tenant_net_ip)) WHERE tenant_net_id=r_obj.tenant_net_id; + END IF; + END LOOP; + + ALTER TABLE tenant_network DROP CONSTRAINT IF EXISTS tenant_network_tenant_net_ip_end_not_null; + ALTER TABLE tenant_network ADD CONSTRAINT tenant_network_tenant_net_ip_end_not_null CHECK (tenant_net_ip_end IS NOT NULL); + + Alter Table tenant DROP Constraint IF EXISTS tenant_tenant_name_key; + Alter Table tenant ADD Constraint tenant_tenant_name_key UNIQUE(tenant_name); + + RETURN; +END; +$$ LANGUAGE plpgsql; + +SELECT * FROM turn_all_cidr_objects_into_ranges(); +DROP FUNCTION turn_all_cidr_objects_into_ranges(); + +-- removing unused import_status views: +DROP VIEW IF EXISTS view_import_status_table_unsorted CASCADE; +DROP VIEW IF EXISTS view_import_status_table CASCADE; +DROP VIEW IF EXISTS view_import_status_errors CASCADE; +DROP VIEW IF EXISTS view_import_status_successful CASCADE; + diff --git a/roles/database/files/upgrade/7.2.4.sql b/roles/database/files/upgrade/7.2.4.sql new file mode 100644 index 000000000..68ab2835a --- /dev/null +++ b/roles/database/files/upgrade/7.2.4.sql @@ -0,0 +1,18 @@ + +Create table if not exists "customtxt" +( + "id" Varchar NOT NULL, + "language" Varchar NOT NULL, + "txt" Varchar NOT NULL, + primary key ("id", "language") +); + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'customtxt_language_fkey') + THEN + Alter table "customtxt" add foreign key ("language") references "language" ("name") on update restrict on delete cascade; + END IF; +END $$; diff --git a/roles/database/files/upgrade/7.2.5.sql b/roles/database/files/upgrade/7.2.5.sql new file mode 100644 index 000000000..f0f52ecfc --- /dev/null +++ b/roles/database/files/upgrade/7.2.5.sql @@ -0,0 +1 @@ +insert into stm_obj_typ (obj_typ_id,obj_typ_name) VALUES (19,'external-gateway') ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/7.3.1.sql b/roles/database/files/upgrade/7.3.1.sql new file mode 100644 index 000000000..49d13f2fa --- /dev/null +++ b/roles/database/files/upgrade/7.3.1.sql @@ -0,0 +1,208 @@ +--------------------- make sure dedicated managements and devices are not tenant filtered ------------------------ + +-- tename existing tenant_id columns +DO $$ +BEGIN + IF EXISTS(SELECT * + FROM information_schema.columns + WHERE table_name='device' and column_name='tenant_id') + THEN + ALTER TABLE "public"."device" RENAME COLUMN "tenant_id" TO "unfiltered_tenant_id"; + END IF; + IF EXISTS(SELECT * + FROM information_schema.columns + WHERE table_name='management' and column_name='tenant_id') + THEN + ALTER TABLE "public"."management" RENAME COLUMN "tenant_id" TO "unfiltered_tenant_id"; + END IF; +END $$; + + +-- TODO: provide UI (settings) for editing unfiltered_tenant for both managements and gateways + +CREATE OR REPLACE FUNCTION rule_relevant_for_tenant(rule rule, hasura_session json) +RETURNS boolean AS $$ + DECLARE + t_id integer; + show boolean DEFAULT false; + mgm_unfiltered_tenant_id integer; + gw_unfiltered_tenant_id integer; + + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id = 1 THEN + show := true; + ELSE + SELECT INTO mgm_unfiltered_tenant_id unfiltered_tenant_id FROM rule LEFT JOIN management USING (mgm_id); + SELECT INTO gw_unfiltered_tenant_id unfiltered_tenant_id FROM rule LEFT JOIN device USING (dev_id); + IF mgm_unfiltered_tenant_id IS NOT NULL AND mgm_unfiltered_tenant_id=t_id OR gw_unfiltered_tenant_id IS NOT NULL AND gw_unfiltered_tenant_id=t_id THEN + show := true; + ELSE + IF EXISTS ( + SELECT rf.obj_id FROM rule_from rf + LEFT JOIN rule r ON (rf.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE rf.rule_id = rule.rule_id AND tenant_id = t_id + ) THEN + show := true; + ELSIF EXISTS ( + SELECT rt.obj_id FROM rule_to rt + LEFT JOIN rule r ON (rt.rule_id=r.rule_id) + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE rt.rule_id = rule.rule_id AND tenant_id = t_id + ) THEN + show := true; + END IF; + END IF; + END IF; + + RETURN show; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_rules_for_tenant(device_row device, tenant integer, hasura_session json) +RETURNS SETOF rule AS $$ + DECLARE + t_id integer; + mgm_unfiltered_tenant_id integer; + gw_unfiltered_tenant_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + SELECT INTO mgm_unfiltered_tenant_id management.unfiltered_tenant_id FROM device LEFT JOIN management USING (mgm_id) WHERE device.dev_id=device_row.dev_id; + SELECT INTO gw_unfiltered_tenant_id device.unfiltered_tenant_id FROM device WHERE dev_id=device_row.dev_id; + + IF mgm_unfiltered_tenant_id IS NOT NULL AND mgm_unfiltered_tenant_id=tenant OR + gw_unfiltered_tenant_id IS NOT NULL AND gw_unfiltered_tenant_id=tenant + THEN + RETURN QUERY SELECT * FROM rule WHERE dev_id=device_row.dev_id; + ELSE + RETURN QUERY + SELECT r.* FROM rule r + LEFT JOIN rule_from rf ON (r.rule_id=rf.rule_id) + LEFT JOIN objgrp_flat rf_of ON (rf.obj_id=rf_of.objgrp_flat_id) + LEFT JOIN object rf_o ON (rf_of.objgrp_flat_member_id=rf_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(rf_o.obj_ip, rf_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != r.rule_src_neg)) + WHERE r.dev_id = device_row.dev_id AND tenant_id = tenant AND rule_head_text IS NULL + UNION + SELECT r.* FROM rule r + LEFT JOIN rule_to rt ON (r.rule_id=rt.rule_id) + LEFT JOIN objgrp_flat rt_of ON (rt.obj_id=rt_of.objgrp_flat_id) + LEFT JOIN object rt_o ON (rt_of.objgrp_flat_member_id=rt_o.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(rt_o.obj_ip, rt_o.obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != r.rule_dst_neg)) + WHERE r.dev_id = device_row.dev_id AND tenant_id = tenant AND rule_head_text IS NULL + ORDER BY rule_name; + END IF; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + +CREATE OR REPLACE FUNCTION get_rule_froms_for_tenant(rule rule, tenant integer, hasura_session json) +RETURNS SETOF rule_from AS $$ + DECLARE + t_id integer; + mgm_unfiltered_tenant_id integer; + gw_unfiltered_tenant_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + SELECT INTO mgm_unfiltered_tenant_id management.unfiltered_tenant_id FROM device LEFT JOIN management USING (mgm_id) WHERE device.dev_id=rule.dev_id; + SELECT INTO gw_unfiltered_tenant_id device.unfiltered_tenant_id FROM device WHERE dev_id=rule.dev_id; + + IF mgm_unfiltered_tenant_id IS NOT NULL AND mgm_unfiltered_tenant_id=tenant OR + gw_unfiltered_tenant_id IS NOT NULL AND gw_unfiltered_tenant_id=tenant + THEN + RETURN QUERY SELECT rf.* FROM rule_from rf WHERE rule_id = rule.rule_id; + ELSIF EXISTS ( + SELECT rt.obj_id FROM rule_to rt + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != rule.rule_dst_neg)) + WHERE rt.rule_id = rule.rule_id AND tenant_id = tenant + ) THEN + RETURN QUERY + SELECT rf.* FROM rule_from rf WHERE rule_id = rule.rule_id; + ELSE + RETURN QUERY + SELECT DISTINCT rf.* FROM rule_from rf + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != rule.rule_src_neg)) + WHERE rule_id = rule.rule_id AND tenant_id = tenant; + END IF; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; + + +CREATE OR REPLACE FUNCTION get_rule_tos_for_tenant(rule rule, tenant integer, hasura_session json) +RETURNS SETOF rule_to AS $$ + DECLARE + t_id integer; + mgm_unfiltered_tenant_id integer; + gw_unfiltered_tenant_id integer; + BEGIN + t_id := (hasura_session ->> 'x-hasura-tenant-id')::integer; + + IF t_id IS NULL THEN + RAISE EXCEPTION 'No tenant id found in hasura session'; --> only happens when using auth via x-hasura-admin-secret (no tenant id is set) + ELSIF t_id != 1 AND t_id != tenant THEN + RAISE EXCEPTION 'A non-tenant-0 user was trying to generate a report for another tenant.'; + ELSIF tenant = 1 THEN + RAISE EXCEPTION 'Tenant0 cannot be simulated.'; + ELSE + SELECT INTO mgm_unfiltered_tenant_id management.unfiltered_tenant_id FROM device LEFT JOIN management USING (mgm_id) WHERE device.dev_id=rule.dev_id; + SELECT INTO gw_unfiltered_tenant_id device.unfiltered_tenant_id FROM device WHERE dev_id=rule.dev_id; + + IF mgm_unfiltered_tenant_id IS NOT NULL AND mgm_unfiltered_tenant_id=tenant OR + gw_unfiltered_tenant_id IS NOT NULL AND gw_unfiltered_tenant_id=tenant + THEN + RETURN QUERY SELECT rt.* FROM rule_to rt WHERE rule_id = rule.rule_id; + ELSIF EXISTS ( + SELECT rf.obj_id FROM rule_from rf + LEFT JOIN objgrp_flat ON (rf.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rf.negated != rule.rule_src_neg)) + WHERE rf.rule_id = rule.rule_id AND tenant_id = tenant + ) THEN + RETURN QUERY + SELECT rt.* FROM rule_to rt WHERE rule_id = rule.rule_id; + ELSE + RETURN QUERY + SELECT DISTINCT rt.* FROM rule_to rt + LEFT JOIN objgrp_flat ON (rt.obj_id=objgrp_flat.objgrp_flat_id) + LEFT JOIN object ON (objgrp_flat.objgrp_flat_member_id=object.obj_id) + LEFT JOIN tenant_network ON + (ip_ranges_overlap(obj_ip, obj_ip_end, tenant_net_ip, tenant_net_ip_end, rt.negated != rule.rule_dst_neg)) + WHERE rule_id = rule.rule_id AND tenant_id = tenant; + END IF; + END IF; + END; +$$ LANGUAGE 'plpgsql' STABLE; diff --git a/roles/database/files/upgrade/7.3.2.sql b/roles/database/files/upgrade/7.3.2.sql new file mode 100644 index 000000000..b19fa699d --- /dev/null +++ b/roles/database/files/upgrade/7.3.2.sql @@ -0,0 +1,194 @@ +insert into config (config_key, config_value, config_user) VALUES ('allowServerInConn', 'True', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('allowServiceInConn', 'True', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importAppDataStartAt', '00:00:00', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importAppDataSleepTime', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataStartAt', '00:00:00', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataSleepTime', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importAppDataPath', '[]', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataPath', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0) ON CONFLICT DO NOTHING; + +alter table owner add column if not exists criticality Varchar; +alter table owner add column if not exists active boolean default true; +alter table owner add column if not exists import_source Varchar; + +alter table owner_network alter column id type bigint; +alter table owner_network add column if not exists name Varchar; +alter table owner_network add column if not exists nw_type int; +alter table owner_network add column if not exists import_source Varchar default 'manual'; +alter table owner_network add column if not exists is_deleted boolean default false; + +-- temp +-- ALTER TABLE modelling.nwobject DROP CONSTRAINT IF EXISTS modelling_nwobject_owner_foreign_key; +-- drop table if exists modelling.nwobject; + + +create schema if not exists modelling; + +create table if not exists modelling.nwgroup +( + id BIGSERIAL PRIMARY KEY, + app_id int, + id_string Varchar, + name Varchar, + comment Varchar, + group_type int, + is_deleted boolean default false, + creator Varchar, + creation_date timestamp default now() +); + +create table if not exists modelling.connection +( + id SERIAL PRIMARY KEY, + app_id int, + name Varchar, + reason Text, + is_interface boolean default false, + used_interface_id int, + common_service boolean default false, + creator Varchar, + creation_date timestamp default now() +); + +create table if not exists modelling.selected_objects +( + app_id int, + nwgroup_id bigint, + primary key (app_id, nwgroup_id) +); + +create table if not exists modelling.selected_connections +( + app_id int, + connection_id int, + primary key (app_id, connection_id) +); + +create table if not exists modelling.nwobject_nwgroup +( + nwobject_id bigint, + nwgroup_id bigint, + primary key (nwobject_id, nwgroup_id) +); + +create table if not exists modelling.nwgroup_connection +( + nwgroup_id bigint, + connection_id int, + connection_field int, -- enum src=1, dest=2, ... + primary key (nwgroup_id, connection_id, connection_field) +); + +create table if not exists modelling.nwobject_connection -- (used only if settings flag is set) +( + nwobject_id bigint, + connection_id int, + connection_field int, -- enum src=1, dest=2, ... + primary key (nwobject_id, connection_id, connection_field) +); + +create table if not exists modelling.service +( + id SERIAL PRIMARY KEY, + app_id int, + name Varchar, + is_global boolean default false, + port int, + port_end int, + proto_id int +); + +create table if not exists modelling.service_group +( + id SERIAL PRIMARY KEY, + app_id int, + name Varchar, + is_global boolean default false, + comment Varchar, + creator Varchar, + creation_date timestamp default now() +); + +create table if not exists modelling.service_service_group +( + service_id int, + service_group_id int, + primary key (service_id, service_group_id) +); + +create table if not exists modelling.service_group_connection +( + service_group_id int, + connection_id int, + primary key (service_group_id, connection_id) +); + +create table if not exists modelling.service_connection -- (used only if settings flag is set) +( + service_id int, + connection_id int, + primary key (service_id, connection_id) +); + +create table if not exists modelling.change_history +( + id BIGSERIAL PRIMARY KEY, + app_id int, + change_type int, + object_type int, + object_id bigint, + change_text Varchar, + changer Varchar, + change_time Timestamp default now() +); + + +ALTER TABLE modelling.nwgroup DROP CONSTRAINT IF EXISTS modelling_nwgroup_owner_foreign_key; +ALTER TABLE modelling.connection DROP CONSTRAINT IF EXISTS modelling_connection_owner_foreign_key; +ALTER TABLE modelling.connection DROP CONSTRAINT IF EXISTS modelling_connection_used_interface_foreign_key; +ALTER TABLE modelling.nwobject_nwgroup DROP CONSTRAINT IF EXISTS modelling_nwobject_nwgroup_nwobject_foreign_key; +ALTER TABLE modelling.nwobject_nwgroup DROP CONSTRAINT IF EXISTS modelling_nwobject_nwgroup_nwgroup_foreign_key; +ALTER TABLE modelling.nwgroup_connection DROP CONSTRAINT IF EXISTS modelling_nwgroup_connection_nwgroup_foreign_key; +ALTER TABLE modelling.nwgroup_connection DROP CONSTRAINT IF EXISTS modelling_nwgroup_connection_connection_foreign_key; +ALTER TABLE modelling.nwobject_connection DROP CONSTRAINT IF EXISTS modelling_nwobject_connection_nwobject_foreign_key; +ALTER TABLE modelling.nwobject_connection DROP CONSTRAINT IF EXISTS modelling_nwobject_connection_connection_foreign_key; +ALTER TABLE modelling.service DROP CONSTRAINT IF EXISTS modelling_service_owner_foreign_key; +ALTER TABLE modelling.service DROP CONSTRAINT IF EXISTS modelling_service_protocol_foreign_key; +ALTER TABLE modelling.service_group DROP CONSTRAINT IF EXISTS modelling_service_group_owner_foreign_key; +ALTER TABLE modelling.service_service_group DROP CONSTRAINT IF EXISTS modelling_service_service_group_service_foreign_key; +ALTER TABLE modelling.service_service_group DROP CONSTRAINT IF EXISTS modelling_service_service_group_service_group_foreign_key; +ALTER TABLE modelling.service_group_connection DROP CONSTRAINT IF EXISTS modelling_service_group_connection_service_group_foreign_key; +ALTER TABLE modelling.service_group_connection DROP CONSTRAINT IF EXISTS modelling_service_group_connection_connection_foreign_key; +ALTER TABLE modelling.service_connection DROP CONSTRAINT IF EXISTS modelling_service_connection_service_foreign_key; +ALTER TABLE modelling.service_connection DROP CONSTRAINT IF EXISTS modelling_service_connection_connection_foreign_key; +ALTER TABLE modelling.change_history DROP CONSTRAINT IF EXISTS modelling_change_history_owner_foreign_key; +ALTER TABLE modelling.selected_objects DROP CONSTRAINT IF EXISTS modelling_selected_objects_owner_foreign_key; +ALTER TABLE modelling.selected_objects DROP CONSTRAINT IF EXISTS modelling_selected_objects_nwgroup_foreign_key; +ALTER TABLE modelling.selected_connections DROP CONSTRAINT IF EXISTS modelling_selected_connections_owner_foreign_key; +ALTER TABLE modelling.selected_connections DROP CONSTRAINT IF EXISTS modelling_selected_connections_connection_foreign_key; + +ALTER TABLE modelling.nwgroup ADD CONSTRAINT modelling_nwgroup_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.connection ADD CONSTRAINT modelling_connection_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.connection ADD CONSTRAINT modelling_connection_used_interface_foreign_key FOREIGN KEY (used_interface_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_nwgroup ADD CONSTRAINT modelling_nwobject_nwgroup_nwobject_foreign_key FOREIGN KEY (nwobject_id) REFERENCES owner_network(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_nwgroup ADD CONSTRAINT modelling_nwobject_nwgroup_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwgroup_connection ADD CONSTRAINT modelling_nwgroup_connection_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwgroup_connection ADD CONSTRAINT modelling_nwgroup_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_connection ADD CONSTRAINT modelling_nwobject_connection_nwobject_foreign_key FOREIGN KEY (nwobject_id) REFERENCES owner_network(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.nwobject_connection ADD CONSTRAINT modelling_nwobject_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service ADD CONSTRAINT modelling_service_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service ADD CONSTRAINT modelling_service_protocol_foreign_key FOREIGN KEY (proto_id) REFERENCES stm_ip_proto(ip_proto_id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group ADD CONSTRAINT modelling_service_group_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_service_group ADD CONSTRAINT modelling_service_service_group_service_foreign_key FOREIGN KEY (service_id) REFERENCES modelling.service(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_service_group ADD CONSTRAINT modelling_service_service_group_service_group_foreign_key FOREIGN KEY (service_group_id) REFERENCES modelling.service_group(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group_connection ADD CONSTRAINT modelling_service_group_connection_service_group_foreign_key FOREIGN KEY (service_group_id) REFERENCES modelling.service_group(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_group_connection ADD CONSTRAINT modelling_service_group_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_connection ADD CONSTRAINT modelling_service_connection_service_foreign_key FOREIGN KEY (service_id) REFERENCES modelling.service(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.service_connection ADD CONSTRAINT modelling_service_connection_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.change_history ADD CONSTRAINT modelling_change_history_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_objects ADD CONSTRAINT modelling_selected_objects_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_objects ADD CONSTRAINT modelling_selected_objects_nwgroup_foreign_key FOREIGN KEY (nwgroup_id) REFERENCES modelling.nwgroup(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_connections ADD CONSTRAINT modelling_selected_connections_owner_foreign_key FOREIGN KEY (app_id) REFERENCES owner(id) ON UPDATE RESTRICT ON DELETE CASCADE; +ALTER TABLE modelling.selected_connections ADD CONSTRAINT modelling_selected_connections_connection_foreign_key FOREIGN KEY (connection_id) REFERENCES modelling.connection(id) ON UPDATE RESTRICT ON DELETE CASCADE; + diff --git a/roles/database/files/upgrade/7.3.3.sql b/roles/database/files/upgrade/7.3.3.sql new file mode 100644 index 000000000..168ac9314 --- /dev/null +++ b/roles/database/files/upgrade/7.3.3.sql @@ -0,0 +1,102 @@ +-- contains all managements visible to a tenant + +Create table if not exists tenant_to_management + ( + tenant_id Integer NOT NULL, + management_id Integer NOT NULL, + shared BOOLEAN NOT NULL DEFAULT TRUE, + primary key ("tenant_id", "management_id") + ); + + +-- Alter table tenant_to_management +-- drop column if exists shared; + + +-- Alter table tenant_to_device +-- drop column if exists shared; + + +Alter table tenant_to_management add column if not exists shared BOOLEAN NOT NULL DEFAULT TRUE; + +Alter table tenant_to_device add column if not exists shared BOOLEAN NOT NULL DEFAULT TRUE; + +Alter table management DROP column if exists unfiltered_tenant_id; + + +Alter table device +DROP column if exists unfiltered_tenant_id; + +DO $$ +BEGIN + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'tenant_to_management_management_id_fkey') + THEN + Alter table "tenant_to_management" add foreign key ("management_id") references "management" ("mgm_id") on update restrict on delete cascade; + END IF; + + IF NOT EXISTS(select constraint_name + from information_schema.referential_constraints + where constraint_name = 'tenant_to_management_tenant_id_fkey') + THEN + Alter table "tenant_to_management" add foreign key ("tenant_id") references "tenant" ("tenant_id") on update restrict on delete cascade; + END IF; +END $$; + +/* + +Documentation of RBAC for tenant filtering + +- tenant to device mapping is stored in tenant_to_device and tenant_to_management tables +- we need to make sure that the mapping is complete (e.g. no devices are visible if the management is not visible) + - this also means we need a mechanism to set new gateways to fully visible if the management is fully visible! + this is done in the settings after selecting the exact three-way visibility + - new gateways and managements start with "not shared" if the management's visibility is "not shared" (only when added via UI) + - new gateways start as "invisible" if the management's visibility is "shared" + - new managements start with no visibility for a tenant + - invisible means not visible for a tenant user (e.g. reporter) but needs to be visible for the admin in the tenant settings! + + alternatively it would be possible to just set management as fully visible to result in all (future) gateways of the management to be fully visible as well + but then the API filtering would become much more complex +- use the same mechanisms for tenant simulation as reporter_view_all and admin as for restricted reporter: + - not all filters can be applied in API (especially not for object vie in RSB) due to performance issues + - this works as long as reports are generated and stored in the archive and the reporter has no direct accesss to the API +- API access is restricted via tenant_filter as follows: + - device table: + {"_and":[{"mgm_id":{"_in":"x-hasura-visible-managements"}},{"dev_id":{"_in":"x-hasura-visible-devices"}}]} + - management table: + {"mgm_id":{"_in":"x-hasura-visible-managements"}} + - rule table: + {"_and":[{"mgm_id":{"_in":"x-hasura-visible-managements"}},{"dev_id":{"_in":"x-hasura-visible-devices"}},{"rule_relevant_for_tenant":{"_eq":"true"}}]} + - rule_to table: + {"_and":[{"rule":{"mgm_id":{"_in":"x-hasura-visible-managements"}}},{"rule":{"dev_id":{"_in":"x-hasura-visible-devices"}}},{"rule_to_relevant_for_tenant":{"_eq":"true"}}]} + - rule_from table: + {"_and":[{"rule":{"mgm_id":{"_in":"x-hasura-visible-managements"}}},{"rule":{"dev_id":{"_in":"x-hasura-visible-devices"}}},{"rule_from_relevant_for_tenant":{"_eq":"true"}}]} + - object: (no restrictions on objgrp, ...) + {"mgm_id":{"_in":"x-hasura-visible-managements"}} + +- rules and rule_from/to are fetched using the computed fields defined by functions + - rule_relevant_for_tenant + - get_rule_froms_for_tenant + - get_rule_tos_for_tenant + +- Question: do we actually need to include the computed fields get_rule_froms_for_tenant, ... in the queries or can all of this be steered by API permissions and we just use the normal fields (rules, rule_tos, rule_froms)? + Anser: for the simulation of tenants (by admin/reporter-viewall role) we need these functions as we do not have API restrictions + - the function get_rules_for_tenant is needed to be able to simulate getting rules for a specific tenant + +- we are introducing a new quality of visibility (visible, shared visible, fully visible (not shared)) for gateways and managements + - these visibilities are inherited from management to gateway: when a management is fully visible then all the gateways are also fully visible + +- we do not add more information to the JWT, just whether the device is visible or not: + x-hasura-visible-devices: { 1,4 } --> shared and not shared gateways + x-hasura-visible-managements: { 3,6 } --> shared and not shared managements + + NOT implemented: + x-hasura-fully-visible-devices: { 1 } + x-hasura-fully-visible-devices: { 6 } + + then depending on the grade of visibility we either return a rule(base) unfiltered or filtered + {"_and":["_or":[{"mgm_id":{"_in":"x-hasura-visible-managements"}},{"dev_id":{"_in":"x-hasura-visible-devices"}}]} + +*/ diff --git a/roles/database/files/upgrade/7.3.4.sql b/roles/database/files/upgrade/7.3.4.sql new file mode 100644 index 000000000..280de3924 --- /dev/null +++ b/roles/database/files/upgrade/7.3.4.sql @@ -0,0 +1 @@ +alter table import_control add column if not exists notification_done Boolean NOT NULL Default FALSE; diff --git a/roles/database/files/upgrade/7.3.5.sql b/roles/database/files/upgrade/7.3.5.sql new file mode 100644 index 000000000..3e2a44775 --- /dev/null +++ b/roles/database/files/upgrade/7.3.5.sql @@ -0,0 +1,30 @@ +alter table import_control add column if not exists security_relevant_changes_counter INTEGER NOT NULL Default 0; + +-- add missing tenant to management mappings for demo data +DO $do$ BEGIN + IF EXISTS (SELECT * FROM tenant WHERE tenant_name='tenant1_demo') AND + EXISTS (select mgm_id FROM management where management.mgm_name='fortigate_demo') + THEN + IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1_demo') THEN + INSERT INTO tenant_to_management (tenant_id, management_id, shared) + SELECT + tenant_id, + (select mgm_id FROM management where management.mgm_name='fortigate_demo'), + TRUE + FROM tenant WHERE tenant.tenant_name='tenant1_demo'; + END IF; + END IF; + + IF EXISTS (SELECT * FROM tenant WHERE tenant_name='tenant2_demo') AND + EXISTS (select mgm_id FROM management where management.mgm_name='fortigate_demo') + THEN + IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2_demo') THEN + INSERT INTO tenant_to_management (tenant_id, management_id, shared) + SELECT + tenant_id, + (select mgm_id FROM management where management.mgm_name='fortigate_demo'), + FALSE + FROM tenant WHERE tenant.tenant_name='tenant2_demo'; + END IF; + END IF; +END $do$ diff --git a/roles/database/files/upgrade/7.3.6.sql b/roles/database/files/upgrade/7.3.6.sql new file mode 100644 index 000000000..ef14bd984 --- /dev/null +++ b/roles/database/files/upgrade/7.3.6.sql @@ -0,0 +1 @@ +alter table owner add column if not exists common_service_possible boolean default false; diff --git a/roles/database/files/upgrade/7.3.sql b/roles/database/files/upgrade/7.3.sql new file mode 100644 index 000000000..2fc1bd670 --- /dev/null +++ b/roles/database/files/upgrade/7.3.sql @@ -0,0 +1,123 @@ +-- clean up database functions and views + +DROP FUNCTION IF EXISTS get_tenant_list(REFCURSOR); +DROP FUNCTION IF EXISTS get_dev_list(REFCURSOR,INTEGER); +DROP FUNCTION IF EXISTS get_mgmt_list(REFCURSOR); +DROP FUNCTION IF EXISTS get_mgmt_dev_list(REFCURSOR); +DROP FUNCTION IF EXISTS get_obj_ids_of_filtered_management(INTEGER, INTEGER, INTEGER); +DROP FUNCTION IF EXISTS rule_src_contains_tenant_obj (BIGINT, INTEGER); +DROP FUNCTION IF EXISTS rule_dst_contains_tenant_obj (BIGINT, INTEGER); +DROP FUNCTION IF EXISTS obj_belongs_to_tenant (BIGINT, INTEGER); +DROP FUNCTION IF EXISTS obj_neg_belongs_to_tenant (BIGINT, INTEGER); +DROP FUNCTION IF EXISTS flatten_obj_list (BIGINT[]); +DROP FUNCTION IF EXISTS get_changed_newrules(refcursor, _int4); +DROP FUNCTION IF EXISTS get_changed_oldrules(refcursor, _int4); +DROP FUNCTION IF EXISTS get_undocumented_changelog_entries(VARCHAR); +DROP FUNCTION IF EXISTS get_import_ids_for_time (TIMESTAMP); +DROP FUNCTION IF EXISTS get_negated_tenant_ip_filter(INTEGER); +DROP FUNCTION IF EXISTS get_ip_filter(CIDR); +DROP FUNCTION IF EXISTS get_tenant_ip_filter(INTEGER); +DROP FUNCTION IF EXISTS get_exploded_src_of_rule(BIGINT); +DROP FUNCTION IF EXISTS get_exploded_dst_of_rule(BIGINT); +DROP FUNCTION IF EXISTS get_rule_action (BIGINT); +DROP FUNCTION IF EXISTS is_rule_src_negated (BIGINT); +DROP FUNCTION IF EXISTS is_rule_dst_negated (BIGINT); +DROP FUNCTION IF EXISTS explode_objgrp (BIGINT); +DROP FUNCTION IF EXISTS get_matching_import_id(INTEGER, TIMESTAMP); +DROP FUNCTION IF EXISTS get_next_import_id(INTEGER,TIMESTAMP); +DROP FUNCTION IF EXISTS get_previous_import_ids(TIMESTAMP); +DROP FUNCTION IF EXISTS instr (varchar, varchar, integer, integer); +DROP FUNCTION IF EXISTS instr (varchar, varchar, integer); +DROP FUNCTION IF EXISTS instr (varchar, varchar); +DROP FUNCTION IF EXISTS get_dev_typ_id (varchar); +DROP FUNCTION IF EXISTS object_relevant_for_tenant(object object, hasura_session json); + +CREATE OR REPLACE VIEW view_obj_changes AS + SELECT + abs_change_id, + log_obj_id AS local_change_id, + ''::VARCHAR as change_request_info, + CAST('object' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_object.old_obj_id AS old_id, + changelog_object.new_obj_id AS new_id, + changelog_object.documented as change_documented, + changelog_object.change_type_id as change_type_id, + change_action as change_type, + changelog_obj_comment as change_comment, + obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + object.obj_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_object + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN object ON (old_obj_id=obj_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action='D' AND successful_import + + UNION + + SELECT + abs_change_id, + log_obj_id AS local_change_id, + ''::VARCHAR as change_request_info, + CAST('object' AS VARCHAR) as change_element, + CAST('basic_element' AS VARCHAR) as change_element_order, + changelog_object.old_obj_id AS old_id, + changelog_object.new_obj_id AS new_id, + changelog_object.documented as change_documented, + changelog_object.change_type_id as change_type_id, + change_action as change_type, + changelog_obj_comment as change_comment, + obj_comment, + import_control.start_time AS change_time, + management.mgm_name AS mgm_name, + management.mgm_id AS mgm_id, + CAST(NULL AS VARCHAR) as dev_name, + CAST(NULL AS INTEGER) as dev_id, + t_change_admin.uiuser_first_name || ' ' || t_change_admin.uiuser_last_name AS change_admin, + t_change_admin.uiuser_id AS change_admin_id, + t_doku_admin.uiuser_first_name || ' ' || t_doku_admin.uiuser_last_name AS doku_admin, + t_doku_admin.uiuser_id AS doku_admin_id, + security_relevant, + object.obj_name AS unique_name, + CAST (NULL AS VARCHAR) AS change_diffs, + CAST (NULL AS VARCHAR) AS change_new_element + FROM + changelog_object + LEFT JOIN (import_control LEFT JOIN management using (mgm_id)) using (control_id) + LEFT JOIN object ON (new_obj_id=obj_id) + LEFT JOIN uiuser AS t_change_admin ON (changelog_object.import_admin=t_change_admin.uiuser_id) + LEFT JOIN uiuser AS t_doku_admin ON (changelog_object.doku_admin=t_doku_admin.uiuser_id) + WHERE change_type_id = 3 AND security_relevant AND change_action<>'D' AND successful_import; + +DROP FUNCTION IF EXISTS get_request_str(VARCHAR,BIGINT); + + + +DROP VIEW IF EXISTS view_undocumented_changes CASCADE; +DROP VIEW IF EXISTS view_changes_by_changed_element_id CASCADE; +DROP VIEW IF EXISTS view_change_counter CASCADE; +DROP VIEW IF EXISTS view_undocumented_change_counter CASCADE; +DROP VIEW IF EXISTS view_documented_change_counter CASCADE; + +--- +-- DROP VIEW IF EXISTS view_obj_changes CASCADE; +-- DROP VIEW IF EXISTS view_change_counter CASCADE; +-- DROP VIEW IF EXISTS view_svc_changes CASCADE; +-- DROP VIEW IF EXISTS view_user_changes CASCADE; +-- DROP VIEW IF EXISTS view_rule_changes CASCADE; +-- DROP VIEW IF EXISTS view_rule_source_or_destination CASCADE; + diff --git a/roles/database/files/upgrade/8.0.1.sql b/roles/database/files/upgrade/8.0.1.sql new file mode 100644 index 000000000..d21147e47 --- /dev/null +++ b/roles/database/files/upgrade/8.0.1.sql @@ -0,0 +1,17 @@ +insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailServerAddress', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailPort', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailTls', 'None', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailUser', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailPassword', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('emailSenderAddress', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyRecipients', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySubject', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyBody', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyActive', 'False', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyType', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySleepTime', '0', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyStartAt', '00:00:00', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('recCheckParams', '{"check_interval":2,"check_offset":1,"check_weekday":null,"check_dayofmonth":null}', 0) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/8.0.2.sql b/roles/database/files/upgrade/8.0.2.sql new file mode 100644 index 000000000..d85bfaac2 --- /dev/null +++ b/roles/database/files/upgrade/8.0.2.sql @@ -0,0 +1,4 @@ +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (26,'NSX','4ff','VMWare','',false,true,false) ON CONFLICT DO NOTHING; +insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device) + VALUES (27,'NSX DFW Gateway','4ff','VMWare','',false,false,false) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/8.0.3.sql b/roles/database/files/upgrade/8.0.3.sql new file mode 100644 index 000000000..393674132 --- /dev/null +++ b/roles/database/files/upgrade/8.0.3.sql @@ -0,0 +1,183 @@ +-- add default config value to avoid warnings +insert into config (config_key, config_value, config_user) VALUES ('modCommonAreas', '', 0) ON CONFLICT DO NOTHING; + +-- add custom fields as jsonb +Alter table rule add column if not exists rule_custom_fields JSONB; +Alter table import_rule add column if not exists rule_custom_fields JSONB; + + +-- adding imported custom rule fields +-- replaced CREATE OR REPLACE FUNCTION insert_single_rule(BIGINT,INTEGER,INTEGER,BIGINT,BOOLEAN) RETURNS BIGINT AS $$ +-- new compare function for jsonb necessary for custom rule fields +CREATE OR REPLACE FUNCTION are_equal (jsonb, jsonb) + RETURNS boolean + AS $$ +BEGIN + IF (($1 IS NULL AND $2 IS NULL) OR $1 = $2) THEN + RETURN TRUE; + ELSE + RETURN FALSE; + END IF; +END; +$$ +LANGUAGE plpgsql; + +------------------------------------- +-- credentials/secrets encryption +-- the following functions are needed for the upgrade and during installation (to encrypt the ldap passwords in ldap_connection table) +-- for existing installations all encrytion/decryption is done in the UI or in the MW server (for ldap binding) + +CREATE EXTENSION IF NOT EXISTS pgcrypto; + +CREATE OR REPLACE FUNCTION custom_aes_cbc_encrypt_base64(plaintext TEXT, key TEXT) RETURNS TEXT AS $$ +DECLARE + iv BYTEA; + encrypted_text BYTEA; +BEGIN + -- Generate a random IV (Initialization Vector) + iv := gen_random_bytes(16); -- IV size for AES is typically 16 bytes + + -- Perform AES CBC encryption + encrypted_text := encrypt_iv(plaintext::BYTEA, key::BYTEA, iv, 'aes-cbc/pad:pkcs'); + + -- Combine IV and encrypted text and encode them to base64 + RETURN encode(iv || encrypted_text, 'base64'); +END; +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION custom_aes_cbc_decrypt_base64(ciphertext TEXT, key TEXT) RETURNS TEXT AS $$ +DECLARE + iv BYTEA; + encrypted_text BYTEA; + decrypted_text BYTEA; +BEGIN + -- Decode the base64 string into IV and encrypted text + encrypted_text := decode(ciphertext, 'base64'); + + -- Extract IV from the encrypted text + iv := substring(encrypted_text from 1 for 16); + + -- Extract encrypted text without IV + encrypted_text := substring(encrypted_text from 17); + + -- Perform AES CBC decryption + decrypted_text := decrypt_iv(encrypted_text, key::BYTEA, iv, 'aes-cbc/pad:pkcs'); + + -- Return the decrypted text + RETURN convert_from(decrypted_text, 'UTF8'); +END; +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION encryptText (plaintext_in text, key_in text) RETURNS text AS $$ +DECLARE + t_cyphertext TEXT; + t_plaintext TEXT; + t_crypt_algo TEXT := 'cipher-algo=aes256'; + t_coding_algo TEXT := 'base64'; + -- ba_iv bytea; +BEGIN + -- check if plaintext is actually ciphertext + BEGIN + SELECT into t_plaintext custom_aes_cbc_decrypt_base64(plaintext_in, key_in); + -- if we get here without error, the plaintext passed in was actually already encrypted + RETURN plaintext_in; + EXCEPTION WHEN OTHERS THEN + RETURN custom_aes_cbc_encrypt_base64(plaintext_in, key_in); + END; +END; +$$ LANGUAGE plpgsql VOLATILE; + +CREATE OR REPLACE FUNCTION decryptText (cyphertext_in text, key text) RETURNS text AS $$ +DECLARE + t_plaintext TEXT; + t_crypt_algo TEXT := 'cipher-algo=aes-256-cbc/pad:pkcs'; + t_coding_algo TEXT := 'base64'; +BEGIN + BEGIN + SELECT INTO t_plaintext custom_aes_cbc_decrypt_base64(cyphertext_in, key); + RETURN t_plaintext; + EXCEPTION WHEN OTHERS THEN + -- decryption did not work out, so assuming that text was not encrypted + RAISE EXCEPTION 'decryption with the given key failed!'; + END; + +END; +$$ LANGUAGE plpgsql VOLATILE; + +CREATE OR REPLACE FUNCTION encryptPasswords (key text) RETURNS VOID AS $$ +DECLARE + r_cred RECORD; + t_encrypted TEXT; +BEGIN + -- encrypt pwds in import_credential table + FOR r_cred IN + SELECT id, secret FROM import_credential + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.secret, key); + UPDATE import_credential SET secret=t_encrypted WHERE id=r_cred.id; + END LOOP; + + --encrypt pwds in ldap_connection table + FOR r_cred IN + SELECT ldap_search_user_pwd, ldap_write_user_pwd, ldap_connection_id FROM ldap_connection + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_search_user_pwd, key); + UPDATE ldap_connection SET ldap_search_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_write_user_pwd, key); + UPDATE ldap_connection SET ldap_write_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + END LOOP; + + RETURN; +END; +$$ LANGUAGE plpgsql; + +-- get encryption key from filesystem +CREATE OR REPLACE FUNCTION getMainKey() RETURNS TEXT AS $$ +DECLARE + t_key TEXT; +BEGIN + CREATE TEMPORARY TABLE temp_main_key (key text); + COPY temp_main_key FROM '/etc/fworch/secrets/main_key' CSV DELIMITER ','; + SELECT INTO t_key * FROM temp_main_key; + -- RAISE NOTICE 'main key: "%"', t_key; + DROP TABLE temp_main_key; + RETURN t_key; +END; +$$ LANGUAGE plpgsql; + +-- finally do the encryption in the db tables +SELECT * FROM encryptPasswords (getMainKey()); +-- test using: SELECT * FROM custom_aes_cbc_decrypt_base64(custom_aes_cbc_encrypt_base64('xxx', 'xxx'), 'xxx'); + +-- function for adding local ldap data with encrypted pwds into ldap_connection +CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords( + serverName TEXT, + port INTEGER, + userSearchPath TEXT, + roleSearchPath TEXT, + groupSearchPath TEXT, + tenantLevel INTEGER, + searchUser TEXT, + searchUserPwd TEXT, + writeUser TEXT, + writeUserPwd TEXT, + ldapType INTEGER +) RETURNS VOID AS $$ +DECLARE + t_key TEXT; + t_encryptedReadPwd TEXT; + t_encryptedWritePwd TEXT; +BEGIN + IF NOT EXISTS (SELECT * FROM ldap_connection WHERE ldap_server = serverName) + THEN + SELECT INTO t_key * FROM getMainKey(); + SELECT INTO t_encryptedReadPwd * FROM encryptText(searchUserPwd, t_key); + SELECT INTO t_encryptedWritePwd * FROM encryptText(writeUserPwd, t_key); + INSERT INTO ldap_connection + (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups, + ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type) + VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType); + END IF; +END; +$$ LANGUAGE plpgsql; +-- test using: SELECT * FROM insertLocalLdapWithEncryptedPasswords('127.0.0.3', 636, 'ou=operator,ou=user,dc=fworch,dc=internal','ou=role,dc=fworch,dc=internal','ou=group,dc=fworch,dc=internal',5,'inspector','xxx','ldapwriter','xxx',2); diff --git a/roles/database/files/upgrade/8.1.1.sql b/roles/database/files/upgrade/8.1.1.sql new file mode 100644 index 000000000..c2a1aa48c --- /dev/null +++ b/roles/database/files/upgrade/8.1.1.sql @@ -0,0 +1,21 @@ +alter table modelling.connection add column if not exists is_requested boolean default false; +alter table modelling.connection add column if not exists ticket_id bigint; +alter table modelling.connection add column if not exists is_published boolean default false; +alter table modelling.connection add column if not exists proposed_app_id int; +alter table owner_network add column if not exists custom_type int; +alter table request.reqtask add column if not exists additional_info varchar; + + +insert into request.state (id,name) VALUES (205,'Rework') ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('reqNewIntStateMatrix', '{"config_value":{"request":{"matrix":{"0":[0,49,620]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":49,"active":true},"approval":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"planning":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"verification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"implementation":{"matrix":{"205":[205,249],"49":[210],"210":[610,210,249]},"derived_states":{"205":205,"49":49,"210":210},"lowest_input_state":49,"lowest_start_state":205,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[249,205,299]},"derived_states":{"249":249},"lowest_input_state":249,"lowest_start_state":249,"lowest_end_state":299,"active":true},"recertification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false}}}', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('reqNewIntStateMatrixDefault', '{"config_value":{"request":{"matrix":{"0":[0,49,620]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":49,"active":true},"approval":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"planning":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"verification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false},"implementation":{"matrix":{"205":[205,249],"49":[210],"210":[610,210,249]},"derived_states":{"205":205,"49":49,"210":210},"lowest_input_state":49,"lowest_start_state":205,"lowest_end_state":249,"active":true},"review":{"matrix":{"249":[249,205,299]},"derived_states":{"249":249},"lowest_input_state":249,"lowest_start_state":249,"lowest_end_state":299,"active":true},"recertification":{"matrix":{"0":[0]},"derived_states":{"0":0},"lowest_input_state":0,"lowest_start_state":0,"lowest_end_state":0,"active":false}}}', 0) ON CONFLICT DO NOTHING; + +insert into config (config_key, config_value, config_user) VALUES ('modReqInterfaceName', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('modReqEmailSubject', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('modReqEmailBody', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('modReqTicketTitle', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('modReqTaskTitle', '', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('reqOwnerBased', 'False', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('reqShowCompliance', 'False', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('uiHostName', 'http://localhost:5000', 0) ON CONFLICT DO NOTHING; +insert into config (config_key, config_value, config_user) VALUES ('ModAppServerTypes', '[{"Id":0,"Name":"Default"}]', 0) ON CONFLICT DO NOTHING; diff --git a/roles/database/files/upgrade/8.1.2.sql b/roles/database/files/upgrade/8.1.2.sql new file mode 100644 index 000000000..00c0b7d0b --- /dev/null +++ b/roles/database/files/upgrade/8.1.2.sql @@ -0,0 +1,33 @@ +CREATE OR REPLACE FUNCTION encryptPasswords (key text) RETURNS VOID AS $$ +DECLARE + r_cred RECORD; + t_encrypted TEXT; +BEGIN + -- encrypt pwds in import_credential table + FOR r_cred IN + SELECT id, secret FROM import_credential + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.secret, key); + UPDATE import_credential SET secret=t_encrypted WHERE id=r_cred.id; + END LOOP; + + --encrypt pwds in ldap_connection table + FOR r_cred IN + SELECT ldap_search_user_pwd, ldap_write_user_pwd, ldap_connection_id FROM ldap_connection + LOOP + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_search_user_pwd, key); + UPDATE ldap_connection SET ldap_search_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_write_user_pwd, key); + UPDATE ldap_connection SET ldap_write_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id; + END LOOP; + + -- encrypt smtp email user pwds in config table + SELECT INTO r_cred config_value FROM config WHERE config_key='emailPassword'; + SELECT INTO t_encrypted * FROM encryptText(r_cred.config_value, key); + UPDATE config SET config_value=t_encrypted WHERE config_key='emailPassword'; + + RETURN; +END; +$$ LANGUAGE plpgsql; + +SELECT * FROM encryptPasswords (getMainKey()); diff --git a/roles/database/tasks/create-users.yml b/roles/database/tasks/create-users.yml index 9fa7472d0..8572edff8 100755 --- a/roles/database/tasks/create-users.yml +++ b/roles/database/tasks/create-users.yml @@ -28,5 +28,5 @@ db: "{{ fworch_db_name }}" query: GRANT fworchadmins TO fworch - become: yes + become: true become_user: postgres diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml index 3a202471b..45d8b1b5b 100644 --- a/roles/database/tasks/install-database.yml +++ b/roles/database/tasks/install-database.yml @@ -1,12 +1,3 @@ -- name: make sure {{ fworch_home }}/etc/secrets exists - file: - path: "{{ fworch_home }}/etc/secrets" - state: directory - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - mode: "0700" - become: yes - - name: set dbadmin password from parameter set_fact: dbadmin_password: "{{ dbadmin_initial_password }}" @@ -24,7 +15,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: set fworch db password randomly set_fact: @@ -37,7 +28,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - block: @@ -50,18 +41,25 @@ postgresql_user: name: "{{ fworch_dbadmin_name }}" password: "{{ dbadmin_password }}" - encrypted: yes + encrypted: true role_attr_flags: CREATEDB,SUPERUSER,CREATEROLE,INHERIT,LOGIN - name: create postgres user "{{ fworch_user }}" postgresql_user: name: "{{ fworch_user }}" password: "{{ fworch_db_password }}" - encrypted: yes + encrypted: true role_attr_flags: LOGIN # include add-tablespace.yml here + - name: make sure sorting order of psql client and postgresql server match for databases to be created + postgresql_query: + login_user: postgres + db: postgres + query: "ALTER DATABASE template1 REFRESH COLLATION VERSION" + when: pg_version|int >= 15 + - name: create database {{ fworch_db_name }} postgresql_db: name: "{{ fworch_db_name }}" @@ -78,13 +76,20 @@ debug: msg: "test_query result: {{ test_query }}" - - name: include table creation with ansible 2.10 and beyond - include_tasks: install-db-base-ansible-2.10.yml - when: ansible_version.full is version('2.10', '>=') - - - name: include table creation pre ansible 2.10 - include_tasks: install-db-base-ansible-pre2.10.yml - when: ansible_version.full is version('2.10', '<') + - name: creating {{ fworch_db_name }}-db-model + community.postgresql.postgresql_script: + db: "{{ fworch_db_name }}" + path: "{{ database_install_dir }}/sql/creation/{{ item }}" + loop: + - fworch-create-tables.sql + - fworch-create-constraints.sql + - fworch-create-foreign-keys.sql + - fworch-create-indices.sql + - fworch-create-triggers.sql + - fworch-fill-stm.sql + when: installation_mode == "new" + become: true + become_user: postgres - name: create db users with group memberships import_tasks: create-users.yml @@ -132,5 +137,5 @@ format: csv when: installation_mode == "new" - become: yes + become: true become_user: postgres diff --git a/roles/database/tasks/install-db-base-ansible-2.10.yml b/roles/database/tasks/install-db-base-ansible-2.10.yml deleted file mode 100644 index a8e55d364..000000000 --- a/roles/database/tasks/install-db-base-ansible-2.10.yml +++ /dev/null @@ -1,19 +0,0 @@ - -- block: - - - name: creating {{ fworch_db_name }}-db-model - community.postgresql.postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/sql/creation/{{ item }}" - as_single_query: "{{ postgresql_query_as_single_query }}" - loop: - - fworch-create-tables.sql - - fworch-create-constraints.sql - - fworch-create-foreign-keys.sql - - fworch-create-indices.sql - - fworch-create-triggers.sql - - fworch-fill-stm.sql - when: installation_mode == "new" - - become: yes - become_user: postgres diff --git a/roles/database/tasks/install-db-base-ansible-pre2.10.yml b/roles/database/tasks/install-db-base-ansible-pre2.10.yml deleted file mode 100644 index 492062a93..000000000 --- a/roles/database/tasks/install-db-base-ansible-pre2.10.yml +++ /dev/null @@ -1,18 +0,0 @@ - -- block: - - - name: creating {{ fworch_db_name }}-db-model - postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/sql/creation/{{ item }}" - loop: - - fworch-create-tables.sql - - fworch-create-constraints.sql - - fworch-create-foreign-keys.sql - - fworch-create-indices.sql - - fworch-create-triggers.sql - - fworch-fill-stm.sql - when: installation_mode == "new" - - become: yes - become_user: postgres diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 40a64a96f..4e8e4a7b2 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -17,7 +17,7 @@ - postgresql-server - python3-psycopg2 when: ansible_os_family == "RedHat" - # todo: check if we need and if yes, how to install libpq-dev(el) + # todo: check if we need and if true, how to install libpq-dev(el) - name: install package postgresql packages for debian n ubuntu package: @@ -27,11 +27,12 @@ - postgresql - python3-psycopg2 - libpq-dev + - postgresql-client when: ansible_os_family == "Debian" - name: initdb as extra step for redhat shell: "LC_ALL=C.UTF-8 /usr/bin/postgresql-setup --initdb" - become: yes + become: true when: ansible_os_family == "RedHat" - name: find out installed postgres version @@ -42,11 +43,6 @@ - name: set fact pg_version set_fact: pg_version={{ pg_version_result.stdout | float }} - - name: activate as_single_query if ansible_version is sufficient - set_fact: - postgresql_query_as_single_query: yes - when: ansible_version.full is version('2.10', '>=') - - name: pg_version to int when possible set_fact: pg_version={{ pg_version | int }} when: pg_version|int >= 10 @@ -68,49 +64,49 @@ path: "{{ postgresql_config_file }}" line: log_destination = 'syslog' regexp: '\s*log_destination' - backup: yes + backup: true - name: edit postgresql.conf client_min_messages lineinfile: path: "{{ postgresql_config_file }}" - line: client_min_messages = log + line: client_min_messages = WARNING regexp: '\s*client_min_messages' - backup: yes + backup: true - name: edit postgresql.conf log_min_messages lineinfile: path: "{{ postgresql_config_file }}" line: log_min_messages = WARNING regexp: '\s*log_min_messages' - backup: yes + backup: true - name: edit postgresql.conf application_name lineinfile: path: "{{ postgresql_config_file }}" line: application_name = {{ product_name }}-database regexp: '\s*application_name' - backup: yes + backup: true - name: edit postgresql.conf log_error_verbosity lineinfile: path: "{{ postgresql_config_file }}" line: log_error_verbosity = DEFAULT regexp: '\s*log_error_verbosity' - backup: yes + backup: true - name: edit postgresql.conf log_min_error_statement lineinfile: path: "{{ postgresql_config_file }}" - line: log_min_error_statement = DEBUG2 + line: log_min_error_statement = ERROR regexp: '\s*log_min_error_statement' - backup: yes + backup: true - name: edit postgresql.conf log_line_prefix lineinfile: path: "{{ postgresql_config_file }}" line: log_line_prefix = '%d ' regexp: '\s*log_line_prefix' - backup: yes + backup: true - name: edit postgresql.conf listening IPs lineinfile: @@ -118,12 +114,12 @@ line: "listen_addresses = '0.0.0.0'" #line: "listen_addresses = '{{ api_network_listening_ip_address }},127.0.0.1'" regexp: listen_addresses - backup: yes + backup: true - name: edit pg_hba.conf blockinfile: path: "{{ postgresql_hba_file }}" - backup: yes + backup: true insertbefore: '# IPv4 local connections:' block: | #host all dbadmin 127.0.0.0/8 md5 @@ -143,10 +139,12 @@ state: restarted - name: copy database files to backend target - copy: src="{{ item }}" dest="{{ database_install_dir }}" owner="{{ fworch_user }}" group="{{ fworch_user }}" - loop: - - csv - - sql + synchronize: + src: "./" + dest: "{{ database_install_dir }}" + rsync_opts: + - "--chown={{ fworch_user }}:{{ fworch_group }}" + tags: [ 'test' ] - name: create tablespace directory file: @@ -157,16 +155,33 @@ mode: "0755" when: table_space is defined - become: yes + become: true - name: check if database already exists postgresql_query: query: SELECT count(*) FROM pg_database WHERE datname='{{ fworch_db_name }}' db: postgres register: db_exists - become: yes + become: true become_user: postgres +- name: make sure {{ fworch_home }}/etc/secrets exists + file: + path: "{{ fworch_home }}/etc/secrets" + state: directory + owner: "{{ fworch_user }}" + group: "{{ postgres_group }}" + mode: "0750" + become: true + +# now that postgresq user group exists ... +- name: set the correct permissions for main key file + file: + dest: "{{ main_key_file }}" + mode: '0640' + group: "{{ postgres_group }}" + become: true + - name: create new database import_tasks: install-database.yml when: installation_mode == "new" @@ -175,13 +190,13 @@ import_tasks: upgrade-database.yml when: installation_mode == "upgrade" -- name: (re)define functions and views - include_tasks: recreate-functions-and-views-ansible-pre2.10.yml - when: ansible_version.full is version('2.10', '<') - -- name: (re)define functions and views - include_tasks: recreate-functions-and-views-ansible-2.10.yml - when: ansible_version.full is version('2.10', '>=') +- name: (re)defines functions and views (idempotent) + community.postgresql.postgresql_script: + db: "{{ fworch_db_name }}" + path: "{{ database_install_dir }}/sql/idempotent/{{ item }}" + become: true + become_user: postgres + loop: "{{ database_idempotent_files }}" - name: install pg test packages package: @@ -189,7 +204,7 @@ loop: - "{{ postgresql_test_package }}" tags: [ 'never', 'unittest' ] - become: yes + become: true - name: run unit tests include_tasks: run-unit-tests.yml @@ -201,4 +216,4 @@ state: absent path: "{{ fworch_home }}/database" when: installation_mode == "upgrade" - become: yes + become: true diff --git a/roles/database/tasks/recreate-functions-and-views-ansible-2.10.yml b/roles/database/tasks/recreate-functions-and-views-ansible-2.10.yml deleted file mode 100644 index ee5966a30..000000000 --- a/roles/database/tasks/recreate-functions-and-views-ansible-2.10.yml +++ /dev/null @@ -1,9 +0,0 @@ - -- name: (re)defines functions and views (idempotent) from ansible 2.10 - community.postgresql.postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/sql/idempotent/{{ item }}" - as_single_query: "{{ postgresql_query_as_single_query }}" - become: yes - become_user: postgres - loop: "{{ database_idempotent_files }}" diff --git a/roles/database/tasks/recreate-functions-and-views-ansible-pre2.10.yml b/roles/database/tasks/recreate-functions-and-views-ansible-pre2.10.yml deleted file mode 100644 index 1a4729e7d..000000000 --- a/roles/database/tasks/recreate-functions-and-views-ansible-pre2.10.yml +++ /dev/null @@ -1,8 +0,0 @@ - -- name: (re)defines functions and views (idempotent) prior to ansible 2.10 - postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/sql/idempotent/{{ item }}" - become: yes - become_user: postgres - loop: "{{ database_idempotent_files }}" diff --git a/roles/database/tasks/redhat_preps.yml b/roles/database/tasks/redhat_preps.yml index acae2d401..e53822775 100644 --- a/roles/database/tasks/redhat_preps.yml +++ b/roles/database/tasks/redhat_preps.yml @@ -9,7 +9,7 @@ yum: name: /tmp/pgdg-redhat-repo-latest.noarch.rpm state: present - become: yes + become: true - name: remove postgresql repo file file: @@ -19,4 +19,4 @@ - name: install glibc-langpack-en for postgresql to handle utf-8 package: name: glibc-langpack-en - become: yes + become: true diff --git a/roles/database/tasks/run-unit-tests.yml b/roles/database/tasks/run-unit-tests.yml index 348aa4d09..2bb0b30dc 100644 --- a/roles/database/tasks/run-unit-tests.yml +++ b/roles/database/tasks/run-unit-tests.yml @@ -1,7 +1,7 @@ - name: copy database test files to backend target copy: src="sql/test" dest="{{ database_install_dir }}/sql" owner="{{ fworch_user }}" group="{{ fworch_user }}" - become: yes + become: true - set_fact: unit_test_scripts: @@ -13,10 +13,10 @@ msg: "unit_test_scripts: {{ unit_test_scripts | to_nice_json }}" - name: run db unit tests - postgresql_query: + community.postgresql.postgresql_script: db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/sql/test/{{ item }}" - become: yes + path: "{{ database_install_dir }}/sql/test/{{ item }}" + become: true become_user: "postgres" register: testresults loop: "{{ unit_test_scripts }}" diff --git a/roles/database/tasks/unused-remove-api-docker.yml b/roles/database/tasks/unused-remove-api-docker.yml deleted file mode 100644 index 4f92e1467..000000000 --- a/roles/database/tasks/unused-remove-api-docker.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Check that docker bin is installed - stat: - path: /usr/bin/docker - register: docker_is_installed - -- name: stop api container - docker_container: - name: "{{ api_container_name }}" - state: absent - become: yes - when: docker_is_installed.stat.exists == True diff --git a/roles/database/tasks/upgrade-database.yml b/roles/database/tasks/upgrade-database.yml index 2a8cc6b5c..a07deabee 100644 --- a/roles/database/tasks/upgrade-database.yml +++ b/roles/database/tasks/upgrade-database.yml @@ -10,7 +10,7 @@ file: path: "{{ database_install_dir }}/upgrade" state: directory - become: yes + become: true - set_fact: installed_version: "{{ old_version }}" @@ -39,12 +39,13 @@ src: "upgrade/{{ item }}.sql" dest: "{{ database_install_dir }}/upgrade/" loop: "{{ upgrade_files }}" - become: yes - -- name: include upgrades as postgresql_query is not available in all ansible versions - include_tasks: upgrade_database_new.yml - when: ansible_version.full is version('2.10', '>=') - -- name: include upgrades as postgresql_query is not available in all ansible versions - include_tasks: upgrade_database_old.yml - when: ansible_version.full is version('2.10', '<=') + become: true + +- name: install upgrades + community.postgresql.postgresql_script: + db: "{{ fworch_db_name }}" + path: "{{ database_install_dir }}/upgrade/{{ item }}.sql" + loop: "{{ upgrade_files | sort }}" + become: true + ignore_errors: false + become_user: postgres diff --git a/roles/database/tasks/upgrade_database_new.yml b/roles/database/tasks/upgrade_database_new.yml deleted file mode 100644 index 8da94bc56..000000000 --- a/roles/database/tasks/upgrade_database_new.yml +++ /dev/null @@ -1,9 +0,0 @@ - -- name: install upgrades as_single_query - community.postgresql.postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/upgrade/{{ item }}.sql" - as_single_query: "{{ postgresql_query_as_single_query }}" - loop: "{{ upgrade_files | sort }}" - become: yes - become_user: postgres diff --git a/roles/database/tasks/upgrade_database_old.yml b/roles/database/tasks/upgrade_database_old.yml deleted file mode 100644 index 744606c99..000000000 --- a/roles/database/tasks/upgrade_database_old.yml +++ /dev/null @@ -1,8 +0,0 @@ - -- name: install upgrades normally - postgresql_query: - db: "{{ fworch_db_name }}" - path_to_script: "{{ database_install_dir }}/upgrade/{{ item }}.sql" - loop: "{{ upgrade_files | sort }}" - become: yes - become_user: postgres diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 948412465..f14114428 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -2,7 +2,7 @@ - name: restart docker systemd: name: docker - daemon_reload: yes + daemon_reload: true state: restarted - become: yes + become: true listen: "docker restart" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index d92f7da5a..4daf5fde3 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,14 +16,14 @@ get_url: url: https://download.docker.com/linux/ubuntu/gpg dest: /etc/apt/trusted.gpg.d/docker.asc - force: yes + force: true mode: "0644" environment: "{{ proxy_env }}" - name: add docker repo lineinfile: path: "/etc/apt/sources.list.d/docker.list" - create: yes + create: true line: "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" - name: apt update @@ -42,7 +42,7 @@ user: name: "{{ item }}" groups: docker - append: yes + append: true loop: - "{{ ansible_user }}" - "{{ fworch_user }}" @@ -55,4 +55,4 @@ import_tasks: run-upgrades.yml when: "installation_mode == 'upgrade'" - become: yes + become: true diff --git a/roles/docker/tasks/set-docker-daemon-proxy.yml b/roles/docker/tasks/set-docker-daemon-proxy.yml index 41e5639c6..095dd45a0 100644 --- a/roles/docker/tasks/set-docker-daemon-proxy.yml +++ b/roles/docker/tasks/set-docker-daemon-proxy.yml @@ -6,30 +6,30 @@ path: /etc/systemd/system/docker.service.d state: directory mode: "0755" - become: yes + become: true notify: "docker restart" - name: create docker config file for proxy settings blockinfile: path: /etc/systemd/system/docker.service.d/http-proxy.conf - backup: yes - create: yes + backup: true + create: true mode: "0644" block: | [Service] Environment="HTTP_PROXY={{ http_proxy }}" Environment="HTTPS_PROXY={{ https_proxy }}" Environment="NO_PROXY={{ proxy_exceptions }}" - become: yes + become: true notify: "docker restart" - name: setting proxy in /etc/default/docker for eg debian blockinfile: - create: yes + create: true path: /etc/default/docker block: | export http_proxy="{{ http_proxy }}" export https_proxy="{{ https_proxy }}" export no_proxy={{ proxy_exceptions }} - become: yes + become: true notify: "docker restart" diff --git a/roles/docker/tasks/upgrade/5.7.1.yml b/roles/docker/tasks/upgrade/5.7.1.yml index c09e594d0..665ad2e8e 100644 --- a/roles/docker/tasks/upgrade/5.7.1.yml +++ b/roles/docker/tasks/upgrade/5.7.1.yml @@ -4,11 +4,11 @@ # - name: backup docker repo file # copy: remote_src=True src=/etc/apt/sources.list.d/docker.list dest=/tmp/docker.list -# become: yes +# become: true # - name: remove docker repo file temporarily # file: path=/etc/apt/sources.list.d/docker.list state=absent -# become: yes +# become: true # - name: remove old apt-key signing key for docker # apt_key: @@ -16,20 +16,20 @@ # state: absent # keyring: /etc/apt/trusted.gpg # environment: "{{ proxy_env }}" -# become: yes +# become: true - name: remove old apt-key signing key for docker using command as it does not work via apt_key module command: apt-key del "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88" - become: yes + become: true - name: adding docker apt signing key get_url: url: https://download.docker.com/linux/ubuntu/gpg dest: /etc/apt/trusted.gpg.d/docker.asc - force: yes + force: true mode: "0644" environment: "{{ proxy_env }}" # - name: restore docker repo file # copy: remote_src=True dest=/etc/apt/sources.list.d/docker.list src=/tmp/docker.list -# become: yes +# become: true diff --git a/roles/cleanup/tasks/main.yml b/roles/finalize/tasks/main.yml similarity index 60% rename from roles/cleanup/tasks/main.yml rename to roles/finalize/tasks/main.yml index ff2ac9a6c..d6d938c49 100644 --- a/roles/cleanup/tasks/main.yml +++ b/roles/finalize/tasks/main.yml @@ -21,33 +21,52 @@ msg: "Could not find existing installation but running with installation_mode set to {{ installation_mode }}. Try running with installation_mode=new" when: not already_installed and installation_mode == "upgrade" -- name: edit central conf file - set new version - lineinfile: - path: "{{ fworch_conf_file }}" - create: yes - regexp: "product_version" - line: " \"product_version\": \"{{ product_version }}\"" +- name: Modify the product version in the config file + block: + - name: Read config file + slurp: + path: "{{ fworch_conf_file }}" + register: config_file + + - name: Modify product_version + set_fact: + json_data: "{{ config_file.content | b64decode | from_json | combine({'product_version': product_version }) }}" + + - name: Save updated config to file + copy: + content: "{{ json_data | to_nice_json }}" + dest: "{{ fworch_conf_file }}" + owner: "{{ fworch_user }}" + group: "{{ fworch_group }}" + become: true when: installation_mode == "upgrade" - become: yes - + - name: include upgrade script import_tasks: run-upgrades.yml when: "installation_mode == 'upgrade'" -# Do general cleanup +- name: call external python scripts to set some customer specific config settings via API + script: "{{ item }}" + args: + executable: python3 + become: true + when: "'apiserver' in group_names" + with_fileglob: + - "scripts/customizing/api/*.py" -- name: delete ldif files - file: - path: "{{ middleware_ldif_dir }}" - state: absent - become: yes - when: "'middlewareserver' in group_names" +# Do general cleanup +# - name: delete ldif files +# file: +# path: "{{ middleware_ldif_dir }}" +# state: absent +# become: true +# when: "'middlewareserver' in group_names" - name: restart UI to display new product version ansible.builtin.systemd: name: "{{ product_name }}-ui" state: restarted - become: yes + become: true when: "'frontends' in group_names" - name: test whether demo data is present @@ -56,7 +75,7 @@ query: > SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}' register: demo_data_present - become: yes + become: true become_user: postgres - name: find cron jobs in case of missing demo data @@ -65,7 +84,7 @@ patterns: "{{ product_name }}_sample_data_*" register: files_to_delete when: demo_data_present.query_result == [] - become: yes + become: true - name: delete cron jobs in case of missing demo data file: @@ -73,36 +92,40 @@ state: absent with_items: "{{ files_to_delete.files }}" when: demo_data_present.query_result == [] - become: yes + become: true - name: remove temp importer_password from install host file: path: "{{ importer_password_file_on_installer }}" state: absent - become: yes + become: true delegate_to: localhost - name: start importer service systemd: name: "{{ item }}" state: started - daemon_reload: yes - enabled: yes - become: yes + daemon_reload: true + enabled: true + become: true when: "'importers' in group_names" loop: - "{{ product_name }}-importer-legacy" - "{{ product_name }}-importer-api" -- name: show listener status - import_tasks: scripts/show-fworch-listeners.yml - become: yes - -- name: display secrets for this installation - debug: - msg: - - "Your initial UI admin password is '{{ admin_password }}'" - - "Your api hasura admin secret is '{{ api_hasura_admin_secret }}'" - when: | - admin_password is defined and - api_hasura_admin_secret is defined +- name: remove maint website dir + file: + path: "{{ fworch_home }}/maint-website" + state: absent + become: true + +- name: deactivate maintenance web site + command: "a2dissite {{ product_name }}-maintenance" + ignore_errors: true + become: true + +- name: restart apache without maintenance site + service: + name: "{{ webserver_package_name }}" + state: restarted + become: true diff --git a/roles/cleanup/tasks/run-upgrades.yml b/roles/finalize/tasks/run-upgrades.yml similarity index 100% rename from roles/cleanup/tasks/run-upgrades.yml rename to roles/finalize/tasks/run-upgrades.yml diff --git a/roles/cleanup/tasks/upgrade/5.6.2.yml b/roles/finalize/tasks/upgrade/5.6.2.yml similarity index 87% rename from roles/cleanup/tasks/upgrade/5.6.2.yml rename to roles/finalize/tasks/upgrade/5.6.2.yml index e4b9f14f2..08f1b783f 100644 --- a/roles/cleanup/tasks/upgrade/5.6.2.yml +++ b/roles/finalize/tasks/upgrade/5.6.2.yml @@ -8,13 +8,13 @@ ansible.builtin.systemd: name: "{{ product_name }}-importer" state: stopped - enabled: no - daemon_reload: yes - become: yes + enabled: false + daemon_reload: true + become: true when: "'importers' in group_names and old_service_check.stat.exists" - name: remove old importer service file file: state: absent name: "/lib/systemd/system/{{ product_name }}-importer.service" - become: yes + become: true diff --git a/roles/cleanup/tasks/upgrade/5.6.5.yml b/roles/finalize/tasks/upgrade/5.6.5.yml similarity index 89% rename from roles/cleanup/tasks/upgrade/5.6.5.yml rename to roles/finalize/tasks/upgrade/5.6.5.yml index ed70d058a..4140338bd 100644 --- a/roles/cleanup/tasks/upgrade/5.6.5.yml +++ b/roles/finalize/tasks/upgrade/5.6.5.yml @@ -3,4 +3,4 @@ file: state: absent name: "/etc/logrotate.d/{{ product_name }}.conf" - become: yes + become: true diff --git a/roles/global.json b/roles/global.json new file mode 100644 index 000000000..70976d298 --- /dev/null +++ b/roles/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "8.0.*" + } +} \ No newline at end of file diff --git a/roles/importer/files/importer/CACTUS/FWORCH/import/fortinet.pm b/roles/importer/files/importer/CACTUS/FWORCH/import/fortinet.pm index 7d1fee494..e85a030b8 100644 --- a/roles/importer/files/importer/CACTUS/FWORCH/import/fortinet.pm +++ b/roles/importer/files/importer/CACTUS/FWORCH/import/fortinet.pm @@ -668,6 +668,19 @@ sub parse_config_base_objects { # ($debug_level, $mgm_name) } if (!defined($obj_ip_last)) { $obj_ip_last = ''; } if (!defined($obj_type)) { $obj_type = ''; } + if ($obj_type eq 'interface-subnet') + { + # interface-subnet is not CIDR conform, therefore we change the netmask to a single host + $obj_type = 'host'; + if ($v6flag==1) + { + $obj_netmask = '128'; + } + else + { + $obj_netmask = '255.255.255.255'; + } + } if (!defined($comment)) { $comment = ''; } if (!defined($obj_netmask)) { $obj_netmask = '255.255.255.255'; } if (!$v6flag) { $obj_netmask = &calc_subnetmask($obj_netmask); } @@ -689,7 +702,7 @@ sub parse_config_base_objects { # ($debug_level, $mgm_name) print_debug("found object uid $uuid", $debug, 4); next NEW_LINE; } - if ($line =~ /^\s+set\stype\s(\w+)$/ && $context eq 'firewall address single object') { + if ($line =~ /^\s+set\stype\s([\w\-]+)$/ && $context eq 'firewall address single object') { $obj_type = $1; if ($obj_type eq 'multicastrange' || $obj_type eq 'iprange') { $obj_type = 'ip_range'; } print_debug("found object type $obj_type", $debug, 4); diff --git a/roles/importer/files/importer/checkpointR8x/api-test-call.py b/roles/importer/files/importer/checkpointR8x/api-test-call.py deleted file mode 100755 index a9253a98c..000000000 --- a/roles/importer/files/importer/checkpointR8x/api-test-call.py +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/python3 -import logging, logging.config -import json, argparse -import sys -from common import importer_base_dir, set_ssl_verification -sys.path.append(importer_base_dir) -import getter - -logging.config.fileConfig(fname='discovery_logging.conf', disable_existing_loggers=False) - -logger = logging.getLogger(__name__) - -logger.info("START") -parser = argparse.ArgumentParser(description='Read configuration from Check Point R8x management via API calls') -parser.add_argument('-a', '--hostname', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password', metavar='api_password', required=True, help='password for management server') -parser.add_argument('-m', '--mode', metavar='mode', required=True, help='[domains|packages|layers|generic]') -parser.add_argument('-c', '--command', metavar='command', required=False, help='generic command to send to the api (needs -m generic). ' + - 'Please note that the command must be written as one word (e.g. show-access-layer instead of show acess-layers).') -parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') -parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') -parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Environment') -parser.add_argument('-s', '--ssl', metavar='ssl_verification_mode', default='', help='[ca]certfile, if value not set, ssl check is off"; default=empty/off') -parser.add_argument('-l', '--level', metavar='level_of_detail', default='standard', help='[standard|full]') -parser.add_argument('-i', '--limit', metavar='api_limit', default='150', help='The maximal number of returned results per HTTPS Connection; default=150') -parser.add_argument('-n', '--nolimit', metavar='nolimit', default='off', help='[on|off] Set to on if (generic) command does not understand limit switch') -parser.add_argument('-d', '--debug', metavar='debug_level', default='0', help='Debug Level: 0(off) 4(DEBUG Console) 41(DEBUG File); default=0') -parser.add_argument('-V', '--version', metavar='api_version', default='off', help='alternate API version [off|]; default=off') - -args = parser.parse_args() -if len(sys.argv)==1: - parser.print_help(sys.stderr) - sys.exit(1) - -domain = args.domain - -if args.mode == 'packages': - api_command='show-packages' - api_details_level="standard" -elif args.mode == 'domains' or args.mode == 'devices': - api_command='show-domains' - api_details_level="standard" - domain = '' -elif args.mode == 'layers': - api_command='show-access-layers' - api_details_level="standard" -elif args.mode == 'generic': - api_command=args.command - api_details_level=args.level -else: - sys.exit("\"" + args.mode +"\" - unknown mode") - -offset = 0 -use_object_dictionary = 'false' -base_url = 'https://' + args.hostname + ':' + args.port + '/web_api/' -ssl_verification = set_ssl_verification(args.ssl) -logger = logging.getLogger(__name__) - -xsid = getter.login(args.user, args.password, args.hostname, args.port, domain, ssl_verification) -api_versions = getter.cp_api_call(args.hostname, args.port, base_url, 'show-api-versions', {}, xsid, ssl_verification=ssl_verification) - -api_version = api_versions["current-version"] -api_supported = api_versions["supported-versions"] -v_url = getter.set_api_url(base_url,args.version,api_supported,args.hostname) -if args.version != 'off': - api_version = args.version -logger.debug ("using current version: "+ api_version ) -logger.debug ("supported versions: "+ ', '.join(api_supported) ) -logger.debug ("limit:"+ args.limit ) -logger.debug ("Domain:"+ args.domain ) -logger.debug ("login:"+ args.user ) -logger.debug ("sid:"+ xsid ) - -payload = { "details-level" : api_details_level } -if args.nolimit == 'off': - payload.update( { "limit" : args.limit, "offset" : offset } ) - -if args.mode == 'generic': # need to divide command string into command and payload (i.e. parameters) - cmd_parts = api_command.split(" ") - api_command = cmd_parts[0] - idx = 1 - if len(cmd_parts)>1: - payload.pop('limit') - payload.pop('offset') - while idx < len(cmd_parts): - payload.update({cmd_parts[idx]: cmd_parts[idx+1]}) - idx += 2 - -result = getter.cp_api_call(args.hostname, args.port, v_url, api_command, payload, xsid, ssl_verification=ssl_verification) - -if args.debug == "1" or args.debug == "3": - print ("\ndump of result:\n" + json.dumps(result, indent=4)) -if args.mode == 'packages': - print ("\nthe following packages exist on management server:") - for p in result['packages']: - print (" package: " + p['name']) - if "access-layers" in result: - print ("the following layers exist on management server:") - for p in result['packages']: - print (" package: " + p['name']) - for l in p['access-layers']: - print (" layer: " + l['name']) - -if args.mode == 'domains': - print ("\nthe following domains exist on management server:") - for d in result['objects']: - print (" domain: " + d['name'] + ", uid: " + d['uid']) -if args.mode == 'layers': - print ("\nthe following access-layers exist on management server:") - for l in result['access-layers']: - print (" access-layer: " + l['name'] + ", uid: " + l['uid'] ) -if args.mode == 'generic': - print (json.dumps(result, indent=3)) - -logout_result = getter.cp_api_call(args.hostname, args.port, v_url, 'logout', {}, xsid, ssl_verification=ssl_verification) diff --git a/roles/importer/files/importer/checkpointR8x/auto-discover.py b/roles/importer/files/importer/checkpointR8x/auto-discover.py deleted file mode 100755 index 6c2e043dd..000000000 --- a/roles/importer/files/importer/checkpointR8x/auto-discover.py +++ /dev/null @@ -1,198 +0,0 @@ -#!/usr/bin/python3 -import sys -# from .. common import importer_base_dir -sys.path.append('..') -import logging, logging.config -import getter -import json, argparse, sys -import fwo_log -logging.config.fileConfig(fname='discovery_logging.conf', disable_existing_loggers=False) - -logger = logging.getLogger(__name__) - -logger.info("START") -parser = argparse.ArgumentParser(description='Discover all devices, policies starting from a single server (MDS or stand-alone) from Check Point R8x management via API calls') -parser.add_argument('-a', '--hostname', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password_file', metavar='api_password_file', required=True, help='name of file containing the password for API of the management server') -parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') -parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') -parser.add_argument('-s', '--ssl', metavar='ssl_verification_mode', default='', help='[ca]certfile, if value not set, ssl check is off"; default=empty/off') -parser.add_argument('-d', '--debug', metavar='debug_level', default='0', help='Debug Level: 0(off) 4(DEBUG Console) 41(DEBUG File); default=0') -parser.add_argument('-V', '--version', metavar='api_version', default='off', help='alternate API version [off|]; default=off') -parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Environment') -parser.add_argument('-f', '--format', metavar='output_format', default='table', help='[json|table]]') - -args = parser.parse_args() -if len(sys.argv)==1: - parser.print_help(sys.stderr) - sys.exit(1) - -offset = 0 -use_object_dictionary = 'false' -base_url = 'https://' + args.hostname + ':' + args.port + '/web_api/' -ssl_verification = fwo_log.set_ssl_verification(args.ssl, debug_level=args.debug) - -with open(args.password_file, 'r') as file: - apiuser_pwd = file.read().replace('\n', '') - -xsid = getter.login(args.user, apiuser_pwd, args.hostname, args.port, args.domain, ssl_verification=ssl_verification, debug=args.debug) - -api_versions = getter.cp_api_call(base_url, 'show-api-versions', {}, xsid, ssl_verification=ssl_verification) -api_version = api_versions["current-version"] -api_supported = api_versions["supported-versions"] -v_url = getter.set_api_url(base_url,args.version,api_supported,args.hostname) - -v_url = 'https://' + args.hostname + ':' + args.port + '/web_api/' -if args.version != "off": - v_url += 'v' + args.version + '/' - -logger = logging.getLogger(__name__) - -xsid = getter.login(args.user, apiuser_pwd, args.hostname, args.port, '', ssl_verification=ssl_verification) - -if args.debug == "1" or args.debug == "3": - debug = True -else: - debug = False - -# todo: only show active devices (optionally with a switch) -domains = getter.cp_api_call (v_url, 'show-domains', {}, xsid, ssl_verification=ssl_verification) -gw_types = ['simple-gateway', 'simple-cluster', 'CpmiVsClusterNetobj', 'CpmiGatewayPlain', 'CpmiGatewayCluster', 'CpmiVsxClusterNetobj'] -parameters = { "details-level" : "full" } - -if domains['total']== 0: - logging.debug ("no domains found, adding dummy domain.") - domains['objects'].append ({ "name": "", "uid": "" }) - - # fetching gateways for non-MDS management: - obj = domains['objects'][0] - obj['gateways'] = getter.cp_api_call(v_url, 'show-gateways-and-servers', parameters, xsid, ssl_verification=ssl_verification) - - if 'objects' in obj['gateways']: - for gw in obj['gateways']['objects']: - if 'type' in gw and gw['type'] in gw_types and 'policy' in gw: - if 'access-policy-installed' in gw['policy'] and gw['policy']['access-policy-installed'] and "access-policy-name" in gw['policy']: - logging.debug ("standalone mgmt: found gateway " + gw['name'] + " with policy" + gw['policy']['access-policy-name']) - gw['package'] = getter.cp_api_call(v_url, - "show-package", - { "name" : gw['policy']['access-policy-name'], "details-level": "full" }, - xsid, ssl_verification) - else: - logging.warning ("Standalone WARNING: did not find any gateways in stand-alone management") - logout_result = getter.cp_api_call(v_url, 'logout', {}, xsid, ssl_verification=ssl_verification) - -else: # visit each domain and fetch layers - for obj in domains['objects']: - domain_name = obj['name'] - logging.debug ("MDS: searchig in domain " + domain_name) - xsid = getter.login(args.user, apiuser_pwd, args.hostname, args.port, domain_name, ssl_verification=ssl_verification) - obj['gateways'] = getter.cp_api_call(v_url, 'show-gateways-and-servers', parameters, xsid, ssl_verification) - if 'objects' in obj['gateways']: - for gw in obj['gateways']['objects']: - if 'type' in gw and gw['type'] in gw_types and 'policy' in gw: - if 'access-policy-installed' in gw['policy'] and gw['policy']['access-policy-installed'] and "access-policy-name" in gw['policy']: - api_call_str = "show-package name " + gw['policy']['access-policy-name'] + ", logged in to domain " + domain_name - logging.debug ("MDS: found gateway " + gw['name'] + " with policy: " + gw['policy']['access-policy-name']) - logging.debug ("api call: " + api_call_str) - try: - tmp_pkg_name = getter.cp_api_call(v_url, 'show-package', { "name" : gw['policy']['access-policy-name'], "details-level": "full" }, - xsid, ssl_verification=ssl_verification) - except: - tmp_pkg_name = "ERROR while trying to get package " + gw['policy']['access-policy-name'] - gw['package'] = tmp_pkg_name - else: - logging.warning ("Domain-WARNING: did not find any gateways in domain " + obj['name']) - logout_result = getter.cp_api_call(v_url, 'logout', {}, xsid, ssl_verification=ssl_verification) - -# now collect only relevant data and copy to new dict -domains_essential = [] -for obj in domains['objects']: - domain = { 'name': obj['name'], 'uid': obj['uid'] } - gateways = [] - domain['gateways'] = gateways - if 'objects' in obj['gateways']: - for gw in obj['gateways']['objects']: - if 'policy' in gw and 'access-policy-name' in gw['policy']: - gateway = { "name": gw['name'], "uid": gw['uid'], "access-policy-name": gw['policy']['access-policy-name'] } - layers = [] - if 'package' in gw: - if 'access-layers' in gw['package']: - found_domain_layer = False - for ly in gw['package']['access-layers']: - if 'firewall' in ly and ly['firewall']: - if 'parent-layer' in ly: - found_domain_layer = True - for ly in gw['package']['access-layers']: - if 'firewall' in ly and ly['firewall']: - if 'parent-layer' in ly: - layer = { "name": ly['name'], "uid": ly['uid'], "type": "domain-layer", "parent-layer": ly['parent-layer'] } - elif domains['total']==0: - layer = { "name": ly['name'], "uid": ly['uid'], "type": "local-layer" } - elif found_domain_layer: - layer = { "name": ly['name'], "uid": ly['uid'], "type": "global-layer" } - else: # in domain context, but no global layer exists - layer = { "name": ly['name'], "uid": ly['uid'], "type": "stand-alone-layer" } - layers.append(layer) - gateway['layers'] = layers - gateways.append(gateway) - domain['gateways'] = gateways - domains_essential.append(domain) -devices = {"domains": domains_essential } - - -##### output ######## -if args.format == 'json': - print (json.dumps(devices, indent=3)) - -elif args.format == 'table': - # compact print in FWO UI input format - colsize_number = 35 - colsize = "{:"+str(colsize_number)+"}" - table = "" - heading_list = ["Domain/Management", "Gateway", "Policy String"] - - # add table header: - for heading in heading_list: - table += colsize.format(heading) - table += "\n" - x = 0 - while x < len(heading_list) * colsize_number: - table += '-' - x += 1 - table += "\n" - - # print one gateway/policy per line - for dom in devices['domains']: - if 'gateways' in dom: - for gw in dom['gateways']: - table += colsize.format(dom["name"]) - table += colsize.format(gw['name']) - if 'layers' in gw: - found_domain_layer = False - layer_string = '' - for ly in gw['layers']: - if 'parent-layer' in ly: - found_domain_layer = True - for ly in gw['layers']: - if ly['type'] == 'stand-alone-layer' or ly['type'] == 'local-layer': - layer_string = ly["name"] - elif found_domain_layer and ly['type'] == 'domain-layer': - domain_layer = ly['name'] - elif found_domain_layer and ly['type'] == 'global-layer': - global_layer = ly['name'] - else: - logging.warning ("found unknown layer type") - if found_domain_layer: - layer_string = global_layer + '/' + domain_layer - table += colsize.format(layer_string) - table += "\n" - else: - table += colsize.format(dom["name"]) - table += "\n" # empty line between domains for readability - - print (table) - -else: - logging.error("You specified a wrong output format: " + args.format ) - parser.print_help(sys.stderr) - sys.exit(1) diff --git a/roles/importer/files/importer/checkpointR8x/cp_const.py b/roles/importer/files/importer/checkpointR8x/cp_const.py new file mode 100644 index 000000000..d3ef48ec8 --- /dev/null +++ b/roles/importer/files/importer/checkpointR8x/cp_const.py @@ -0,0 +1,35 @@ +details_level = "full" # 'standard' +use_object_dictionary = 'false' + +# the following is the static across all installations unique any obj uid +# cannot fetch the Any object via API (<=1.7) at the moment +# therefore we have a workaround adding the object manually (as svc and nw) +any_obj_uid = "97aeb369-9aea-11d5-bd16-0090272ccb30" +# todo: read this from config (from API 1.6 on it is fetched) + +original_obj_uid = "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c" +# used for nat only (both svc and nw obj) + + +nw_obj_table_names = [ + 'hosts', 'networks', 'groups', 'address-ranges', 'multicast-address-ranges', 'groups-with-exclusion', + 'gateways-and-servers', 'simple-gateways', + 'dns-domains', 'updatable-objects-repository-content', + 'interoperable-devices' +] + +# simple as in: no groups +simple_svc_obj_types = ['services-tcp', 'services-udp', 'services-dce-rpc', 'services-rpc', 'services-other', + 'services-icmp', 'services-icmp6', 'services-sctp', 'services-gtp'] +group_svc_obj_types = ['service-groups', 'application-site-categories', 'application-sites'] + +svc_obj_table_names = group_svc_obj_types + simple_svc_obj_types + [ 'CpmiAnyObject' ] +# usr_obj_table_names : do not exist yet - not fetchable via API + +api_obj_types = nw_obj_table_names + svc_obj_table_names # all obj table names to look at during import + +cp_specific_object_types = [ # used for fetching enrichment data via "get object" separately (no specific API call) + 'simple-gateway', 'simple-cluster', 'CpmiVsClusterNetobj', 'CpmiVsxClusterNetobj', 'CpmiVsxClusterMember', 'CpmiVsNetobj', + 'CpmiAnyObject', 'CpmiClusterMember', 'CpmiGatewayPlain', 'CpmiHostCkp', 'CpmiGatewayCluster', 'checkpoint-host', + 'cluster-member' +] diff --git a/roles/importer/files/importer/checkpointR8x/cp_enrich.py b/roles/importer/files/importer/checkpointR8x/cp_enrich.py new file mode 100644 index 000000000..13ac5cc3e --- /dev/null +++ b/roles/importer/files/importer/checkpointR8x/cp_enrich.py @@ -0,0 +1,168 @@ +import sys +from common import importer_base_dir +from fwo_log import getFwoLogger +sys.path.append(importer_base_dir + '/checkpointR8x') +import time +import cp_getter +import fwo_globals +import cp_const +import cp_network + + +################# enrich ####################### +def enrich_config (config, mgm_details, limit=150, details_level=cp_const.details_level, noapi=False, sid=None): + + logger = getFwoLogger() + base_url = 'https://' + mgm_details['hostname'] + ':' + str(mgm_details['port']) + '/web_api/' + nw_objs_from_obj_tables = [] + svc_objs_from_obj_tables = [] + starttime = int(time.time()) + + # do nothing for empty configs + if config == {}: + return 0 + + ################################################################################# + # get object data which is only contained as uid in config by making additional api calls + # get all object uids (together with type) from all rules in fields src, dst, svc + nw_uids_from_rulebase = [] + svc_uids_from_rulebase = [] + + for rulebase in config['rulebases'] + config['nat_rulebases']: + if fwo_globals.debug_level>5: + if 'layername' in rulebase: + logger.debug ( "Searching for all uids in rulebase: " + rulebase['layername'] ) + cp_getter.collect_uids_from_rulebase(rulebase, nw_uids_from_rulebase, svc_uids_from_rulebase, "top_level") + + # remove duplicates from uid lists + nw_uids_from_rulebase = list(set(nw_uids_from_rulebase)) + svc_uids_from_rulebase = list(set(svc_uids_from_rulebase)) + + # get all uids in objects tables + for obj_table in config['object_tables']: + nw_objs_from_obj_tables.extend(cp_getter.get_all_uids_of_a_type(obj_table, cp_const.nw_obj_table_names)) + svc_objs_from_obj_tables.extend(cp_getter.get_all_uids_of_a_type(obj_table, cp_const.svc_obj_table_names)) + + # identify all objects (by type) that are missing in objects tables but present in rulebase + missing_nw_object_uids = cp_getter.get_broken_object_uids(nw_objs_from_obj_tables, nw_uids_from_rulebase) + missing_svc_object_uids = cp_getter.get_broken_object_uids(svc_objs_from_obj_tables, svc_uids_from_rulebase) + + # adding the uid of the Original object for natting: + missing_nw_object_uids.append(cp_const.original_obj_uid) + missing_svc_object_uids.append(cp_const.original_obj_uid) + + if fwo_globals.debug_level>4: + logger.debug ( "found missing nw objects: '" + ",".join(missing_nw_object_uids) + "'" ) + logger.debug ( "found missing svc objects: '" + ",".join(missing_svc_object_uids) + "'" ) + + if noapi == False: + # if sid is None: + # TODO: why is the re-genereation of a new sid necessary here? + # if mgm_details['domainUid'] != None: + # api_domain = mgm_details['domainUid'] + # else: + # api_domain = mgm_details['configPath'] + + # sid = cp_getter.login(mgm_details['import_credential']['user'],mgm_details['import_credential']['secret'],mgm_details['hostname'],mgm_details['port'],api_domain) + # logger.debug ( "re-logged into api" ) + + # if an object is not there: + # make api call: show object details-level full uid "" and add object to respective json + for missing_obj in missing_nw_object_uids: + show_params_host = {'details-level':cp_const.details_level,'uid':missing_obj} + logger.debug ( "fetching obj with uid: " + missing_obj) + obj = cp_getter.cp_api_call(base_url, 'show-object', show_params_host, sid) + if 'object' in obj: + obj = obj['object'] + if (obj['type'] == 'CpmiAnyObject'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': 'any nw object checkpoint (hard coded)', + 'type': 'network', 'ipv4-address': '0.0.0.0/0', + } ] } ] } + config['object_tables'].append(json_obj) + elif (obj['type'] == 'simple-gateway' or obj['type'] == 'CpmiGatewayPlain' or obj['type'] == 'interop'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'host', 'ipv4-address': cp_network.get_ip_of_obj(obj), + } ] } ] } + config['object_tables'].append(json_obj) + elif obj['type'] == 'multicast-address-range': + logger.debug("found multicast-address-range: " + obj['name'] + " (uid:" + obj['uid']+ ")") + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'host', 'ipv4-address': cp_network.get_ip_of_obj(obj), + } ] } ] } + config['object_tables'].append(json_obj) + elif (obj['type'] == 'CpmiVsClusterMember' or obj['type'] == 'CpmiVsxClusterMember'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'host', 'ipv4-address': cp_network.get_ip_of_obj(obj), + } ] } ] } + config['object_tables'].append(json_obj) + logger.debug ('missing obj: ' + obj['name'] + obj['type']) + elif (obj['type'] == 'Global'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'host', 'ipv4-address': '0.0.0.0/0', + } ] } ] } + config['object_tables'].append(json_obj) + logger.debug ('missing obj: ' + obj['name'] + obj['type']) + elif (obj['type'] == 'updatable-object'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'group' #, 'ipv4-address': '0.0.0.0/0', + } ] } ] } + config['object_tables'].append(json_obj) + logger.debug ('missing obj: ' + obj['name'] + obj['type']) + elif (obj['type'] == 'Internet'): + json_obj = {"object_type": "hosts", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': obj['comments'], 'type': 'network', 'ipv4-address': '0.0.0.0/0', + } ] } ] } + config['object_tables'].append(json_obj) + elif (obj['type'] == 'access-role'): + pass # ignorning user objects + else: + logger.warning ( "missing nw obj of unexpected type '" + obj['type'] + "': " + missing_obj ) + logger.debug ( "missing nw obj: " + missing_obj + " added" ) + else: + logger.warning("could not get the missing object with uid=" + missing_obj + " from CP API") + + for missing_obj in missing_svc_object_uids: + show_params_host = {'details-level':cp_const.details_level,'uid':missing_obj} + obj = cp_getter.cp_api_call(base_url, 'show-object', show_params_host, sid) + if 'object' in obj: + obj = obj['object'] + if (obj['type'] == 'CpmiAnyObject'): + json_obj = {"object_type": "services-other", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': 'any svc object checkpoint (hard coded)', + 'type': 'service-other', 'ip-protocol': '0' + } ] } ] } + config['object_tables'].append(json_obj) + elif (obj['type'] == 'Global'): + json_obj = {"object_type": "services-other", "object_chunks": [ { + "objects": [ { + 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], + 'comments': 'Original svc object checkpoint (hard coded)', + 'type': 'service-other', 'ip-protocol': '0' + } ] } ] } + config['object_tables'].append(json_obj) + else: + logger.warning ( "missing svc obj (uid=" + missing_obj + ") of unexpected type \"" + obj['type'] +"\"" ) + logger.debug ( "missing svc obj: " + missing_obj + " added") + + # logout_result = cp_getter.cp_api_call(base_url, 'logout', {}, sid) + + logger.debug ( "checkpointR8x/enrich_config - duration: " + str(int(time.time()) - starttime) + "s" ) + + return 0 diff --git a/roles/importer/files/importer/checkpointR8x/getter.py b/roles/importer/files/importer/checkpointR8x/cp_getter.py similarity index 82% rename from roles/importer/files/importer/checkpointR8x/getter.py rename to roles/importer/files/importer/checkpointR8x/cp_getter.py index 4f1bdb30e..90bdc188e 100644 --- a/roles/importer/files/importer/checkpointR8x/getter.py +++ b/roles/importer/files/importer/checkpointR8x/cp_getter.py @@ -1,6 +1,5 @@ # library for API get functions from asyncio.log import logger -from distutils.log import debug import json import re import requests, requests.packages @@ -10,16 +9,6 @@ import fwo_globals -# all obj table names to look at: -api_obj_types = [ - 'hosts', 'networks', 'groups', 'address-ranges', 'multicast-address-ranges', 'groups-with-exclusion', 'gateways-and-servers', - 'security-zones', 'dynamic-objects', 'dns-domains', # 'trusted-clients', - 'services-tcp', 'services-udp', 'services-sctp', 'services-other', 'service-groups', 'services-dce-rpc', 'services-rpc', 'services-icmp', 'services-icmp6' ] - -svc_obj_table_names = ['services-tcp', 'services-udp', 'service-groups', 'services-dce-rpc', 'services-rpc', 'services-other', 'services-icmp', 'services-icmp6'] -# usr_obj_table_names : do not exist yet - not fetchable via API - - def cp_api_call(url, command, json_payload, sid, show_progress=False): url += command request_headers = {'Content-Type' : 'application/json'} @@ -203,7 +192,10 @@ def collect_uids_from_rulebase(rulebase, nw_uids_found, svc_uids_found, debug_te chunk_name = 'nat_rule_chunks' else: for rule in rulebase: - collect_uids_from_rule(rule, nw_uids_found, svc_uids_found) + if 'rulebase' in rule: + collect_uids_from_rulebase(rule['rulebase'], nw_uids_found, svc_uids_found, debug_text + '.') + else: + collect_uids_from_rule(rule, nw_uids_found, svc_uids_found) return for layer_chunk in rulebase[chunk_name]: if 'rulebase' in layer_chunk: @@ -228,8 +220,15 @@ def get_all_uids_of_a_type(object_table, obj_table_names): if object_table['object_type'] in obj_table_names: for chunk in object_table['object_chunks']: - for obj in chunk['objects']: - all_uids.append(obj['uid']) # add non-group (simple) refs + if 'objects' in chunk: + for obj in chunk['objects']: + if 'uid' in obj: + all_uids.append(obj['uid']) # add non-group (simple) refs + elif 'uid-in-updatable-objects-repository' in obj: + all_uids.append(obj['uid-in-updatable-objects-repository']) # add updatable obj uid + else: + logger.warning ("found nw obj without UID: " + str(obj)) + all_uids = list(set(all_uids)) # remove duplicates return all_uids @@ -242,37 +241,21 @@ def get_broken_object_uids(all_uids_from_obj_tables, all_uids_from_rules): return list(set(broken_uids)) -def get_inline_layer_names_from_rulebase(rulebase, inline_layers): - logger = getFwoLogger() - if 'layerchunks' in rulebase: - for chunk in rulebase['layerchunks']: - if 'rulebase' in chunk: - for rules_chunk in chunk['rulebase']: - get_inline_layer_names_from_rulebase(rules_chunk, inline_layers) - else: - if 'rulebase' in rulebase: - # add section header, but only if it does not exist yet (can happen by chunking a section) - for rule in rulebase['rulebase']: - if 'inline-layer' in rule: - inline_layers.append(rule['inline-layer']['name']) - if 'name' in rule and rule['name'] == "Placeholder for domain rules": - logger.debug ("getter - found domain rules reference with uid " + rule["uid"]) - - if 'rule-number' in rulebase: # not a rulebase but a single rule - if 'inline-layer' in rulebase: - inline_layers.append(rulebase['inline-layer']['name']) - # get_inline_layer_names_from_rulebase(rulebase, inline_layers) - - -def get_layer_from_api_as_dict (api_host, api_port, api_v_url, sid, show_params_rules, layername): +def get_layer_from_api_as_dict (api_v_url, sid, show_params_rules, layername, access_type='access', collection_type='rulebase'): + # access_type: access / nat + # collection_type: rulebase / layer logger = getFwoLogger() current_layer_json = { "layername": layername, "layerchunks": [] } current=0 total=current+1 while (current6: - logger.debug ( "get_layer_from_api_as_dict current offset: "+ str(current) ) + + ################################################################################# + # adding inline and domain layers (if they exist) + add_inline_layers (current_layer_json, api_v_url, sid, show_params_rules) + return current_layer_json -def get_nat_rules_from_api_as_dict (api_host, api_port, api_v_url, sid, show_params_rules): +def add_inline_layers (rulebase, api_v_url, sid, show_params_rules, access_type='access', collection_type='layer'): + + if 'layerchunks' in rulebase: + for chunk in rulebase['layerchunks']: + if 'rulebase' in chunk: + for rules_chunk in chunk['rulebase']: + add_inline_layers(rules_chunk, api_v_url, sid, show_params_rules) + else: + if 'rulebase' in rulebase: + rulebase_idx = 0 + for rule in rulebase['rulebase']: + if 'inline-layer' in rule: + inline_layer_name = rule['inline-layer']['name'] + if fwo_globals.debug_level>5: + logger.debug ( "found inline layer " + inline_layer_name ) + inline_layer = get_layer_from_api_as_dict (api_v_url, sid, show_params_rules, inline_layer_name, access_type=access_type, collection_type=collection_type) + rulebase['rulebase'][rulebase_idx+1:rulebase_idx+1] = inline_layer['layerchunks'] #### insert inline layer here + rulebase_idx += len(inline_layer['layerchunks']) + + if 'name' in rule and rule['name'] == "Placeholder for domain rules": + logger.debug ("getter - found domain rules reference with uid " + rule["uid"]) + rulebase_idx += 1 + + +def get_nat_rules_from_api_as_dict (api_v_url, sid, show_params_rules): logger = getFwoLogger() nat_rules = { "nat_rule_chunks": [] } current=0 diff --git a/roles/importer/files/importer/checkpointR8x/cp_network.py b/roles/importer/files/importer/checkpointR8x/cp_network.py new file mode 100644 index 000000000..989dea3ed --- /dev/null +++ b/roles/importer/files/importer/checkpointR8x/cp_network.py @@ -0,0 +1,167 @@ +from fwo_log import getFwoLogger +import json +import cp_const +from fwo_const import list_delimiter +import fwo_alert, fwo_api +import ipaddress + + +def normalize_network_objects(full_config, config2import, import_id, mgm_id=0, debug_level=0): + nw_objects = [] + logger = getFwoLogger() + + for obj_table in full_config['object_tables']: + collect_nw_objects(obj_table, nw_objects, + debug_level=debug_level, mgm_id=mgm_id) + for nw_obj in nw_objects: + nw_obj.update({'control_id': import_id}) + if nw_obj['obj_typ'] == 'interoperable-device': + nw_obj.update({'obj_typ': 'external-gateway'}) + # set a dummy IP address for objects without IP addreses + if nw_obj['obj_typ']!='group' and (nw_obj['obj_ip'] is None or nw_obj['obj_ip'] == ''): + logger.warning("found object without IP :" + nw_obj['obj_name'] + " (type=" + nw_obj['obj_typ'] + ") - setting dummy IP") + nw_obj.update({'obj_ip': '0.0.0.0/32'}) + + for idx in range(0, len(nw_objects)-1): + if nw_objects[idx]['obj_typ'] == 'group': + add_member_names_for_nw_group(idx, nw_objects) + + config2import.update({'network_objects': nw_objects}) + + +# collect_nw_objects from object tables and write them into global nw_objects dict +def collect_nw_objects(object_table, nw_objects, debug_level=0, mgm_id=0): + logger = getFwoLogger() + + if object_table['object_type'] in cp_const.nw_obj_table_names: + for chunk in object_table['object_chunks']: + if 'objects' in chunk: + for obj in chunk['objects']: + ip_addr = '' + member_refs = None + member_names = None + if 'members' in obj: + member_refs = '' + member_names = '' + for member in obj['members']: + member_refs += member + list_delimiter + member_refs = member_refs[:-1] + if obj['members'] == '': + obj['members'] = None + + ip_addr = get_ip_of_obj(obj, mgm_id=mgm_id) + first_ip = ip_addr + last_ip = None + obj_type = 'undef' + if 'type' in obj: + obj_type = obj['type'] + elif 'uid-in-updatable-objects-repository' in obj: + obj_type = 'group' + obj['name'] = obj['name-in-updatable-objects-repository'] + obj['uid'] = obj['uid-in-updatable-objects-repository'] + obj['color'] = 'black' + if obj_type == 'dns-domain': + first_ip = None + last_ip = None + obj_type = 'group' + + if obj_type == 'group-with-exclusion': + first_ip = None + last_ip = None + obj_type = 'group' + # TODO: handle exclusion groups correctly + + if obj_type == 'group': + first_ip = None + last_ip = None + + if obj_type == 'address-range' or obj_type == 'multicast-address-range': + obj_type = 'ip_range' + if debug_level > 5: + logger.debug( + "parse_network::collect_nw_objects - found range object '" + obj['name'] + "' with ip: " + ip_addr) + if '-' in str(ip_addr): + first_ip, last_ip = str(ip_addr).split('-') + else: + logger.warning("parse_network::collect_nw_objects - found range object '" + + obj['name'] + "' without hyphen: " + ip_addr) + elif obj_type in cp_const.cp_specific_object_types: + if debug_level > 5: + logger.debug("parse_network::collect_nw_objects - rewriting non-standard cp-host-type '" + + obj['name'] + "' with object type '" + obj_type + "' to host") + logger.debug("obj_dump:" + json.dumps(obj, indent=3)) + obj_type = 'host' + # adding the object: + if not 'comments' in obj or obj['comments'] == '': + obj['comments'] = None + nw_objects.extend([{'obj_uid': obj['uid'], 'obj_name': obj['name'], 'obj_color': obj['color'], + 'obj_comment': obj['comments'], + 'obj_typ': obj_type, 'obj_ip': first_ip, 'obj_ip_end': last_ip, + 'obj_member_refs': member_refs, 'obj_member_names': member_names}]) + + +# for members of groups, the name of the member obj needs to be fetched separately (starting from API v1.?) +def resolve_nw_uid_to_name(uid, nw_objects): + # return name of nw_objects element where obj_uid = uid + for obj in nw_objects: + if obj['obj_uid'] == uid: + return obj['obj_name'] + return 'ERROR: uid "' + uid + '" not found' + + +def add_member_names_for_nw_group(idx, nw_objects): + group = nw_objects.pop(idx) + if group['obj_member_refs'] == '' or group['obj_member_refs'] == None: + #member_names = None + #obj_member_refs = None + group['obj_member_names'] = None + group['obj_member_refs'] = None + else: + member_names = '' + obj_member_refs = group['obj_member_refs'].split(list_delimiter) + for ref in obj_member_refs: + member_name = resolve_nw_uid_to_name(ref, nw_objects) + member_names += member_name + list_delimiter + group['obj_member_names'] = member_names[:-1] + nw_objects.insert(idx, group) + + +def validate_ip_address(address): + try: + # ipaddress.ip_address(address) + ipaddress.ip_network(address) + return True + # print("IP address {} is valid. The object returned is {}".format(address, ip)) + except ValueError: + return False + # print("IP address {} is not valid".format(address)) + + +def get_ip_of_obj(obj, mgm_id=None): + if 'ipv4-address' in obj: + ip_addr = obj['ipv4-address'] + elif 'ipv6-address' in obj: + ip_addr = obj['ipv6-address'] + elif 'subnet4' in obj: + ip_addr = obj['subnet4'] + '/' + str(obj['mask-length4']) + elif 'subnet6' in obj: + ip_addr = obj['subnet6'] + '/' + str(obj['mask-length6']) + elif 'ipv4-address-first' in obj and 'ipv4-address-last' in obj: + ip_addr = obj['ipv4-address-first'] + '-' + str(obj['ipv4-address-last']) + elif 'ipv6-address-first' in obj and 'ipv6-address-last' in obj: + ip_addr = obj['ipv6-address-first'] + '-' + str(obj['ipv6-address-last']) + else: + ip_addr = None + + ## fix malformed ip addresses (should not regularly occur and constitutes a data issue in CP database) + if ip_addr is None or ('type' in obj and (obj['type'] == 'address-range' or obj['type'] == 'multicast-address-range')): + pass # ignore None and ranges here + elif not validate_ip_address(ip_addr): + alerter = fwo_alert.getFwoAlerter() + alert_description = "object is not a valid ip address (" + str(ip_addr) + ")" + fwo_api.create_data_issue(alerter['fwo_api_base_url'], alerter['jwt'], severity=2, obj_name=obj['name'], object_type=obj['type'], description=alert_description, mgm_id=mgm_id) + alert_description = "object '" + obj['name'] + "' (type=" + obj['type'] + ") is not a valid ip address (" + str(ip_addr) + ")" + fwo_api.setAlert(alerter['fwo_api_base_url'], alerter['jwt'], title="import error", severity=2, role='importer', \ + description=alert_description, source='import', alertCode=17, mgm_id=mgm_id) + ip_addr = '0.0.0.0/32' # setting syntactically correct dummy ip + return ip_addr diff --git a/roles/importer/files/importer/checkpointR8x/parse_rule.py b/roles/importer/files/importer/checkpointR8x/cp_rule.py similarity index 64% rename from roles/importer/files/importer/checkpointR8x/parse_rule.py rename to roles/importer/files/importer/checkpointR8x/cp_rule.py index 92a5f5a2f..13f252b37 100644 --- a/roles/importer/files/importer/checkpointR8x/parse_rule.py +++ b/roles/importer/files/importer/checkpointR8x/cp_rule.py @@ -1,60 +1,52 @@ from asyncio.log import logger from fwo_log import getFwoLogger import json -import cpcommon +import cp_const import fwo_const -from fwo_const import list_delimiter +import fwo_globals +from fwo_const import list_delimiter, default_section_header_text from fwo_base import sanitize from fwo_exception import ImportRecursionLimitReached +uid_to_name_map = {} -def add_section_header_rule_in_json(rulebase, section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): - section_header_uids.append(sanitize(rule_uid)) - rule = { - "control_id": int(import_id), - "rule_num": int(rule_num), - "rulebase_name": sanitize(layer_name), - # rule_ruleid - "rule_disabled": False, - "rule_src_neg": False, - "rule_src": "Any", - "rule_src_refs": sanitize(cpcommon.any_obj_uid), - "rule_dst_neg": False, - "rule_dst": "Any", - "rule_dst_refs": sanitize(cpcommon.any_obj_uid), - "rule_svc_neg": False, - "rule_svc": "Any", - "rule_svc_refs": sanitize(cpcommon.any_obj_uid), - "rule_action": "Accept", - "rule_track": "Log", - "rule_installon": "Policy Targets", - "rule_time": "Any", - "rule_implied": False, - # "rule_comment": None, - # rule_name - "rule_uid": sanitize(rule_uid), - "rule_head_text": sanitize(section_name), - # rule_from_zone - # rule_to_zone - # rule_last_change_admin - "parent_rule_uid": sanitize(parent_uid) - } - rulebase.append(rule) - - -def add_domain_rule_header_rule_in_json(rulebase, section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): - add_section_header_rule_in_json(rulebase, section_name, layer_name, - import_id, rule_uid, rule_num, section_header_uids, parent_uid) +def normalize_rulebases_top_level (full_config, current_import_id, config2import): + logger = getFwoLogger() + target_rulebase = [] + rule_num = 0 + parent_uid="" + section_header_uids=[] -def resolve_uid_to_name(nw, config2import): + # fill uid_to_name_map: for nw_obj in config2import['network_objects']: - if nw_obj['obj_uid']==nw: - return nw_obj['obj_name'] - return nw + uid_to_name_map[nw_obj['obj_uid']] = nw_obj['obj_name'] + + rb_range = range(len(full_config['rulebases'])) + for rb_id in rb_range: + # if current_layer_name == args.rulebase: + if fwo_globals.debug_level>3: + logger.debug("parsing layer " + full_config['rulebases'][rb_id]['layername']) + + # parse access rules + rule_num = parse_rulebase( + full_config['rulebases'][rb_id], target_rulebase, full_config['rulebases'][rb_id]['layername'], + current_import_id, rule_num, section_header_uids, parent_uid, config2import) + # now parse the nat rulebase + + # parse nat rules + if len(full_config['nat_rulebases'])>0: + if len(full_config['nat_rulebases']) != len(rb_range): + logger.warning('get_config - found ' + str(len(full_config['nat_rulebases'])) + + ' nat rulebases and ' + str(len(rb_range)) + ' access rulebases') + else: + rule_num = parse_nat_rulebase( + full_config['nat_rulebases'][rb_id], target_rulebase, full_config['rulebases'][rb_id]['layername'], + current_import_id, rule_num, section_header_uids, parent_uid, config2import) + return target_rulebase -def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_num, parent_uid, config2import, debug_level=0): +def parse_single_rule(src_rule, rulebase, layer_name, import_id, rule_num, parent_uid, config2import, debug_level=0): logger = getFwoLogger() # reference to domain rule layer, filling up basic fields if 'type' in src_rule and src_rule['type'] != 'place-holder': @@ -75,8 +67,11 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu src['networks'] + list_delimiter else: # more than one source for nw in src['networks']: - nw_resolved = resolve_uid_to_name(nw, config2import) - rule_src_name += src["name"] + '@' + nw_resolved + list_delimiter + nw_resolved = resolve_uid_to_name(nw) + if nw_resolved == "": + rule_src_name += src["name"] + list_delimiter + else: + rule_src_name += src["name"] + '@' + nw_resolved + list_delimiter else: # standard network objects as source rule_src_name += src["name"] + list_delimiter else: @@ -96,7 +91,7 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu if isinstance(src['networks'], str): # just a single source if src['networks'] == 'any': rule_src_ref += src['uid'] + '@' + \ - cpcommon.any_obj_uid + list_delimiter + cp_const.any_obj_uid + list_delimiter else: rule_src_ref += src['uid'] + '@' + \ src['networks'] + list_delimiter @@ -148,7 +143,7 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu if isinstance(dst['networks'], str): # just a single destination if dst['networks'] == 'any': rule_dst_ref += dst['uid'] + '@' + \ - cpcommon.any_obj_uid + list_delimiter + cp_const.any_obj_uid + list_delimiter else: rule_dst_ref += dst['uid'] + '@' + \ dst['networks'] + list_delimiter @@ -181,6 +176,11 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu else: rule_name = None + # new in v8.0.3: + rule_custom_fields = None + if 'custom-fields' in src_rule: + rule_custom_fields = src_rule['custom-fields'] + if 'meta-info' in src_rule and 'last-modifier' in src_rule['meta-info']: rule_last_change_admin = src_rule['meta-info']['last-modifier'] else: @@ -210,6 +210,11 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu else: comments = None + if 'hits' in src_rule and 'last-date' in src_rule['hits'] and 'iso-8601' in src_rule['hits']['last-date']: + last_hit = src_rule['hits']['last-date']['iso-8601'] + else: + last_hit = None + rule = { "control_id": int(import_id), "rule_num": int(rule_num), @@ -229,79 +234,140 @@ def parse_single_rule_to_json(src_rule, rulebase, layer_name, import_id, rule_nu "rule_track": sanitize(src_rule['track']['type']['name']), "rule_installon": sanitize(src_rule['install-on'][0]['name']), "rule_time": sanitize(src_rule['time'][0]['name']), - "rule_comment": sanitize(comments), "rule_name": sanitize(rule_name), "rule_uid": sanitize(src_rule['uid']), + "rule_custom_fields": sanitize(rule_custom_fields), "rule_implied": False, "rule_type": sanitize(rule_type), # "rule_head_text": sanitize(section_name), # rule_from_zone # rule_to_zone "rule_last_change_admin": sanitize(rule_last_change_admin), - "parent_rule_uid": sanitize(parent_rule_uid) + "parent_rule_uid": sanitize(parent_rule_uid), + "last_hit": sanitize(last_hit) } + if comments is not None: + rule['rule_comment'] = sanitize(comments) rulebase.append(rule) + return rule_num + 1 + return rule_num -def parse_rulebase_json(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=0, recursion_level=1): - if (recursion_level > fwo_const.max_recursion_level): - raise ImportRecursionLimitReached( - "parse_rulebase_json") from None +def resolve_uid_to_name(nw_obj_uid): + if nw_obj_uid in uid_to_name_map: + return uid_to_name_map[nw_obj_uid] + else: + logger = getFwoLogger() + logger.warning("could not resolve network object with uid " + nw_obj_uid) + return "" + + +def insert_section_header_rule(rulebase, section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): + section_header_uids.append(sanitize(rule_uid)) + rule = { + "control_id": int(import_id), + "rule_num": int(rule_num), + "rulebase_name": sanitize(layer_name), + # rule_ruleid + "rule_disabled": False, + "rule_src_neg": False, + "rule_src": "Any", + "rule_src_refs": sanitize(cp_const.any_obj_uid), + "rule_dst_neg": False, + "rule_dst": "Any", + "rule_dst_refs": sanitize(cp_const.any_obj_uid), + "rule_svc_neg": False, + "rule_svc": "Any", + "rule_svc_refs": sanitize(cp_const.any_obj_uid), + "rule_action": "Accept", + "rule_track": "Log", + "rule_installon": "Policy Targets", + "rule_time": "Any", + "rule_implied": False, + # "rule_comment": None, + # rule_name + "rule_uid": sanitize(rule_uid), + "rule_head_text": sanitize(section_name), + # rule_from_zone + # rule_to_zone + # rule_last_change_admin + "parent_rule_uid": sanitize(parent_uid) + } + rulebase.append(rule) + return rule_num + 1 + + +def add_domain_rule_header_rule(rulebase, section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): + return insert_section_header_rule(rulebase, section_name, layer_name, + import_id, rule_uid, rule_num, section_header_uids, parent_uid) + + +def check_and_add_section_header(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=0, recursion_level=1): + # if current rulebase starts a new section, add section header, but only if it does not exist yet (can happen by chunking a section) + if 'type' in src_rulebase and src_rulebase['type'] == 'access-section' and 'uid' in src_rulebase: # and not src_rulebase['uid'] in section_header_uids: + section_name = default_section_header_text + if 'name' in src_rulebase: + section_name = src_rulebase['name'] + if 'parent_rule_uid' in src_rulebase: + parent_uid = src_rulebase['parent_rule_uid'] + else: + parent_uid = "" + rule_num = insert_section_header_rule(target_rulebase, section_name, layer_name, import_id, src_rulebase['uid'], rule_num, section_header_uids, parent_uid) + parent_uid = src_rulebase['uid'] + return rule_num + +def parse_rulebase(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, + debug_level=0, recursion_level=1, layer_disabled=False): logger = getFwoLogger() - if 'layerchunks' in src_rulebase: + if (recursion_level > fwo_const.max_recursion_level): + raise ImportRecursionLimitReached("parse_rulebase") from None + + # parse chunks + if 'layerchunks' in src_rulebase: # found chunks of layers which need to be parsed separately for chunk in src_rulebase['layerchunks']: if 'rulebase' in chunk: for rules_chunk in chunk['rulebase']: - rule_num = parse_rulebase_json(rules_chunk, target_rulebase, layer_name, import_id, rule_num, - section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) + rule_num = parse_rulebase(rules_chunk, target_rulebase, layer_name, import_id, rule_num, + section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) else: - logger.warning("found no rulebase in chunk:\n" + - json.dumps(chunk, indent=2)) - else: - if 'rulebase' in src_rulebase: - # add section header, but only if it does not exist yet (can happen by chunking a section) - if src_rulebase['type'] == 'access-section' and not src_rulebase['uid'] in section_header_uids: - section_name = "" - if 'name' in src_rulebase: - section_name = src_rulebase['name'] - if 'parent_rule_uid' in src_rulebase: - parent_uid = src_rulebase['parent_rule_uid'] - else: - parent_uid = "" - add_section_header_rule_in_json(target_rulebase, section_name, layer_name, - import_id, src_rulebase['uid'], rule_num, section_header_uids, parent_uid) - rule_num += 1 - parent_uid = src_rulebase['uid'] - for rule in src_rulebase['rulebase']: + rule_num = parse_rulebase(chunk, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) + + check_and_add_section_header(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) + + # parse layered rulebase + if 'rulebase' in src_rulebase: + # layer_disabled = not src_rulebase['enabled'] + for rule in src_rulebase['rulebase']: + if 'type' in rule: if rule['type'] == 'place-holder': # add domain rules section_name = "" if 'name' in src_rulebase: section_name = rule['name'] - add_domain_rule_header_rule_in_json( + rule_num = add_domain_rule_header_rule( target_rulebase, section_name, layer_name, import_id, rule['uid'], rule_num, section_header_uids, parent_uid) else: # parse standard sections - parse_single_rule_to_json( + rule_num = parse_single_rule( rule, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import, debug_level=debug_level) - rule_num += 1 - - if src_rulebase['type'] == 'place-holder': # add domain rules - logger.debug('found domain rule ref: ' + src_rulebase['uid']) - section_name = "" - if 'name' in src_rulebase: - section_name = src_rulebase['name'] - add_domain_rule_header_rule_in_json( - target_rulebase, section_name, layer_name, import_id, src_rulebase['uid'], rule_num, section_header_uids, parent_uid) - rule_num += 1 - if 'rule-number' in src_rulebase: # rulebase is just a single rule - parse_single_rule_to_json( - src_rulebase, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) - rule_num += 1 + if 'rulebase' in rule: # alsways check if a rule contains another layer + rule_num = parse_rulebase(rule, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) + + if 'type' in src_rulebase and src_rulebase['type'] == 'place-holder': # add domain rules + logger.debug('found domain rule ref: ' + src_rulebase['uid']) + section_name = "" + if 'name' in src_rulebase: + section_name = src_rulebase['name'] + rule_num = add_domain_rule_header_rule( + target_rulebase, section_name, layer_name, import_id, src_rulebase['uid'], rule_num, section_header_uids, parent_uid) + + if 'rule-number' in src_rulebase: # rulebase is just a single rule + rule_num = parse_single_rule(src_rulebase, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) + return rule_num -def parse_nat_rulebase_json(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=0, recursion_level=1): +def parse_nat_rulebase(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=0, recursion_level=1): if (recursion_level > fwo_const.max_recursion_level): raise ImportRecursionLimitReached( @@ -312,39 +378,29 @@ def parse_nat_rulebase_json(src_rulebase, target_rulebase, layer_name, import_id for chunk in src_rulebase['nat_rule_chunks']: if 'rulebase' in chunk: for rules_chunk in chunk['rulebase']: - rule_num = parse_nat_rulebase_json(rules_chunk, target_rulebase, layer_name, import_id, rule_num, + rule_num = parse_nat_rulebase(rules_chunk, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) else: logger.warning( "parse_rule: found no rulebase in chunk:\n" + json.dumps(chunk, indent=2)) else: if 'rulebase' in src_rulebase: - # add section header, but only if it does not exist yet (can happen by chunking a section) - if src_rulebase['type'] == 'access-section' and not src_rulebase['uid'] in section_header_uids: - section_name = "" - if 'name' in src_rulebase: - section_name = src_rulebase['name'] - parent_uid = "" - add_section_header_rule_in_json(target_rulebase, section_name, layer_name, - import_id, src_rulebase['uid'], rule_num, section_header_uids, parent_uid) - rule_num += 1 - parent_uid = src_rulebase['uid'] + check_and_add_section_header(src_rulebase, target_rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, config2import, debug_level=debug_level, recursion_level=recursion_level+1) + for rule in src_rulebase['rulebase']: (rule_match, rule_xlate) = parse_nat_rule_transform(rule, rule_num) - parse_single_rule_to_json( + rule_num = parse_single_rule( rule_match, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) - parse_single_rule_to_json( + parse_single_rule( # do not increase rule_num here rule_xlate, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) - rule_num += 1 - if 'rule-number' in src_rulebase: # rulebase is just a single rule + if 'rule-number' in src_rulebase: # rulebase is just a single rule (xlate rules do not count) (rule_match, rule_xlate) = parse_nat_rule_transform( src_rulebase, rule_num) - parse_single_rule_to_json( + rule_num = parse_single_rule( rule_match, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) - parse_single_rule_to_json( + parse_single_rule( # do not increase rule_num here (xlate rules do not count) rule_xlate, target_rulebase, layer_name, import_id, rule_num, parent_uid, config2import) - rule_num += 1 return rule_num @@ -386,3 +442,4 @@ def parse_nat_rule_transform(xlate_rule_in, rule_num): 'rule_type': 'xlate' } return (rule_match, rule_xlate) + diff --git a/roles/importer/files/importer/checkpointR8x/cp_service.py b/roles/importer/files/importer/checkpointR8x/cp_service.py new file mode 100644 index 000000000..294ac93be --- /dev/null +++ b/roles/importer/files/importer/checkpointR8x/cp_service.py @@ -0,0 +1,133 @@ +import re +import cp_const +from fwo_const import list_delimiter + + +# collect_svcobjects writes svc info into global users dict +def collect_svc_objects(object_table, svc_objects): + proto_map = { + 'service-tcp': 6, + 'service-udp': 17, + 'service-icmp': 1 + } + + if object_table['object_type'] in cp_const.svc_obj_table_names: + session_timeout = '' + typ = 'undef' + if object_table['object_type'] in cp_const.group_svc_obj_types: + typ = 'group' + if object_table['object_type'] in cp_const.simple_svc_obj_types: + typ = 'simple' + for chunk in object_table['object_chunks']: + if 'objects' in chunk: + for obj in chunk['objects']: + if 'type' in obj and obj['type'] in proto_map: + proto = proto_map[obj['type']] + elif 'ip-protocol' in obj: + proto = obj['ip-protocol'] + else: + proto = 0 + member_refs = '' + port = '' + port_end = '' + rpc_nr = None + member_refs = None + if 'members' in obj: + member_refs = '' + for member in obj['members']: + member_refs += member + list_delimiter + member_refs = member_refs[:-1] + if 'session-timeout' in obj: + session_timeout = str(obj['session-timeout']) + else: + session_timeout = None + if 'interface-uuid' in obj: + rpc_nr = obj['interface-uuid'] + if 'program-number' in obj: + rpc_nr = obj['program-number'] + if 'port' in obj: + port = str(obj['port']) + port_end = port + pattern = re.compile('^\>(\d+)$') + match = pattern.match(port) + if match: + port = str(int(match.group()[1:]) + 1) + port_end = str(65535) + else: + pattern = re.compile('^\<(\d+)$') + match = pattern.match(port) + if match: + port = str(1) + port_end = str(int(match.group()[1:]) - 1) + else: + pattern = re.compile('^(\d+)\-(\d+)$') + match = pattern.match(port) + if match: + port, port_end = match.group().split('-') + else: # standard port without "<>-" + pattern = re.compile('^(\d+)$') + match = pattern.match(port) + if match: + # port stays unchanged + port_end = port + else: # Any + pattern = re.compile('^(Any)$') + match = pattern.match(port) + if match: + port = str(1) + port_end = str(65535) + else: # e.g. suspicious cases + port = None + port_end = None + else: + # rpc, group - setting ports to 0 + port = None + port_end = None + if not 'color' in obj: + # print('warning: no color found for service ' + obj['name']) + obj['color'] = 'black' + if not 'comments' in obj or obj['comments'] == '': + obj['comments'] = None + svc_objects.extend([{'svc_uid': obj['uid'], 'svc_name': obj['name'], 'svc_color': obj['color'], + 'svc_comment': obj['comments'], + 'svc_typ': typ, 'svc_port': port, 'svc_port_end': port_end, + 'svc_member_refs': member_refs, + 'svc_member_names': None, + 'ip_proto': proto, + 'svc_timeout': session_timeout, + 'rpc_nr': rpc_nr + }]) + + +# return name of nw_objects element where obj_uid = uid +def resolve_svc_uid_to_name(uid, svc_objects): + for obj in svc_objects: + if obj['svc_uid'] == uid: + return obj['svc_name'] + return 'ERROR: uid ' + uid + ' not found' + + +def add_member_names_for_svc_group(idx, svc_objects): + member_names = '' + group = svc_objects.pop(idx) + + if 'svc_member_refs' in group and group['svc_member_refs'] is not None: + svc_member_refs = group['svc_member_refs'].split(list_delimiter) + for ref in svc_member_refs: + member_name = resolve_svc_uid_to_name(ref, svc_objects) + member_names += member_name + list_delimiter + group['svc_member_names'] = member_names[:-1] + + svc_objects.insert(idx, group) + + +def normalize_service_objects(full_config, config2import, import_id, debug_level=0): + svc_objects = [] + for svc_table in full_config['object_tables']: + collect_svc_objects(svc_table, svc_objects) + for obj in svc_objects: + obj.update({'control_id': import_id}) + for idx in range(0, len(svc_objects)-1): + if svc_objects[idx]['svc_typ'] == 'group': + add_member_names_for_svc_group(idx, svc_objects) + config2import.update({'service_objects': svc_objects}) diff --git a/roles/importer/files/importer/checkpointR8x/parse_user.py b/roles/importer/files/importer/checkpointR8x/cp_user.py similarity index 99% rename from roles/importer/files/importer/checkpointR8x/parse_user.py rename to roles/importer/files/importer/checkpointR8x/cp_user.py index 0551e8ed3..c92fc49a9 100644 --- a/roles/importer/files/importer/checkpointR8x/parse_user.py +++ b/roles/importer/files/importer/checkpointR8x/cp_user.py @@ -52,9 +52,8 @@ def collect_users_from_rulebase(rulebase, users): for rule in rulebase: collect_users_from_rule(rule, users) -# the following is only used within new python-only importer: - +# the following is only used within new python-only importer: def parse_user_objects_from_rulebase(rulebase, users, import_id): collect_users_from_rulebase(rulebase, users) for user_name in users.keys(): diff --git a/roles/importer/files/importer/checkpointR8x/cpcommon.py b/roles/importer/files/importer/checkpointR8x/cpcommon.py deleted file mode 100644 index 1241c7e45..000000000 --- a/roles/importer/files/importer/checkpointR8x/cpcommon.py +++ /dev/null @@ -1,345 +0,0 @@ -from distutils.log import debug -import sys -from common import importer_base_dir -from fwo_log import getFwoLogger -sys.path.append(importer_base_dir + '/checkpointR8x') -import json -import time -import getter -import fwo_alert, fwo_api -import ipaddress -import fwo_globals - - -details_level = "full" # 'standard' -use_object_dictionary = 'false' - - -def validate_ip_address(address): - try: - # ipaddress.ip_address(address) - ipaddress.ip_network(address) - return True - # print("IP address {} is valid. The object returned is {}".format(address, ip)) - except ValueError: - return False - # print("IP address {} is not valid".format(address)) - - -nw_obj_table_names = ['hosts', 'networks', 'address-ranges', 'multicast-address-ranges', 'groups', 'gateways-and-servers', 'simple-gateways', 'CpmiGatewayPlain', 'CpmiAnyObject'] -# now test to also get: CpmiAnyObject, external - -svc_obj_table_names = ['services-tcp', 'services-udp', 'service-groups', 'services-dce-rpc', 'services-rpc', 'services-other', 'services-icmp', 'services-icmp6', 'CpmiAnyObject'] - -# the following is the static across all installations unique any obj uid -# cannot fetch the Any object via API (<=1.7) at the moment -# therefore we have a workaround adding the object manually (as svc and nw) -any_obj_uid = "97aeb369-9aea-11d5-bd16-0090272ccb30" -# todo: read this from config (from API 1.6 on it is fetched) - -original_obj_uid = "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c" -# used for nat only (both svc and nw obj) - - -def get_ip_of_obj(obj, mgm_id=None): - if 'ipv4-address' in obj: - ip_addr = obj['ipv4-address'] - elif 'ipv6-address' in obj: - ip_addr = obj['ipv6-address'] - elif 'subnet4' in obj: - ip_addr = obj['subnet4'] + '/' + str(obj['mask-length4']) - elif 'subnet6' in obj: - ip_addr = obj['subnet6'] + '/' + str(obj['mask-length6']) - elif 'ipv4-address-first' in obj and 'ipv4-address-last' in obj: - ip_addr = obj['ipv4-address-first'] + '-' + str(obj['ipv4-address-last']) - elif 'ipv6-address-first' in obj and 'ipv6-address-last' in obj: - ip_addr = obj['ipv6-address-first'] + '-' + str(obj['ipv6-address-last']) - else: - ip_addr = None - - ## fix malformed ip addresses (should not regularly occur and constitutes a data issue in CP database) - if ip_addr is None or ('type' in obj and (obj['type'] == 'address-range' or obj['type'] == 'multicast-address-range')): - pass # ignore None and ranges here - elif not validate_ip_address(ip_addr): - alerter = fwo_alert.getFwoAlerter() - alert_description = "object is not a valid ip address (" + str(ip_addr) + ")" - fwo_api.create_data_issue(alerter['fwo_api_base_url'], alerter['jwt'], severity=2, obj_name=obj['name'], object_type=obj['type'], description=alert_description, mgm_id=mgm_id) - alert_description = "object '" + obj['name'] + "' (type=" + obj['type'] + ") is not a valid ip address (" + str(ip_addr) + ")" - fwo_api.setAlert(alerter['fwo_api_base_url'], alerter['jwt'], title="import error", severity=2, role='importer', \ - description=alert_description, source='import', alertCode=17, mgm_id=mgm_id) - ip_addr = '0.0.0.0/32' # setting syntactically correct dummy ip - return ip_addr - -##################### 2nd-level functions ################################### - -def get_basic_config (config_json, mgm_details, force=False, config_filename=None, - limit=150, details_level=details_level, test_version='off', debug_level=0, ssl_verification=True, sid=None): - logger = getFwoLogger() - - api_host = mgm_details['hostname'] - api_user = mgm_details['import_credential']['user'] - if mgm_details['domainUid'] != None: - api_domain = mgm_details['domainUid'] - else: - api_domain = mgm_details['configPath'] - api_port = str(mgm_details['port']) - api_password = mgm_details['import_credential']['secret'] - base_url = 'https://' + api_host + ':' + str(api_port) + '/web_api/' - - # top level dict start, sid contains the domain information, so only sending domain during login - if sid is None: # if sid was not passed, login and get it - sid = getter.login(api_user,api_password,api_host,api_port,api_domain,ssl_verification) - v_url = getter.get_api_url (sid, api_host, api_port, api_user, base_url, limit, test_version, ssl_verification, debug_level=debug_level) - - config_json.update({'rulebases': [], 'nat_rulebases': [] }) - show_params_rules = {'limit':limit,'use-object-dictionary':use_object_dictionary,'details-level':details_level} - - # read all rulebases: handle per device details - for device in mgm_details['devices']: - if device['global_rulebase_name'] != None and device['global_rulebase_name']!='': - show_params_rules['name'] = device['global_rulebase_name'] - # get global layer rulebase - logger.debug ( "getting layer: " + show_params_rules['name'] ) - current_layer_json = getter.get_layer_from_api_as_dict (api_host, api_port, v_url, sid, show_params_rules, layername=device['global_rulebase_name']) - if current_layer_json is None: - return 1 - # now also get domain rules - show_params_rules['name'] = device['local_rulebase_name'] - current_layer_json['layername'] = device['local_rulebase_name'] - logger.debug ( "getting domain rule layer: " + show_params_rules['name'] ) - domain_rules = getter.get_layer_from_api_as_dict (api_host, api_port, v_url, sid, show_params_rules, layername=device['local_rulebase_name']) - if current_layer_json is None: - return 1 - - # now handling possible reference to domain rules within global rules - # if we find the reference, replace it with the domain rules - if 'layerchunks' in current_layer_json: - for chunk in current_layer_json["layerchunks"]: - for rule in chunk['rulebase']: - if "type" in rule and rule["type"] == "place-holder": - logger.debug ("found domain rules place-holder: " + str(rule) + "\n\n") - current_layer_json = getter.insert_layer_after_place_holder(current_layer_json, domain_rules, rule['uid']) - else: # no global rules, just get local ones - show_params_rules['name'] = device['local_rulebase_name'] - logger.debug ( "getting layer: " + show_params_rules['name'] ) - current_layer_json = getter.get_layer_from_api_as_dict (api_host, api_port, v_url, sid, show_params_rules, layername=device['local_rulebase_name']) - if current_layer_json is None: - return 1 - - config_json['rulebases'].append(current_layer_json) - - # getting NAT rules - need package name for nat rule retrieval - # todo: each gateway/layer should have its own package name (pass management details instead of single data?) - if device['package_name'] != None and device['package_name'] != '': - show_params_rules = {'limit':limit,'use-object-dictionary':use_object_dictionary,'details-level':details_level, 'package': device['package_name'] } - if debug_level>3: - logger.debug ( "getting nat rules for package: " + device['package_name'] ) - nat_rules = getter.get_nat_rules_from_api_as_dict (api_host, api_port, v_url, sid, show_params_rules) - if len(nat_rules)>0: - config_json['nat_rulebases'].append(nat_rules) - else: - config_json['nat_rulebases'].append({ "nat_rule_chunks": [] }) - else: # always making sure we have an (even empty) nat rulebase per device - config_json['nat_rulebases'].append({ "nat_rule_chunks": [] }) - - # leaving rules, moving on to objects - config_json["object_tables"] = [] - show_params_objs = {'limit':limit,'details-level': details_level} - - for obj_type in getter.api_obj_types: - object_table = { "object_type": obj_type, "object_chunks": [] } - current=0 - total=current+1 - show_cmd = 'show-' + obj_type - if debug_level>5: - logger.debug ( "obj_type: "+ obj_type ) - while (current5: - logger.debug ( obj_type +" current:"+ str(current) + " of a total " + str(total) ) - else : - current = total - if debug_level>5: - logger.debug ( obj_type +" total:"+ str(total) ) - config_json["object_tables"].append(object_table) - logout_result = getter.cp_api_call(v_url, 'logout', {}, sid) - - # only write config to file if config_filename is given - if config_filename != None and len(config_filename)>1: - with open(config_filename, "w") as configfile_json: - configfile_json.write(json.dumps(config_json)) - return 0 - - -################# enrich ####################### -def enrich_config (config, mgm_details, limit=150, details_level=details_level, noapi=False, sid=None): - - logger = getFwoLogger() - base_url = 'https://' + mgm_details['hostname'] + ':' + str(mgm_details['port']) + '/web_api/' - nw_objs_from_obj_tables = [] - svc_objs_from_obj_tables = [] - starttime = int(time.time()) - - # do nothing for empty configs - if config == {}: - return 0 - - ################################################################################# - # adding inline and domain layers - found_new_inline_layers = True - old_inline_layers = [] - while found_new_inline_layers is True: - # sweep existing rules for inline layer links - inline_layers = [] - for rulebase in config['rulebases'] + config['nat_rulebases']: - getter.get_inline_layer_names_from_rulebase(rulebase, inline_layers) - - if len(inline_layers) == len(old_inline_layers): - found_new_inline_layers = False - else: - old_inline_layers = inline_layers - for layer in inline_layers: - if fwo_globals.debug_level>5: - logger.debug ( "found inline layer " + layer ) - # enrich config --> get additional layers referenced in top level layers by name - # also handle possible recursion (inline layer containing inline layer(s)) - # get layer rules from api - # add layer rules to config - - # next phase: how to logically link layer guard with rules in layer? --> AND of src, dst & svc between layer guard and each rule in layer? - - ################################################################################# - # get object data which is only contained as uid in config by making additional api calls - # get all object uids (together with type) from all rules in fields src, dst, svc - nw_uids_from_rulebase = [] - svc_uids_from_rulebase = [] - - for rulebase in config['rulebases'] + config['nat_rulebases']: - if fwo_globals.debug_level>5: - if 'layername' in rulebase: - logger.debug ( "Searching for all uids in rulebase: " + rulebase['layername'] ) - getter.collect_uids_from_rulebase(rulebase, nw_uids_from_rulebase, svc_uids_from_rulebase, "top_level") - - # remove duplicates from uid lists - nw_uids_from_rulebase = list(set(nw_uids_from_rulebase)) - svc_uids_from_rulebase = list(set(svc_uids_from_rulebase)) - - # get all uids in objects tables - for obj_table in config['object_tables']: - nw_objs_from_obj_tables.extend(getter.get_all_uids_of_a_type(obj_table, nw_obj_table_names)) - svc_objs_from_obj_tables.extend(getter.get_all_uids_of_a_type(obj_table, getter.svc_obj_table_names)) - - # identify all objects (by type) that are missing in objects tables but present in rulebase - missing_nw_object_uids = getter.get_broken_object_uids(nw_objs_from_obj_tables, nw_uids_from_rulebase) - missing_svc_object_uids = getter.get_broken_object_uids(svc_objs_from_obj_tables, svc_uids_from_rulebase) - - # adding the uid of the Original object for natting: - missing_nw_object_uids.append(original_obj_uid) - missing_svc_object_uids.append(original_obj_uid) - - if fwo_globals.debug_level>4: - logger.debug ( "found missing nw objects: '" + ",".join(missing_nw_object_uids) + "'" ) - logger.debug ( "found missing svc objects: '" + ",".join(missing_svc_object_uids) + "'" ) - - if noapi == False: - # if sid is None: - # TODO: why is the re-genereation of a new sid necessary here? - - if mgm_details['domainUid'] != None: - api_domain = mgm_details['domainUid'] - else: - api_domain = mgm_details['configPath'] - - sid = getter.login(mgm_details['import_credential']['user'],mgm_details['import_credential']['secret'],mgm_details['hostname'],mgm_details['port'],api_domain) - logger.debug ( "re-logged into api" ) - - # if an object is not there: - # make api call: show object details-level full uid "" and add object to respective json - for missing_obj in missing_nw_object_uids: - show_params_host = {'details-level':details_level,'uid':missing_obj} - logger.debug ( "fetching obj with uid: " + missing_obj) - obj = getter.cp_api_call(base_url, 'show-object', show_params_host, sid) - if 'object' in obj: - obj = obj['object'] - if (obj['type'] == 'CpmiAnyObject'): - json_obj = {"object_type": "hosts", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': 'any nw object checkpoint (hard coded)', - 'type': 'CpmiAnyObject', 'ipv4-address': '0.0.0.0/0', - } ] } ] } - config['object_tables'].append(json_obj) - elif (obj['type'] == 'simple-gateway' or obj['type'] == 'CpmiGatewayPlain' or obj['type'] == 'interop'): - json_obj = {"object_type": "hosts", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': obj['comments'], 'type': 'host', 'ipv4-address': get_ip_of_obj(obj), - } ] } ] } - config['object_tables'].append(json_obj) - elif obj['type'] == 'multicast-address-range': - logger.debug("found multicast-address-range: " + obj['name'] + " (uid:" + obj['uid']+ ")") - json_obj = {"object_type": "hosts", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': obj['comments'], 'type': 'host', 'ipv4-address': get_ip_of_obj(obj), - } ] } ] } - config['object_tables'].append(json_obj) - elif (obj['type'] == 'CpmiVsClusterMember' or obj['type'] == 'CpmiVsxClusterMember'): - json_obj = {"object_type": "hosts", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': obj['comments'], 'type': 'host', 'ipv4-address': get_ip_of_obj(obj), - } ] } ] } - config['object_tables'].append(json_obj) - logger.debug ('missing obj: ' + obj['name'] + obj['type']) - elif (obj['type'] == 'Global'): - json_obj = {"object_type": "hosts", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': obj['comments'], 'type': 'host', 'ipv4-address': '0.0.0.0/0', - } ] } ] } - config['object_tables'].append(json_obj) - logger.debug ('missing obj: ' + obj['name'] + obj['type']) - elif (obj['type'] == 'access-role'): - pass # ignorning user objects - else: - logger.warning ( "missing nw obj of unexpected type '" + obj['type'] + "': " + missing_obj ) - logger.debug ( "missing nw obj: " + missing_obj + " added" ) - else: - logger.warning("could not get the missing object with uid=" + missing_obj + " from CP API") - - for missing_obj in missing_svc_object_uids: - show_params_host = {'details-level':details_level,'uid':missing_obj} - obj = getter.cp_api_call(base_url, 'show-object', show_params_host, sid) - obj = obj['object'] - if (obj['type'] == 'CpmiAnyObject'): - json_obj = {"object_type": "services-other", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': 'any svc object checkpoint (hard coded)', - 'type': 'service-other', 'ip-protocol': '0' - } ] } ] } - config['object_tables'].append(json_obj) - elif (obj['type'] == 'Global'): - json_obj = {"object_type": "services-other", "object_chunks": [ { - "objects": [ { - 'uid': obj['uid'], 'name': obj['name'], 'color': obj['color'], - 'comments': 'Original svc object checkpoint (hard coded)', - 'type': 'service-other', 'ip-protocol': '0' - } ] } ] } - config['object_tables'].append(json_obj) - else: - logger.warning ( "missing svc obj of unexpected type: " + missing_obj ) - # print ("WARNING - enrich_config - missing svc obj of unexpected type: '" + obj['type'] + "': " + missing_obj) - logger.debug ( "missing svc obj: " + missing_obj + " added") - - logout_result = getter.cp_api_call(base_url, 'logout', {}, sid) - - logger.debug ( "checkpointR8x/enrich_config - duration: " + str(int(time.time()) - starttime) + "s" ) - - return 0 diff --git a/roles/importer/files/importer/checkpointR8x/enrich_config.py b/roles/importer/files/importer/checkpointR8x/enrich_config.py deleted file mode 100755 index b466e52a7..000000000 --- a/roles/importer/files/importer/checkpointR8x/enrich_config.py +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/python3 -import argparse, time -import json -import sys, os -from common import importer_base_dir, set_ssl_verification -sys.path.append(importer_base_dir) -sys.path.append(importer_base_dir + "/checkpointR8x") -from fwo_log import getFwoLogger -from cpcommon import use_object_dictionary, details_level, enrich_config - - -parser = argparse.ArgumentParser(description='Read configuration from Check Point R8x management via API calls') -parser.add_argument('-a', '--apihost', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password', metavar='api_password_file', default='import_user_secret', help='name of the file to read the password for management server from') -parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') -parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') -parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Envireonment') -parser.add_argument('-l', '--layer', metavar='policy_layer_name(s)', required=True, help='name of policy layer(s) to read (comma separated)') -parser.add_argument('-s', '--ssl', metavar='ssl_verification_mode', default='', help='[ca]certfile, if value not set, ssl check is off"; default=empty/off') -parser.add_argument('-i', '--limit', metavar='api_limit', default='150', help='The maximal number of returned results per HTTPS Connection; default=150') -parser.add_argument('-d', '--debug', metavar='debug_level', default='0', help='Debug Level: 0(off) 4(DEBUG Console) 41(DEBUG File); default=0') -parser.add_argument('-k', '--package', metavar='package_name', help='name of the package for a gateway - necessary for getting NAT rules') -parser.add_argument('-c', '--configfile', metavar='config_file', required=True, help='filename to read and write config in json format from/to') -parser.add_argument('-n', '--noapi', metavar='mode', default='false', help='if set to true (only in combination with mode=enrich), no api connections are made. Useful for testing only.') - -args = parser.parse_args() -if len(sys.argv)==1: - parser.print_help(sys.stderr) - sys.exit(1) - -with open(args.password, "r") as password_file: - api_password = password_file.read().rstrip() - -debug_level = int(args.debug) -logger = getFwoLogger() -config = {} -starttime = int(time.time()) - -# possible todo: get mgmt_details via API just from mgmt_name and dev_name? -mgm_details = { - 'hostname': args.apihost, - 'port': args.port, - 'user': args.user, - 'secret': api_password, - 'configPath': args.domain, - 'devices': [ - { - 'local_rulebase_name': args.layer, - 'global_rulebase_name': None, - 'package_name': args.package - } - ] -} - -result = enrich_config (config, mgm_details, noapi=False, limit=args.limit, details_level=details_level) - -duration = int(time.time()) - starttime -logger.debug ( "checkpointR8x/enrich_config - duration: " + str(duration) + "s" ) - -# dump new json file if config_filename is set -if args.config_filename != None and len(args.config_filename)>1: - if os.path.exists(args.config_filename): # delete json file (to enabiling re-write) - os.remove(args.config_filename) - with open(args.config_filename, "w") as json_data: - json_data.write(json.dumps(config)) - -sys.exit(0) diff --git a/roles/importer/files/importer/checkpointR8x/fwcommon.py b/roles/importer/files/importer/checkpointR8x/fwcommon.py index 26e2a31fe..51d64bd0c 100644 --- a/roles/importer/files/importer/checkpointR8x/fwcommon.py +++ b/roles/importer/files/importer/checkpointR8x/fwcommon.py @@ -1,31 +1,30 @@ -from distutils.log import debug import sys +import json +import copy from common import importer_base_dir from fwo_log import getFwoLogger sys.path.append(importer_base_dir + '/checkpointR8x') -import copy, time -import parse_network, parse_rule, parse_service, parse_user -import getter -from cpcommon import get_basic_config, enrich_config +import time import fwo_globals -from fwo_exception import FwLoginFailed -from cpcommon import details_level +import cp_rule +import cp_const, cp_network, cp_service +import cp_getter +from cp_enrich import enrich_config +from fwo_exception import FwLoginFailed, FwLogoutFailed +from cp_user import parse_user_objects_from_rulebase def has_config_changed (full_config, mgm_details, force=False): if full_config != {}: # a native config was passed in, so we assume that an import has to be done (simulating changes here) return 1 - # from 5.8 onwards: preferably use domain uid instead of domain name due to CP R81 bug with certain installations - if mgm_details['domainUid'] != None: - domain = mgm_details['domainUid'] - else: - domain = mgm_details['configPath'] + + domain, _ = prepare_get_vars(mgm_details) try: # top level dict start, sid contains the domain information, so only sending domain during login - session_id = getter.login(mgm_details['import_credential']['user'], mgm_details['import_credential']['secret'], mgm_details['hostname'], str(mgm_details['port']), domain) + session_id = login_cp(mgm_details, domain) except: - raise FwLoginFailed # maybe 2Temporary failure in name resolution" + raise FwLoginFailed # maybe "temporary failure in name resolution" last_change_time = '' if 'import_controls' in mgm_details: @@ -35,10 +34,15 @@ def has_config_changed (full_config, mgm_details, force=False): if last_change_time==None or last_change_time=='' or force: # if no last import time found or given or if force flag is set, do full import - return 1 - else: - # otherwise search for any changes since last import - return (getter.get_changes(session_id, mgm_details['hostname'], str(mgm_details['port']),last_change_time) != 0) + result = 1 + else: # otherwise search for any changes since last import + result = (cp_getter.get_changes(session_id, mgm_details['hostname'], str(mgm_details['port']),last_change_time) != 0) + + try: # top level dict start, sid contains the domain information, so only sending domain during login + logout_result = cp_getter.cp_api_call("https://" + mgm_details['hostname'] + ":" + str(mgm_details['port']) + "/web_api/", 'logout', {}, session_id) + except: + raise FwLogoutFailed # maybe temporary failure in name resolution" + return result def get_config(config2import, full_config, current_import_id, mgm_details, limit=150, force=False, jwt=None): @@ -51,20 +55,22 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit if not parsing_config_only: # get config from cp fw mgr starttime = int(time.time()) - # from 5.8 onwards: preferably use domain uid instead of domain name due to CP R81 bug with certain installations - if mgm_details['domainUid'] != None: - domain = mgm_details['domainUid'] - else: - domain = mgm_details['configPath'] + if 'users' not in full_config: + full_config.update({'users': {}}) + + domain, base_url = prepare_get_vars(mgm_details) - sid = getter.login(mgm_details['import_credential']['user'], mgm_details['import_credential']['secret'], mgm_details['hostname'], str(mgm_details['port']), domain) + sid = login_cp(mgm_details, domain) - result_get_basic_config = get_basic_config (full_config, mgm_details, force=force, sid=sid, limit=str(limit), details_level=details_level, test_version='off') + result_get_rules = get_rules (full_config, mgm_details, base_url, sid, force=force, limit=str(limit), details_level=cp_const.details_level, test_version='off') + if result_get_rules>0: + return result_get_rules - if result_get_basic_config>0: - return result_get_basic_config + result_get_objects = get_objects (full_config, mgm_details, base_url, sid, force=force, limit=str(limit), details_level=cp_const.details_level, test_version='off') + if result_get_objects>0: + return result_get_objects - result_enrich_config = enrich_config (full_config, mgm_details, limit=str(limit), details_level=details_level, sid=sid) + result_enrich_config = enrich_config (full_config, mgm_details, limit=str(limit), details_level=cp_const.details_level, sid=sid) if result_enrich_config>0: return result_enrich_config @@ -72,47 +78,150 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit duration = int(time.time()) - starttime logger.debug ( "checkpointR8x/get_config - duration: " + str(duration) + "s" ) - if full_config == {}: # no changes - return 0 + cp_network.normalize_network_objects(full_config, config2import, current_import_id, mgm_id=mgm_details['id']) + cp_service.normalize_service_objects(full_config, config2import, current_import_id) + parse_users_from_rulebases(full_config, full_config['rulebases'], full_config['users'], config2import, current_import_id) + config2import.update({'rules': cp_rule.normalize_rulebases_top_level(full_config, current_import_id, config2import) }) + if not parsing_config_only: # get config from cp fw mgr + try: # logout + logout_result = cp_getter.cp_api_call("https://" + mgm_details['hostname'] + ":" + str(mgm_details['port']) + "/web_api/", 'logout', {}, sid) + except: + raise FwLogoutFailed # maybe emporary failure in name resolution" + return 0 + + +def prepare_get_vars(mgm_details): + + # from 5.8 onwards: preferably use domain uid instead of domain name due to CP R81 bug with certain installations + if mgm_details['domainUid'] != None: + domain = mgm_details['domainUid'] else: - parse_network.parse_network_objects_to_json(full_config, config2import, current_import_id, mgm_id=mgm_details['id']) - parse_service.parse_service_objects_to_json(full_config, config2import, current_import_id) - if 'users' not in full_config: - full_config.update({'users': {}}) - target_rulebase = [] - rule_num = 0 - parent_uid="" - section_header_uids=[] - rb_range = range(len(full_config['rulebases'])) - for rb_id in rb_range: - parse_user.parse_user_objects_from_rulebase( - full_config['rulebases'][rb_id], full_config['users'], current_import_id) - # if current_layer_name == args.rulebase: - if fwo_globals.debug_level>3: - logger.debug("parsing layer " + full_config['rulebases'][rb_id]['layername']) - - # parse access rules - rule_num = parse_rule.parse_rulebase_json( - full_config['rulebases'][rb_id], target_rulebase, full_config['rulebases'][rb_id]['layername'], - current_import_id, rule_num, section_header_uids, parent_uid, config2import) - # now parse the nat rulebase - - # parse nat rules - if len(full_config['nat_rulebases'])>0: - if len(full_config['nat_rulebases']) != len(rb_range): - logger.warning('get_config - found ' + str(len(full_config['nat_rulebases'])) + - ' nat rulebases and ' + str(len(rb_range)) + ' access rulebases') - else: - rule_num = parse_rule.parse_nat_rulebase_json( - full_config['nat_rulebases'][rb_id], target_rulebase, full_config['rulebases'][rb_id]['layername'], - current_import_id, rule_num, section_header_uids, parent_uid, config2import) - config2import.update({'rules': target_rulebase}) - - # copy users from full_config to config2import - # also converting users from dict to array: - config2import.update({'user_objects': []}) - for user_name in full_config['users'].keys(): - user = copy.deepcopy(full_config['users'][user_name]) - user.update({'user_name': user_name}) - config2import['user_objects'].append(user) + domain = mgm_details['configPath'] + api_host = mgm_details['hostname'] + api_user = mgm_details['import_credential']['user'] + if mgm_details['domainUid'] != None: + api_domain = mgm_details['domainUid'] + else: + api_domain = mgm_details['configPath'] + api_port = str(mgm_details['port']) + api_password = mgm_details['import_credential']['secret'] + base_url = 'https://' + api_host + ':' + str(api_port) + '/web_api/' + + return domain, base_url + + +def login_cp(mgm_details, domain, ssl_verification=True): + return cp_getter.login(mgm_details['import_credential']['user'], mgm_details['import_credential']['secret'], mgm_details['hostname'], str(mgm_details['port']), domain) + + +def get_rules (config_json, mgm_details, v_url, sid, force=False, config_filename=None, + limit=150, details_level=cp_const.details_level, test_version='off', debug_level=0, ssl_verification=True): + + logger = getFwoLogger() + config_json.update({'rulebases': [], 'nat_rulebases': [] }) + with_hits = True + show_params_rules = {'limit':limit,'use-object-dictionary':cp_const.use_object_dictionary,'details-level':cp_const.details_level, 'show-hits' : with_hits} + + # read all rulebases: handle per device details + for device in mgm_details['devices']: + if device['global_rulebase_name'] != None and device['global_rulebase_name']!='': + show_params_rules['name'] = device['global_rulebase_name'] + # get global layer rulebase + logger.debug ( "getting layer: " + show_params_rules['name'] ) + current_layer_json = cp_getter.get_layer_from_api_as_dict (v_url, sid, show_params_rules, layername=device['global_rulebase_name']) + if current_layer_json is None: + return 1 + # now also get domain rules + show_params_rules['name'] = device['local_rulebase_name'] + current_layer_json['layername'] = device['local_rulebase_name'] + logger.debug ( "getting domain rule layer: " + show_params_rules['name'] ) + domain_rules = cp_getter.get_layer_from_api_as_dict (v_url, sid, show_params_rules, layername=device['local_rulebase_name']) + if current_layer_json is None: + return 1 + + # now handling possible reference to domain rules within global rules + # if we find the reference, replace it with the domain rules + if 'layerchunks' in current_layer_json: + for chunk in current_layer_json["layerchunks"]: + for rule in chunk['rulebase']: + if "type" in rule and rule["type"] == "place-holder": + logger.debug ("found domain rules place-holder: " + str(rule) + "\n\n") + current_layer_json = cp_getter.insert_layer_after_place_holder(current_layer_json, domain_rules, rule['uid']) + else: # no global rules, just get local ones + show_params_rules['name'] = device['local_rulebase_name'] + logger.debug ( "getting layer: " + show_params_rules['name'] ) + current_layer_json = cp_getter.get_layer_from_api_as_dict (v_url, sid, show_params_rules, layername=device['local_rulebase_name']) + if current_layer_json is None: + return 1 + + config_json['rulebases'].append(current_layer_json) + + # getting NAT rules - need package name for nat rule retrieval + # todo: each gateway/layer should have its own package name (pass management details instead of single data?) + if device['package_name'] != None and device['package_name'] != '': + show_params_rules = {'limit':limit,'use-object-dictionary':cp_const.use_object_dictionary,'details-level':cp_const.details_level, 'package': device['package_name'] } + if debug_level>3: + logger.debug ( "getting nat rules for package: " + device['package_name'] ) + nat_rules = cp_getter.get_nat_rules_from_api_as_dict (v_url, sid, show_params_rules) + if len(nat_rules)>0: + config_json['nat_rulebases'].append(nat_rules) + else: + config_json['nat_rulebases'].append({ "nat_rule_chunks": [] }) + else: # always making sure we have an (even empty) nat rulebase per device + config_json['nat_rulebases'].append({ "nat_rule_chunks": [] }) + return 0 + + +def get_objects(config_json, mgm_details, v_url, sid, force=False, config_filename=None, + limit=150, details_level=cp_const.details_level, test_version='off', debug_level=0, ssl_verification=True): + + logger = getFwoLogger() + + config_json["object_tables"] = [] + show_params_objs = {'limit':limit,'details-level': cp_const.details_level} + + for obj_type in cp_const.api_obj_types: + object_table = { "object_type": obj_type, "object_chunks": [] } + current=0 + total=current+1 + show_cmd = 'show-' + obj_type + if debug_level>5: + logger.debug ( "obj_type: "+ obj_type ) + while (current5: + logger.debug ( obj_type +" current:"+ str(current) + " of a total " + str(total) ) + else : + current = total + if debug_level>5: + logger.debug ( obj_type +" total:"+ str(total) ) + config_json["object_tables"].append(object_table) + # logout_result = cp_getter.cp_api_call(v_url, 'logout', {}, sid) + + # only write config to file if config_filename is given + if config_filename != None and len(config_filename)>1: + with open(config_filename, "w") as configfile_json: + configfile_json.write(json.dumps(config_json)) return 0 + + +def parse_users_from_rulebases (full_config, rulebase, users, config2import, current_import_id): + if 'users' not in full_config: + full_config.update({'users': {}}) + + rb_range = range(len(full_config['rulebases'])) + for rb_id in rb_range: + parse_user_objects_from_rulebase (full_config['rulebases'][rb_id], full_config['users'], current_import_id) + + # copy users from full_config to config2import + # also converting users from dict to array: + config2import.update({'user_objects': []}) + for user_name in full_config['users'].keys(): + user = copy.deepcopy(full_config['users'][user_name]) + user.update({'user_name': user_name}) + config2import['user_objects'].append(user) diff --git a/roles/importer/files/importer/checkpointR8x/get_basic_config.py b/roles/importer/files/importer/checkpointR8x/get_basic_config.py deleted file mode 100755 index ce000de59..000000000 --- a/roles/importer/files/importer/checkpointR8x/get_basic_config.py +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/python3 - -import time, sys -import argparse -from fwo_const import importer_base_dir -sys.path.append(importer_base_dir) -from fwo_log import getFwoLogger -from cpcommon import use_object_dictionary, details_level, get_basic_config - - -parser = argparse.ArgumentParser(description='Read configuration from Check Point R8x management via API calls') -parser.add_argument('-a', '--apihost', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password', metavar='api_password_file', default='import_user_secret', help='name of the file to read the password for management server from') -parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') -parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') -parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Envireonment') -parser.add_argument('-l', '--layer', metavar='policy_layer_name(s)', required=True, help='name of policy layer(s) to read (comma separated)') -parser.add_argument('-k', '--package', metavar='policy package name', required=False, help='name of policy package (needed for nat rule retrieval)') -parser.add_argument('-s', '--ssl', metavar='ssl_verification_mode', default='', help='[ca]certfile, if value not set, ssl check is off"; default=empty/off') -parser.add_argument('-i', '--limit', metavar='api_limit', default='150', help='The maximal number of returned results per HTTPS Connection; default=150') -parser.add_argument('-d', '--debug', metavar='debug_level', default='0', help='Debug Level: 0(off) 4(DEBUG Console) 41(DEBUG File); default=0') -parser.add_argument('-t', '--testing', metavar='version_testing', default='off', help='Version test, [off|]; default=off') -parser.add_argument('-o', '--out', metavar='output_file', required=True, help='filename to write output in json format to') -parser.add_argument('-F', '--force', action='store_true', default=False, help='if set the import will be attempted without checking for changes before') - -args = parser.parse_args() -if len(sys.argv)==1: - parser.print_help(sys.stderr) - sys.exit(1) - -with open(args.password, "r") as password_file: - api_password = password_file.read().rstrip() - -debug_level = int(args.debug) -logger = getFwoLogger() -starttime = int(time.time()) -full_config_json = {} - -# possible todo: get mgmt_details via API just from mgmt_name and dev_name? -# todo: allow for multiple gateways -mgm_details = { - 'hostname': args.apihost, - 'port': args.port, - 'user': args.user, - 'secret': api_password, - 'configPath': args.domain, - 'devices': [ - { - 'local_rulebase_name': args.layer, - 'global_rulebase_name': None, - 'package_name': args.package - } - ] -} - -get_basic_config (full_config_json, mgm_details, config_filename=args.out, - force=args.force, limit=args.limit, details_level=details_level, test_version=args.testing, debug_level=debug_level, ssl_verification=set_ssl_verification(args.ssl, debug_level=debug_level)) - -duration = int(time.time()) - starttime -logger.debug ( "checkpointR8x/get_config - duration: " + str(duration) + "s" ) - -sys.exit(0) diff --git a/roles/importer/files/importer/checkpointR8x/parse_config.py b/roles/importer/files/importer/checkpointR8x/parse_config.py deleted file mode 100755 index 0f7001c53..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_config.py +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/python3 -import sys -from common import importer_base_dir -sys.path.append(importer_base_dir) -import parse_network, parse_service, parse_user # parse_rule, -import parse_network_csv, parse_rule_csv, parse_service_csv, parse_user_csv -import argparse -import json -import sys -import fwo_log -from cpcommon import use_object_dictionary, details_level - - -parser = argparse.ArgumentParser(description='parse json configuration file from Check Point R8x management') -parser.add_argument('-f', '--config_file', required=True, help='name of config file to parse (json format)') -parser.add_argument('-i', '--import_id', default='0', help='unique import id') -parser.add_argument('-m', '--management_name', default='', help='name of management system to import') -parser.add_argument('-r', '--rulebase', default='', help='name of rulebase to import') -parser.add_argument('-n', '--network_objects', action="store_true", help='import network objects') -parser.add_argument('-s', '--service_objects', action="store_true", help='import service objects') -parser.add_argument('-u', '--users', action="store_true", help='import users') -parser.add_argument('-d', '--debug', metavar='debug_level', default='0', help='Debug Level: 0(off) 1(DEBUG Console) 2(DEBUG File)i 2(DEBUG Console&File); default=0') -args = parser.parse_args() - -found_rulebase = False -number_of_section_headers_so_far = 0 -rule_num = 0 -nw_objects = [] -svc_objects = [] -section_header_uids=[] -result = "" - -# log config -debug_level = int(args.debug) -logger = fwo_log.getFwoLogger() - -args = parser.parse_args() -if len(sys.argv)==1: - parser.print_help(sys.stderr) - sys.exit(1) - -config_filename = args.config_file - -with open(args.config_file, "r") as json_data: - config = json.load(json_data) - -logger.debug ("parse_config - args"+ "\nf:" +args.config_file +"\ni: "+ args.import_id +"\nm: "+ args.management_name +"\nr: "+ args.rulebase +"\nn: "+ str(args.network_objects) +"\ns: "+ str(args.service_objects) +"\nu: "+ str(args.users) +"\nd: "+ str(args.debug)) - -if args.rulebase != '': - for rulebase in config['rulebases']: - current_layer_name = rulebase['layername'] - if current_layer_name == args.rulebase: - logger.debug("parse_config: found layer to parse: " + current_layer_name) - found_rulebase = True - rule_num, result = parse_rule_csv.csv_dump_rules(rulebase, args.rulebase, args.import_id, rule_num=0, section_header_uids=[], parent_uid="", debug_level=debug_level) - -if args.network_objects: - result = '' - nw_objects = [] - - if args.network_objects != '': - for obj_table in config['object_tables']: - parse_network.collect_nw_objects(obj_table, nw_objects, debug_level=debug_level) - for idx in range(0, len(nw_objects)-1): - if nw_objects[idx]['obj_typ'] == 'group': - parse_network.add_member_names_for_nw_group(idx, nw_objects) - - for nw_obj in nw_objects: - result += parse_network_csv.csv_dump_nw_obj(nw_obj, args.import_id) - -if args.service_objects: - result = '' - service_objects = [] - if args.service_objects != '': - for obj_table in config['object_tables']: - parse_service.collect_svc_objects(obj_table, service_objects) - # resolving group members: - for idx in range(0, len(service_objects)-1): - if service_objects[idx]['svc_typ'] == 'group': - parse_service.add_member_names_for_svc_group(idx, service_objects) - - for svc_obj in service_objects: - result += parse_service_csv.csv_dump_svc_obj(svc_obj, args.import_id) - -if args.users: - users = {} - result = '' - for rulebase in config['rulebases']: - parse_user.collect_users_from_rulebase(rulebase, users) - - for user_name in users.keys(): - user_dict = users[user_name] - result += parse_user_csv.csv_dump_user(user_name, user_dict, args.import_id) - -if args.rulebase != '' and not found_rulebase: - logger.exception("PARSE ERROR: rulebase '" + args.rulebase + "' not found.") -else: - result = result[:-1] # strip off final line break to avoid empty last line - print(result) diff --git a/roles/importer/files/importer/checkpointR8x/parse_network.py b/roles/importer/files/importer/checkpointR8x/parse_network.py deleted file mode 100644 index 9ffa5c147..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_network.py +++ /dev/null @@ -1,99 +0,0 @@ -from fwo_log import getFwoLogger -import json -from cpcommon import nw_obj_table_names, get_ip_of_obj -from fwo_const import list_delimiter - - -def parse_network_objects_to_json(full_config, config2import, import_id, mgm_id=0, debug_level=0): - nw_objects = [] - - for obj_table in full_config['object_tables']: - collect_nw_objects(obj_table, nw_objects, - debug_level=debug_level, mgm_id=mgm_id) - for nw_obj in nw_objects: - nw_obj.update({'control_id': import_id}) - for idx in range(0, len(nw_objects)-1): - if nw_objects[idx]['obj_typ'] == 'group': - add_member_names_for_nw_group(idx, nw_objects) - config2import.update({'network_objects': nw_objects}) - - -# collect_nw_objects from object tables and write them into global nw_objects dict -def collect_nw_objects(object_table, nw_objects, debug_level=0, mgm_id=0): - logger = getFwoLogger() - nw_obj_type_to_host_list = [ - 'simple-gateway', 'simple-cluster', 'CpmiVsClusterNetobj', 'CpmiVsxClusterNetobj', 'CpmiVsxClusterMember', 'CpmiAnyObject', - 'CpmiClusterMember', 'CpmiGatewayPlain', 'CpmiHostCkp', 'CpmiGatewayCluster', 'checkpoint-host' - ] - - if object_table['object_type'] in nw_obj_table_names: - for chunk in object_table['object_chunks']: - for obj in chunk['objects']: - ip_addr = '' - member_refs = None - member_names = None - if 'members' in obj: - member_refs = '' - member_names = '' - for member in obj['members']: - member_refs += member + list_delimiter - member_refs = member_refs[:-1] - if obj['members'] == '': - obj['members'] = None - ip_addr = get_ip_of_obj(obj, mgm_id=mgm_id) - first_ip = ip_addr - last_ip = None - obj_type = obj['type'] - if obj_type == 'group': - first_ip = None - last_ip = None - - if obj_type == 'address-range' or obj_type == 'multicast-address-range': - obj_type = 'ip_range' - if debug_level > 5: - logger.debug( - "parse_network::collect_nw_objects - found range object '" + obj['name'] + "' with ip: " + ip_addr) - if '-' in str(ip_addr): - first_ip, last_ip = str(ip_addr).split('-') - else: - logger.warning("parse_network::collect_nw_objects - found range object '" + - obj['name'] + "' without hyphen: " + ip_addr) - elif (obj_type in nw_obj_type_to_host_list or obj_type == 'cluster-member'): - if debug_level > 5: - logger.debug("parse_network::collect_nw_objects - rewriting non-standard cp-host-type '" + - obj['name'] + "' with object type '" + obj_type + "' to host") - logger.debug("obj_dump:" + json.dumps(obj, indent=3)) - obj_type = 'host' - # adding the object: - if not 'comments' in obj or obj['comments'] == '': - obj['comments'] = None - nw_objects.extend([{'obj_uid': obj['uid'], 'obj_name': obj['name'], 'obj_color': obj['color'], - 'obj_comment': obj['comments'], - 'obj_typ': obj_type, 'obj_ip': first_ip, 'obj_ip_end': last_ip, - 'obj_member_refs': member_refs, 'obj_member_names': member_names}]) - - -# for members of groups, the name of the member obj needs to be fetched separately (starting from API v1.?) -def resolve_nw_uid_to_name(uid, nw_objects): - # return name of nw_objects element where obj_uid = uid - for obj in nw_objects: - if obj['obj_uid'] == uid: - return obj['obj_name'] - return 'ERROR: uid "' + uid + '" not found' - - -def add_member_names_for_nw_group(idx, nw_objects): - group = nw_objects.pop(idx) - if group['obj_member_refs'] == '' or group['obj_member_refs'] == None: - #member_names = None - #obj_member_refs = None - group['obj_member_names'] = None - group['obj_member_refs'] = None - else: - member_names = '' - obj_member_refs = group['obj_member_refs'].split(list_delimiter) - for ref in obj_member_refs: - member_name = resolve_nw_uid_to_name(ref, nw_objects) - member_names += member_name + list_delimiter - group['obj_member_names'] = member_names[:-1] - nw_objects.insert(idx, group) diff --git a/roles/importer/files/importer/checkpointR8x/parse_network_csv.py b/roles/importer/files/importer/checkpointR8x/parse_network_csv.py deleted file mode 100644 index c1e43faf8..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_network_csv.py +++ /dev/null @@ -1,41 +0,0 @@ -from fwo_base import csv_add_field -from fwo_const import csv_delimiter, line_delimiter - - -def csv_dump_nw_obj(nw_obj, import_id): - result_line = csv_add_field(import_id) # control_id - result_line += csv_add_field(nw_obj['obj_name']) # obj_name - result_line += csv_add_field(nw_obj['obj_typ']) # ob_typ - if nw_obj['obj_member_names'] != None: - result_line += csv_add_field(nw_obj['obj_member_names']) # obj_member_names - else: - result_line += csv_delimiter # no obj_member_names - if nw_obj['obj_member_refs'] != None: - result_line += csv_add_field(nw_obj['obj_member_refs']) # obj_member_refs - else: - result_line += csv_delimiter # no obj_member_refs - result_line += csv_delimiter # obj_sw - if nw_obj['obj_typ'] == 'group': - result_line += csv_delimiter # obj_ip for groups = null - result_line += csv_delimiter # obj_ip_end for groups = null - else: - result_line += csv_add_field(nw_obj['obj_ip']) # obj_ip - if 'obj_ip_end' in nw_obj: - result_line += csv_add_field(nw_obj['obj_ip_end'])# obj_ip_end - else: - result_line += csv_delimiter - result_line += csv_add_field(nw_obj['obj_color']) # obj_color - if nw_obj['obj_comment'] != None: - result_line += csv_add_field(nw_obj['obj_comment']) # obj_comment - else: - result_line += csv_delimiter # no obj_comment - result_line += csv_delimiter # obj_location - if 'obj_zone' in nw_obj: - result_line += csv_add_field(nw_obj['obj_zone']) # obj_zone - else: - result_line += csv_delimiter - result_line += csv_add_field(nw_obj['obj_uid']) # obj_uid - result_line += csv_delimiter # last_change_admin - # add last_change_time - result_line += line_delimiter - return result_line diff --git a/roles/importer/files/importer/checkpointR8x/parse_rule_csv.py b/roles/importer/files/importer/checkpointR8x/parse_rule_csv.py deleted file mode 100644 index a445b279d..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_rule_csv.py +++ /dev/null @@ -1,224 +0,0 @@ -from fwo_log import getFwoLogger -import json -import cpcommon, parse_rule, fwo_const -from fwo_const import list_delimiter, csv_delimiter, line_delimiter -from fwo_base import csv_add_field -from fwo_exception import ImportRecursionLimitReached - - -def create_section_header(section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): - # only do this once! : section_header_uids.append(rule_uid) - header_rule_csv = csv_add_field(import_id) # control_id - header_rule_csv += csv_add_field(str(rule_num)) # rule_num - header_rule_csv += csv_add_field(layer_name) # rulebase_name - header_rule_csv += csv_delimiter # rule_ruleid - header_rule_csv += csv_add_field('False') # rule_disabled - header_rule_csv += csv_add_field('False') # rule_src_neg - header_rule_csv += csv_add_field('Any') # rule_src - header_rule_csv += csv_add_field(cpcommon.any_obj_uid) # rule_src_refs - header_rule_csv += csv_add_field('False') # rule_dst_neg - header_rule_csv += csv_add_field('Any') # rule_dst - header_rule_csv += csv_add_field(cpcommon.any_obj_uid) # rule_dst_refs - header_rule_csv += csv_add_field('False') # rule_svc_neg - header_rule_csv += csv_add_field('Any') # rule_svc - header_rule_csv += csv_add_field(cpcommon.any_obj_uid) # rule_svc_refs - header_rule_csv += csv_add_field('Accept') # rule_action - header_rule_csv += csv_add_field('Log') # rule_track - header_rule_csv += csv_add_field('Policy Targets') # rule_installon - header_rule_csv += csv_add_field('Any') # rule_time - header_rule_csv += csv_delimiter # rule_comment - header_rule_csv += csv_delimiter # rule_name - header_rule_csv += csv_add_field(rule_uid) # rule_uid - header_rule_csv += csv_add_field(section_name) # rule_head_text - header_rule_csv += csv_delimiter # rule_from_zone - header_rule_csv += csv_delimiter # rule_to_zone - header_rule_csv += csv_delimiter # rule_last_change_admin - if parent_uid != "": - header_rule_csv += csv_add_field(parent_uid, no_csv_delimiter=True) # parent_rule_uid - return header_rule_csv + line_delimiter - - -def create_domain_rule_header(section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid): - return create_section_header(section_name, layer_name, import_id, rule_uid, rule_num, section_header_uids, parent_uid) - - -def csv_dump_rule(rule, layer_name, import_id, rule_num, parent_uid, debug_level=0): - logger = getFwoLogger() - rule_csv = '' - - # reference to domain rule layer, filling up basic fields - if 'type' in rule and rule['type'] != 'place-holder': -# add_missing_info_to_domain_ref_rule(rule) - if 'rule-number' in rule: # standard rule, no section header - # print ("rule #" + str(rule['rule-number']) + "\n") - rule_csv += csv_add_field(import_id) # control_id - rule_csv += csv_add_field(str(rule_num)) # rule_num - rule_csv += csv_add_field(layer_name) # rulebase_name - rule_csv += csv_add_field('') # rule_ruleid is empty - rule_csv += csv_add_field(str(not rule['enabled'])) # rule_disabled - rule_csv += csv_add_field(str(rule['source-negate'])) # src_neg - - # SOURCE names - rule_src_name = '' - for src in rule["source"]: - if src['type'] == 'LegacyUserAtLocation': - rule_src_name += src['name'] + list_delimiter - elif src['type'] == 'access-role': - if isinstance(src['networks'], str): # just a single source - if src['networks'] == 'any': - rule_src_name += src["name"] + '@' + 'Any' + list_delimiter - else: - rule_src_name += src["name"] + '@' + src['networks'] + list_delimiter - else: # more than one source - for nw in src['networks']: - rule_src_name += src[ - # TODO: this is not correct --> need to reverse resolve name from given UID - "name"] + '@' + nw + list_delimiter - else: # standard network objects as source - rule_src_name += src["name"] + list_delimiter - rule_src_name = rule_src_name[:-1] # removing last list_delimiter - rule_csv += csv_add_field(rule_src_name) # src_names - - # SOURCE refs - rule_src_ref = '' - for src in rule["source"]: - if src['type'] == 'LegacyUserAtLocation': - rule_src_ref += src["userGroup"] + '@' + src["location"] + list_delimiter - elif src['type'] == 'access-role': - if isinstance(src['networks'], str): # just a single source - if src['networks'] == 'any': - rule_src_ref += src['uid'] + '@' + cpcommon.any_obj_uid + list_delimiter - else: - rule_src_ref += src['uid'] + '@' + src['networks'] + list_delimiter - else: # more than one source - for nw in src['networks']: - rule_src_ref += src['uid'] + '@' + nw + list_delimiter - else: # standard network objects as source - rule_src_ref += src["uid"] + list_delimiter - rule_src_ref = rule_src_ref[:-1] # removing last list_delimiter - rule_csv += csv_add_field(rule_src_ref) # src_refs - - rule_csv += csv_add_field(str(rule['destination-negate'])) # destination negation - - rule_dst_name = '' - for dst in rule["destination"]: - rule_dst_name += dst["name"] + list_delimiter - rule_dst_name = rule_dst_name[:-1] - rule_csv += csv_add_field(rule_dst_name) # rule dest_name - - rule_dst_ref = '' - for dst in rule["destination"]: - rule_dst_ref += dst["uid"] + list_delimiter - rule_dst_ref = rule_dst_ref[:-1] - rule_csv += csv_add_field(rule_dst_ref) # rule_dest_refs - - # SERVICE negate - rule_csv += csv_add_field(str(rule['service-negate'])) # service negation - # SERVICE names - rule_svc_name = '' - for svc in rule["service"]: - rule_svc_name += svc["name"] + list_delimiter - rule_svc_name = rule_svc_name[:-1] - rule_csv += csv_add_field(rule_svc_name) # rule svc name - - # SERVICE refs - rule_svc_ref = '' - for svc in rule["service"]: - rule_svc_ref += svc["uid"] + list_delimiter - rule_svc_ref = rule_svc_ref[:-1] - rule_csv += csv_add_field(rule_svc_ref) # rule svc ref - - rule_action = rule['action'] - rule_action_name = rule_action['name'] - rule_csv += csv_add_field(rule_action_name) # rule action - rule_track = rule['track'] - rule_track_type = rule_track['type'] - rule_csv += csv_add_field(rule_track_type['name']) # rule track - - rule_install_on = rule['install-on'] - first_rule_install_target = rule_install_on[0] - rule_csv += csv_add_field(first_rule_install_target['name']) # install on - - rule_time = rule['time'] - first_rule_time = rule_time[0] - rule_csv += csv_add_field(first_rule_time['name']) # time - if (rule['comments']!=None and rule['comments']!=''): - rule_csv += csv_add_field(rule['comments']) # comments - else: - rule_csv += csv_delimiter # no comments - if 'name' in rule: - rule_name = rule['name'] - else: - rule_name = None - rule_csv += csv_add_field(rule_name) # rule_name - - rule_csv += csv_add_field(rule['uid']) # rule_uid - rule_head_text = '' - rule_csv += csv_add_field(rule_head_text) # rule_head_text - rule_from_zone = '' - rule_csv += csv_add_field(rule_from_zone) - rule_to_zone = '' - rule_csv += csv_add_field(rule_to_zone) - rule_meta_info = rule['meta-info'] - rule_csv += csv_add_field(rule_meta_info['last-modifier']) - # new in v5.1.17: - if 'parent_rule_uid' in rule: - logger.debug('found rule (uid=' + rule['uid'] + ') with parent_rule_uid set: ' + rule['parent_rule_uid']) - parent_rule_uid = rule['parent_rule_uid'] - else: - parent_rule_uid = parent_uid - if (parent_rule_uid!=''): - rule_csv += csv_add_field(parent_rule_uid,no_csv_delimiter=True) - rule_csv += line_delimiter - return rule_csv - - -def csv_dump_rules(rulebase, layer_name, import_id, rule_num, section_header_uids, parent_uid, debug_level=0, recursion_level=1): - logger = getFwoLogger() - result = '' - - if recursion_level>fwo_const.max_recursion_level: - raise ImportRecursionLimitReached("csv_dump_rules") from None - - if 'layerchunks' in rulebase: - for chunk in rulebase['layerchunks']: - if 'rulebase' in chunk: - for rules_chunk in chunk['rulebase']: - rule_num, rules_in_csv = csv_dump_rules(rules_chunk, layer_name, import_id, rule_num, section_header_uids, parent_uid, debug_level=debug_level, recursion_level=recursion_level+1) - result += rules_in_csv - else: - logger.warning("found no rulebase in chunk:\n" + json.dumps(chunk, indent=2)) - else: - if 'rulebase' in rulebase: - if rulebase['type'] == 'access-section' and not rulebase['uid'] in section_header_uids: # add section header, but only if it does not exist yet (can happen by chunking a section) - section_name = "" - if 'name' in rulebase: - section_name = rulebase['name'] - if 'parent_rule_uid' in rulebase: - parent_uid = rulebase['parent_rule_uid'] - else: - parent_uid = "" - section_header = create_section_header(section_name, layer_name, import_id, rulebase['uid'], rule_num, section_header_uids, parent_uid) - rule_num += 1 - result += section_header - parent_uid = rulebase['uid'] - for rule in rulebase['rulebase']: - if rule['type'] == 'place-holder': # add domain rules - section_name = "" - if 'name' in rulebase: - section_name = rule['name'] - result += parse_rule.create_domain_rule_header(section_name, layer_name, import_id, rule['uid'], rule_num, section_header_uids, parent_uid) - else: # parse standard sections - rule_num, rules_in_layer = csv_dump_rules(rule, layer_name, import_id, rule_num, section_header_uids, parent_uid, debug_level=debug_level) - result += rules_in_layer - if rulebase['type'] == 'place-holder': # add domain rules - logger.debug('found domain rule ref: ' + rulebase['uid']) - section_name = "" - if 'name' in rulebase: - section_name = rulebase['name'] - result += parse_rule.create_domain_rule_header(section_name, layer_name, import_id, rulebase['uid'], rule_num, section_header_uids, parent_uid) - rule_num += 1 - if 'rule-number' in rulebase: - result += csv_dump_rule(rulebase, layer_name, import_id, rule_num, parent_uid, debug_level=debug_level) - rule_num += 1 - return rule_num, result diff --git a/roles/importer/files/importer/checkpointR8x/parse_service.py b/roles/importer/files/importer/checkpointR8x/parse_service.py deleted file mode 100644 index 73601acb1..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_service.py +++ /dev/null @@ -1,116 +0,0 @@ -import re -import cpcommon -from fwo_const import list_delimiter - - -# collect_svcobjects writes svc info into global users dict -def collect_svc_objects(object_table, svc_objects): - proto_map = { - 'service-tcp': 6, - 'service-udp': 17, - 'service-icmp': 1 - } - simple_obj_types = ['services-tcp', 'services-udp', 'services-dce-rpc', - 'services-rpc', 'services-other', 'services-icmp', 'services-icmp6'] - - if object_table['object_type'] in cpcommon.svc_obj_table_names: - session_timeout = '' - typ = 'undef' - if object_table['object_type'] == 'service-groups': - typ = 'group' - if object_table['object_type'] in simple_obj_types: - typ = 'simple' - for chunk in object_table['object_chunks']: - for obj in chunk['objects']: - if 'type' in obj and obj['type'] in proto_map: - proto = proto_map[obj['type']] - elif 'ip-protocol' in obj: - proto = obj['ip-protocol'] - else: - proto = 0 - member_refs = '' - port = '' - port_end = '' - rpc_nr = None - member_refs = None - if 'members' in obj: - member_refs = '' - for member in obj['members']: - member_refs += member + list_delimiter - member_refs = member_refs[:-1] - if 'session-timeout' in obj: - session_timeout = str(obj['session-timeout']) - else: - session_timeout = None - if 'interface-uuid' in obj: - rpc_nr = obj['interface-uuid'] - if 'program-number' in obj: - rpc_nr = obj['program-number'] - if 'port' in obj: - port = str(obj['port']) - port_end = port - pattern = re.compile('^\>(\d+)$') - match = pattern.match(port) - if match: - port = str(int(match.group()[1:]) + 1) - port_end = str(65535) - pattern = re.compile('^\<(\d+)$') - match = pattern.match(port) - if match: - port = str(1) - port_end = str(int(match.group()[1:]) - 1) - pattern = re.compile('^(\d+)\-(\d+)$') - match = pattern.match(port) - if match: - port, port_end = match.group().split('-') - else: - # rpc, group - setting ports to 0 - port = None - port_end = None - if not 'color' in obj: - # print('warning: no color found for service ' + obj['name']) - obj['color'] = 'black' - if not 'comments' in obj or obj['comments'] == '': - obj['comments'] = None - svc_objects.extend([{'svc_uid': obj['uid'], 'svc_name': obj['name'], 'svc_color': obj['color'], - 'svc_comment': obj['comments'], - 'svc_typ': typ, 'svc_port': port, 'svc_port_end': port_end, - 'svc_member_refs': member_refs, - 'svc_member_names': None, - 'ip_proto': proto, - 'svc_timeout': session_timeout, - 'rpc_nr': rpc_nr - }]) - - -# return name of nw_objects element where obj_uid = uid -def resolve_svc_uid_to_name(uid, svc_objects): - for obj in svc_objects: - if obj['svc_uid'] == uid: - return obj['svc_name'] - return 'ERROR: uid ' + uid + ' not found' - - -def add_member_names_for_svc_group(idx, svc_objects): - member_names = '' - group = svc_objects.pop(idx) - svc_member_refs = group['svc_member_refs'].split(list_delimiter) - - for ref in svc_member_refs: - member_name = resolve_svc_uid_to_name(ref, svc_objects) - #print ("found member of group " + group['svc_name'] + ": " + member_name) - member_names += member_name + list_delimiter - group['svc_member_names'] = member_names[:-1] - svc_objects.insert(idx, group) - - -def parse_service_objects_to_json(full_config, config2import, import_id, debug_level=0): - svc_objects = [] - for svc_table in full_config['object_tables']: - collect_svc_objects(svc_table, svc_objects) - for obj in svc_objects: - obj.update({'control_id': import_id}) - for idx in range(0, len(svc_objects)-1): - if svc_objects[idx]['svc_typ'] == 'group': - add_member_names_for_svc_group(idx, svc_objects) - config2import.update({'service_objects': svc_objects}) diff --git a/roles/importer/files/importer/checkpointR8x/parse_service_csv.py b/roles/importer/files/importer/checkpointR8x/parse_service_csv.py deleted file mode 100644 index 9e01b6b4e..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_service_csv.py +++ /dev/null @@ -1,55 +0,0 @@ -from fwo_base import csv_add_field -from fwo_const import csv_delimiter, line_delimiter - - -def csv_dump_svc_obj(svc_obj, import_id): - result_line = csv_add_field(import_id) # control_id - result_line += csv_add_field(svc_obj['svc_name']) # svc_name - result_line += csv_add_field(svc_obj['svc_typ']) # svc_typ - result_line += csv_delimiter # no svc_prod_specific - if svc_obj['svc_member_names'] != None: - result_line += csv_add_field(svc_obj['svc_member_names']) # svc_member_names - else: - result_line += csv_delimiter # no svc_member_names - if svc_obj['svc_member_refs'] != None: - result_line += csv_add_field(svc_obj['svc_member_refs']) # obj_member_refs - else: - result_line += csv_delimiter # no svc_member_refs - result_line += csv_add_field(svc_obj['svc_color']) # svc_color - result_line += csv_add_field(svc_obj['ip_proto']) # ip_proto - if svc_obj['svc_port']!=None: - result_line += str(svc_obj['svc_port']) + csv_delimiter # svc_port - else: - result_line += csv_delimiter # no svc_port - if svc_obj['svc_port_end']!=None: - result_line += str(svc_obj['svc_port_end']) + csv_delimiter # svc_port_end - else: - result_line += csv_delimiter # no svc_port_end - if 'svc_source_port' in svc_obj: - result_line += csv_add_field(svc_obj['svc_source_port']) # svc_source_port - else: - result_line += csv_delimiter # svc_source_port - if 'svc_source_port_end' in svc_obj: - result_line += csv_add_field(svc_obj['svc_source_port_end']) # svc_source_port_end - else: - result_line += csv_delimiter # svc_source_port_end - if 'svc_comment' in svc_obj and svc_obj['svc_comment'] != None: - result_line += csv_add_field(svc_obj['svc_comment']) # svc_comment - else: - result_line += csv_delimiter # no svc_comment - if 'rpc_nr' in svc_obj and svc_obj['rpc_nr'] != None: - result_line += csv_add_field(str(svc_obj['rpc_nr'])) # rpc_nr - else: - result_line += csv_delimiter # no rpc_nr - if 'svc_timeout_std' in svc_obj: - result_line += csv_add_field(svc_obj['svc_timeout_std']) # svc_timeout_std - else: - result_line += csv_delimiter # svc_timeout_std - if 'svc_timeout' in svc_obj and svc_obj['svc_timeout']!="" and svc_obj['svc_timeout']!=None: - result_line += csv_add_field(str(svc_obj['svc_timeout'])) # svc_timeout - else: - result_line += csv_delimiter # svc_timeout null - result_line += csv_add_field(svc_obj['svc_uid']) # svc_uid - result_line += csv_delimiter # last_change_admin - result_line += line_delimiter # last_change_time - return result_line diff --git a/roles/importer/files/importer/checkpointR8x/parse_user_csv.py b/roles/importer/files/importer/checkpointR8x/parse_user_csv.py deleted file mode 100644 index 032540b52..000000000 --- a/roles/importer/files/importer/checkpointR8x/parse_user_csv.py +++ /dev/null @@ -1,28 +0,0 @@ -from fwo_base import csv_add_field -from fwo_const import csv_delimiter, line_delimiter - - -def csv_dump_user(user_name, user, import_id): - user_line = csv_add_field(import_id) # control_id - user_line += csv_add_field(user_name) # user_name - user_line += csv_add_field(user['user_typ']) # user_typ - if 'user_member_names' in user: - user_line += csv_add_field(user['user_member_names']) # user_member_names - else: - user_line += csv_delimiter # no user_member_names - if 'user_member_refs' in user: - user_line += csv_add_field(user['user_member_refs']) # user_member_refs - else: - user_line += csv_delimiter # no user_member_refs - if 'user_color' in user: - user_line += csv_add_field(user['user_color']) # user_color - else: - user_line += csv_delimiter # no user_color - if 'user_comment' in user and user['user_comment']!=None and user['user_comment']!='': - user_line += csv_add_field(user['user_comment']) # user_comment - else: - user_line += csv_delimiter # no user_comment - user_line += csv_add_field(user['user_uid']) # user_uid - user_line += csv_delimiter # user_valid_until - user_line += line_delimiter # last_change_admin - return user_line diff --git a/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_getter.py b/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_getter.py index 93853aaa5..2c565f01c 100644 --- a/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_getter.py +++ b/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_getter.py @@ -48,8 +48,6 @@ def api_call(url, params = {}, headers = {}, json_payload = {}, auth_token = '', logger.debug("api_call to url '" + str(url) + "' with payload '" + json.dumps( json_payload, indent=2) + "' and headers: '" + json.dumps(request_headers, indent=2)) - if show_progress: - print('.', end='', flush=True) return response.headers, body_json def login(user, password, api_host, api_port): diff --git a/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_network.py b/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_network.py index 4c78df334..a78b47d87 100644 --- a/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_network.py +++ b/roles/importer/files/importer/ciscofirepowerdomain7ff/cifp_network.py @@ -66,18 +66,28 @@ def parse_object(obj_orig, import_id): obj = extract_base_object_infos(obj_orig, import_id) if obj_orig["type"] == "Network": # network obj["obj_typ"] = "network" - cidr = obj_orig["value"].split("/") - if str.isdigit(cidr[1]): - obj['obj_ip'] = cidr[0] + "/" + cidr[1] - else: # not real cidr (netmask after /) - obj['obj_ip'] = cidr[0] + "/" + str(IPAddress(cidr[1]).netmask_bits()) + if "value" in obj_orig: + cidr = obj_orig["value"].split("/") + if str.isdigit(cidr[1]): + obj['obj_ip'] = cidr[0] + "/" + cidr[1] + else: # not real cidr (netmask after /) + obj['obj_ip'] = cidr[0] + "/" + str(IPAddress(cidr[1]).netmask_bits()) + else: + logger.warn("missing value field in object - skipping: " + str(obj_orig)) + obj['obj_ip'] = "0.0.0.0" elif obj_orig["type"] == "Host": # host obj["obj_typ"] = "host" - obj["obj_ip"] = obj_orig["value"] - if obj_orig["value"].find(":") != -1: # ipv6 - obj["obj_ip"] += "/128" - else: # ipv4 - obj["obj_ip"] += "/32" + if "value" in obj_orig: + obj["obj_ip"] = obj_orig["value"] + if obj_orig["value"].find(":") != -1: # ipv6 + if obj_orig["value"].find("/") == -1: + obj["obj_ip"] += "/128" + else: # ipv4 + if obj_orig["value"].find("/") == -1: + obj["obj_ip"] += "/32" + else: + logger.warn("missing value field in object - skipping: " + str(obj_orig)) + obj['obj_ip'] = "0.0.0.0/0" elif obj_orig["type"] == "Range": # ip range obj['obj_typ'] = 'ip_range' ip_range = obj_orig['value'].split("-") diff --git a/roles/importer/files/importer/common.py b/roles/importer/files/importer/common.py index f728912c1..96c8f2916 100644 --- a/roles/importer/files/importer/common.py +++ b/roles/importer/files/importer/common.py @@ -15,6 +15,7 @@ import jsonpickle from fwo_exception import FwoApiLoginFailed, FwoApiFailedLockImport, ConfigFileNotFound, FwLoginFailed, ImportRecursionLimitReached from fwo_base import split_config +import re # import_management: import a single management (if no import for it is running) @@ -71,7 +72,7 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, logger.error("import_management - error while getting fw management details for mgm=" + str(mgm_id) ) raise - if mgm_details['importDisabled']: + if mgm_details['importDisabled'] and not force: logger.info("import_management - import disabled for mgm " + str(mgm_id)) else: Path(import_tmp_path).mkdir(parents=True, exist_ok=True) # make sure tmp path exists @@ -103,6 +104,14 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, if clearManagementData: logger.info('this import run will reset the configuration of this management to "empty"') else: + # if the management name given is an URI, we will not connect to an API but simply read + # the native config from the URI + mgmNameMatchingUri = \ + re.match('http://.+', mgm_details['hostname']) or \ + re.match('https://.+', mgm_details['hostname']) or \ + re.match('file://.+', mgm_details['hostname']) + if in_file is None and mgmNameMatchingUri: + in_file = mgm_details['hostname'] if in_file is not None: # read native config from file full_config_json, error_count, change_count = \ read_fw_json_config_file(filename=in_file, error_string=error_string, error_count=error_count, \ @@ -112,13 +121,16 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, config2import, error_count, change_count = \ read_fw_json_config_file(filename=normalized_in_file, error_string=error_string, error_count=error_count, \ current_import_id=current_import_id, start_time=start_time, mgm_details=mgm_details, change_count=change_count, jwt=jwt) + replace_import_id(config2import, current_import_id) else: # standard case, read config from FW API # note: we need to run get_config_from_api in any case (even when importing from a file) as this function # also contains the conversion from native to config2import (parsing) ### geting config from firewall manager ###################### config_changed_since_last_import, error_string, error_count, change_count = get_config_from_api(mgm_details, full_config_json, config2import, jwt, current_import_id, start_time, - in_file=in_file, import_tmp_path=import_tmp_path, error_string=error_string, error_count=error_count, change_count=change_count, - limit=limit, force=force) + in_file=in_file, import_tmp_path=import_tmp_path, error_string=error_string, error_count=error_count, change_count=change_count, + limit=limit, force=force) + if (debug_level>8): # dump full native config read from fw API + logger.info(json.dumps(full_config_json, indent=2)) time_get_config = int(time.time()) - start_time logger.debug("import_management - getting config total duration " + str(time_get_config) + "s") @@ -127,6 +139,7 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, try: # now we import the config via API chunk by chunk: for config_chunk in split_config(config2import, current_import_id, mgm_id): error_count += fwo_api.import_json_config(fwo_config['fwo_api_base_url'], jwt, mgm_id, config_chunk) + fwo_api.update_hit_counter(fwo_config['fwo_api_base_url'], jwt, mgm_id, config_chunk) except: logger.error("import_management - unspecified error while importing config via FWO API: " + str(traceback.format_exc())) raise @@ -145,7 +158,9 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, # todo: if no objects found at all: at least throw a warning try: # get change count from db - change_count = fwo_api.count_changes_per_import(fwo_config['fwo_api_base_url'], jwt, current_import_id) + # change_count = fwo_api.count_changes_per_import(fwo_config['fwo_api_base_url'], jwt, current_import_id) + # temporarily only count rule changes until change report also includes other changes + change_count = fwo_api.count_rule_changes_per_import(fwo_config['fwo_api_base_url'], jwt, current_import_id) except: logger.error("import_management - unspecified error while getting change count: " + str(traceback.format_exc())) raise @@ -168,7 +183,7 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0, else: # if no changes were found, we skip everything else without errors pass - if (debug_level>8): + if (debug_level>7): # dump normalized config for debugging purposes logger.info(json.dumps(config2import, indent=2)) error_count = complete_import(current_import_id, error_string, start_time, mgm_details, change_count, error_count, jwt) @@ -259,7 +274,8 @@ def complete_import(current_import_id, error_string, start_time, mgm_details, ch logger = getFwoLogger() fwo_config = readConfig(fwo_config_filename) - fwo_api.log_import_attempt(fwo_config['fwo_api_base_url'], jwt, mgm_details['id'], successful=not error_count) + success = (error_count==0) + log_result = fwo_api.log_import_attempt(fwo_config['fwo_api_base_url'], jwt, mgm_details['id'], successful=success) try: # CLEANUP: delete configs of imports (without changes) (if no error occured) if fwo_api.delete_json_config_in_import_table(fwo_config['fwo_api_base_url'], jwt, {"importId": current_import_id})<0: @@ -318,7 +334,6 @@ def replace_device_id(config, mgm_details): config['interfaces'][i]['routing_device'] = dev_id i += 1 - try: if filename is not None: if 'http://' in filename or 'https://' in filename: # gettinf file via http(s) @@ -329,6 +344,8 @@ def replace_device_id(config, mgm_details): r.raise_for_status() config = json.loads(r.content) else: # reading from local file + if 'file://' in filename: # remove file uri identifier + filename = filename[7:] with open(filename, 'r') as json_file: config = json.load(json_file) except requests.exceptions.RequestException: @@ -346,3 +363,16 @@ def replace_device_id(config, mgm_details): replace_device_id(config, mgm_details) return config, error_count, change_count + + + # when we read from a normalized config file, it contains non-matching import ids, so updating them + # for native configs this function should do nothing +def replace_import_id(config, current_import_id): + logger = getFwoLogger() + for tab in ['network_objects', 'service_objects', 'user_objects', 'zone_objects', 'rules']: + if tab in config: + for item in config[tab]: + if 'control_id' in item: + item['control_id'] = current_import_id + else: # assuming native config is read + pass \ No newline at end of file diff --git a/roles/importer/files/importer/fortiadom5ff/fmgr_getter.py b/roles/importer/files/importer/fortiadom5ff/fmgr_getter.py index 6a2d9faea..ed9099184 100644 --- a/roles/importer/files/importer/fortiadom5ff/fmgr_getter.py +++ b/roles/importer/files/importer/fortiadom5ff/fmgr_getter.py @@ -48,8 +48,6 @@ def api_call(url, command, json_payload, sid, show_progress=False, method=''): logger.debug("api_call to url '" + str(url) + "' with payload '" + json.dumps( json_payload, indent=2) + "' and headers: '" + json.dumps(request_headers, indent=2)) - if show_progress: - print('.', end='', flush=True) return result_json diff --git a/roles/importer/files/importer/fortiadom5ff/fmgr_gw_networking.py b/roles/importer/files/importer/fortiadom5ff/fmgr_gw_networking.py index bc43768b2..8d8485c41 100644 --- a/roles/importer/files/importer/fortiadom5ff/fmgr_gw_networking.py +++ b/roles/importer/files/importer/fortiadom5ff/fmgr_gw_networking.py @@ -96,7 +96,7 @@ def route_matches(ip, destination): if route_matches(destination_ip, route['destination']): return route - logger.error('src nat behind interface: found no matching route in routing table - no default route?!') + logger.warning('src nat behind interface: found no matching route in routing table - no default route?!') return None @@ -290,7 +290,7 @@ def getInterfacesAndRouting(sid, fm_api_url, raw_config, adom_name, devices, lim logger.warning("got empty " + ip_version + " routing table from device " + full_vdom_name + ", ignoring") routing_table = [] except: - logger.warning("error while getting routing table of device " + full_vdom_name + ", ignoring exception " + str(traceback.format_exc())) + logger.warning("could not get routing table for device " + full_vdom_name + ", ignoring") # exception " + str(traceback.format_exc())) routing_table = [] # now storing the routing table: diff --git a/roles/importer/files/importer/fortiadom5ff/fmgr_network.py b/roles/importer/files/importer/fortiadom5ff/fmgr_network.py index 0019890d2..709c3a245 100644 --- a/roles/importer/files/importer/fortiadom5ff/fmgr_network.py +++ b/roles/importer/files/importer/fortiadom5ff/fmgr_network.py @@ -240,9 +240,9 @@ def resolve_raw_objects (obj_name_string_list, delimiter, obj_dict, name_key, ui found = True break elif obj_type == 'service': - print('later') # todo + logger.warning('todo later') else: - print('decide what to do') + logger.warning('decide what to do') if not found: objects_not_found.append(el) for obj in objects_not_found: diff --git a/roles/importer/files/importer/fortiadom5ff/fmgr_rule.py b/roles/importer/files/importer/fortiadom5ff/fmgr_rule.py index 2dbe3f32f..5dc186460 100644 --- a/roles/importer/files/importer/fortiadom5ff/fmgr_rule.py +++ b/roles/importer/files/importer/fortiadom5ff/fmgr_rule.py @@ -10,6 +10,7 @@ from fwo_data_networking import get_matching_route_obj, get_ip_of_interface_obj import ipaddress from fmgr_network import resolve_objects, resolve_raw_objects +import time rule_access_scope_v4 = ['rules_global_header_v4', 'rules_adom_v4', 'rules_global_footer_v4'] rule_access_scope_v6 = ['rules_global_header_v6', 'rules_adom_v6', 'rules_global_footer_v6'] @@ -138,6 +139,11 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} else: rule.update({ 'rule_track': 'Log'}) + if '_last_hit' not in rule_orig or rule_orig['_last_hit'] == 0: + rule.update({ 'last_hit': None}) + else: + rule.update({ 'last_hit': time.strftime("%Y-%m-%d", time.localtime(rule_orig['_last_hit']))}) + rule['rule_src'] = extend_string_list(rule['rule_src'], rule_orig, 'srcaddr', list_delimiter, jwt=jwt, import_id=import_id) rule['rule_dst'] = extend_string_list(rule['rule_dst'], rule_orig, 'dstaddr', list_delimiter, jwt=jwt, import_id=import_id) rule['rule_svc'] = extend_string_list(rule['rule_svc'], rule_orig, 'service', list_delimiter, jwt=jwt, import_id=import_id) @@ -151,9 +157,12 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} dst_obj_zone = fmgr_zone.add_zone_if_missing (config2import, rule_orig['dstintf'][0], import_id) rule.update({ 'rule_to_zone': dst_obj_zone }) # todo: currently only using the first zone - rule.update({ 'rule_src_neg': rule_orig['srcaddr-negate']=='disable'}) - rule.update({ 'rule_dst_neg': rule_orig['dstaddr-negate']=='disable'}) - rule.update({ 'rule_svc_neg': rule_orig['service-negate']=='disable'}) + if 'srcaddr-negate' in rule_orig: + rule.update({ 'rule_src_neg': rule_orig['srcaddr-negate']=='disable'}) + if 'dstaddr-negate' in rule_orig: + rule.update({ 'rule_dst_neg': rule_orig['dstaddr-negate']=='disable'}) + if 'service-negate' in rule_orig: + rule.update({ 'rule_svc_neg': rule_orig['service-negate']=='disable'}) rule.update({ 'rule_src_refs': resolve_raw_objects(rule['rule_src'], list_delimiter, full_config, 'name', 'uuid', \ rule_type=rule_table, jwt=jwt, import_id=import_id, rule_uid=rule_orig['uuid'], object_type='network object', mgm_id=mgm_details['id']) }) diff --git a/configNormalized.json b/roles/importer/files/importer/fortiosmanagementREST/__init__.py similarity index 100% rename from configNormalized.json rename to roles/importer/files/importer/fortiosmanagementREST/__init__.py diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_common.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_common.py new file mode 100644 index 000000000..154be9d41 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_common.py @@ -0,0 +1,34 @@ +import sys +from common import importer_base_dir +sys.path.append(importer_base_dir + '/fortiosmanagementREST') +from curses import raw +from fwo_log import getFwoLogger +from fwo_const import list_delimiter, fwo_config_filename +from fwo_config import readConfig +from fwo_api import setAlert, create_data_issue + + +# TODO: deal with objects with identical names (e.g. all ipv4 & all ipv6) +def resolve_objects (obj_name_string_list, lookup_dict={}, delimiter=list_delimiter, jwt=None, import_id=None, mgm_id=None): + logger = getFwoLogger() + fwo_config = readConfig(fwo_config_filename) + + ref_list = [] + objects_not_found = [] + for el in obj_name_string_list.split(delimiter): + found = False + if el in lookup_dict: + ref_list.append(lookup_dict[el]) + else: + objects_not_found.append(el) + + for obj in objects_not_found: + if obj != 'all' and obj != 'Original': + if not create_data_issue(fwo_config['fwo_api_base_url'], jwt, import_id=import_id, obj_name=obj, severity=1, mgm_id=mgm_id): + logger.warning("resolve_raw_objects: encountered error while trying to log an import data issue using create_data_issue") + + desc = "found a broken object reference '" + obj + "' " + setAlert(fwo_config['fwo_api_base_url'], jwt, import_id=import_id, title="object reference error", mgm_id=mgm_id, severity=1, role='importer', \ + description=desc, source='import', alertCode=16) + + return delimiter.join(ref_list) diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_getter.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_getter.py new file mode 100644 index 000000000..35d473d06 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_getter.py @@ -0,0 +1,73 @@ +# library for API get functions +import re +from fwo_log import getFwoLogger +import requests.packages +import requests +import json +import fwo_globals +from fwo_exception import FwLoginFailed + + +def api_call(url, show_progress=False): + logger = getFwoLogger() + request_headers = {'Content-Type': 'application/json'} + + r = requests.get(url, headers=request_headers, verify=fwo_globals.verify_certs) + if r is None: + exception_text = "error while sending api_call to url '" + str(url) + "' with headers: '" + json.dumps(request_headers, indent=2) + raise Exception(exception_text) + result_json = r.json() + if 'results' not in result_json: + raise Exception("error while sending api_call to url '" + str(url) + "' with headers: '" + json.dumps(request_headers, indent=2) + ', results=' + json.dumps(r.json()['results'], indent=2)) + if 'status' not in result_json: + # trying to ignore empty results as valid + pass # logger.warning('received empty result') + if fwo_globals.debug_level>2: + logger.debug("api_call to url '" + str(url) + "' with headers: '" + json.dumps(request_headers, indent=2)) + return result_json + + +def set_api_url(base_url, testmode, api_supported, hostname): + url = '' + if testmode == 'off': + url = base_url + else: + if re.search(r'^\d+[\.\d+]+$', testmode) or re.search(r'^\d+$', testmode): + if testmode in api_supported: + url = base_url + 'v' + testmode + '/' + else: + raise Exception("api version " + testmode + + " is not supported by the manager " + hostname + " - Import is canceled") + else: + raise Exception("\"" + testmode + "\" - not a valid version") + return url + + +def update_config_with_fortiOS_api_call(config_json, api_url, result_name, show_progress=False, limit=150): + offset = 0 + limit = int(limit) + returned_new_objects = True + full_result = [] + result = fortiOS_api_call(api_url) + full_result.extend(result) + # removing loop for api gets (no limit option in FortiOS API) + # while returned_new_objects: + # range = [offset, limit] + # result = fortiOS_api_call(api_url) + # full_result.extend(result) + # offset += limit + # if len(result) 1: + obj.update({ 'obj_typ': 'network' }) + else: + obj.update({ 'obj_typ': 'host' }) + obj.update({ 'obj_ip': ipa.with_prefixlen }) + elif 'ip6' in obj_orig: # ipv6 object + ipa = ipaddress.ip_network(str(obj_orig['ip6']).replace("\\", "")) + if ipa.num_addresses > 1: + obj.update({ 'obj_typ': 'network' }) + else: + obj.update({ 'obj_typ': 'host' }) + obj.update({ 'obj_ip': ipa.with_prefixlen }) + elif 'member' in obj_orig: # addrgrp4 / addrgrp6 + obj.update({ 'obj_typ': 'group' }) + obj.update({ 'obj_member_names' : list_delimiter.join([d['name'] for d in obj_orig['member']]) }) + obj.update({ 'obj_member_refs' : list_delimiter.join([d['name'] for d in obj_orig['member']]) }) + elif 'startip' in obj_orig: # ippool object + obj.update({ 'obj_typ': 'ip_range' }) + obj.update({ 'obj_ip': obj_orig['startip'] }) + obj.update({ 'obj_ip_end': obj_orig['endip'] }) + elif 'start-ip' in obj_orig: # standard ip range object + obj.update({ 'obj_typ': 'ip_range' }) + obj.update({ 'obj_ip': obj_orig['start-ip'] }) + obj.update({ 'obj_ip_end': obj_orig['end-ip'] }) + elif 'extip' in obj_orig: # vip object, simplifying to a single ip + obj.update({ 'obj_typ': 'host' }) + if 'extip' not in obj_orig or len(obj_orig['extip'])==0: + logger.error("vip (extip): found empty extip field for " + obj_orig['name']) + else: + set_ip_in_obj(obj, obj_orig['extip']) # resolving nat range if there is one + nat_obj = {} + nat_obj.update({'obj_typ': 'host' }) + nat_obj.update({'obj_color': 'black'}) + nat_obj.update({'obj_comment': 'FWO-auto-generated nat object for VIP'}) + if 'obj_ip_end' in obj: # this obj is a range - include the end ip in name and uid as well to avoid akey conflicts + nat_obj.update({'obj_ip_end': obj['obj_ip_end']}) + + # now dealing with the nat ip obj (mappedip) + if 'mappedip' not in obj_orig or len(obj_orig['mappedip'])==0: + logger.warning("vip (extip): found empty mappedip field for " + obj_orig['name']) + else: + if len(obj_orig['mappedip'])>1: + logger.warning("vip (extip): found more than one mappedip, just using the first one for " + obj_orig['name']) + nat_ip = obj_orig['mappedip'][0]['range'] + set_ip_in_obj(nat_obj, nat_ip) + obj.update({ 'obj_nat_ip': nat_obj['obj_ip'] }) # save nat ip in vip obj + if 'obj_ip_end' in nat_obj: # this nat obj is a range - include the end ip in name and uid as well to avoid akey conflicts + obj.update({ 'obj_nat_ip_end': nat_obj['obj_ip_end'] }) # save nat ip in vip obj + nat_obj.update({'obj_name': nat_obj['obj_ip'] + '-' + nat_obj['obj_ip_end'] + nat_postfix}) + else: + nat_obj.update({'obj_name': str(nat_obj['obj_ip']) + nat_postfix}) + nat_obj.update({'obj_uid': nat_obj['obj_name']}) + ###### range handling + + if 'associated-interface' in obj_orig and len(obj_orig['associated-interface'])>0: # and obj_orig['associated-interface'][0] != 'any': + obj_zone = obj_orig['associated-interface'][0] + nat_obj.update({'obj_zone': obj_zone }) + nat_obj.update({'control_id': import_id}) + if nat_obj not in nw_objects: # rare case when a destination nat is down for two different orig ips to the same dest ip + nw_objects.append(nat_obj) + else: + pass + else: # 'fqdn' in obj_orig: # "fully qualified domain name address" // other unknown types + obj.update({ 'obj_typ': 'network' }) + obj.update({ 'obj_ip': '0.0.0.0/0'}) + if 'comment' in obj_orig: + obj.update({'obj_comment': obj_orig['comment']}) + if 'color' in obj_orig and obj_orig['color']==0: + obj.update({'obj_color': 'black'}) # todo: deal with all other colors (will be currently ignored) + # we would need a list of fortinet color codes + if 'uuid' not in obj_orig: + obj_orig.update({'uuid': obj_orig['name']}) + obj.update({'obj_uid': obj_orig['uuid']}) + + # here only picking first associated interface as zone: + if 'associated-interface' in obj_orig and len(obj_orig['associated-interface'])>0: # and obj_orig['associated-interface'][0] != 'any': + obj_zone = obj_orig['associated-interface'][0] + # adding zone if it not yet exists + obj_zone = add_zone_if_missing (config2import, obj_zone, import_id) + obj.update({'obj_zone': obj_zone }) + + obj.update({'control_id': import_id}) + nw_objects.append(obj) + full_config['nw_obj_lookup_dict'][obj['obj_name']] = obj['obj_uid'] + + # finally add "Original" network object for natting + original_obj_name = 'Original' + original_obj_uid = 'Original' + orig_obj = create_network_object(import_id=import_id, name=original_obj_name, type='network', ip='0.0.0.0/0',\ + uid=original_obj_uid, zone='global', color='black', comment='"original" network object created by FWO importer for NAT purposes') + full_config['nw_obj_lookup_dict'][original_obj_name] = original_obj_uid + nw_objects.append(orig_obj) + + resolve_nw_groups(nw_objects) + config2import.update({'network_objects': nw_objects}) + + +def set_ip_in_obj(nw_obj, ip): # add start and end ip in nw_obj if it is a range, otherwise do nothing + if '-' in ip: # dealing with range + ip_start, ip_end = ip.split('-') + nw_obj.update({'obj_ip': ip_start }) + if ip_end != ip_start: + nw_obj.update({'obj_ip_end': ip_end }) + else: + nw_obj.update({'obj_ip': ip }) + + +# for members of groups, the name of the member obj needs to be fetched separately (starting from API v1.?) +def resolve_nw_uid_to_name(uid, nw_objects): + # return name of nw_objects element where obj_uid = uid + for obj in nw_objects: + if obj['obj_uid'] == uid: + return obj['obj_name'] + return 'ERROR: uid "' + uid + '" not found' + + +def resolve_nw_groups(nw_objects): + # add uids (if possible) + + # build helper dict with idx = name + helper_dict = {} + for obj in nw_objects: + helper_dict[obj['obj_name']] = obj['obj_uid'] + + for obj in nw_objects: + if obj['obj_typ'] == 'group': + member_ref_ar = [] + for member_name in obj['obj_member_names'].split(list_delimiter): + member_ref_ar.append(helper_dict[member_name]) + obj['obj_member_refs'] = list_delimiter.join(member_ref_ar) + + +# def add_member_names_for_nw_group(idx, nw_objects): +# group = nw_objects.pop(idx) +# if group['obj_member_refs'] == '' or group['obj_member_refs'] == None: +# #member_names = None +# #obj_member_refs = None +# group['obj_member_names'] = None +# group['obj_member_refs'] = None +# else: +# member_names = '' +# obj_member_refs = group['obj_member_refs'].split(list_delimiter) +# for ref in obj_member_refs: +# member_name = resolve_nw_uid_to_name(ref, nw_objects) +# member_names += member_name + list_delimiter +# group['obj_member_names'] = member_names[:-1] +# nw_objects.insert(idx, group) + + +def create_network_object(import_id, name, type, ip, uid, color, comment, zone): + # if zone is None or zone == '': + # zone = 'global' + return { + 'control_id': import_id, + 'obj_name': name, + 'obj_typ': type, + 'obj_ip': ip, + 'obj_uid': uid, + 'obj_color': color, + 'obj_comment': comment, + 'obj_zone': zone + } + + +# TODO: reduce commplexity if possible +def get_nw_obj(nat_obj_name, nwobjects): + for obj in nwobjects: + if 'obj_name' in obj and obj['obj_name']==nat_obj_name: + return obj + return None + + +# this removes all obj_nat_ip entries from all network objects +# these were used during import but might cause issues if imported into db +def remove_nat_ip_entries(config2import): + for obj in config2import['network_objects']: + if 'obj_nat_ip' in obj: + obj.pop('obj_nat_ip') + + +def get_first_ip_of_destination(obj_ref, config2import): + + logger = getFwoLogger() + if list_delimiter in obj_ref: + obj_ref = obj_ref.split(list_delimiter)[0] + # if destination does not contain exactly one ip, raise a warning + logger.info('src nat behind interface: more than one NAT IP - just using the first one for routing decision for obj_ref ' + obj_ref) + + for obj in config2import['network_objects']: + if 'obj_uid' in obj and obj['obj_uid']==obj_ref: + return obj['obj_ip'] + logger.warning('src nat behind interface: found no IP info for destination object ' + obj_ref) + return None diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_rule.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_rule.py new file mode 100644 index 000000000..92ea0f782 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_rule.py @@ -0,0 +1,465 @@ +import copy +import jsonpickle +from fwo_const import list_delimiter, nat_postfix +from fwo_base import extend_string_list +from fOS_service import create_svc_object +from fOS_network import create_network_object, get_first_ip_of_destination +import fOS_zone, fOS_getter +#from fOS_gw_networking import get_device_from_package +from fwo_log import getFwoLogger +from fwo_data_networking import get_matching_route_obj, get_ip_of_interface_obj +import ipaddress +from fOS_common import resolve_objects +import time + + +rule_access_scope_v4 = ['rules'] +rule_access_scope_v6 = [] + +rule_access_scope = ['rules'] +rule_nat_scope = ['rules_nat'] +rule_scope = rule_access_scope + rule_nat_scope + + +def initializeRulebases(raw_config): + for scope in rule_scope: + if scope not in raw_config: + raw_config.update({scope: {}}) + + +def getAccessPolicy(sid, fm_api_url, raw_config, limit): + fOS_getter.update_config_with_fortiOS_api_call(raw_config['rules'], fm_api_url + "/cmdb/firewall/policy" + "?access_token=" + sid, 'rules', limit=limit) + if 'rules' not in raw_config or 'rules' not in raw_config['rules']: + logger = getFwoLogger() + logger.warning('did not receive any access rules via API') + + +def getNatPolicy(sid, fm_api_url, raw_config, adom_name, device, limit): + scope = 'global' + pkg = device['global_rulebase_name'] + if pkg is not None and pkg != '': # only read global rulebase if it exists + for nat_type in ['central/dnat', 'central/dnat6', 'firewall/central-snat-map']: + fOS_getter.update_config_with_fortinet_api_call( + raw_config['rules_global_nat'], sid, fm_api_url, "/pm/config/" + scope + "/pkg/" + pkg + '/' + nat_type, device['local_rulebase_name'], limit=limit) + + scope = 'adom/'+adom_name + pkg = device['local_rulebase_name'] + for nat_type in ['central/dnat', 'central/dnat6', 'firewall/central-snat-map']: + fOS_getter.update_config_with_fortinet_api_call( + raw_config['rules_adom_nat'], sid, fm_api_url, "/pm/config/" + scope + "/pkg/" + pkg + '/' + nat_type, device['local_rulebase_name'], limit=limit) + + +def normalize_access_rules(full_config, config2import, import_id, mgm_details={}, jwt=None): + logger = getFwoLogger() + rules = [] + rule_number = 0 + # rule_number, first_v4, first_v6 = insert_headers(rule_table, first_v6, first_v4, full_config, rules, import_id, localPkgName,src_ref_all,dst_ref_all,rule_number) + + if 'rules' in full_config and 'rules' in full_config['rules']: + for rule_orig in full_config['rules']['rules']: + rule = {'rule_src': '', 'rule_dst': '', 'rule_svc': ''} + rule.update({ 'control_id': import_id}) + rule.update({ 'rulebase_name': 'access_rules'}) # the rulebase_name will be set to the pkg_name as there is no rulebase_name in FortiMangaer + rule.update({ 'rule_ruleid': rule_orig['policyid']}) + rule.update({ 'rule_uid': rule_orig['uuid']}) + rule.update({ 'rule_num': rule_number}) + if 'name' in rule_orig: + rule.update({ 'rule_name': rule_orig['name']}) + rule.update({ 'rule_installon': None }) + rule.update({ 'rule_implied': False }) + rule.update({ 'rule_time': None }) + rule.update({ 'rule_type': 'access' }) + rule.update({ 'parent_rule_id': None }) + + if 'comments' in rule_orig: + rule.update({ 'rule_comment': rule_orig['comments']}) + else: + rule.update({ 'rule_comment': None }) + if rule_orig['action']=='deny': + rule.update({ 'rule_action': 'Drop' }) + else: + rule.update({ 'rule_action': 'Accept' }) + if 'status' in rule_orig and (rule_orig['status']=='enable' or rule_orig['status']==1): + rule.update({ 'rule_disabled': False }) + else: + rule.update({ 'rule_disabled': True }) + if rule_orig['logtraffic'] == 'disable': + rule.update({ 'rule_track': 'None'}) + else: + rule.update({ 'rule_track': 'Log'}) + + if '_last_hit' not in rule_orig or rule_orig['_last_hit'] == 0: + rule.update({ 'last_hit': None}) + else: + rule.update({ 'last_hit': time.strftime("%Y-%m-%d", time.localtime(rule_orig['_last_hit']))}) + + rule['rule_src'] = list_delimiter.join([d['name'] for d in rule_orig['srcaddr']]) + rule['rule_dst'] = list_delimiter.join([d['name'] for d in rule_orig['dstaddr']]) + rule['rule_svc'] = list_delimiter.join([d['name'] for d in rule_orig['service']]) + + # handling internet-service rules - no mixed mode between (src/dst) and internet service (src), so overwriting) + if 'internet-service-src-name' in rule_orig and len(rule_orig['internet-service-src-name'])>0: + rule['rule_src'] = list_delimiter.join([d['name'] for d in rule_orig['internet-service-src-name']]) + set_service_field_internet_service(rule, config2import, import_id) + if 'internet-service-name' in rule_orig and len(rule_orig['internet-service-name'])>0: + rule['rule_dst'] = list_delimiter.join([d['name'] for d in rule_orig['internet-service-name']]) + set_service_field_internet_service(rule, config2import, import_id) + + # add ipv6 addresses + rule_src_v6 = [d['name'] for d in rule_orig['srcaddr6']] + rule_dst_v6 = [d['name'] for d in rule_orig['dstaddr6']] + if len(rule_src_v6)>0: + if len(rule['rule_src'])>0: + rule['rule_src'] = list_delimiter.join(rule['rule_src'].split(list_delimiter) + rule_src_v6) + else: + rule['rule_src'] = list_delimiter.join(rule_src_v6) + if len(rule_dst_v6)>0: + if len(rule['rule_dst'])>0: + rule['rule_dst'] = list_delimiter.join(rule['rule_dst'].split(list_delimiter) + rule_dst_v6) + else: + rule['rule_dst'] = list_delimiter.join(rule_dst_v6) + + # add zone information + if len(rule_orig['srcintf'])>0: + src_obj_zone = fOS_zone.add_zone_if_missing (config2import, rule_orig['srcintf'][0]['name'], import_id) + rule.update({ 'rule_from_zone': src_obj_zone }) # todo: currently only using the first zone + if len(rule_orig['dstintf'])>0: + dst_obj_zone = fOS_zone.add_zone_if_missing (config2import, rule_orig['dstintf'][0]['name'], import_id) + rule.update({ 'rule_to_zone': dst_obj_zone }) # todo: currently only using the first zone + + rule.update({ 'rule_src_neg': rule_orig['srcaddr-negate']!='disable'}) + rule.update({ 'rule_dst_neg': rule_orig['dstaddr-negate']!='disable'}) + rule.update({ 'rule_svc_neg': rule_orig['service-negate']!='disable'}) + + rule.update({ 'rule_src_refs': list_delimiter.join(resolve_objects(d, lookup_dict=full_config['nw_obj_lookup_dict'],jwt=jwt) for d in rule['rule_src'].split(list_delimiter))}) + rule.update({ 'rule_dst_refs': list_delimiter.join(resolve_objects(d, lookup_dict=full_config['nw_obj_lookup_dict'],jwt=jwt) for d in rule['rule_dst'].split(list_delimiter))}) + rule.update({ 'rule_svc_refs': rule['rule_svc']}) # for service name and uid are identical + + add_users_to_rule(rule_orig, rule) + + # xlate_rule = handle_combined_nat_rule(rule, rule_orig, config2import, nat_rule_number, import_id, localPkgName, dev_id) + rules.append(rule) + # if xlate_rule is not None: + # rules.append(xlate_rule) + rule_number += 1 # nat rules have their own numbering + else: + logger.warning('did not find any access rules') + + config2import.update({'rules': rules}) + + +def set_service_field_internet_service(rule, config2import, import_id): + # check if dummy service "Internet Service" already exists and create if not + found_internet_service_obj = next((item for item in config2import['service_objects'] if item["svc_name"] == "Internet Service"), None) + if found_internet_service_obj is None: + config2import['service_objects'].append({ + 'svc_name': 'Internet Service', 'svc_typ': 'group', 'svc_uid': 'Internet Service', 'control_id': import_id + }) + + # set service to "Internet Service" + rule['rule_svc'] = 'Internet Service' + rule['rule_svc_refs'] = 'Internet Service' + + +# pure nat rules +def normalize_nat_rules(full_config, config2import, import_id, jwt=None): + nat_rules = [] + rule_number = 0 + + for rule_table in rule_nat_scope: + for localPkgName in full_config['rules_global_nat']: + for rule_orig in full_config[rule_table][localPkgName]: + rule = {'rule_src': '', 'rule_dst': '', 'rule_svc': ''} + if rule_orig['nat'] == 1: # assuming source nat + rule.update({ 'control_id': import_id}) + rule.update({ 'rulebase_name': localPkgName}) # the rulebase_name just has to be a unique string among devices + rule.update({ 'rule_ruleid': rule_orig['policyid']}) + rule.update({ 'rule_uid': rule_orig['uuid']}) + # rule.update({ 'rule_num': rule_orig['obj seq']}) + rule.update({ 'rule_num': rule_number }) + if 'comments' in rule_orig: + rule.update({ 'rule_comment': rule_orig['comments']}) + rule.update({ 'rule_action': 'Drop' }) # not used for nat rules + rule.update({ 'rule_track': 'None'}) # not used for nat rules + + rule['rule_src'] = extend_string_list(rule['rule_src'], rule_orig, 'orig-addr', list_delimiter, jwt=jwt, import_id=import_id) + rule['rule_dst'] = extend_string_list(rule['rule_dst'], rule_orig, 'dst-addr', list_delimiter, jwt=jwt, import_id=import_id) + + if rule_orig['protocol']==17: + svc_name = 'udp_' + str(rule_orig['orig-port']) + elif rule_orig['protocol']==6: + svc_name = 'tcp_' + str(rule_orig['orig-port']) + else: + svc_name = 'svc_' + str(rule_orig['orig-port']) + # need to create a helper service object and add it to the nat rule, also needs to be added to service list + + if not 'service_objects' in config2import: # is normally defined + config2import['service_objects'] = [] + config2import['service_objects'].append(create_svc_object( \ + import_id=import_id, name=svc_name, proto=rule_orig['protocol'], port=rule_orig['orig-port'], comment='service created by FWO importer for NAT purposes')) + rule['rule_svc'] = svc_name + + #rule['rule_src'] = extend_string_list(rule['rule_src'], rule_orig, 'srcaddr6', list_delimiter, jwt=jwt, import_id=import_id) + #rule['rule_dst'] = extend_string_list(rule['rule_dst'], rule_orig, 'dstaddr6', list_delimiter, jwt=jwt, import_id=import_id) + + if len(rule_orig['srcintf'])>0: + rule.update({ 'rule_from_zone': rule_orig['srcintf'][0] }) # todo: currently only using the first zone + if len(rule_orig['dstintf'])>0: + rule.update({ 'rule_to_zone': rule_orig['dstintf'][0] }) # todo: currently only using the first zone + + rule.update({ 'rule_src_neg': False}) + rule.update({ 'rule_dst_neg': False}) + rule.update({ 'rule_svc_neg': False}) + rule.update({ 'rule_src_refs': resolve_raw_objects(rule['rule_src'], list_delimiter, full_config, 'name', 'uuid', rule_type=rule_table) }, \ + jwt=jwt, import_id=import_id, rule_uid=rule_orig['uuid'], object_type='network object') + rule.update({ 'rule_dst_refs': resolve_raw_objects(rule['rule_dst'], list_delimiter, full_config, 'name', 'uuid', rule_type=rule_table) }, \ + jwt=jwt, import_id=import_id, rule_uid=rule_orig['uuid'], object_type='network object') + # services do not have uids, so using name instead + rule.update({ 'rule_svc_refs': rule['rule_svc'] }) + rule.update({ 'rule_type': 'original' }) + rule.update({ 'rule_installon': None }) + if 'status' in rule_orig and (rule_orig['status']=='enable' or rule_orig['status']==1): + rule.update({ 'rule_disabled': False }) + else: + rule.update({ 'rule_disabled': True }) + rule.update({ 'rule_implied': False }) + rule.update({ 'rule_time': None }) + rule.update({ 'parent_rule_id': None }) + + nat_rules.append(rule) + add_users_to_rule(rule_orig, rule) + + ############## now adding the xlate rule part ########################## + xlate_rule = dict(rule) # copy the original (match) rule + xlate_rule.update({'rule_src': '', 'rule_dst': '', 'rule_svc': ''}) + xlate_rule['rule_src'] = extend_string_list(xlate_rule['rule_src'], rule_orig, 'orig-addr', list_delimiter, jwt=jwt, import_id=import_id) + xlate_rule['rule_dst'] = 'Original' + + if rule_orig['protocol']==17: + svc_name = 'udp_' + str(rule_orig['nat-port']) + elif rule_orig['protocol']==6: + svc_name = 'tcp_' + str(rule_orig['nat-port']) + else: + svc_name = 'svc_' + str(rule_orig['nat-port']) + # need to create a helper service object and add it to the nat rule, also needs to be added to service list! + # fmgr_service.create_svc_object(name=svc_name, proto=rule_orig['protocol'], port=rule_orig['orig-port'], comment='service created by FWO importer for NAT purposes') + config2import['service_objects'].append(create_svc_object(import_id=import_id, name=svc_name, proto=rule_orig['protocol'], port=rule_orig['nat-port'], comment='service created by FWO importer for NAT purposes')) + xlate_rule['rule_svc'] = svc_name + + xlate_rule.update({ 'rule_src_refs': resolve_objects(xlate_rule['rule_src'], list_delimiter, full_config, 'name', 'uuid', rule_type=rule_table, jwt=jwt, import_id=import_id ) }) + xlate_rule.update({ 'rule_dst_refs': resolve_objects(xlate_rule['rule_dst'], list_delimiter, full_config, 'name', 'uuid', rule_type=rule_table, jwt=jwt, import_id=import_id ) }) + xlate_rule.update({ 'rule_svc_refs': xlate_rule['rule_svc'] }) # services do not have uids, so using name instead + + xlate_rule.update({ 'rule_type': 'xlate' }) + + nat_rules.append(xlate_rule) + rule_number += 1 + config2import['rules'].extend(nat_rules) + + +def insert_header(rules, import_id, header_text, rulebase_name, rule_uid, rule_number, src_refs, dst_refs): + rule = { + "control_id": import_id, + "rule_head_text": header_text, + "rulebase_name": rulebase_name, + "rule_ruleid": None, + "rule_uid": rule_uid + rulebase_name, + "rule_num": rule_number, + "rule_disabled": False, + "rule_src": "all", + "rule_dst": "all", + "rule_svc": "ALL", + "rule_src_neg": False, + "rule_dst_neg": False, + "rule_svc_neg": False, + "rule_src_refs": src_refs, + "rule_dst_refs": dst_refs, + "rule_svc_refs": "ALL", + "rule_action": "Accept", + "rule_track": "None", + "rule_installon": None, + "rule_time": None, + "rule_type": "access", + "parent_rule_id": None, + "rule_implied": False, + "rule_comment": None + } + rules.append(rule) + + +def create_xlate_rule(rule): + xlate_rule = copy.deepcopy(rule) + rule['rule_type'] = 'combined' + xlate_rule['rule_type'] = 'xlate' + xlate_rule['rule_comment'] = None + xlate_rule['rule_disabled'] = False + xlate_rule['rule_src'] = 'Original' + xlate_rule['rule_src_refs'] = 'Original' + xlate_rule['rule_dst'] = 'Original' + xlate_rule['rule_dst_refs'] = 'Original' + xlate_rule['rule_svc'] = 'Original' + xlate_rule['rule_svc_refs'] = 'Original' + return xlate_rule + + +def handle_combined_nat_rule(rule, rule_orig, config2import, nat_rule_number, import_id, localPkgName, dev_id): + # now dealing with VIPs (dst NAT part) of combined rules + logger = getFwoLogger() + xlate_rule = None + + # dealing with src NAT part of combined rules + if "nat" in rule_orig and rule_orig["nat"]==1: + logger.debug("found mixed Access/NAT rule no. " + str(nat_rule_number)) + nat_rule_number += 1 + xlate_rule = create_xlate_rule(rule) + if 'ippool' in rule_orig: + if rule_orig['ippool']==0: # hiding behind outbound interface + interface_name = 'unknownIF' + destination_interface_ip = '0.0.0.0' + destination_ip = get_first_ip_of_destination(rule['rule_dst_refs'], config2import) # get an ip of destination + hideInterface = 'undefined_interface' + if destination_ip is None: + logger.warning('src nat behind interface: found no valid destination ip in rule with UID ' + rule['rule_uid']) + else: + # matching_route = get_matching_route_obj(destination_ip, config2import['networking'][device_name]['routingv4']) + matching_route = get_matching_route_obj(destination_ip, config2import['routing'], dev_id) + if matching_route is None: + logger.warning('src nat behind interface: found no matching route in rule with UID ' + + rule['rule_uid'] + ', dest_ip: ' + destination_ip) + else: + destination_interface_ip = get_ip_of_interface_obj(matching_route.interface, dev_id, config2import['interfaces']) + interface_name = matching_route.interface + hideInterface=interface_name + if hideInterface is None: + logger.warning('src nat behind interface: found route with undefined interface ' + str(jsonpickle.dumps(matching_route, unpicklable=True))) + if destination_interface_ip is None: + logger.warning('src nat behind interface: found no matching interface IP in rule with UID ' + + rule['rule_uid'] + ', dest_ip: ' + destination_ip) + + # add dummy object "outbound-interface" + if hideInterface is not None: + obj_name = 'hide_IF_ip_' + str(hideInterface) + '_' + str(destination_interface_ip) + obj_comment = 'FWO auto-generated dummy object for source nat' + if type(ipaddress.ip_address(str(destination_interface_ip))) is ipaddress.IPv6Address: + HideNatIp = str(destination_interface_ip) + '/128' + elif type(ipaddress.ip_address(str(destination_interface_ip))) is ipaddress.IPv4Address: + HideNatIp = str(destination_interface_ip) + '/32' + else: + HideNatIp = '0.0.0.0/32' + logger.warning('found invalid HideNatIP ' + str(destination_interface_ip)) + obj = create_network_object(import_id, obj_name, 'host', HideNatIp, obj_name, 'black', obj_comment, 'global') + if obj not in config2import['network_objects']: + config2import['network_objects'].append(obj) + xlate_rule['rule_src'] = obj_name + xlate_rule['rule_src_refs'] = obj_name + + elif rule_orig['ippool']==1: # hiding behind one ip of an ip pool + poolNameArray = rule_orig['poolname'] + if len(poolNameArray)>0: + if len(poolNameArray)>1: + logger.warning("found more than one ippool - ignoring all but first pool") + poolName = poolNameArray[0] + xlate_rule['rule_src'] = poolName + xlate_rule['rule_src_refs'] = poolName + else: + logger.warning("found ippool rule without ippool: " + rule['rule_uid']) + else: + logger.warning("found ippool rule with unexpected ippool value: " + rule_orig['ippool']) + + if 'natip' in rule_orig and rule_orig['natip']!=["0.0.0.0","0.0.0.0"]: + logger.warning("found explicit natip rule - ignoring for now: " + rule['rule_uid']) + # need example for interpretation of config + + # todo: find out how match-vip=1 influences natting (only set in a few vip-nat rules) + # if "match-vip" in rule_orig and rule_orig["match-vip"]==1: + # logger.warning("found VIP destination Access/NAT rule (but not parsing yet); no. " + str(vip_nat_rule_number)) + # vip_nat_rule_number += 1 + + # deal with vip natting: check for each (dst) nw obj if it contains "obj_nat_ip" + rule_dst_list = rule['rule_dst'].split(list_delimiter) + nat_object_list = extract_nat_objects(rule_dst_list, config2import['network_objects']) + + if len(nat_object_list)>0: + if xlate_rule is None: # no source nat, so we create the necessary nat rule here + xlate_rule = create_xlate_rule(rule) + xlate_dst = [] + xlate_dst_refs = [] + for nat_obj in nat_object_list: + if 'obj_ip_end' in nat_obj: # this nat obj is a range - include the end ip in name and uid as well to avoid akey conflicts + xlate_dst.append(nat_obj['obj_nat_ip'] + '-' + nat_obj['obj_ip_end'] + nat_postfix) + nat_ref = nat_obj['obj_nat_ip'] + if 'obj_nat_ip_end' in nat_obj: + nat_ref += '-' + nat_obj['obj_nat_ip_end'] + nat_postfix + xlate_dst_refs.append(nat_ref) + else: + xlate_dst.append(nat_obj['obj_nat_ip'] + nat_postfix) + xlate_dst_refs.append(nat_obj['obj_nat_ip'] + nat_postfix) + xlate_rule['rule_dst'] = list_delimiter.join(xlate_dst) + xlate_rule['rule_dst_refs'] = list_delimiter.join(xlate_dst_refs) + # else: (no nat object found) no dnatting involved, dst stays "Original" + + return xlate_rule + + +def insert_headers(rule_table, first_v6, first_v4, full_config, rules, import_id, localPkgName,src_ref_all,dst_ref_all,rule_number): + if rule_table in rule_access_scope_v6 and first_v6: + insert_header(rules, import_id, "IPv6 rules", localPkgName, "IPv6HeaderText", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + first_v6 = False + elif rule_table in rule_access_scope_v4 and first_v4: + insert_header(rules, import_id, "IPv4 rules", localPkgName, "IPv4HeaderText", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + first_v4 = False + if rule_table == 'rules_adom_v4' and len(full_config['rules_adom_v4'][localPkgName])>0: + insert_header(rules, import_id, "Adom Rules IPv4", localPkgName, "IPv4AdomRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + elif rule_table == 'rules_adom_v6' and len(full_config['rules_adom_v6'][localPkgName])>0: + insert_header(rules, import_id, "Adom Rules IPv6", localPkgName, "IPv6AdomRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + elif rule_table == 'rules_global_header_v4' and len(full_config['rules_global_header_v4'][localPkgName])>0: + insert_header(rules, import_id, "Global Header Rules IPv4", localPkgName, "IPv4GlobalHeaderRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + elif rule_table == 'rules_global_header_v6' and len(full_config['rules_global_header_v6'][localPkgName])>0: + insert_header(rules, import_id, "Global Header Rules IPv6", localPkgName, "IPv6GlobalHeaderRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + elif rule_table == 'rules_global_footer_v4' and len(full_config['rules_global_footer_v4'][localPkgName])>0: + insert_header(rules, import_id, "Global Footer Rules IPv4", localPkgName, "IPv4GlobalFooterRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + elif rule_table == 'rules_global_footer_v6' and len(full_config['rules_global_footer_v6'][localPkgName])>0: + insert_header(rules, import_id, "Global Footer Rules IPv6", localPkgName, "IPv6GlobalFooterRules", rule_number, src_ref_all, dst_ref_all) + rule_number += 1 + return rule_number, first_v4, first_v6 + + +def extract_nat_objects(nwobj_list, all_nwobjects): + nat_obj_list = [] + for obj in nwobj_list: + for obj2 in all_nwobjects: + if obj2['obj_name']==obj: + if 'obj_nat_ip' in obj2: + nat_obj_list.append(obj2) + break + # if obj in all_nwobjects and 'obj_nat_ip' in all_nwobjects[obj]: + # nat_obj_list.append(obj) + return nat_obj_list + + +def add_users_to_rule(rule_orig, rule): + if 'groups' in rule_orig: + add_users(rule_orig['groups'], rule) + if 'users' in rule_orig: + add_users(rule_orig['users'], rule) + + +def add_users(users, rule): + for user in users: + rule_src_with_users = [] + for src in rule['rule_src'].split(list_delimiter): + rule_src_with_users.append(user + '@' + src) + rule['rule_src'] = list_delimiter.join(rule_src_with_users) + + # here user ref is the user name itself + rule_src_refs_with_users = [] + for src in rule['rule_src_refs'].split(list_delimiter): + rule_src_refs_with_users.append(user + '@' + src) + rule['rule_src_refs'] = list_delimiter.join(rule_src_refs_with_users) diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_service.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_service.py new file mode 100644 index 000000000..b827e5e0a --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_service.py @@ -0,0 +1,212 @@ +import re +from fwo_const import list_delimiter +from fwo_log import getFwoLogger + + +def normalize_svcobjects(full_config, config2import, import_id, scope): + logger = getFwoLogger() + svc_objects = [] + full_config['svc_obj_lookup_dict'] = {} + for s in scope: + if s in full_config: + for obj_orig in full_config[s]: + member_names = '' + if 'member' in obj_orig: + type = 'group' + for member in obj_orig['member']: + member_names += member['name'] + list_delimiter + member_names = member_names[:-1] + else: + type = 'simple' + + name = None + if 'name' in obj_orig: + name = str(obj_orig['name']) + + color = None + if 'color' in obj_orig and str(obj_orig['color']) != 0: + color = str(obj_orig['color']) + + session_timeout = None # todo: find the right timer + # if 'udp-idle-timer' in obj_orig and str(obj_orig['udp-idle-timer']) != 0: + # session_timeout = str(obj_orig['udp-idle-timer']) + + proto = 0 + range_names = '' + if 'protocol' in obj_orig: + added_svc_obj = 0 + # if obj_orig['protocol'] == 1: + # addObject(svc_objects, type, name, color, 1, None, None, session_timeout, import_id, full_config=full_config) + # added_svc_obj += 1 + # if obj_orig['protocol'] == 2: + # if 'protocol-number' in obj_orig: + # proto = obj_orig['protocol-number'] + # addObject(svc_objects, type, name, color, proto, None, None, session_timeout, import_id) + # added_svc_obj += 1 + # if obj_orig['protocol'] == 5 or obj_orig['protocol'] == 11 or obj_orig['protocol'] == 'TCP/UDP/SCTP': + if obj_orig['protocol'] == 'TCP/UDP/SCTP': + split = check_split(obj_orig) + if "tcp-portrange" in obj_orig and len(obj_orig['tcp-portrange']) > 0: + tcpname = name + if split: + tcpname += "_tcp" + range_names += tcpname + list_delimiter + addObject(svc_objects, type, tcpname, color, 6, obj_orig['tcp-portrange'], None, session_timeout, import_id, full_config=full_config) + added_svc_obj += 1 + if "udp-portrange" in obj_orig and len(obj_orig['udp-portrange']) > 0: + udpname = name + if split: + udpname += "_udp" + range_names += udpname + list_delimiter + addObject(svc_objects, type, udpname, color, 17, obj_orig['udp-portrange'], None, session_timeout, import_id, full_config=full_config) + added_svc_obj += 1 + if "sctp-portrange" in obj_orig and len(obj_orig['sctp-portrange']) > 0: + sctpname = name + if split: + sctpname += "_sctp" + range_names += sctpname + list_delimiter + addObject(svc_objects, type, sctpname, color, 132, obj_orig['sctp-portrange'], None, session_timeout, import_id, full_config=full_config) + added_svc_obj += 1 + if split: + range_names = range_names[:-1] + # TODO: collect group members + addObject(svc_objects, 'group', name, color, 0, None, range_names, session_timeout, import_id, full_config=full_config) + added_svc_obj += 1 + if added_svc_obj==0: # assuming RPC service which here has no properties at all + addObject(svc_objects, 'rpc', name, color, 0, None, None, None, import_id, full_config=full_config) + added_svc_obj += 1 + elif obj_orig['protocol'] == 'IP': + addObject(svc_objects, 'simple', name, color, obj_orig['protocol-number'], None, None, None, import_id, full_config=full_config) + added_svc_obj += 1 + elif obj_orig['protocol'] == 'ICMP': + addObject(svc_objects, 'simple', name, color, 1, None, None, None, import_id, full_config=full_config) + added_svc_obj += 1 + elif obj_orig['protocol'] == 'ICMP6': + addObject(svc_objects, 'simple', name, color, 1, None, None, None, import_id, full_config=full_config) + added_svc_obj += 1 + else: + logger.warning("Unknown service protocol found: " + obj_orig['name'] +', proto: ' + obj_orig['protocol']) + elif type == 'group': + addObject(svc_objects, type, name, color, 0, None, member_names, session_timeout, import_id, full_config=full_config) + else: + # application/list + addObject(svc_objects, type, name, color, 0, None, None, session_timeout, import_id, full_config=full_config) + + # finally add "Original" service object for natting + original_obj_name = 'Original' + svc_objects.append(create_svc_object(import_id=import_id, name=original_obj_name, proto=0, port=None,\ + comment='"original" service object created by FWO importer for NAT purposes')) + + config2import.update({'service_objects': svc_objects}) + + +def check_split(obj_orig): + count = 0 + if "tcp-portrange" in obj_orig and len(obj_orig['tcp-portrange']) > 0: + count += 1 + if "udp-portrange" in obj_orig and len(obj_orig['udp-portrange']) > 0: + count += 1 + if "sctp-portrange" in obj_orig and len(obj_orig['sctp-portrange']) > 0: + count += 1 + return (count > 1) + + +def extractSinglePortRange(port_range): + # remove src-ports + port = port_range.split(':')[0] + port_end = port + + # open ranges (not found so far in data) + pattern = re.compile('^\>(\d+)$') + match = pattern.match(port) + if match: + port = str(int(match.group()[1:]) + 1) + port_end = str(65535) + pattern = re.compile('^\<(\d+)$') + match = pattern.match(port) + if match: + port = str(1) + port_end = str(int(match.group()[1:]) - 1) + + # split ranges + pattern = re.compile('^(\d+)\-(\d+)$') + match = pattern.match(port) + if match: + port, port_end = match.group().split('-') + return port, port_end + + +def extractPorts(port_ranges): + ports = [] + port_ends = [] + if port_ranges is not None and len(port_ranges) > 0: + if ' ' in port_ranges: + # port range of the form "12 13 114" + port_ranges = port_ranges.split(' ') + + if not isinstance(port_ranges, str): + for port_range in port_ranges: + port1, port2 = extractSinglePortRange(port_range) + ports.append(port1) + port_ends.append(port2) + else: + port1, port2 = extractSinglePortRange(port_ranges) + ports.append(port1) + port_ends.append(port2) + return ports, port_ends + + +def create_svc_object(import_id, name, proto, port, comment): + return { + 'control_id': import_id, + 'svc_name': name, + 'svc_typ': 'simple', + 'svc_port': port, + 'ip_proto': proto, + 'svc_uid': name, # services have no uid in fortimanager + 'svc_comment': comment + } + + +def addObject(svc_objects, type, name, color, proto, port_ranges, member_names, session_timeout, import_id, full_config={}): + + # add service object in lookup table (currently no UID, name is the UID) + full_config['svc_obj_lookup_dict'][name] = name + + svc_obj = create_svc_object(import_id, name, proto, None, None) + svc_obj['svc_color'] = color + svc_obj['svc_typ'] = type + svc_obj['svc_port_end'] = None + svc_obj['svc_member_names'] = member_names + svc_obj['svc_member_refs'] = member_names + svc_obj['svc_timeout'] = session_timeout + + if port_ranges is not None: + range_names = '' + ports, port_ends = extractPorts(port_ranges) + split = (len(ports) > 1) + for index, port in enumerate(ports): + port_end = port_ends[index] + full_name = name + if split: + full_name += '_' + str(port) + range_names += full_name + list_delimiter + if port_end != port: + port_range_local = port + '-' + port_end + else: + port_range_local = port + addObject(svc_objects, 'simple', full_name, color, proto, port_range_local, None, None, import_id, full_config) + + svc_obj['svc_port'] = port + svc_obj['svc_port_end'] = port_end + + if split: + range_names = range_names[:-1] + svc_obj['svc_member_refs'] = range_names + svc_obj['svc_member_names'] = range_names + svc_obj['svc_typ'] = 'group' + svc_obj['svc_port'] = None + svc_obj['svc_port_end'] = None + + svc_objects.extend([svc_obj]) + diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_user.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_user.py new file mode 100644 index 000000000..9d5b2d828 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_user.py @@ -0,0 +1,37 @@ +from fwo_const import list_delimiter + +def normalize_users(full_config, config2import, import_id, user_scope): + users = [] + for scope in user_scope: + if scope in full_config: + for user_orig in full_config[scope]: + name = None + type = 'simple' + color = None + member_names = None + comment = None + + if 'member' in user_orig: + type = 'group' + member_names = '' + for member in user_orig['member']: + member_names += member['name'] + list_delimiter + member_names = member_names[:-1] + if 'name' in user_orig: + name = str(user_orig['name']) + if 'comment' in user_orig: + comment = str(user_orig['comment']) + if 'color' in user_orig and str(user_orig['color']) != 0: + color = str(user_orig['color']) + + users.extend([{'user_typ': type, + 'user_name': name, + 'user_color': color, + 'user_uid': name, + 'user_comment': comment, + 'user_member_refs': member_names, + 'user_member_names': member_names, + 'control_id': import_id + }]) + + config2import.update({'user_objects': users}) diff --git a/roles/importer/files/importer/fortiosmanagementREST/fOS_zone.py b/roles/importer/files/importer/fortiosmanagementREST/fOS_zone.py new file mode 100644 index 000000000..b9e41a1e6 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fOS_zone.py @@ -0,0 +1,29 @@ + +def normalize_zones(full_config, config2import, import_id): + zones = [] + for orig_zone in full_config['zone_objects']['zone_list']: + zone = {} + zone.update({'zone_name': orig_zone}) + zone.update({'control_id': import_id}) + zones.append(zone) + + config2import.update({'zone_objects': zones}) + + +def add_zone_if_missing (config2import, zone_string, import_id): + # adding zone if it not yet exists + + # also transforming any into global (normalized global zone) + if zone_string == 'any': + zone_string = 'global' + if zone_string is not None: + if 'zone_objects' not in config2import: # no zones yet? add empty zone_objects array + config2import.update({'zone_objects': []}) + zone_exists = False + for zone in config2import['zone_objects']: + if zone_string == zone['zone_name']: + zone_exists = True + if not zone_exists: + config2import['zone_objects'].append({'zone_name': zone_string, 'control_id': import_id}) + return zone_string + \ No newline at end of file diff --git a/roles/importer/files/importer/fortiosmanagementREST/fwcommon.py b/roles/importer/files/importer/fortiosmanagementREST/fwcommon.py new file mode 100644 index 000000000..2dc583714 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/fwcommon.py @@ -0,0 +1,115 @@ +import sys +import json +from common import importer_base_dir +sys.path.append(importer_base_dir + '/fortiosmanagementREST') +import fOS_user +import fOS_service +import fOS_zone +import fOS_rule +import fOS_network +import fOS_getter +from curses import raw +from fwo_log import getFwoLogger +# from fOS_gw_networking import getInterfacesAndRouting, normalize_network_data +from fwo_data_networking import get_ip_of_interface_obj + +from fwo_const import list_delimiter, nat_postfix, fwo_config_filename +from fwo_config import readConfig +from fwo_api import setAlert, create_data_issue + + +nw_obj_types = ['firewall/address', 'firewall/address6', 'firewall/addrgrp', + 'firewall/addrgrp6', 'firewall/ippool', 'firewall/vip', + 'firewall/internet-service', 'firewall/internet-service-group'] + # internet-service is not a service as such but is used as dest (mainly) +svc_obj_types = ['application/list', 'application/group', + # 'application/categories', + #'application/custom', + 'firewall.service/custom', + 'firewall.service/group' + ] + +# build the product of all scope/type combinations +nw_obj_scope = ['nw_obj_' + s1 for s1 in nw_obj_types] +svc_obj_scope = ['svc_obj_' + s1 for s1 in svc_obj_types] + +# zone_types = ['zones_global', 'zones_adom'] + +user_obj_types = ['user/local', 'user/group'] +user_scope = ['user_obj_' + s1 for s1 in user_obj_types] + + +def has_config_changed(full_config, mgm_details, force=False): + # dummy - may be filled with real check later on + return True + + +def get_config(config2import, full_config, current_import_id, mgm_details, limit=100, force=False, jwt=''): + logger = getFwoLogger() + if full_config == {}: # no native config was passed in, so getting it from FortiManager + parsing_config_only = False + else: + parsing_config_only = True + + # fmgr API login + if not parsing_config_only: # no native config was passed in, so getting it from FortiManager + fm_api_url = 'https://' + mgm_details['hostname'] + ':' + str(mgm_details['port']) + '/api/v2' + sid = mgm_details['import_credential']['secret'] + + if not parsing_config_only: # no native config was passed in, so getting it from FortiManager + getObjects(sid, fm_api_url, full_config, limit, nw_obj_types, svc_obj_types) + # getInterfacesAndRouting( + # sid, fm_api_url, full_config, mgm_details['devices'], limit) + + # adding global zone first: + fOS_zone.add_zone_if_missing (config2import, 'global', current_import_id) + + # initialize all rule dicts + fOS_rule.initializeRulebases(full_config) + for dev in mgm_details['devices']: + fOS_rule.getAccessPolicy(sid, fm_api_url, full_config, limit) + # fOS_rule.getNatPolicy(sid, fm_api_url, full_config, limit) + + # now we normalize relevant parts of the raw config and write the results to config2import dict + # currently reading zone from objects for backward compat with FortiManager 6.x + # fmgr_zone.normalize_zones(full_config, config2import, current_import_id) + + # write normalized networking data to config2import + # this is currently not written to the database but only used for natting decisions + # later we will probably store the networking info in the database as well as a basis + # for path analysis + + # normalize_network_data(full_config, config2import, mgm_details) + + fOS_user.normalize_users( + full_config, config2import, current_import_id, user_scope) + fOS_network.normalize_nwobjects( + full_config, config2import, current_import_id, nw_obj_scope, jwt=jwt, mgm_id=mgm_details['id']) + fOS_service.normalize_svcobjects( + full_config, config2import, current_import_id, svc_obj_scope) + fOS_zone.add_zone_if_missing (config2import, 'global', current_import_id) + + fOS_rule.normalize_access_rules( + full_config, config2import, current_import_id, mgm_details=mgm_details, jwt=jwt) + # fOS_rule.normalize_nat_rules( + # full_config, config2import, current_import_id, jwt=jwt) + # fOS_network.remove_nat_ip_entries(config2import) + return 0 + + +def getObjects(sid, fm_api_url, raw_config, limit, nw_obj_types, svc_obj_types): + # get network objects: + for object_type in nw_obj_types: + fOS_getter.update_config_with_fortiOS_api_call( + raw_config, fm_api_url + "/cmdb/" + object_type + "?access_token=" + sid, "nw_obj_" + object_type, limit=limit) + + # get service objects: + for object_type in svc_obj_types: + fOS_getter.update_config_with_fortiOS_api_call( + raw_config, fm_api_url + "/cmdb/" + object_type + "?access_token=" + sid, "svc_obj_" + object_type, limit=limit) + + # get user objects: + for object_type in user_obj_types: + fOS_getter.update_config_with_fortiOS_api_call( + raw_config, fm_api_url + "/cmdb/" + object_type + "?access_token=" + sid, "user_obj_" + object_type, limit=limit) + diff --git a/roles/importer/files/importer/fortiosmanagementREST/unused_fOS_gw_networking.py b/roles/importer/files/importer/fortiosmanagementREST/unused_fOS_gw_networking.py new file mode 100644 index 000000000..2bb2126b3 --- /dev/null +++ b/roles/importer/files/importer/fortiosmanagementREST/unused_fOS_gw_networking.py @@ -0,0 +1,276 @@ +from asyncio.log import logger +from fwo_log import getFwoLogger +from netaddr import IPAddress, IPNetwork +from functools import cmp_to_key +import traceback +import fOS_getter as fOS_getter +import fwo_globals +from fwo_data_networking import Route, Interface +from fwo_data_networking import getRouteDestination + +def normalize_network_data(native_config, normalized_config, mgm_details): + + logger = getFwoLogger() + + normalized_config.update({'routing': {}, 'interfaces': {} }) + + for dev_id, plain_dev_name, plain_vdom_name, full_vdom_name in get_all_dev_names(mgm_details['devices']): + normalized_config.update({'routing': [], 'interfaces': []}) + + if 'routing-table-ipv4/' + full_vdom_name not in native_config: + logger.warning('could not find routing data routing-table-ipv4/' + full_vdom_name) + logger.warning('native configs contains the following keys ' + str(native_config.keys())) + normalized_config['networking'][full_vdom_name]['routingv4'] = [] + else: + for route in native_config['routing-table-ipv4/' + full_vdom_name]: + #gateway = None if route['gateway']=='0.0.0.0' else route['gateway'] # local network + normRoute = Route(dev_id, route['gateway'], route['ip_mask'], interface=route['interface'], metric=route['metric'], distance=route['distance']) + normalized_config['routing'].append(normRoute) + + if 'routing-table-ipv6/' + full_vdom_name not in native_config: + logger.warning('could not find routing data routing-table-ipv6/' + full_vdom_name) + if fwo_globals.debug_level>5: + logger.warning('native configs contains the following keys ' + str(native_config.keys())) + normalized_config['networking'][full_vdom_name]['routingv6'] = [] + else: + for route in native_config['routing-table-ipv6/' + full_vdom_name]: + #gateway = None if route['gateway']=='::' else route['gateway'] # local network + normRoute = Route(dev_id, route['gateway'], route['ip_mask'], metric=route['metric'], + distance=route['distance'], interface=route['interface'], ip_version=6) + normalized_config['routing'].append(normRoute) + + normalized_config['routing'].sort(key=getRouteDestination,reverse=True) + + for interface in native_config['interfaces_per_device/' + full_vdom_name]: + if interface['ipv6']['ip6-address']!='::/0': + ipv6, netmask_bits = interface['ipv6']['ip6-address'].split('/') + normIfV6 = Interface(dev_id, interface['name'], IPAddress(ipv6), netmask_bits, ip_version=6) + normalized_config['interfaces'].append(normIfV6) + + if interface['ip']!=['0.0.0.0','0.0.0.0']: + ipv4 = IPAddress(interface['ip'][0]) + netmask_bits = IPAddress(interface['ip'][1]).netmask_bits() + normIfV4 = Interface(dev_id, interface['name'], ipv4, netmask_bits, ip_version=4) + normalized_config['interfaces'].append(normIfV4) + + #devices_without_default_route = get_devices_without_default_route(normalized_config) + #if len(devices_without_default_route)>0: + # logger.warning('found devices without default route') + + +def get_matching_route(destination_ip, routing_table): + + logger = getFwoLogger() + + def route_matches(ip, destination): + ip_n = IPNetwork(ip).cidr + dest_n = IPNetwork(destination).cidr + return ip_n in dest_n or dest_n in ip_n + + + if len(routing_table)==0: + logger.error('src nat behind interface: encountered empty routing table') + return None + + for route in routing_table: + if route_matches(destination_ip, route['destination']): + return route + + logger.warning('src nat behind interface: found no matching route in routing table - no default route?!') + return None + + +def get_ip_of_interface(interface, interface_list=[]): + + interface_details = next((sub for sub in interface_list if sub['name'] == interface), None) + + if interface_details is not None and 'ipv4' in interface_details: + return interface_details['ipv4'] + else: + return None + + +def sort_reverse(ar_in, key): + + def comp(left, right): + l_submask = int(left[key].split("/")[1]) + r_submask = int(right[key].split("/")[1]) + return l_submask - r_submask + + return sorted(ar_in, key=cmp_to_key(comp), reverse=True) + + +# strip off last part of a string separated by separator +def strip_off_last_part(string_in, separator='_'): + string_out = string_in + if separator in string_in: # strip off final _xxx part + str_ar = string_in.split(separator) + str_ar.pop() + string_out = separator.join(str_ar) + return string_out + + +def get_last_part(string_in, separator='_'): + string_out = '' + if separator in string_in: # strip off _vdom_name + str_ar = string_in.split(separator) + string_out = str_ar.pop() + return string_out + + +def get_plain_device_names_without_vdoms(devices): + device_array = [] + for dev in devices: + dev_name = strip_off_last_part(dev["name"]) + if dev_name not in device_array: + device_array.append(dev_name) + return device_array + + +# only getting one vdom as currently assuming routing to be +# the same for all vdoms on a device +def get_device_names_plus_one_vdom(devices): + device_array = [] + device_array_with_vdom = [] + for dev in devices: + dev_name = strip_off_last_part(dev["name"]) + vdom_name = get_last_part(dev["name"]) + if dev_name not in device_array: + device_array.append(dev_name) + device_array_with_vdom.append([dev_name, vdom_name]) + return device_array_with_vdom + + +# getting devices and their vdom names +def get_device_plus_full_vdom_names(devices): + device_array_with_vdom = [] + for dev in devices: + dev_name = strip_off_last_part(dev["name"]) + vdom_name = dev["name"] + device_array_with_vdom.append([dev_name, vdom_name]) + return device_array_with_vdom + + +# getting devices and their vdom names +def get_all_dev_names(devices): + device_array_with_vdom = [] + for dev in devices: + dev_id = dev["id"] + dev_name = strip_off_last_part(dev["name"]) + plain_vdom_name = get_last_part(dev["name"]) + full_vdom_name = dev["name"] + device_array_with_vdom.append([dev_id, dev_name, plain_vdom_name, full_vdom_name]) + return device_array_with_vdom + + +# get network information (currently only used for source nat) +def getInterfacesAndRouting(sid, fm_api_url, raw_config, adom_name, devices, limit): + + logger = getFwoLogger() + # strip off vdom names, just deal with the plain device + device_array = get_all_dev_names(devices) + + for dev_id, plain_dev_name, plain_vdom_name, full_vdom_name in device_array: + logger.info("dev_name: " + plain_dev_name + ", full vdom_name: " + full_vdom_name) + + # getting interfaces of device + all_interfaces_payload = { + "id": 1, + "params": [ + { + "fields": [ "name", "ip" ], + "filter": [ "vdom", "==", plain_vdom_name ], + "sub fetch": { + "client-options": { + "subfetch hidden": 1 + }, + "dhcp-snooping-server-list": { + "subfetch hidden": 1 + }, + "egress-queues": { + "subfetch hidden": 1 + }, + "ipv6": { + "fields": [ + "ip6-address" + ], + "sub fetch": { + "dhcp6-iapd-list": { + "subfetch hidden": 1 + }, + "ip6-delegated-prefix-list": { + "subfetch hidden": 1 + }, + "ip6-extra-addr": { + "subfetch hidden": 1 + }, + "ip6-prefix-list": { + "subfetch hidden": 1 + }, + "vrrp6": { + "subfetch hidden": 1 + } + } + }, + "l2tp-client-settings": { + "subfetch hidden": 1 + }, + "secondaryip": { + "subfetch hidden": 1 + }, + "tagging": { + "subfetch hidden": 1 + }, + "vrrp": { + "subfetch hidden": 1 + }, + "wifi-networks": { + "subfetch hidden": 1 + } + } + } + ] + } + try: # get interfaces from top level device (not vdom) + fOS_getter.update_config_with_fortinet_api_call( + raw_config, sid, fm_api_url, "/pm/config/device/" + plain_dev_name + "/global/system/interface", + "interfaces_per_device/" + full_vdom_name, payload=all_interfaces_payload, limit=limit, method="get") + except: + logger.warning("error while getting interfaces of device " + plain_vdom_name + ", vdom=" + plain_vdom_name + ", ignoring, traceback: " + str(traceback.format_exc())) + + # now getting routing information + for ip_version in ["ipv4", "ipv6"]: + payload = { "params": [ { "data": { + "target": ["adom/" + adom_name + "/device/" + plain_dev_name], + "action": "get", + "resource": "/api/v2/monitor/router/" + ip_version + "/select?&vdom="+ plain_vdom_name } } ] } + try: # get routing table per vdom + routing_helper = {} + routing_table = [] + fOS_getter.update_config_with_fortinet_api_call( + routing_helper, sid, fm_api_url, "/sys/proxy/json", + "routing-table-" + ip_version + '/' + full_vdom_name, + payload=payload, limit=limit, method="exec") + + if "routing-table-" + ip_version + '/' + full_vdom_name in routing_helper: + routing_helper = routing_helper["routing-table-" + ip_version + '/' + full_vdom_name] + if len(routing_helper)>0 and 'response' in routing_helper[0] and 'results' in routing_helper[0]['response']: + routing_table = routing_helper[0]['response']['results'] + else: + logger.warning("got empty " + ip_version + " routing table from device " + full_vdom_name + ", ignoring") + routing_table = [] + except: + logger.warning("could not get routing table for device " + full_vdom_name + ", ignoring") # exception " + str(traceback.format_exc())) + routing_table = [] + + # now storing the routing table: + raw_config.update({"routing-table-" + ip_version + '/' + full_vdom_name: routing_table}) + + +def get_device_from_package(package_name, mgm_details): + logger = getFwoLogger() + for dev in mgm_details['devices']: + if dev['local_rulebase_name'] == package_name: + return dev['id'] + logger.debug('get_device_from_package - could not find device for package "' + package_name + '"') + return None diff --git a/roles/importer/files/importer/fwo_api.py b/roles/importer/files/importer/fwo_api.py index da4a36368..c3454f15c 100644 --- a/roles/importer/files/importer/fwo_api.py +++ b/roles/importer/files/importer/fwo_api.py @@ -1,18 +1,25 @@ # library for FWORCH API calls -from asyncio.log import logger -from distutils.log import debug +# from asyncio.log import logger import re import traceback -from sqlite3 import Timestamp -from textwrap import indent +# from sqlite3 import Timestamp +# from textwrap import indent import requests.packages import requests import json import datetime +import base64 +import gnupg +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives import padding + + from fwo_log import getFwoLogger import fwo_globals +import fwo_const from fwo_const import fwo_api_http_import_timeout -from fwo_exception import FwoApiTServiceUnavailable, FwoApiTimeout, FwoApiLoginFailed +from fwo_exception import FwoApiTServiceUnavailable, FwoApiTimeout, FwoApiLoginFailed, SecretDecryptionFailed from fwo_base import writeAlertToLogFile @@ -41,54 +48,58 @@ def call(url, jwt, query, query_variables="", role="reporter", show_progress=Fal full_query = {"query": query, "variables": query_variables} logger = getFwoLogger() - session = requests.Session() - if fwo_globals.verify_certs is None: # only for first FWO API call (getting info on cert verification) - session.verify = False - else: - session.verify = fwo_globals.verify_certs - session.headers = request_headers + with requests.Session() as session: + if fwo_globals.verify_certs is None: # only for first FWO API call (getting info on cert verification) + session.verify = False + else: + session.verify = fwo_globals.verify_certs + session.headers = request_headers - try: - r = session.post(url, data=json.dumps(full_query), timeout=int(fwo_api_http_import_timeout)) - r.raise_for_status() - except requests.exceptions.RequestException: - logger.error(showApiCallInfo(url, full_query, request_headers, type='error') + ":\n" + str(traceback.format_exc())) - - if r.status_code == 503: - raise FwoApiTServiceUnavailable("FWO API HTTP error 503 (FWO API died?)" ) - if r.status_code == 502: - raise FwoApiTimeout("FWO API HTTP error 502 (might have reached timeout of " + str(int(fwo_api_http_import_timeout)/60) + " minutes)" ) + try: + r = session.post(url, data=json.dumps(full_query), timeout=int(fwo_api_http_import_timeout)) + r.raise_for_status() + except requests.exceptions.RequestException: + logger.error(showApiCallInfo(url, full_query, request_headers, type='error') + ":\n" + str(traceback.format_exc())) + if r != None: + if r.status_code == 503: + raise FwoApiTServiceUnavailable("FWO API HTTP error 503 (FWO API died?)" ) + if r.status_code == 502: + raise FwoApiTimeout("FWO API HTTP error 502 (might have reached timeout of " + str(int(fwo_api_http_import_timeout)/60) + " minutes)" ) + else: + raise + if int(fwo_globals.debug_level) > 4: + logger.debug (showApiCallInfo(url, full_query, request_headers, type='debug')) + if show_progress: + pass + # print('.', end='', flush=True) + if r != None: + return r.json() else: - raise - if int(fwo_globals.debug_level) > 4: - logger.debug (showApiCallInfo(url, full_query, request_headers, type='debug')) - if show_progress: - print('.', end='', flush=True) - return r.json() + return None def login(user, password, user_management_api_base_url, method='api/AuthenticationToken/Get'): payload = {"Username": user, "Password": password} - session = requests.Session() - if fwo_globals.verify_certs is None: # only for first FWO API call (getting info on cert verification) - session.verify = False - else: - session.verify = fwo_globals.verify_certs - session.headers = {'Content-Type': 'application/json'} + with requests.Session() as session: + if fwo_globals.verify_certs is None: # only for first FWO API call (getting info on cert verification) + session.verify = False + else: + session.verify = fwo_globals.verify_certs + session.headers = {'Content-Type': 'application/json'} - try: - response = session.post(user_management_api_base_url + method, data=json.dumps(payload)) - except requests.exceptions.RequestException: - raise FwoApiLoginFailed ("fwo_api: error during login to url: " + str(user_management_api_base_url) + " with user " + user) from None + try: + response = session.post(user_management_api_base_url + method, data=json.dumps(payload)) + except requests.exceptions.RequestException: + raise FwoApiLoginFailed ("fwo_api: error during login to url: " + str(user_management_api_base_url) + " with user " + user) from None - if response.text is not None and response.status_code==200: - return response.text - else: - error_txt = "fwo_api: ERROR: did not receive a JWT during login" + \ - ", api_url: " + str(user_management_api_base_url) + \ - ", ssl_verification: " + str(fwo_globals.verify_certs) - raise FwoApiLoginFailed(error_txt) + if response.text is not None and response.status_code==200: + return response.text + else: + error_txt = "fwo_api: ERROR: did not receive a JWT during login" + \ + ", api_url: " + str(user_management_api_base_url) + \ + ", ssl_verification: " + str(fwo_globals.verify_certs) + raise FwoApiLoginFailed(error_txt) def set_api_url(base_url, testmode, api_supported, hostname): @@ -131,6 +142,18 @@ def get_config_value(fwo_api_base_url, jwt, key='limit'): return None +def get_config_values(fwo_api_base_url, jwt, keyFilter='limit'): + query_variables = {'keyFilter': keyFilter+"%"} + config_query = "query getConf($keyFilter: String) { config(where: {config_key: {_ilike: $keyFilter}}) { config_key config_value } }" + result = call(fwo_api_base_url, jwt, config_query, query_variables=query_variables, role='importer') + if 'data' in result and 'config' in result['data']: + resultArray = result['data']['config'] + dict1 = {v['config_key']: v['config_value'] for k,v in enumerate(resultArray)} + return dict1 + else: + return None + + def get_mgm_details(fwo_api_base_url, jwt, query_variables, debug_level=0): mgm_query = """ query getManagementDetails($mgmId: Int!) { @@ -177,11 +200,77 @@ def get_mgm_details(fwo_api_base_url, jwt, query_variables, debug_level=0): """ api_call_result = call(fwo_api_base_url, jwt, mgm_query, query_variables=query_variables, role='importer') if 'data' in api_call_result and 'management' in api_call_result['data'] and len(api_call_result['data']['management'])>=1: + if not '://' in api_call_result['data']['management'][0]['hostname']: + # only decrypt if we have a real management and are not fetching the config from an URL + # decrypt secret read from API + try: + secret = api_call_result['data']['management'][0]['import_credential']['secret'] + decryptedSecret = decrypt(secret, readMainKey()) + except (): + raise SecretDecryptionFailed + api_call_result['data']['management'][0]['import_credential']['secret'] = decryptedSecret return api_call_result['data']['management'][0] else: raise Exception('did not succeed in getting management details from FWO API') +def readMainKey(filePath=fwo_const.mainKeyFile): + with open(filePath, "r") as keyfile: + mainKey = keyfile.read().rstrip(' \n') + return mainKey + + +# can be used for decrypting text encrypted with postgresql.pgp_sym_encrypt +def decryptGpg(encryptedTextIn, key): + logger = getFwoLogger() + gpg = gnupg.GPG() + + binData = base64.b64decode(encryptedTextIn) + decrypted_data = gpg.decrypt(binData, passphrase=key) + + if decrypted_data.ok: + return decrypted_data.data.decode('utf-8') + else: + logger.info("error while decrypting: " + decrypted_data.status + ", assuming plaintext credentials") + return encryptedTextIn + + +# can be used for decrypting text encrypted with C# (mw-server) +def decrypt_aes_ciphertext(base64_encrypted_text, passphrase): + encrypted_data = base64.b64decode(base64_encrypted_text) + ivLength = 16 # IV length for AES is 16 bytes + + # Extract IV from the encrypted data + iv = encrypted_data[:ivLength] + + # Initialize AES cipher with provided passphrase and IV + backend = default_backend() + cipher = Cipher(algorithms.AES(passphrase.encode()), modes.CBC(iv), backend=backend) + decryptor = cipher.decryptor() + + # Decrypt the ciphertext + decrypted_data = decryptor.update(encrypted_data[ivLength:]) + decryptor.finalize() + + # Remove padding + unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder() + try: + unpadded_data = unpadder.update(decrypted_data) + unpadder.finalize() + return unpadded_data.decode('utf-8') # Assuming plaintext is UTF-8 encoded + except ValueError as e: + raise Exception ('AES decryption failed:', e) + + +# wrapper for trying the different decryption methods +def decrypt(encrypted_data, passphrase): + logger = getFwoLogger() + try: + decrypted = decrypt_aes_ciphertext(encrypted_data, passphrase) + return decrypted + except: + logger.warning("Unspecified error while decrypting with MS: " + str(traceback.format_exc())) + return encrypted_data + + def log_import_attempt(fwo_api_base_url, jwt, mgm_id, successful=False): now = datetime.datetime.now().isoformat() query_variables = { "mgmId": mgm_id, "timeStamp": now, "success": successful } @@ -201,6 +290,21 @@ def lock_import(fwo_api_base_url, jwt, query_variables): return -1 +def count_rule_changes_per_import(fwo_api_base_url, jwt, import_id): + logger = getFwoLogger() + change_count_query = """ + query count_rule_changes($importId: bigint!) { + changelog_rule_aggregate(where: {control_id: {_eq: $importId}}) { aggregate { count } } + }""" + try: + count_result = call(fwo_api_base_url, jwt, change_count_query, query_variables={'importId': import_id}, role='importer') + rule_changes_in_import = int(count_result['data']['changelog_rule_aggregate']['aggregate']['count']) + except: + logger.exception("failed to count changes for import id " + str(import_id)) + rule_changes_in_import = 0 + return rule_changes_in_import + + def count_changes_per_import(fwo_api_base_url, jwt, import_id): logger = getFwoLogger() change_count_query = """ @@ -227,11 +331,11 @@ def unlock_import(fwo_api_base_url, jwt, mgm_id, stop_time, current_import_id, e logger = getFwoLogger() error_during_import_unlock = 0 query_variables = {"stopTime": stop_time, "importId": current_import_id, - "success": error_count == 0, "changesFound": change_count > 0} + "success": error_count == 0, "changesFound": change_count > 0, "changeNumber": change_count} unlock_mutation = """ - mutation unlockImport($importId: bigint!, $stopTime: timestamp!, $success: Boolean, $changesFound: Boolean!) { - update_import_control(where: {control_id: {_eq: $importId}}, _set: {stop_time: $stopTime, successful_import: $success, changes_found: $changesFound}) { + mutation unlockImport($importId: bigint!, $stopTime: timestamp!, $success: Boolean, $changesFound: Boolean!, $changeNumber: Int!) { + update_import_control(where: {control_id: {_eq: $importId}}, _set: {stop_time: $stopTime, successful_import: $success, changes_found: $changesFound, security_relevant_changes_counter: $changeNumber}) { affected_rows } }""" @@ -299,6 +403,53 @@ def import_json_config(fwo_api_base_url, jwt, mgm_id, query_variables): return 1 +def update_hit_counter(fwo_api_base_url, jwt, mgm_id, query_variables): + logger = getFwoLogger() + # currently only data for check point firewalls is collected! + + if 'config' in query_variables and 'rules' in query_variables['config']: + queryVariablesLocal = {"mgmId": mgm_id} + # prerequesite: rule_uids are unique across a management + # this is guaranteed for the newer devices + # older devices like netscreen or FortiGate (via ssh) need to be checked + # when hits information should be gathered here in the future + + found_hits = False + last_hit_update_mutation = """ + mutation updateRuleLastHit($mgmId:Int!) { + update_rule_metadata_many(updates: [ + """ + + for rule in query_variables['config']['rules']: + if 'last_hit' in rule and rule['last_hit'] is not None: + found_hits = True + update_expr = '{{ where: {{ device: {{ mgm_id:{{_eq:$mgmId}} }} rule_uid: {{ _eq: "{rule_uid}" }} }}, _set: {{ rule_last_hit: "{last_hit}" }} }}, '.format(rule_uid=rule["rule_uid"], last_hit=rule['last_hit']) + last_hit_update_mutation += update_expr + + last_hit_update_mutation += " ]) { affected_rows } }" + + if found_hits: + try: + update_result = call(fwo_api_base_url, jwt, last_hit_update_mutation, + query_variables=queryVariablesLocal, role='importer') + if 'errors' in update_result: + logger.exception("fwo_api:update_hit_counter - error while updating hit counters for mgm id " + + str(mgm_id) + ": " + str(update_result['errors'])) + update_counter = len(update_result['data']['update_rule_metadata_many']) + except: + logger.exception("failed to update hit counter for mgm id " + str(mgm_id)) + return 1 # error + + return 0 + else: + if len(query_variables['config']['rules'])>0: + logger.debug("found rules without hit information for mgm_id " + str(mgm_id)) + return 1 + else: + logger.debug("no rules found for mgm_id " + str(mgm_id)) + return 1 + + def delete_import_object_tables(fwo_api_base_url, jwt, query_variables): logger = getFwoLogger() delete_mutation = """ diff --git a/roles/importer/files/importer/fwo_const.py b/roles/importer/files/importer/fwo_const.py index 6794a81ca..0bafbd7ac 100644 --- a/roles/importer/files/importer/fwo_const.py +++ b/roles/importer/files/importer/fwo_const.py @@ -18,10 +18,12 @@ fwo_api_http_import_timeout = 14400 # 4 hours importer_user_name = 'importer' # todo: move to config file? fwo_config_filename = base_dir + '/etc/fworch.json' +mainKeyFile=base_dir + '/etc/secrets/main_key' importer_pwd_file = base_dir + '/etc/secrets/importer_pwd' import_tmp_path = base_dir + '/tmp/import' fwo_config_filename = base_dir + '/etc/fworch.json' max_recursion_level = 25 # do not call a function recursively more than this +default_section_header_text = 'section without name' # how many objects (network, services, rules, ...) should be sent to the FWO API in one go? # should be between 500 and 2.000 in production (results in a max obj number of max. 5 x this value - nwobj/svc/rules/...) diff --git a/roles/importer/files/importer/fwo_data_networking.py b/roles/importer/files/importer/fwo_data_networking.py index 2dbdfef01..deb8facc4 100644 --- a/roles/importer/files/importer/fwo_data_networking.py +++ b/roles/importer/files/importer/fwo_data_networking.py @@ -24,6 +24,7 @@ def __init__(self, device_id, name, ip, netmask_bits, state_up=True, ip_version= self.ip_version = ip_version + class InterfaceSerializable(Interface): def __init__(self, ifaceIn): if type(ifaceIn) is dict: @@ -150,7 +151,7 @@ def get_matching_route_obj(destination_ip, routing_table, dev_id): if route.routeMatches(destination_ip, dev_id): return route - logger.error('src nat behind interface: found no matching route in routing table - no default route?!') + logger.warning('src nat behind interface: found no matching route in routing table - no default route?!') return None diff --git a/roles/importer/files/importer/fwo_exception.py b/roles/importer/files/importer/fwo_exception.py index 6906525f3..ece6711d6 100644 --- a/roles/importer/files/importer/fwo_exception.py +++ b/roles/importer/files/importer/fwo_exception.py @@ -3,55 +3,69 @@ class FwLoginFailed(Exception): """Raised when login to FW management failed""" def __init__(self, message="Login to FW management failed"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) + +class FwLogoutFailed(Exception): + """Raised when logout from FW management failed""" + + def __init__(self, message="Logout from FW management failed"): + self.message = message + super().__init__(self.message) + +class SecretDecryptionFailed(Exception): + """Raised when the attempt to decrypt a secret with the given key fails""" + + def __init__(self, message="Could not decrypt an API secret with given key"): + self.message = message + super().__init__(self.message) class FwoApiLoginFailed(Exception): """Raised when login to FWO API failed""" def __init__(self, message="Login to FWO API failed"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class FwoApiFailedLockImport(Exception): """Raised when unable to lock import (import running?)""" def __init__(self, message="Locking import failed - already running?"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class FwoApiFailure(Exception): """Raised for any other FwoApi call exceptions""" def __init__(self, message="There was an unclassified error while executing an FWO API call"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class FwoApiTimeout(Exception): """Raised for 502 http error with proxy due to timeout""" def __init__(self, message="reverse proxy timeout error during FWO API call - try increasing the reverse proxy timeout"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class FwoApiTServiceUnavailable(Exception): """Raised for 503 http error Serice unavailable""" def __init__(self, message="FWO API Hasura container died"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class ConfigFileNotFound(Exception): """can only happen when specifying config file with -i switch""" def __init__(self, message="Could not read config file"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) class ImportRecursionLimitReached(Exception): """Raised when recursion of function inimport process reaches max allowed recursion limit""" def __init__(self, message="Max recursion level reached - aborting"): - self.message = message - super().__init__(self.message) + self.message = message + super().__init__(self.message) diff --git a/roles/importer/files/importer/fwo_log.py b/roles/importer/files/importer/fwo_log.py index 708029947..6cde79698 100644 --- a/roles/importer/files/importer/fwo_log.py +++ b/roles/importer/files/importer/fwo_log.py @@ -1,31 +1,107 @@ -import logging -from sys import stdout +import sys import fwo_globals -#from fwo_globals import global_debug_level +import logging +import time +import threading + + +class LogLock: + semaphore = threading.Semaphore() + + def handle_log_lock(): + # Initialize values + lock_file_path = "/var/fworch/lock/importer_api_log.lock" + log_owned_by_external = False + stopwatch = time.time() + + while True: + try: + with open(lock_file_path, "a+") as file: + # Jump to the beginning of the file + file.seek(0) + # Read the file content + lock_file_content = file.read().strip() + # Forcefully release lock after timeout + if log_owned_by_external and time.time() - stopwatch > 10: + file.write("FORCEFULLY RELEASED\n") + stopwatch = -1 + LogLock.semaphore.release() + log_owned_by_external = False + # GRANTED - lock was granted by us + elif lock_file_content.endswith("GRANTED"): + # Request lock if it is not already requested by us + # (in case of restart with log already granted) + if not log_owned_by_external: + LogLock.semaphore.acquire() + stopwatch = time.time() + log_owned_by_external = True + # REQUESTED - lock was requested by log swap process + elif lock_file_content.endswith("REQUESTED"): + # only request lock if it is not already requested by us + if not log_owned_by_external: + LogLock.semaphore.acquire() + stopwatch = time.time() + log_owned_by_external = True + file.write("GRANTED\n") + # RELEASED - lock was released by log swap process + elif lock_file_content.endswith("RELEASED"): + # only release lock if it was formerly requested by us + if log_owned_by_external: + stopwatch = -1 + LogLock.semaphore.release() + log_owned_by_external = False + except Exception as e: + pass + # Wait a second + time.sleep(1) + + +# Used to accquire lock before log processing +# class LogFilter(logging.Filter): +# def filter(self, record): +# # Acquire lock +# LogLock.semaphore.acquire() +# # Return True to allow the log record to be processed +# return True + + +# Used to release lock after log processing +# class LogHandler(logging.StreamHandler): +# def emit(self, record): +# # Call the parent class's emit method to perform the actual logging +# super().emit(record) +# # Release lock +# LogLock.semaphore.release() def getFwoLogger(): - debug_level=int(fwo_globals.debug_level) - if debug_level>=1: - llevel = logging.DEBUG + debug_level = int(fwo_globals.debug_level) + if debug_level >= 1: + log_level = logging.DEBUG else: - llevel = logging.INFO + log_level = logging.INFO - logger = logging.getLogger() # use root logger - logHandler = logging.StreamHandler(stream=stdout) - logformat = "%(asctime)s [%(levelname)-5.5s] [%(filename)-10.10s:%(funcName)-10.10s:%(lineno)4d] %(message)s" - logHandler.setLevel(llevel) - handlers = [logHandler] - logging.basicConfig(format=logformat, datefmt="%Y-%m-%dT%H:%M:%S%z", handlers=handlers, level=llevel) - logger.setLevel(llevel) + logger = logging.getLogger() + #log_handler = LogHandler(stream=sys.stdout) + #log_filter = LogFilter() - # set log level for noisy requests/connectionpool module to WARNING: + log_format = "%(asctime)s [%(levelname)-5.5s] [%(filename)-10.10s:%(funcName)-10.10s:%(lineno)4d] %(message)s" + #log_handler.setLevel(log_level) + #log_handler.addFilter(log_filter) + #handlers = [log_handler] + + #logging.basicConfig(format=log_format, datefmt="%Y-%m-%dT%H:%M:%S%z", handlers=handlers, level=log_level) + logging.basicConfig(format=log_format, datefmt="%Y-%m-%dT%H:%M:%S%z", level=log_level) + logger.setLevel(log_level) + + # Set log level for noisy requests/connectionpool module to WARNING: connection_log = logging.getLogger("urllib3.connectionpool") connection_log.setLevel(logging.WARNING) connection_log.propagate = True - - if debug_level>8: - logger.debug ("debug_level=" + str(debug_level) ) + + if debug_level > 8: + logger.debug("debug_level=" + str(debug_level)) + return logger @@ -37,11 +113,16 @@ def getFwoAlertLogger(debug_level=0): llevel = logging.INFO logger = logging.getLogger() # use root logger - logHandler = logging.StreamHandler(stream=stdout) + # log_handler = LogHandler(stream=sys.stdout) + # log_filter = LogFilter() + logformat = "%(asctime)s %(message)s" - logHandler.setLevel(llevel) - handlers = [logHandler] - logging.basicConfig(format=logformat, datefmt="", handlers=handlers, level=llevel) + # log_handler.setLevel(llevel) + # log_handler.addFilter(log_filter) + # handlers = [log_handler] + + # logging.basicConfig(format=logformat, datefmt="", handlers=handlers, level=llevel) + logging.basicConfig(format=logformat, datefmt="", level=llevel) logger.setLevel(llevel) # set log level for noisy requests/connectionpool module to WARNING: diff --git a/roles/importer/files/importer/fwo_mail_unused b/roles/importer/files/importer/fwo_mail_unused new file mode 100644 index 000000000..4556310b4 --- /dev/null +++ b/roles/importer/files/importer/fwo_mail_unused @@ -0,0 +1,82 @@ +import json +import jsonpickle +from fwo_data_networking import InterfaceSerializable, RouteSerializable +import fwo_globals +from fwo_const import max_objs_per_chunk, csv_delimiter, apostrophe, line_delimiter +from fwo_log import getFwoLogger, getFwoAlertLogger +from copy import deepcopy +import smtplib, ssl +from email.message import EmailMessage + + +def send_mail(recipient_list, subject, body, fwo_config): + logger = getFwoLogger() + # Create a text/plain message + msg = EmailMessage() + senderAddress = "" + msg.set_content(body) + msg['Subject'] = subject + if 'emailSenderAddress' in fwo_config: + senderAddress = fwo_config['emailSenderAddress'] + msg['From'] = senderAddress + msg['To'] = recipient_list + tlsSetting = "" + + try: + if 'emailTls' not in fwo_config or fwo_config['emailTls']=='StartTls': + smtp_server = smtplib.SMTP(fwo_config['emailServerAddress'], int(fwo_config['emailPort'])) + if 'emailTls' in fwo_config and fwo_config['emailTls']=='StartTls': + tlsSetting = fwo_config['emailTls'] + smtp_server.starttls() #setting up to TLS connection + smtp_server.ehlo() #calling the ehlo() again as encryption happens on calling startttls() + else: + smtp_server.ehlo() #setting the ESMTP protocol + elif fwo_config['emailTls']=='Tls': + context = ssl.create_default_context() + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + smtp_server = smtplib.SMTP(fwo_config['emailServerAddress'], int(fwo_config['emailPort'])) + smtp_server.starttls(context=context) + smtp_server.ehlo() + if 'emailUser' in fwo_config and 'emailPassword' in fwo_config and fwo_config['emailUser']!="": + smtp_server.login(fwo_config['emailUser'], fwo_config['emailPassword']) #logging into out email id + + #sending the mail by specifying the from and to address and the message + smtp_server.send_message(msg) + smtp_server.quit() #terminating the server + except Exception as e: + if 'emailPort' not in fwo_config: + logger.warning("Missing email server port config. Double-check your emailPort configuration") + elif int(fwo_config['emailPort'])<1 or int(fwo_config['emailPort'])>65535: + logger.warning("Email server port configuration out of bounds: " + str(fwo_config['emailPort']) + ". Double-check your emailPort configuration") + elif 'emailServer' not in fwo_config: + logger.warning("Missing email server address. Double-check your emailServer configuration") + elif len(fwo_config['emailServer'])==0: + logger.warning("Empty email server address. Double-check your emailServer configuration") + elif recipient_list is None: + logger.warning("Undefined email recipient list. Double-check your email recipient list") + elif len(recipient_list)==0: + logger.warning("Empty email recipient list. Double-check your email recipient list") + else: + logger.warning("error while sending import change notification email: " + + "emailServer: " + fwo_config['emailServerAddress'] + ", " + + "emailSenderAddress: " + senderAddress + ", " + + "emailPort: " + fwo_config['emailPort'] + ", " + + "emailTls: " + str(tlsSetting) + ", " + + "impChangeNotifyRecipients: " + str(recipient_list) + ", " + + "error: " + str(e) + ) + + +# def send_change_notification_mail(fwo_config, number_of_changes, mgm_name, mgm_id): +# if 'impChangeNotifyActive' in fwo_config and bool(fwo_config['impChangeNotifyActive']) and 'impChangeNotifyRecipients' in fwo_config: +# body = "" +# if 'impChangeNotifyBody' in fwo_config: +# body += fwo_config['impChangeNotifyBody'] + ": " +# body += str(number_of_changes) + ", Management: " + mgm_name + " (id=" + mgm_id + ")" +# send_mail( +# fwo_config['impChangeNotifyRecipients'].split(','), +# fwo_config['impChangeNotifySubject'] if 'impChangeNotifySubject' in fwo_config else "firewall orchestrator change notification", +# body, +# fwo_config +# ) diff --git a/roles/importer/files/importer/import-main-loop.py b/roles/importer/files/importer/import-main-loop.py index e75b8a2af..3eb827985 100755 --- a/roles/importer/files/importer/import-main-loop.py +++ b/roles/importer/files/importer/import-main-loop.py @@ -8,10 +8,11 @@ import sys import time import json +import threading import requests, warnings import fwo_api# common # from current working dir from common import import_management -from fwo_log import getFwoLogger +from fwo_log import getFwoLogger, LogLock import fwo_globals, fwo_config from fwo_const import base_dir, importer_base_dir from fwo_exception import FwoApiLoginFailed, FwoApiFailedLockImport, FwLoginFailed @@ -21,14 +22,39 @@ class GracefulKiller: kill_now = False + def __init__(self): signal.signal(signal.SIGINT, self.exit_gracefully) signal.signal(signal.SIGTERM, self.exit_gracefully) + def exit_gracefully(self, *args): self.kill_now = True +class LogLockerTask(threading.Thread): + def __init__(self): + super().__init__() + self._stop_event = threading.Event() + # signal.signal(signal.SIGINT, self.exit_gracefully) + # signal.signal(signal.SIGTERM, self.exit_gracefully) + + + def run(self): + while not self._stop_event.is_set(): + threading.Thread(target = LogLock.handle_log_lock) + time.sleep(1) + + + def exit_gracefully(self, *args): + self.kill_now = True + + + def stop(self): + self._stop_event.set() + # self.kill_now = True + + if __name__ == '__main__': parser = argparse.ArgumentParser( description='Run import loop across all managements to read configuration from FW managements via API calls') @@ -45,6 +71,9 @@ def exit_gracefully(self, *args): args = parser.parse_args() + # logLockerTask = LogLockerTask() # create logLocker + # logLockerTask.start() # start Log locking + fwo_config = fwo_config.readConfig() fwo_globals.setGlobalValues(verify_certs_in=args.verify_certificates, suppress_cert_warnings_in=args.suppress_certificate_warnings, @@ -64,6 +93,8 @@ def exit_gracefully(self, *args): # setting defaults (only as fallback if config defaults cannot be fetched via API): api_fetch_limit = 150 sleep_timer = 90 + jwt = "" + mgm_ids = [] # read fwo config (API URLs) try: @@ -75,6 +106,7 @@ def exit_gracefully(self, *args): logger.error("import-main-loop - error while reading FWO config file") raise + mgm_details = {} killer = GracefulKiller() while not killer.kill_now: # authenticate to get JWT @@ -141,7 +173,7 @@ def exit_gracefully(self, *args): except: logger.error("import-main-loop - error while getting FW management details for mgm_id=" + str(id) + " - skipping: " + str(traceback.format_exc())) skipping = True - if not skipping and mgm_details["deviceType"]["id"] in (9, 11, 17): # only handle CPR8x and fortiManager + if not skipping and mgm_details["deviceType"]["id"] in (9, 11, 17, 22, 23, 24): # only handle CPR8x Manager, fortiManager, Cisco MgmCenter, Palo Panorama, Palo FW, FortiOS REST logger.debug("import-main-loop: starting import of mgm_id=" + id) try: import_result = import_management(mgm_id=id, debug_level_in=debug_level, @@ -159,4 +191,7 @@ def exit_gracefully(self, *args): time.sleep(1) counter += 1 + # got break signal stopping background process for handling log locking + # logLockerTask.stop() + # logLockerTask.join() logger.info("importer-main-loop exited gracefully.") diff --git a/roles/importer/files/importer/import-mgm.py b/roles/importer/files/importer/import-mgm.py index 5e650e13f..4d805fcdd 100755 --- a/roles/importer/files/importer/import-mgm.py +++ b/roles/importer/files/importer/import-mgm.py @@ -16,10 +16,18 @@ parser.add_argument('-c', '--clear', action='store_true', default=False, help='If set the import will delete all data for the given management instead of importing') parser.add_argument('-f', '--force', action='store_true', default=False, - help='If set the import will be attempted without checking for changes before') + help='If set the import will be attempted without checking for changes or if the importer module is the one defined') parser.add_argument('-d', '--debug', metavar='debug_level', default='0', - help='Debug Level: 0=off, 1=send debug to console, 2=send debug to file, 3=save noramlized config file; 4=additionally save native config file; default=0. \n' +\ - 'config files are saved to $FWORCH/tmp/import dir') + help='Debug Level: \ + 0=off, \ + 1=send debug to console, \ + 2=send debug to file, \ + 3=save noramlized config file, \ + 4=additionally save native config file, \ + 8=send native config (as read from firewall) to standard out, \ + 9=send normalized config to standard out, \ + (default=0), \ + config files are saved to $FWORCH/tmp/import dir') parser.add_argument('-v', "--verify_certificates", action='store_true', default = None, help = "verify certificates") parser.add_argument('-s', "--suppress_certificate_warnings", action='store_true', default = None, @@ -49,7 +57,7 @@ mgm_id=args.mgm_id, in_file=args.in_file, normalized_in_file=args.normalized_in_file, debug_level_in=args.debug, ssl_verification=args.verify_certificates, force=args.force, limit=args.limit, clearManagementData=args.clear, suppress_cert_warnings_in=args.suppress_certificate_warnings) except SystemExit: - print ("import-mgm - error while importing mgm_id=" + str(args.mgm_id)) + logger.error("import-mgm - error while importing mgm_id=" + str(args.mgm_id) + ": " + str(traceback.format_exc())) error_count = 1 except: logger.error("import-mgm - error while importing mgm_id=" + str(args.mgm_id) + ": " + str(traceback.format_exc())) diff --git a/roles/importer/files/importer/nsx4ff/__init__.py b/roles/importer/files/importer/nsx4ff/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/roles/importer/files/importer/nsx4ff/discovery_logging.conf b/roles/importer/files/importer/nsx4ff/discovery_logging.conf new file mode 100644 index 000000000..139c55a9c --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/discovery_logging.conf @@ -0,0 +1,41 @@ +[loggers] +keys=root,discoveryDebugLogger +#keys=root,__main__ + +[handlers] +keys=consoleHandler,debugFileHandler + +[formatters] +keys=defaultFormatter,debugFileFormatter + +[logger_root] +level=DEBUG +handlers=consoleHandler + +[logger_discoveryDebugLogger] +#[logger___main__] +level=DEBUG +handlers=debugFileHandler +qualname=discoveryDebugLogger +#qualname=__main__ +propagate=0 + +[handler_consoleHandler] +class=StreamHandler +level=DEBUG +formatter=defaultFormatter +args=(sys.stderr,) + +[handler_debugFileHandler] +class=FileHandler +level=DEBUG +formatter=debugFileFormatter +args=('/tmp/fworch_discovery.log',) +# args=('/var/log/fworch/discovery.log',) + +[formatter_defaultFormatter] +format=%(levelname)s:%(name)s:%(message)s + +[formatter_debugFileFormatter] +format=%(asctime)s - %(name)s - %(levelname)s - %(message)s + diff --git a/roles/importer/files/importer/nsx4ff/fwcommon.py b/roles/importer/files/importer/nsx4ff/fwcommon.py new file mode 100644 index 000000000..5e5dea053 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/fwcommon.py @@ -0,0 +1,105 @@ +import sys +import base64 +from common import importer_base_dir +sys.path.append(importer_base_dir + "/nsx4ff") +from nsx_service import normalize_svcobjects +# from nsx_application import normalize_application_objects +from nsx_rule import normalize_access_rules +from nsx_network import normalize_nwobjects +# from nsx_zone import normalize_zones +from nsx_getter import update_config_with_nsxdcfw_api_call +from fwo_log import getFwoLogger +from nsx_base import api_version_str + +def has_config_changed(full_config, mgm_details, force=False): + # dummy - may be filled with real check later on + return True + + +def get_config(config2import, full_config, current_import_id, mgm_details, limit=1000, force=False, jwt=''): + logger = getFwoLogger() + if full_config == {}: # no native config was passed in, so getting it from Azzure + parsing_config_only = False + else: + parsing_config_only = True + + if not parsing_config_only: # no native config was passed in, so getting it from Palo Firewall + apipwd = mgm_details["import_credential"]['secret'] + apiuser = mgm_details["import_credential"]['user'] + apihost = mgm_details["hostname"] + domain = mgm_details["configPath"] + + vsys_base_objects = ["/infra/services"] + vsys_object_groups = ["/infra/domains/{domain}/groups".format(domain=domain)] + vsys_objects = vsys_object_groups + vsys_base_objects + + #predef_objects = ["/Objects/Applications"] + rulebase_names = ["security-policies"] # , "/Policies/NATRules"] + + for obj_path in vsys_objects: + full_config[obj_path] = [] + + # for obj_path in predef_objects: + # full_config[obj_path] = [] + + credentials = base64.b64encode((apiuser + ":" + apipwd).encode()) + + ## get objects: + # base_url = "https://{apihost}/policy/api/v1/infra/domains/{domain}/security-policies/[policy name]".format(apihost=apihost, api_version_str=api_version_str) + + # vsys_name = "vsys1" # TODO - automate this hard-coded name + # location = "vsys" # alternative: panorama-pushed + + + for obj_path in vsys_objects: + base_url = "https://{apihost}/policy/api/v1{path}".format(apihost=apihost, path=obj_path) + update_config_with_nsxdcfw_api_call(base_url, full_config, obj_path, obj_type=obj_path, credentials=credentials) + + # for obj_path in predef_objects: + # update_config_with_nsxdcfw_api_call(key, base_url, full_config, obj_path + "?location={location}".format(location="predefined"), obj_type=obj_path) + + # users + + # get rules + full_config.update({'devices': {}}) + for device in mgm_details["devices"]: + dev_id = device['id'] + dev_name = device['local_rulebase_name'] + full_config['devices'].update({ dev_id: {} }) + + for obj_path in rulebase_names: + base_url = "https://{apihost}/policy/api/v1/infra/domains/{domain}/{rulebase_name}/{policy_name}".format(apihost=apihost, domain=domain, policy_name=dev_name, rulebase_name=obj_path) + update_config_with_nsxdcfw_api_call( + base_url, full_config['devices'][device['id']], + obj_path, + obj_type=obj_path, credentials=credentials) + + ################## + # now we normalize relevant parts of the raw config and write the results to config2import dict + + normalize_nwobjects(full_config, config2import, current_import_id, jwt=jwt, mgm_id=mgm_details['id'], domain=domain) + normalize_svcobjects(full_config, config2import, current_import_id) + # normalize_application_objects(full_config, config2import, current_import_id) + # normalize_users(full_config, config2import, current_import_id, user_scope) + + # adding default any and predefined objects + any_nw_svc = {"svc_uid": "any_svc_placeholder", "svc_name": "any", "svc_comment": "Placeholder service.", + "svc_typ": "simple", "ip_proto": -1, "svc_port": 0, "svc_port_end": 65535, "control_id": current_import_id} + http_svc = {"svc_uid": "http_predefined_svc", "svc_name": "service-http", "svc_comment": "Predefined service", + "svc_typ": "simple", "ip_proto": 6, "svc_port": 80, "control_id": current_import_id} + https_svc = {"svc_uid": "https_predefined_svc", "svc_name": "service-https", "svc_comment": "Predefined service", + "svc_typ": "simple", "ip_proto": 6, "svc_port": 443, "control_id": current_import_id} + + config2import["service_objects"].append(any_nw_svc) + config2import["service_objects"].append(http_svc) + config2import["service_objects"].append(https_svc) + + any_nw_object = {"obj_uid": "any_obj_placeholder", "obj_name": "any", "obj_comment": "Placeholder object.", + "obj_typ": "network", "obj_ip": "0.0.0.0/0", "control_id": current_import_id} + config2import["network_objects"].append(any_nw_object) + + # normalize_zones(full_config, config2import, current_import_id) + normalize_access_rules(full_config, config2import, current_import_id, mgm_details=mgm_details) + # normalize_nat_rules(full_config, config2import, current_import_id, jwt=jwt) + + return 0 diff --git a/roles/importer/files/importer/nsx4ff/nsx_application.py b/roles/importer/files/importer/nsx4ff/nsx_application.py new file mode 100644 index 000000000..6d132cbe8 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_application.py @@ -0,0 +1,37 @@ +from fwo_const import list_delimiter +from fwo_log import getFwoLogger + + +# def normalize_application_objects(full_config, config2import, import_id): +# app_objects = [] +# for app_orig in full_config["/Objects/Applications"]: +# app_objects.append(parse_app(app_orig, import_id,config2import)) +# config2import['service_objects'] += app_objects + + +def extract_base_app_infos(app_orig, import_id): + app = {} + if "@name" in app_orig: + app["svc_uid"] = app_orig["@name"] + app["svc_name"] = app_orig["@name"] + if "comment" in app_orig: + app["svc_comment"] = app_orig["comment"] + app["control_id"] = import_id + app["svc_typ"] = 'simple' + return app + + +def parse_app(app_orig, import_id,config2import): + svc = extract_base_app_infos(app_orig, import_id) + app_comment = '' + if 'category' in app_orig: + app_comment = "category: " + app_orig['category'] + if 'subcategory' in app_orig: + app_comment += ", " + "subcategory: " + app_orig['subcategory'] + if 'technology' in app_orig: + app_comment += ", " + "technology: " + app_orig['technology'] + if 'svc_comment' in svc: + svc['svc_comment'] += "; " + app_comment + else: + svc['svc_comment'] = app_comment + return svc diff --git a/roles/importer/files/importer/nsx4ff/nsx_base.py b/roles/importer/files/importer/nsx4ff/nsx_base.py new file mode 100644 index 000000000..e4a69e545 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_base.py @@ -0,0 +1,2 @@ + +api_version_str="9.1" diff --git a/roles/importer/files/importer/nsx4ff/nsx_getter.py b/roles/importer/files/importer/nsx4ff/nsx_getter.py new file mode 100644 index 000000000..155f85b29 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_getter.py @@ -0,0 +1,95 @@ +# library for API get functions +import base64 +from typing import Dict +from fwo_log import getFwoLogger +import requests.packages +import requests +import xmltodict, json +import fwo_globals +from fwo_exception import FwLoginFailed + + +def api_call(url, params = {}, headers = {}, data = {}, credentials = '', show_progress=False, method='get'): + logger = getFwoLogger() + result_type='json' + request_headers = {'Content-Type': 'application/json'} + for header_key in headers: + request_headers[header_key] = headers[header_key] + if credentials != '': + request_headers["Authorization"] = 'Basic {credentials}'.format(credentials=credentials.decode("utf-8")) + result_type='json' + + if method == "post": + response = requests.post(url, params=params, data=data, headers=request_headers, verify=fwo_globals.verify_certs) + elif method == "get": + response = requests.get(url, params=params, headers=request_headers, verify=fwo_globals.verify_certs) + else: + raise Exception("unknown HTTP method found in nsx_getter") + + # error handling: + exception_text = '' + if response is None: + if 'password' in json.dumps(data): + exception_text = "error while sending api_call containing credential information to url '" + \ + str(url) + else: + exception_text = "error while sending api_call to url '" + str(url) + "' with payload '" + json.dumps( + data, indent=2) + "' and headers: '" + json.dumps(request_headers, indent=2) + if not response.ok: + exception_text = 'error code: {error_code}, error={error}'.format(error_code=response.status_code, error=response.content) + #logger.error(response.content) + if (len(response.content) == 0): + exception_text = 'empty response content' + + if exception_text != '': + raise Exception(exception_text) + + # no errors found + if result_type=='xml': + r = xmltodict.parse(response.content) + body_json = json.loads(json.dumps(r)) + elif result_type=='json': + body_json = json.loads(response.content) + if 'result' in body_json: + body_json = body_json['result'] + + else: + body_json = None + + return body_json + + +# def login(apiuser, apipwd, apihost): +# base_url = "https://{apihost}/api/?type=keygen&user={apiuser}&password={apipwd}".format(apihost=apihost, apiuser=apiuser, apipwd=apipwd) +# try: +# body = api_call(base_url, method="get", headers={}, data={}) +# except Exception as e: +# raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed; Message: " + str(e)) from None + +# if 'response' in body and 'result' in body['response'] and 'key' in body['response']['result'] and not body['response']['result']['key'] == None: +# key = body['response']['result']['key'] +# else: +# raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed") from None + +# if fwo_globals.debug_level > 2: +# logger = getFwoLogger() +# logger.debug("Login successful. Received key: " + key) + +# return key + + +def update_config_with_nsxdcfw_api_call(api_base_url, config, api_path, credentials='', obj_type='generic', parameters={}, payload={}, show_progress=False, limit: int=1000, method="get"): + returned_new_data = True + + full_result = [] + result = api_call(api_base_url, credentials=credentials, params=parameters, data=payload, show_progress=show_progress, method=method) + # if "entry" in result: + # returned_new_data = len(result['entry'])>0 + # else: + # returned_new_data = False + if returned_new_data: + if 'results' in result: + config.update({obj_type: result['results']}) + else: + # full_result.extend(result) + config.update({obj_type: result}) diff --git a/roles/importer/files/importer/nsx4ff/nsx_network.py b/roles/importer/files/importer/nsx4ff/nsx_network.py new file mode 100644 index 000000000..894406e8b --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_network.py @@ -0,0 +1,197 @@ +from asyncio.log import logger +from fwo_log import getFwoLogger +from fwo_const import list_delimiter +import ipaddress +import os.path + + +def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None, domain="default"): + logger = getFwoLogger() + nw_objects = [] + nw_tagged_groups = {} + # for obj_orig in full_config["/Objects/Addresses"]: + # nw_objects.append(parse_object(obj_orig, import_id, config2import, nw_objects)) + # if 'tag' in obj_orig and 'member' in obj_orig['tag']: + # logger.info("found simple network object with tags: " + obj_orig['@name']) + # for t in obj_orig['tag']['member']: + # collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name']) + + # for tag in nw_tagged_groups: + # logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag])) + # obj = {} + # obj["obj_name"] = tag + # obj["obj_uid"] = tag + # obj["obj_comment"] = 'dynamic group defined by tagging' + # obj['control_id'] = import_id + # obj['obj_typ'] = 'group' + # members = nw_tagged_groups[tag] # parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups) + # obj['obj_members'] = list_delimiter.join(members) + # obj['obj_member_refs'] = list_delimiter.join(members) + # nw_objects.append(obj) + + for obj_grp_orig in full_config["/infra/domains/{domain}/groups".format(domain=domain)]: + # logger.info("found network group: " + obj_grp_orig['name']) + obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects) + + if 'resource_type' in obj_grp_orig: + obj_grp["obj_typ"] = obj_grp_orig["resource_type"].lower() + + if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']: + obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import) + if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']: + members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups) + obj_grp["obj_member_refs"] = list_delimiter.join(members) + obj_grp["obj_member_names"] = list_delimiter.join(members) + nw_objects.append(obj_grp) + if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']: + logger.info("found network group with tags: " + obj_grp_orig['@name']) + for t in obj_grp_orig['tag']['member']: + logger.info(" found tag " + t) + collect_tag_information(nw_tagged_groups, t, obj_grp_orig['@name']) + + config2import['network_objects'] = nw_objects + + +def parse_object(obj_orig, import_id, config2import, nw_objects): + obj = extract_base_object_infos(obj_orig, import_id, config2import, nw_objects) + obj['obj_ip'] = obj_orig['ip-netmask'] + if '/' in obj['obj_ip'] and not '/32' in obj['obj_ip']: + obj['obj_typ'] = 'network' + else: + obj['obj_typ'] = 'host' + return obj + + +def extract_base_object_infos(obj_orig, import_id, config2import, nw_objects): + obj = {} + if 'display_name' in obj_orig: + obj["obj_name"] = obj_orig["display_name"] + obj["obj_uid"] = obj_orig["path"] + if 'description' in obj_orig: + obj["obj_comment"] = obj_orig["description"] + obj["control_id"] = import_id + return obj + + +def parse_dynamic_object_group(orig_grp, nw_tagged_groups): + if "dynamic" in orig_grp: + if 'filter' in orig_grp['dynamic']: + if ' ' not in orig_grp['dynamic']['filter']: + # just a single tag + # add all nw objects with the tag to this group + tag = orig_grp['dynamic']['filter'][1:-1] + if tag in nw_tagged_groups: + return nw_tagged_groups[tag] + else: + # later: deal with more complex tagging (and/or) + return [] + return [] + + +def parse_static_obj_group(orig_grp, import_id, nw_objects, config2import, id = None): + refs = [] + names = [] + + if "static" in orig_grp and "member" in orig_grp["static"]: + for m in orig_grp['static']['member']: + names.append(m) + refs.append(m) + return list_delimiter.join(refs), list_delimiter.join(names) + + +def parse_obj_list(nw_obj_list, import_id, obj_list, id, type='network'): + refs = [] + names = [] + for obj_uid in nw_obj_list: + refs.append(obj_uid) + names.append(lookup_obj_uid(obj_uid, obj_list, import_id, type=type)) + return list_delimiter.join(refs), list_delimiter.join(names) + + + +def lookup_obj_uid(obj_uid, obj_list, import_id, type='network'): + for o in obj_list: + if type=='network' and 'obj_uid' in o: + if o['obj_uid']==obj_uid: + return o['obj_name'] + elif type=='service' and 'svc_name' in o: + if o['svc_uid']==obj_uid: + return o['svc_name'] + else: + logger.warning("could not find object uid in object " + str(o)) + + # could not find existing obj in obj list, so creating new one + if type=='network': + refs, names = add_ip_obj([obj_uid], obj_list, import_id) + return refs ## assuming only one object here + elif type=='service': + logger.warning("could not find service object " + str(obj_uid)) + else: + logger.warning("unknown object type '" + type + "' for object " + str(obj_uid)) + return None + + +def lookup_obj_name(obj_name, obj_list, import_id, type='network'): + for o in obj_list: + if type=='network' and 'obj_name' in o: + if o['obj_name']==obj_name: + return o['obj_name'] + elif type=='service' and 'svc_name' in o: + if o['svc_uid']==obj_name: + return o['svc_name'] + else: + logger.warning("could not find object name in object " + str(o)) + + # could not find existing obj in obj list, so creating new one + if type=='network': + refs, names = add_ip_obj([obj_name], obj_list, import_id) + return refs ## assuming only one object here + elif type=='service': + logger.warning("could not find service object " + str(obj_name)) + else: + logger.warning("unknown object type '" + type + "' for object " + str(obj_name)) + return None + + +def add_ip_obj(ip_list, obj_list, import_id): + refs = [] + names = [] + for ip in ip_list: + # TODO: lookup ip in network_objects and re-use + ip_obj = {} + ip_obj['obj_name'] = ip + ip_obj['obj_uid'] = ip_obj['obj_name'] + try: + ipaddress.ip_network(ip) + # valid ip + ip_obj['obj_ip'] = ip + except: + # no valid ip - asusming Tag + ip_obj['obj_ip'] = '0.0.0.0/0' + ip = '0.0.0.0/0' + ip_obj['obj_name'] = ip_obj['obj_name'] + ip_obj['obj_uid'] = ip_obj['obj_name'] + ip_obj['obj_type'] = 'simple' + ip_obj['obj_typ'] = 'host' + if "/" in ip: + ip_obj['obj_typ'] = 'network' + + if "-" in ip: # ip range + ip_obj['obj_typ'] = 'ip_range' + ip_range = ip.split("-") + ip_obj['obj_ip'] = ip_range[0] + ip_obj['obj_ip_end'] = ip_range[1] + + ip_obj['control_id'] = import_id + + obj_list.append(ip_obj) + refs.append(ip_obj['obj_uid']) + names.append(ip_obj['obj_name']) + return list_delimiter.join(refs), list_delimiter.join(names) + + +def collect_tag_information(tagged_groups, tag, obj_name): + if tag in tagged_groups.keys(): + tagged_groups[tag].append(obj_name) + else: + tagged_groups.update({tag: [obj_name]}) diff --git a/roles/importer/files/importer/nsx4ff/nsx_rule.py b/roles/importer/files/importer/nsx4ff/nsx_rule.py new file mode 100644 index 000000000..cdbc0e429 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_rule.py @@ -0,0 +1,109 @@ +from nsx_service import parse_svc_list +from nsx_network import parse_obj_list +from fwo_log import getFwoLogger +from fwo_const import list_delimiter +import hashlib +import base64 +import os.path + + +def make_hash_sha256(o): + hasher = hashlib.sha256() + hasher.update(repr(make_hashable(o)).encode()) + return base64.b64encode(hasher.digest()).decode() + + +def make_hashable(o): + if isinstance(o, (tuple, list)): + return tuple((make_hashable(e) for e in o)) + + if isinstance(o, dict): + return tuple(sorted((k,make_hashable(v)) for k,v in o.items())) + + if isinstance(o, (set, frozenset)): + return tuple(sorted(make_hashable(e) for e in o)) + + return o + + +def normalize_access_rules(full_config, config2import, import_id, mgm_details={}): + rules = [] + logger = getFwoLogger() + + nw_obj_names = [] + for o in config2import['network_objects']: + nw_obj_names.append(o["obj_name"]) + + for device in full_config["devices"]: + rule_number = 0 + for dev_id in full_config['devices'].keys(): + for rulebase in list(full_config['devices'][dev_id].keys()): + for rule_orig in full_config['devices'][dev_id][rulebase]['rules']: + + # set some default values first + rule = {'rule_src': 'any', 'rule_dst': 'any', 'rule_svc': 'any', + 'rule_src_refs': 'any_obj_placeholder', 'rule_dst_refs': 'any_obj_placeholder', + 'rule_src_neg': False, 'rule_dst_neg': False, + 'rule_svc_refs': 'any_svc_placeholder'} + + if 'sources_excluded' in rule_orig and rule_orig['sources_excluded']: + rule["rule_src_neg"] = True + if 'destinations_excluded' in rule_orig and rule_orig['destinations_excluded']: + rule["rule_dst_neg"] = True + rule.update({ + "rule_svc_neg": False, # not possible to negate the svc field on NSX + "rulebase_name": os.path.basename(rule_orig['parent_path']), + "rule_name": rule_orig['relative_path'], + 'rule_type': 'access', + 'rule_num': rule_number, + 'parent_rule_id': None, + 'rule_time': None, + 'rule_implied': False, + 'rule_comment': None, + 'rule_track': 'None', + 'rule_uid': rule_orig['unique_id'], + 'rule_disabled': rule_orig['disabled'], + 'control_id': import_id + }) + + if "action" in rule_orig: + if rule_orig['action']=='ALLOW': + rule['rule_action'] = 'accept' + elif rule_orig['action']=='drop': + rule['rule_action'] = 'drop' + elif rule_orig['action']=='deny': + rule['rule_action'] = 'deny' + elif rule_orig['action']=='REJECT': + rule['rule_action'] = 'reject' + else: + logger.warning("found undefined action:" + str(rule_orig)) + else: # NAT rules + rule['rule_action'] = "accept" + rule['rule_type'] = 'nat' + + if 'logged' in rule_orig and rule_orig['logged']: + rule['rule_track'] = 'log' + else: + rule['rule_track'] = 'none' + + if "source_groups" in rule_orig: + rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(rule_orig["source_groups"], import_id, config2import['network_objects'], rule["rule_uid"]) + else: + logger.warning("found undefined source in rule: " + str(rule_orig)) + + if "destination_groups" in rule_orig: + rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(rule_orig["destination_groups"], import_id, config2import['network_objects'], rule["rule_uid"]) + else: + logger.warning("found undefined destination in rule: " + str(rule_orig)) + + services = [] + if "services" in rule_orig: + services = rule_orig["services"] + + if services != [ "ANY" ]: + rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(services, import_id, config2import['service_objects'], rule["rule_uid"], type='service') + + rule_number += 1 + rules.append(rule) + + config2import['rules'] += rules diff --git a/roles/importer/files/importer/nsx4ff/nsx_service.py b/roles/importer/files/importer/nsx4ff/nsx_service.py new file mode 100644 index 000000000..d1b5af697 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_service.py @@ -0,0 +1,162 @@ +from fwo_const import list_delimiter +from fwo_log import getFwoLogger +import os.path + + +def normalize_svcobjects(full_config, config2import, import_id): + svc_objects = [] + for svc_orig in full_config['/infra/services']: + svc_objects.append(parse_svc(svc_orig, import_id,config2import)) + # for svc_grp_orig in full_config['/Objects/ServiceGroups']: + # svc_grp = extract_base_svc_infos(svc_grp_orig, import_id) + # svc_grp['svc_typ'] = 'group' + # svc_grp['svc_member_refs'] , svc_grp['svc_member_names'] = parse_svc_group(svc_grp_orig,config2import) + # svc_objects.append(svc_grp) + config2import['service_objects'] += svc_objects + + +def parse_svc_group(orig_grp,config2import): + refs = [] + names = [] + if 'dynamic' in orig_grp: + pass + if 'static' in orig_grp and 'member' in orig_grp['static']: + for m in orig_grp['static']['member']: + names.append(m) + refs.append(m) + return list_delimiter.join(refs), list_delimiter.join(names) + + +def extract_base_svc_infos(svc_orig, import_id): + svc = {} + if 'display_name' in svc_orig: + svc['svc_name'] = svc_orig['display_name'] + if 'path' in svc_orig: + svc['svc_uid'] = svc_orig['path'] + if 'description' in svc_orig: + svc['svc_comment'] = svc_orig['description'] + svc['svc_timeout'] = None + svc['svc_color'] = None + svc['control_id'] = import_id + svc['svc_typ'] = 'simple' + return svc + + +def parse_svc(svc_orig, import_id,config2import): + svc = extract_base_svc_infos(svc_orig, import_id) + if 'service_entries' in svc_orig: + for se in svc_orig['service_entries']: # TODO: handle list of service entries + if 'l4_protocol' in se: + proto_string = 'undefined' + if se['l4_protocol'] == 'TCP': + svc['ip_proto'] = 6 + proto_string = 'tcp' + if se['l4_protocol'] == 'UDP': + svc['ip_proto'] = 17 + proto_string = 'udp' + + if 'destination_ports' in se and len(se['destination_ports'])>0: + svc['svc_port'] = se['destination_ports'][0] # TODO: handle list of ports! + extract_port_for_service(svc['svc_port'], svc) + else: + pass + + if proto_string=='undefined': + svc['svc_name'] += ' [Protocol \'' + str(se['l4_protocol']) + '\' not supported]' + # else: + # port_string = svc_orig['protocol'][proto_string]['port'] + # if ',' in port_string: + # svc['svc_typ'] = 'group' + # svc['svc_port'] = None + # members = [] + # for p in port_string.split(','): + # hlp_svc = create_helper_service(p, proto_string, svc['svc_name'], import_id) + # add_service(hlp_svc, config2import) + # members.append(hlp_svc['svc_uid']) + # svc['svc_members'] = list_delimiter.join(members) + # svc['svc_member_refs'] = list_delimiter.join(members) + # else: # just a single port (range) + # extract_port_for_service(port_string, svc) + return svc + + +# def add_service(svc, config2import): +# #if svc not in config2import['service_objects']: +# config2import['service_objects'].append(svc) + + +def extract_port_for_service(port_string, svc): + if '-' in port_string: + port_range = port_string.split('-') + if len(port_range)==2: + svc['svc_port'] = port_range[0] + svc['svc_port_end'] = port_range[1] + else: + logger = getFwoLogger() + logger.warning('found strange port range with more than one hyphen: ' + str(port_string)) + else: + svc['svc_port'] = port_string + + +def create_helper_service(ports, proto_string, parent_svc_name, import_id): + svc = { + 'svc_name': parent_svc_name + '_' + proto_string + '_' + ports, + 'svc_uid': parent_svc_name + '_' + proto_string + '_' + ports, + 'svc_comment': 'helper service for NSX multiple port range object: ' + parent_svc_name, + 'control_id': import_id, + 'svc_typ': 'simple' + } + + extract_port_for_service(ports, svc) + return svc + + +def parse_svc_list(svc_list, import_id, obj_list, id, type='network'): + refs = [] + names = [] + for obj_name in svc_list: + obj_name_base = os.path.basename(obj_name) + names.append(obj_name_base) + refs.append(obj_name) + #refs.append(lookup_svc_obj_uid(obj_name_base, obj_list, import_id, type=type)) + return list_delimiter.join(refs), list_delimiter.join(names) + + +def lookup_svc_obj_name(obj_name, obj_list, import_id, type='network'): + logger = getFwoLogger() + for o in obj_list: + if type=='service' and 'svc_name' in o: + if o['svc_name']==obj_name: + return o['svc_uid'] + else: + logger.warning('could not find object name in object ' + str(o)) + + # could not find existing obj in obj list, so creating new one + return add_svc_obj(obj_name, obj_list, import_id) + + +def lookup_svc_obj_uid(obj_name, obj_list, import_id, type='network'): + logger = getFwoLogger() + for o in obj_list: + if type=='service' and 'svc_name' in o: + if o['svc_name']==obj_name: + return o['svc_uid'] + else: + logger.warning('could not find object name in object ' + str(o)) + + # could not find existing obj in obj list, so creating new one + return add_svc_obj(obj_name, obj_list, import_id) + + +def add_svc_obj(svc_in, svc_list, import_id): + svc_obj = {} + svc_obj['svc_name'] = os.path.basename(svc_in) + svc_obj['svc_uid'] = svc_in + svc_obj['control_id'] = import_id + svc_obj['svc_typ'] = 'simple' + + if svc_obj not in svc_list: + # svc_list.append(svc_obj) + logger = getFwoLogger() + logger.warning('found undefined service: ' + str(svc_obj)) + return svc_obj['svc_name'] diff --git a/roles/importer/files/importer/nsx4ff/nsx_zone.py b/roles/importer/files/importer/nsx4ff/nsx_zone.py new file mode 100644 index 000000000..a55f86dc9 --- /dev/null +++ b/roles/importer/files/importer/nsx4ff/nsx_zone.py @@ -0,0 +1,15 @@ +from asyncio.log import logger +from fwo_log import getFwoLogger +from fwo_const import list_delimiter + + +def normalize_zones(full_config, config2import, import_id): + zones = [] + for zone_orig in full_config["/Network/Zones"]: + zones.append({ + "zone_name": zone_orig["@name"], + "zone_uid": zone_orig["@name"], + "control_id": import_id + }) + + config2import['zone_objects'] = zones diff --git a/roles/importer/files/importer/paloaltomanagement2023ff/fwcommon.py b/roles/importer/files/importer/paloaltomanagement2023ff/fwcommon.py index 4b7e2a7aa..87de87449 100644 --- a/roles/importer/files/importer/paloaltomanagement2023ff/fwcommon.py +++ b/roles/importer/files/importer/paloaltomanagement2023ff/fwcommon.py @@ -27,7 +27,7 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit apiuser = mgm_details["import_credential"]['user'] apihost = mgm_details["hostname"] - vsys_objects = ["/Network/Zones", "/Objects/Addresses", "/Objects/Services", "/Objects/AddressGroups", "/Objects/ServiceGroups"] + vsys_objects = ["/Network/Zones", "/Objects/Addresses", "/Objects/Services", "/Objects/AddressGroups", "/Objects/ServiceGroups", "/Objects/Tags"] predef_objects = ["/Objects/Applications"] rulebase_names = ["/Policies/SecurityRules", "/Policies/NATRules"] diff --git a/roles/importer/files/importer/paloaltomanagement2023ff/palo_network.py b/roles/importer/files/importer/paloaltomanagement2023ff/palo_network.py index dbba64cf9..252ba38cf 100644 --- a/roles/importer/files/importer/paloaltomanagement2023ff/palo_network.py +++ b/roles/importer/files/importer/paloaltomanagement2023ff/palo_network.py @@ -5,16 +5,46 @@ def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None): + logger = getFwoLogger() nw_objects = [] + nw_tagged_groups = {} for obj_orig in full_config["/Objects/Addresses"]: nw_objects.append(parse_object(obj_orig, import_id, config2import, nw_objects)) + if 'tag' in obj_orig and 'member' in obj_orig['tag']: + logger.info("found simple network object with tags: " + obj_orig['@name']) + for t in obj_orig['tag']['member']: + collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name']) + + for tag in nw_tagged_groups: + logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag])) + obj = {} + obj["obj_name"] = tag + obj["obj_uid"] = tag + obj["obj_comment"] = 'dynamic group defined by tagging' + obj['control_id'] = import_id + obj['obj_typ'] = 'group' + members = nw_tagged_groups[tag] # parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups) + obj['obj_members'] = list_delimiter.join(members) + obj['obj_member_refs'] = list_delimiter.join(members) + nw_objects.append(obj) for obj_grp_orig in full_config["/Objects/AddressGroups"]: + logger.info("found network group: " + obj_grp_orig['@name']) obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects) obj_grp["obj_typ"] = "group" - obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_obj_group(obj_grp_orig, import_id, nw_objects, config2import) + if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']: + obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import) + if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']: + members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups) + obj_grp["obj_member_refs"] = list_delimiter.join(members) + obj_grp["obj_member_names"] = list_delimiter.join(members) nw_objects.append(obj_grp) - + if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']: + logger.info("found network group with tags: " + obj_grp_orig['@name']) + for t in obj_grp_orig['tag']['member']: + logger.info(" found tag " + t) + collect_tag_information(nw_tagged_groups, "#"+t, obj_grp_orig['@name']) + config2import['network_objects'] = nw_objects @@ -44,11 +74,25 @@ def extract_base_object_infos(obj_orig, import_id, config2import, nw_objects): return obj -def parse_obj_group(orig_grp, import_id, nw_objects, config2import, id = None): +def parse_dynamic_object_group(orig_grp, nw_tagged_groups): + if "dynamic" in orig_grp: + if 'filter' in orig_grp['dynamic']: + if ' ' not in orig_grp['dynamic']['filter']: + # just a single tag + # add all nw objects with the tag to this group + tag = "#" + orig_grp['dynamic']['filter'][1:-1] + if tag in nw_tagged_groups: + return nw_tagged_groups[tag] + else: + # later: deal with more complex tagging (and/or) + return [] + return [] + + +def parse_static_obj_group(orig_grp, import_id, nw_objects, config2import, id = None): refs = [] names = [] - if "dynamic" in orig_grp: - pass + if "static" in orig_grp and "member" in orig_grp["static"]: for m in orig_grp['static']['member']: names.append(m) @@ -65,14 +109,6 @@ def parse_obj_list(nw_obj_list, import_id, obj_list, id, type='network'): return list_delimiter.join(refs), list_delimiter.join(names) -# def add_network_object(config2import, ip=None): -# if "-" in str(ip): -# type = 'ip_range' -# else: -# type = 'host' -# return {'ip': ip, 'name': ip, 'id': ip, 'type': type} - - def lookup_obj_uid(obj_name, obj_list, import_id, type='network'): for o in obj_list: if type=='network' and 'obj_name' in o: @@ -130,3 +166,10 @@ def add_ip_obj(ip_list, obj_list, import_id): refs.append(ip_obj['obj_uid']) names.append(ip_obj['obj_name']) return list_delimiter.join(refs), list_delimiter.join(names) + + +def collect_tag_information(tagged_groups, tag, obj_name): + if tag in tagged_groups.keys(): + tagged_groups[tag].append(obj_name) + else: + tagged_groups.update({tag: [obj_name]}) diff --git a/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py b/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py index 36d194590..504a99a5e 100644 --- a/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py +++ b/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py @@ -27,6 +27,7 @@ def make_hashable(o): def normalize_access_rules(full_config, config2import, import_id, mgm_details={}): rules = [] + logger = getFwoLogger() nw_obj_names = [] for o in config2import['network_objects']: @@ -72,7 +73,7 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} elif rule_orig['action']=='reset-client': rule['rule_action'] = 'reject' else: - print ("found undefined action:" + str(rule_orig)) + logger.warning("found undefined action:" + str(rule_orig)) else: # NAT rules rule['rule_action'] = "accept" rule['rule_type'] = 'nat' @@ -93,7 +94,7 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} elif rule_orig['log-start']=='no': rule['rule_track'] = 'None' else: - print ("found undefined track:" + str(rule_orig)) + logger.warning ("found undefined track:" + str(rule_orig)) rule['rule_track'] = 'None' else: rule['rule_track'] = 'None' @@ -102,10 +103,10 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} if 'member' in rule_orig["source"]: source_objects = rule_orig["source"]["member"] else: - source_objects = [rule_orig["service"]] + source_objects = [rule_orig["source"]] rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"]) else: - print ("found undefined source in rule: " + str(rule_orig)) + logger.warning("found undefined source in rule: " + str(rule_orig)) if "destination" in rule_orig: if 'member' in rule_orig["destination"]: @@ -114,7 +115,7 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={} destination_objects = [rule_orig["destination"]] rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(destination_objects, import_id, config2import['network_objects'], rule["rule_uid"]) else: - print ("found undefined destination in rule: " + str(rule_orig)) + logger.warning("found undefined destination in rule: " + str(rule_orig)) services = [] if "service" in rule_orig: diff --git a/roles/importer/handlers/main.yml b/roles/importer/handlers/main.yml index b1ee52fb8..9ee1001c6 100644 --- a/roles/importer/handlers/main.yml +++ b/roles/importer/handlers/main.yml @@ -6,14 +6,14 @@ delegate_to: "{{ inventory_hostname }}" listen: "importer handler" when: importer_handler_guard == "start" - become: yes + become: true - name: delete backup file: state: absent path: "{{ fworch_home }}/backup_importer" listen: "importer handler" - become: yes + become: true - name: fail message debug: diff --git a/roles/importer/importer.pyproj b/roles/importer/importer.pyproj deleted file mode 100644 index d4204702a..000000000 --- a/roles/importer/importer.pyproj +++ /dev/null @@ -1,61 +0,0 @@ - - - - Debug - 2.0 - {1a1b90a0-227d-4041-a62a-f83af9c9c7cf} - - files\importer\import-mgm.py - - . - . - {888888a0-9f3d-457c-b088-3a5042f75d52} - Standard Python launcher - - -m4 -d4 -f -iC:/Users/Nils/Downloads/fortiManager_NAT_mgm_id_25_config_native.json.anon -l250 - False - - - - - 10.0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/roles/importer/tasks/fetch-importer-pwd.yml b/roles/importer/tasks/fetch-importer-pwd.yml index b7d4deca9..37ac07bc4 100644 --- a/roles/importer/tasks/fetch-importer-pwd.yml +++ b/roles/importer/tasks/fetch-importer-pwd.yml @@ -6,5 +6,5 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes -# when: installation_mode == 'new' + become: true + \ No newline at end of file diff --git a/roles/importer/tasks/main.yml b/roles/importer/tasks/main.yml index 181621091..56577772b 100644 --- a/roles/importer/tasks/main.yml +++ b/roles/importer/tasks/main.yml @@ -37,6 +37,7 @@ - libexpect-perl - libcgi-pm-perl - python3-jsonpickle + - python3-gnupg - name: Install importer python modules package: name={{ item }} state=present @@ -44,12 +45,13 @@ - python3-netaddr - name: copy importer files - copy: + synchronize: src: "importer" dest: "{{ fworch_home }}" - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - mode: "0755" + rsync_opts: + - "--chmod=0755" + - "--chown={{ fworch_user }}:{{ fworch_group }}" + tags: [ 'test' ] - name: set x-flag for importer executables (top level only) file: @@ -82,19 +84,19 @@ template: src: "{{ product_name }}-importer-legacy.service.j2" dest: "/lib/systemd/system/{{ product_name }}-importer-legacy.service" - backup: yes + backup: true mode: "0644" owner: "root" - become: yes + become: true - name: copy api-importer systemd service script template: src: "{{ product_name }}-importer-api.service.j2" dest: "/lib/systemd/system/{{ product_name }}-importer-api.service" - backup: yes + backup: true mode: "0644" owner: "root" - become: yes + become: true - name: include fetch importer pwd script import_tasks: fetch-importer-pwd.yml @@ -110,4 +112,4 @@ notify: "importer handler" when: installation_mode == "upgrade" - become: yes + become: true diff --git a/roles/importer/templates/fworch-importer-api.service.j2 b/roles/importer/templates/fworch-importer-api.service.j2 index ac5971a16..84af817f5 100644 --- a/roles/importer/templates/fworch-importer-api.service.j2 +++ b/roles/importer/templates/fworch-importer-api.service.j2 @@ -15,10 +15,9 @@ After=network.target remote-fs.target nss-lookup.target WorkingDirectory={{ importer_home }} ExecStartPre=/bin/sleep 10 ExecStart={{ importer_home }}/import-main-loop.py -# ExecStop={{ importer_home }}/import-api-stop-helper TimeoutStopSec=300min -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal SyslogIdentifier={{ product_name }}-importer-api User={{ fworch_user }} KillSignal=SIGINT diff --git a/roles/importer/templates/fworch-importer-legacy.service.j2 b/roles/importer/templates/fworch-importer-legacy.service.j2 index 4ea747068..ba32e021e 100644 --- a/roles/importer/templates/fworch-importer-legacy.service.j2 +++ b/roles/importer/templates/fworch-importer-legacy.service.j2 @@ -7,8 +7,8 @@ WorkingDirectory={{ importer_home }} ExecStartPre=/bin/sleep 10 ExecStart={{ importer_home }}/fworch-importer-main.pl ExecStop={{ importer_home }}/import-stop-helper -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal SyslogIdentifier={{ product_name }}-importer-legacy User={{ fworch_user }} Environment="PERL5LIB={{ importer_home }}" diff --git a/roles/lib/files/FWO.Api.Client/APIConnection.cs b/roles/lib/files/FWO.Api.Client/APIConnection.cs index c1b8798b7..76c2ae95c 100644 --- a/roles/lib/files/FWO.Api.Client/APIConnection.cs +++ b/roles/lib/files/FWO.Api.Client/APIConnection.cs @@ -6,10 +6,14 @@ namespace FWO.Api.Client { - public abstract class ApiConnection + public abstract class ApiConnection : IDisposable { + private bool disposed = false; + public event EventHandler? OnAuthHeaderChanged; + protected List subscriptions = new List(); + protected void InvokeOnAuthHeaderChanged(object? sender, string newAuthHeader) { OnAuthHeaderChanged?.Invoke(sender, newAuthHeader); @@ -19,8 +23,33 @@ protected void InvokeOnAuthHeaderChanged(object? sender, string newAuthHeader) public abstract void SetRole(string role); + public abstract void SetProperRole(System.Security.Claims.ClaimsPrincipal user, List targetRoleList); + + public abstract void SwitchBack(); + public abstract Task SendQueryAsync(string query, object? variables = null, string? operationName = null); - public abstract ApiSubscription GetSubscription(Action exceptionHandler, ApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null); + public abstract GraphQlApiSubscription GetSubscription(Action exceptionHandler, GraphQlApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null); + + protected virtual void AddSubscription(ApiSubscription subscription) + { + subscriptions.Add(subscription); + } + + protected abstract void Dispose(bool disposing); + + ~ ApiConnection() + { + if (disposed) return; + Dispose(false); + } + + public void Dispose() + { + if (disposed) return; + Dispose(true); + disposed = true; + GC.SuppressFinalize(this); + } } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/_repo.graphql deleted file mode 100644 index 80cdfe785..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/_repo.graphql +++ /dev/null @@ -1,553 +0,0 @@ -################ basics - -query getImportId($management_id: Int!, $time: timestamp!) { - import_control_aggregate( - where: { mgm_id: { _eq: $management_id }, stop_time: { _lte: $time } } - ) { - aggregate { - max { - control_id - } - } - } -} - -################# dyn_filter - -query filter_dyn($manufacturer_id: [Int!]) { - __typename - stm_dev_typ(where: { dev_typ_id: { _in: $manufacturer_id } }) { - dev_typ_name - dev_typ_version - dev_typ_id - } -} - -query filter_dyn($management_id: [Int!], $device_id: [Int!]) { - __typename - management(where: { mgm_id: { _in: $management_id } }) { - mgm_id - mgm_name - devices(where: { dev_id: { _in: $device_id } }) { - dev_id - dev_name - } - } -} - -query filter_dyn($manufacturer_id: [Int!]!, $management_id: [Int!]!) { - __typename - stm_dev_typ(where: { dev_typ_id: { _in: $manufacturer_id } }) { - dev_typ_name - dev_typ_version - dev_typ_id - management(where: { mgm_id: { _in: $management_id } }) { - mgm_id - mgm_name - } - } -} - -# query returning a flat list of all device_types matching triple filter: -query filter_dyn_device_type( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - stm_dev_typ( - where: { - _and: { - dev_typ_id: { _in: $manufacturer_id } - devices: { dev_id: { _in: $device_id } } - management: { mgm_id: { _in: $management_id } } - } - } - ) { - dev_typ_id - dev_typ_name - } -} - -# query returning a flat list of all managements matching triple filter: -query filter_dyn_management( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - management( - where: { - _and: { - mgm_id: { _in: $management_id } - dev_typ_id: { _in: $manufacturer_id } - devices: { dev_id: { _in: $device_id } } - } - } - ) { - mgm_id - mgm_name - } -} - -# query returning a flat list of all devices matching triple filter: -query filter_dyn_device( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - device( - where: { - _and: { - mgm_id: { _in: $management_id } - dev_typ_id: { _in: $manufacturer_id } - dev_id: { _in: $device_id } - } - } - ) { - dev_id - dev_name - } -} - -####################### - -query filter_dyn_device_type_count( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - stm_dev_typ_aggregate( - where: { - _and: { - dev_typ_id: { _in: $manufacturer_id } - devices: { dev_id: { _in: $device_id } } - management: { mgm_id: { _in: $management_id } } - } - } - ) { - aggregate { - count - } - } -} - -query filter_dyn_management_count( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - management_aggregate( - where: { - _and: { - mgm_id: { _in: $management_id } - dev_typ_id: { _in: $manufacturer_id } - devices: { dev_id: { _in: $device_id } } - } - } - ) { - aggregate { - count - } - } -} - -# query returning the aggregate number of all devices matching triple filter: -query filter_dyn_device_count( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - device_aggregate( - where: { - _and: { - mgm_id: { _in: $management_id } - dev_typ_id: { _in: $manufacturer_id } - dev_id: { _in: $device_id } - } - } - ) { - aggregate { - count - } - } -} - -####################### - -# query returning devices matching a query and total count: -query filterDeviceByType( - $manufacturer_id: [Int!] - $management_id: [Int!] - $device_id: [Int!] -) { - stm_dev_typ_aggregate( - where: { - _and: { - dev_typ_id: { _in: $manufacturer_id } - devices: { dev_id: { _in: $device_id } } - management: { mgm_id: { _in: $management_id } } - } - } - ) { - aggregate { - count - } - } - device( - where: { - _and: { - mgm_id: { _in: $management_id } - dev_typ_id: { _in: $manufacturer_id } - dev_id: { _in: $device_id } - } - } - ) { - dev_id - dev_name - } -} - -####################### - -# query returning a multi-level structure with all data matching triple filter: -query filterDevices( - $manufacturerId: [Int!] - $managementId: [Int!] - $deviceId: [Int!] -) { - __typename - stm_dev_typ(where: { dev_typ_id: { _in: $manufacturerId } }) { - dev_typ_name - dev_typ_version - dev_typ_id - management(where: { mgm_id: { _in: $managementId } }) { - mgm_id - mgm_name - devices(where: { dev_id: { _in: $deviceId } }) { - dev_id - dev_name - } - } - } -} - -query ruleFilterFullTextCurrent( - $managementId: [Int!] - $deviceId: [Int!] - $fullText: String! - $limit: Int - $offset: Int -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - } - rules( - limit: $limit - offset: $offset - where: { - _and: { - active: { _eq: true } - _or: [ - { rule_src: { _ilike: $fullText } } - { rule_dst: { _ilike: $fullText } } - { rule_svc: { _ilike: $fullText } } - ] - } - } - order_by: { rule_num_numeric: asc } - ) { - rule_uid - rule_src - rule_dst - rule_svc - } - } -} - -query ruleFilterFullTextInTime ( - $managementId: [Int!] - $deviceId: [Int!] - $ruleSrcName: [String!] - $ruleSrcIp: [cidr!] - $limit: Int - $offset: Int - $current: Boolean - $reportTime: timestamp -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - rules_aggregate( - limit: $limit - offset: $offset - where: { - import_control: { stop_time: {_lte: $reportTime } } - importControlByRuleLastSeen: { stop_time: {_gt: $reportTime } } - active: { _eq: $current } - rule_src: { _in: $ruleSrcName } - rule_disabled: { _eq: false } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - } - order_by: { rule_num_numeric: asc } - ) { - aggregate { - count - } - } - rules( - limit: $limit - offset: $offset - where: { - import_control: { stop_time: {_lte: $reportTime } } - importControlByRuleLastSeen: { stop_time: {_gt: $reportTime } } - active: { _eq: $current } - rule_src: { _in: $ruleSrcName } - rule_disabled: { _eq: false } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - } - order_by: { rule_num_numeric: asc } - ) { - rule_uid - rule_src - lastSeenImport: importControlByRuleLastSeen { - stop_time - control_id - } - createImport: import_control { - stop_time - control_id - } - } - } - } -} - -query ruleFilterKVCurrent( - $managementId: [Int!] - $deviceId: [Int!] - $reportTime: timestamp - $ruleSrcName: [String!] - $ruleSrcIp: [cidr!] - $ruleDstName: [String!] - $ruleDstIp: [cidr!] - $limit: Int - $offset: Int -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - rules_aggregate( - limit: $limit - offset: $offset - where: { - active: { _eq: true } - rule_src: { _in: $ruleSrcName } - rule_disabled: { _eq: false } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - } - order_by: { rule_num_numeric: asc } - ) { - aggregate { - count - } - } - rules( - limit: $limit - offset: $offset - where: { - active: { _eq: true } - rule_src: { _in: $ruleSrcName } - rule_disabled: { _eq: false } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - } - order_by: { rule_num_numeric: asc } - ) { - rule_uid - rule_src - lastSeenImport: importControlByRuleLastSeen { - stop_time - control_id - } - createImport: import_control { - stop_time - control_id - } - } - } - } -} - - -query ruleFilterKVInTime( - $managementId: [Int!] - $deviceId: [Int!] - $reportTime: timestamp - $ruleSrcName: [String!] - $ruleSrcIp: [cidr!] - $ruleDstName: [String!] - $ruleDstIp: [cidr!] - $limit: Int - $offset: Int -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - } - rules( - limit: $limit - offset: $offset - where: { - import_control: { stop_time: { _lte: $reportTime } } - importControlByRuleLastSeen: { stop_time: { _gt: $reportTime } } - rule_disabled: { _eq: false } - rule_src: { _in: $ruleSrcName } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - rule_dst: { _in: $ruleDstName } - rule_tos: { object: { obj_ip: { _in: $ruleDstIp } } } - } - order_by: { rule_num_numeric: asc } - ) { - rule_uid - rule_src - lastSeenImport: importControlByRuleLastSeen { - stop_time - control_id - } - createImport: import_control { - stop_time - control_id - } - } - } -} - - -query ruleFilterKVInTimeCount( - $managementId: [Int!] - $deviceId: [Int!] - $reportTime: timestamp - $ruleSrcName: [String!] - $ruleSrcIp: [cidr!] - $ruleDstName: [String!] - $ruleDstIp: [cidr!] -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - rules_aggregate( - where: { - import_control: { stop_time: { _lte: $reportTime } } - importControlByRuleLastSeen: { stop_time: { _gt: $reportTime } } - rule_disabled: { _eq: false } - rule_src: { _in: $ruleSrcName } - rule_froms: { object: { obj_ip: { _in: $ruleSrcIp } } } - rule_dst: { _in: $ruleDstName } - rule_tos: { object: { obj_ip: { _in: $ruleDstIp } } } - } - ) { - aggregate { - count - } - } - } - } -} - -query ruleFilterKVInTimeSingleValues( - $managementId: [Int!] - $deviceId: [Int!] - $reportTime: timestamp - $ruleSrcName1: String - $ruleSrcName2: String - $limit: Int - $offset: Int -) { - management( - where: { mgm_id: { _in: $managementId } } - order_by: { mgm_name: asc } - ) { - mgm_id - mgm_name - devices( - where: { dev_id: { _in: $deviceId } } - order_by: { dev_name: asc } - ) { - dev_id - dev_name - } - rules( - limit: $limit - offset: $offset - where: { - _and: { - import_control: { stop_time: { _lte: $reportTime } } - importControlByRuleLastSeen: { stop_time: { _gt: $reportTime } } - rule_disabled: { _eq: false } - _or: [ - { rule_src: { _ilike: $ruleSrcName1 } } - { rule_src: { _ilike: $ruleSrcName2 } } - ] - } - } - order_by: { rule_num_numeric: asc } - ) { - rule_uid - rule_src - lastSeenImport: importControlByRuleLastSeen { - stop_time - control_id - } - createImport: import_control { - stop_time - control_id - } - } - } -} - -# replace rule values with ...ruleOverview diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/allObjects/getAllObjectDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/allObjects/getAllObjectDetails.graphql index e62d3c8f9..d518ce332 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/allObjects/getAllObjectDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/allObjects/getAllObjectDetails.graphql @@ -12,6 +12,7 @@ query getAllObjectDetails ( hide_in_gui: { _eq: false } mgm_id: { _in: $management_id } stm_dev_typ:{ + dev_typ_is_multi_mgmt: { _eq: false } is_pure_routing_device:{_eq:false} } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/_repo.graphql deleted file mode 100644 index b514c7ea7..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/_repo.graphql +++ /dev/null @@ -1,23 +0,0 @@ - -query getVisibleDevIdsPerTenant($tenant_id: Int!) { - device(where: { tenant_to_devices: { tenant_id: { _eq: $tenant_id } } }) { - dev_id - } -} - -# this does not work: -# query getVisibleDevIdsFromTenantName($tenant_name: String!) { -# device( -# where: {client_to_devices: -# { -# tenant_id: {_eq: getTenantId($tenant_name)}} -# } -# ) -# { dev_id } -# } - -query tenantCanViewAllDevices($tenant_id: Int!) { - tenant(where: { tenant_id: { _eq: $tenant_id } }) { - tenant_can_view_all_devices - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenant.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenant.graphql index a0cf44b83..869d6e0cd 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenant.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenant.graphql @@ -3,7 +3,6 @@ mutation addTenant( $project: String $comment: String $viewAllDevices: Boolean -# $superAdmin: Boolean $create: timestamp ) { insert_tenant( @@ -12,7 +11,6 @@ mutation addTenant( tenant_projekt: $project tenant_comment: $comment tenant_can_view_all_devices: $viewAllDevices -# tenant_is_superadmin: $superAdmin tenant_create: $create } ) { diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantNetwork.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantNetwork.graphql new file mode 100644 index 000000000..8024e706d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantNetwork.graphql @@ -0,0 +1,19 @@ +mutation addTenantNetwork( + $tenantId: Int! + $ip: cidr + $ipEnd: cidr + $name: String + $comment: String + ) { + insert_tenant_network(objects: { + tenant_id: $tenantId + tenant_net_ip: $ip + tenant_net_ip_end: $ipEnd + tenant_net_name: $name + tenant_net_comment: $comment + }) { + returning { + newId: tenant_net_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToGateway.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToGateway.graphql new file mode 100644 index 000000000..e39efba10 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToGateway.graphql @@ -0,0 +1,6 @@ +mutation addTenantToGateway($tenantId: Int!, $gwId: Int!, $shared: Boolean) { + insert_tenant_to_device(objects: {device_id: $gwId, shared: $shared, tenant_id: $tenantId}) + { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToManagement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToManagement.graphql new file mode 100644 index 000000000..23ea25225 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/addTenantToManagement.graphql @@ -0,0 +1,7 @@ + +mutation addTenantToManagement($tenantId: Int!, $mgmId: Int!, $shared: Boolean) { + insert_tenant_to_management(objects: {management_id: $mgmId, shared: $shared, tenant_id: $tenantId}) + { + affected_rows + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllGatewaysOfTenant.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllGatewaysOfTenant.graphql new file mode 100644 index 000000000..bc8bf4a75 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllGatewaysOfTenant.graphql @@ -0,0 +1,7 @@ +mutation deleteAllGatewaysOfTenant($tenantId: Int!) { + delete_tenant_to_device(where: {tenant_id:{_eq:$tenantId}}) + { + affected_rows + } +} + diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllManagementsOfTenant.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllManagementsOfTenant.graphql new file mode 100644 index 000000000..9f39ba746 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteAllManagementsOfTenant.graphql @@ -0,0 +1,7 @@ + +mutation deleteAllManagementsOfTenant($tenantId: Int!) { + delete_tenant_to_management(where: {tenant_id:{_eq:$tenantId}}) + { + affected_rows + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteDeviceFromTenant.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteDeviceFromTenant.graphql deleted file mode 100644 index 27b89c10b..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteDeviceFromTenant.graphql +++ /dev/null @@ -1,12 +0,0 @@ -mutation delete_tenant_to_device_by_pk ( - $tenantId: Int! - $deviceId: Int! -) { - delete_tenant_to_device_by_pk ( - tenant_id: $tenantId - device_id: $deviceId - ) { - DeletedId: device_id - } -} - diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteTenantNetwork.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteTenantNetwork.graphql new file mode 100644 index 000000000..67e022a17 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/deleteTenantNetwork.graphql @@ -0,0 +1,8 @@ +mutation deleteTenantNetwork( + $tenantId: Int! + $tenNetId: bigint! + ) { + delete_tenant_network(where: {tenant_id: {_eq: $tenantId}, tenant_net_id: {_eq: $tenNetId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantNetworks.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantNetworks.graphql new file mode 100644 index 000000000..1bed9d2e4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantNetworks.graphql @@ -0,0 +1,10 @@ + +query getTenantNetworks ($tenantId: Int!) { + tenant_network (where: {tenant_id: {_eq: $tenantId}} order_by: { tenant_net_id: asc }){ + id: tenant_net_id + ip: tenant_net_ip + ip_end: tenant_net_ip_end + name: tenant_net_name + comment: tenant_net_comment + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getVisibleDeviceIdsPerTenant.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantVisibleDeviceIds.graphql similarity index 100% rename from roles/lib/files/FWO.Api.Client/APIcalls/auth/getVisibleDeviceIdsPerTenant.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantVisibleDeviceIds.graphql diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantVisibleManagementIds.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantVisibleManagementIds.graphql new file mode 100644 index 000000000..02eb7836e --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenantVisibleManagementIds.graphql @@ -0,0 +1,2 @@ +query getVisibleManagementIdsPerTenant($tenantId: Int!) { + visibleManagements: get_visible_managements_per_tenant(args: {arg_1: $tenantId}) { id } } \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenants.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenants.graphql index 32064aefe..f2ba721ee 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenants.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getTenants.graphql @@ -1,16 +1,29 @@ -query getTenants { - tenant { +query getTenants($tenant_id: Int) { + tenant(where:{tenant_id:{_eq: $tenant_id}}) { tenant_id tenant_name tenant_comment tenant_projekt tenant_can_view_all_devices tenant_is_superadmin + tenant_to_devices { + shared device { id: dev_id name: dev_name } } + tenant_to_managements { + shared + management { + id: mgm_id + name: mgm_name + devices { + id: dev_id + name: dev_name + } + } + } } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDbId.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDbId.graphql index 29670ef2a..103382e82 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDbId.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDbId.graphql @@ -6,6 +6,8 @@ query getUserByDbId($userId: Int!) { uiuser_language uiuser_password_must_be_changed uiuser_email + uiuser_first_name + uiuser_last_name uiuser_last_login uiuser_last_password_change } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDn.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDn.graphql index b69a75429..1ef2bc795 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDn.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserByDn.graphql @@ -3,6 +3,9 @@ query getUserByDn($dn: String!) { uiuser_id uuid uiuser_username + uiuser_email + uiuser_first_name + uiuser_last_name uiuser_language uiuser_password_must_be_changed } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserEmails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserEmails.graphql new file mode 100644 index 000000000..f4e3e760b --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUserEmails.graphql @@ -0,0 +1,10 @@ +query getUserEmails ($uuid: String){ + uiuser(where:{uuid:{_eq:$uuid}}) { + uiuser_id + uuid + uiuser_username + uiuser_email + uiuser_first_name + uiuser_last_name + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUsers.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUsers.graphql index 030b1ffb7..da4a81b84 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUsers.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/getUsers.graphql @@ -4,6 +4,8 @@ query getUsers{ uuid uiuser_username uiuser_email + uiuser_first_name + uiuser_last_name tenant{ tenant_id tenant_name diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addUser.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/auth/upsertUiUser.graphql similarity index 51% rename from roles/lib/files/FWO.Api.Client/APIcalls/auth/addUser.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/auth/upsertUiUser.graphql index 9523a3ad7..82307bb7e 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/auth/addUser.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/auth/upsertUiUser.graphql @@ -1,7 +1,9 @@ -mutation addUser( +mutation upsertUiUser( $uiuser_username: String! $uuid: String! $email: String + $uiuser_first_name: String + $uiuser_last_name: String $tenant: Int $loginTime: timestamptz $passwordMustBeChanged: Boolean @@ -12,14 +14,28 @@ mutation addUser( uiuser_username: $uiuser_username uuid: $uuid uiuser_email: $email + uiuser_first_name: $uiuser_first_name + uiuser_last_name: $uiuser_last_name tenant_id: $tenant uiuser_last_login: $loginTime uiuser_password_must_be_changed: $passwordMustBeChanged ldap_connection_id: $ldapConnectionId } + on_conflict: { + constraint: uiuser_uuid_key + update_columns: [ + uiuser_email + uiuser_first_name + uiuser_last_name + tenant_id + uiuser_last_login + uiuser_password_must_be_changed + ldap_connection_id + ] + } ) { returning { - newId: uiuser_id + newId: uiuser_id } } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/compliance/addNetworkZone.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/addNetworkZone.graphql new file mode 100644 index 000000000..8b8193548 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/addNetworkZone.graphql @@ -0,0 +1,25 @@ +mutation insert_compliance_network_zone ($name: String!, $description: String!, $ip_ranges: [compliance_ip_range_insert_input!]!, $super_network_zone_id: bigint, +$communication_sources: [compliance_network_zone_communication_insert_input!]!, $communication_destinations: [compliance_network_zone_communication_insert_input!]!, +$sub_network_zones: [compliance_network_zone_insert_input!]!) { + insert_compliance_network_zone_one ( + object: { + super_network_zone_id: $super_network_zone_id, + name: $name, + description: $description, + ip_ranges: { + data: $ip_ranges + }, + network_zone_communication_destinations: { + data: $communication_destinations + }, + network_zone_communication_sources: { + data: $communication_sources + }, + sub_network_zones: { + data: $sub_network_zones + } + } + ) { + id + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/compliance/deleteNetworkZone.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/deleteNetworkZone.graphql new file mode 100644 index 000000000..7800da5be --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/deleteNetworkZone.graphql @@ -0,0 +1,7 @@ +mutation delete_compliance_network_zone ($id: bigint!) { + delete_compliance_network_zone_by_pk ( + id: $id + ) { + id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/compliance/getNetworkZones.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/getNetworkZones.graphql new file mode 100644 index 000000000..cca37df14 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/getNetworkZones.graphql @@ -0,0 +1,31 @@ +query get_compliance_network_zones { + compliance_network_zone (order_by: {name: asc}) { + id + name + description + ip_ranges { + ip_range_start + ip_range_end + } + super_network_zone { + id + name + } + sub_network_zones { + id + name + } + network_zone_communication_destinations { + to_network_zone { + id + name + } + } + network_zone_communication_sources { + from_network_zone { + id + name + } + } + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZone.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZone.graphql new file mode 100644 index 000000000..3b25ce7fb --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZone.graphql @@ -0,0 +1,68 @@ +mutation update_compliance_network_zone ($network_zone_id: bigint!, $name: String!, $description: String!, $super_network_zone_id: bigint, + $add_ip_ranges: [compliance_ip_range_insert_input!]!, $delete_ip_ranges_exp: [compliance_ip_range_bool_exp!]!, + $add_zone_communication: [compliance_network_zone_communication_insert_input!]!, $delete_zone_communication_exp: [compliance_network_zone_communication_bool_exp!]!, + $add_sub_zones_exp: [compliance_network_zone_bool_exp!]!, $delete_sub_zones_exp: [compliance_network_zone_bool_exp!]!) +{ + update_compliance_network_zone ( + where: {id: {_eq: $network_zone_id}} + _set: { + name: $name, + description: $description, + super_network_zone_id: $super_network_zone_id + } + ) { + affected_rows + } + + delete_compliance_ip_range ( + where: { + network_zone_id: {_eq: $network_zone_id}, + _or: $delete_ip_ranges_exp + } + ) { + affected_rows + } + + insert_compliance_ip_range ( + objects: $add_ip_ranges + ) { + affected_rows + } + + delete_compliance_network_zone_communication ( + where: { + _or: $delete_zone_communication_exp + } + ) { + affected_rows + } + + insert_compliance_network_zone_communication ( + objects: $add_zone_communication + ) { + affected_rows + } + + update_compliance_network_zone_many ( + updates: [ + { + where: { + _or: $delete_sub_zones_exp + } + _set: { + super_network_zone_id: null + } + }, + { + where: { + _or: $add_sub_zones_exp + } + _set: { + super_network_zone_id: $network_zone_id + } + } + ] + ) { + affected_rows + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZoneCommunication.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZoneCommunication.graphql new file mode 100644 index 000000000..54aed3e5f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/compliance/updateNetworkZoneCommunication.graphql @@ -0,0 +1,18 @@ +mutation update_compliance_network_zone_communication( + $delete_zone_communication_exp: [compliance_network_zone_communication_bool_exp!]!, + $add_zone_communication: [compliance_network_zone_communication_insert_input!]!,) +{ + delete_compliance_network_zone_communication ( + where: { + _or: $delete_zone_communication_exp + } + ) { + affected_rows + } + + insert_compliance_network_zone_communication ( + objects: $add_zone_communication + ) { + affected_rows + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/_repo.graphql deleted file mode 100644 index 72f78f671..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/config/_repo.graphql +++ /dev/null @@ -1,24 +0,0 @@ - -# JWT Hash algorithm (needed by API, Middleware, UI) - -# default language per user (UI) -# current strategy: all user specific information is stored in ldap -# --> should be retrieved via middleware server? - -############################################### -# basic config data related to device import/report -# the following could be exposed for offering a UI menu for adding new basic config data: -# currently only read by (UI, Importer) - -# stm_ -# action -# change_type -# color -# dev_typ -# ip_proto -# nattyp (needed?) -# obj_typ -# report_typ -# svc_typ -# track -# usr_typ diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/deleteCustomText.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/deleteCustomText.graphql new file mode 100644 index 000000000..380bdfac4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/deleteCustomText.graphql @@ -0,0 +1,8 @@ +mutation delete_customtxt_by_pk ($id: String!, $lang: String!) { + delete_customtxt_by_pk ( + id: $id + language: $lang + ) { + DeletedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/getCustomTextsPerLanguage.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/getCustomTextsPerLanguage.graphql new file mode 100644 index 000000000..097052d02 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/getCustomTextsPerLanguage.graphql @@ -0,0 +1,8 @@ + +query getCustomTextsPerLanguage($language: String!) { + customtxt(where: {language: {_eq: $language}}) { + id + language + txt + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql new file mode 100644 index 000000000..d5bf5b205 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql @@ -0,0 +1,6 @@ +subscription subscribeImportAppDataConfigChanges { + config (where: { _or: [{config_key: {_eq: "importAppDataSleepTime"}}, {config_key: {_eq: "importAppDataStartAt"}} , {config_key: {_eq: "importAppDataPath"}}]}, limit: 3){ + config_key + config_value + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql new file mode 100644 index 000000000..039551618 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql @@ -0,0 +1,6 @@ +subscription subscribeImportNotifyConfigChanges { + config (where: { _or: [{config_key: {_eq: "impChangeNotifySleepTime"}}, {config_key: {_eq: "impChangeNotifyStartAt"}}, {config_key: {_eq: "impChangeNotifyActive"}} ]}, limit: 3){ + config_key + config_value + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql new file mode 100644 index 000000000..c0d9dc8a9 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql @@ -0,0 +1,6 @@ +subscription subscribeImportSubnetDataConfigChanges { + config (where: { _or: [{config_key: {_eq: "importSubnetDataSleepTime"}}, {config_key: {_eq: "importSubnetDataStartAt"}}, {config_key: {_eq: "importSubnetDataPath"}} ]}, limit: 3){ + config_key + config_value + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/upsertCustomText.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/upsertCustomText.graphql new file mode 100644 index 000000000..a4b7fcdc7 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/upsertCustomText.graphql @@ -0,0 +1,17 @@ +mutation upsertCustomText($id: String!, $lang: String!, $text: String!) { + insert_customtxt( + objects: { + id: $id + language: $lang + txt: $text + }, + on_conflict: { + constraint: customtxt_pkey , + update_columns: [txt] + } + ) { + returning { + id: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/_repo.graphql deleted file mode 100644 index 1ea0bddc0..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/_repo.graphql +++ /dev/null @@ -1,51 +0,0 @@ -query showManufacturers { - stm_dev_typ { - dev_typ_id - dev_typ_manufacturer - dev_typ_version - } -} - -##################################### - -query showManagements { - management { - mgm_id - mgm_name - } -} - -##################################### - -query showDevices { - device { - dev_id - dev_name - local_rulebase_name - management { - mgm_id - mgm_name - } - } -} - -query showDevicesWithType { - device { - dev_id - dev_name - stm_dev_typ { - dev_typ_name - dev_typ_version - } - } -} - -################################### - -query showManufacturers { - stm_dev_typ(order_by: { dev_typ_manufacturer: asc, dev_typ_version: asc }) { - dev_typ_id - dev_typ_manufacturer - dev_typ_version - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/fragments/deviceDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/fragments/deviceDetails.graphql index fd0e35c8d..9c7767d60 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/fragments/deviceDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/fragments/deviceDetails.graphql @@ -7,6 +7,7 @@ fragment deviceDetails on device management { id: mgm_id name: mgm_name + deviceType: stm_dev_typ { ...deviceTypeDetails } } local_rulebase_name global_rulebase_name diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/getDevicesByManagement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/getDevicesByManagement.graphql index 9e2c79759..2a8f23a1d 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/getDevicesByManagement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/getDevicesByManagement.graphql @@ -1,6 +1,7 @@ -query getDevicesByManagement { +query getDevicesByManagement($devIds:[Int!]) { management( where: { + devices:{dev_id:{_in:$devIds}} hide_in_gui: { _eq: false } stm_dev_typ: { dev_typ_is_multi_mgmt: { _eq: false } @@ -13,6 +14,7 @@ query getDevicesByManagement { name: mgm_name devices( where: { + dev_id:{_in:$devIds} hide_in_gui: { _eq: false } stm_dev_typ: { is_pure_routing_device: { _eq: false } } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/newManagement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/newManagement.graphql index 974423560..a839edfd7 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/newManagement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/newManagement.graphql @@ -13,7 +13,6 @@ mutation newManagementWithExistingCredentials( $cloudSubscriptionId: String $importerHostname: String $comment: String - $tenantId: Int $debugLevel: Int $superManager: Int ) { @@ -33,7 +32,6 @@ mutation newManagementWithExistingCredentials( force_initial_import: $forceInitialImport hide_in_gui: $hideInUi mgm_comment: $comment - tenant_id: $tenantId debug_level: $debugLevel multi_device_manager_id: $superManager } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql index bfe99e178..2b3f562ea 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql @@ -2,7 +2,7 @@ mutation updateCredential( $id: Int! $username: String! $secret: String! - $sshPublicKey: String! + $sshPublicKey: String $credential_name: String! $isKeyPair: Boolean $cloudClientId: String diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateManagement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateManagement.graphql index 95c62afd0..c63fb502f 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateManagement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateManagement.graphql @@ -14,7 +14,6 @@ mutation updateManagement( $cloudSubscriptionId: String $importerHostname: String $comment: String - $tenantId: Int $debugLevel: Int $superManager: Int ) { @@ -35,7 +34,6 @@ mutation updateManagement( force_initial_import: $forceInitialImport hide_in_gui: $hideInUi mgm_comment: $comment - tenant_id: $tenantId debug_level: $debugLevel multi_device_manager_id: $superManager } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addAppServerToConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addAppServerToConnection.graphql new file mode 100644 index 000000000..e08478858 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addAppServerToConnection.graphql @@ -0,0 +1,15 @@ +mutation addAppServerToConnection( + $nwObjectId: bigint! + $connectionId: Int! + $connectionField: Int! + ) { + insert_modelling_nwobject_connection(objects: { + nwobject_id: $nwObjectId + connection_id: $connectionId + connection_field: $connectionField + }) { + returning { + newId: nwobject_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addHistoryEntry.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addHistoryEntry.graphql new file mode 100644 index 000000000..8fd1dedb6 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addHistoryEntry.graphql @@ -0,0 +1,23 @@ +mutation addHistoryEntry( + $appId: Int + $changeType: Int! + $objectType: Int! + $objectId: bigint! + $changeText: String + $changer: String! +) { + insert_modelling_change_history( + objects: { + app_id: $appId + change_type: $changeType + object_type: $objectType + object_id: $objectId + change_text: $changeText + changer: $changer + } + ) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwGroupToConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwGroupToConnection.graphql new file mode 100644 index 000000000..3c2830dd4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwGroupToConnection.graphql @@ -0,0 +1,15 @@ +mutation addNwGroupToConnection( + $nwGroupId: bigint! + $connectionId: Int! + $connectionField: Int! + ) { + insert_modelling_nwgroup_connection(objects: { + nwgroup_id: $nwGroupId + connection_id: $connectionId + connection_field: $connectionField + }) { + returning { + newId: nwgroup_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwObjectToNwGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwObjectToNwGroup.graphql new file mode 100644 index 000000000..e2ecba42f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addNwObjectToNwGroup.graphql @@ -0,0 +1,13 @@ +mutation addNwObjectToNwGroup( + $nwObjectId: bigint! + $nwGroupId: bigint! + ) { + insert_modelling_nwobject_nwgroup(objects: { + nwobject_id: $nwObjectId + nwgroup_id: $nwGroupId + }) { + returning { + newId: nwobject_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedConnection.graphql new file mode 100644 index 000000000..716dca475 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedConnection.graphql @@ -0,0 +1,13 @@ +mutation addSelectedConnection( + $appId: Int! + $connectionId: Int! + ) { + insert_modelling_selected_connections(objects: { + app_id: $appId + connection_id: $connectionId + }) { + returning { + newId: connection_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedNwGroupObject.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedNwGroupObject.graphql new file mode 100644 index 000000000..29907b9be --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addSelectedNwGroupObject.graphql @@ -0,0 +1,13 @@ +mutation addSelectedNwGroupObject( + $appId: Int! + $nwGroupId: bigint! + ) { + insert_modelling_selected_objects(objects: { + app_id: $appId + nwgroup_id: $nwGroupId + }) { + returning { + newId: nwgroup_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceGroupToConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceGroupToConnection.graphql new file mode 100644 index 000000000..a8819e94e --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceGroupToConnection.graphql @@ -0,0 +1,13 @@ +mutation addServiceGroupToConnection( + $serviceGroupId: Int! + $connectionId: Int! + ) { + insert_modelling_service_group_connection(objects: { + service_group_id: $serviceGroupId + connection_id: $connectionId + }) { + returning { + newId: service_group_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToConnection.graphql new file mode 100644 index 000000000..f95d8e248 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToConnection.graphql @@ -0,0 +1,13 @@ +mutation addServiceToConnection( + $serviceId: Int! + $connectionId: Int! + ) { + insert_modelling_service_connection(objects: { + service_id: $serviceId + connection_id: $connectionId + }) { + returning { + newId: service_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToServiceGroup.graphql new file mode 100644 index 000000000..df99a107c --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/addServiceToServiceGroup.graphql @@ -0,0 +1,13 @@ +mutation addServiceToServiceGroup( + $serviceId: Int! + $serviceGroupId: Int! + ) { + insert_modelling_service_service_group(objects: { + service_id: $serviceId + service_group_id: $serviceGroupId + }) { + returning { + newId: service_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteAppServer.graphql new file mode 100644 index 000000000..4d4a5bf0c --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteAppServer.graphql @@ -0,0 +1,5 @@ +mutation deleteAppServer($id: bigint!) { + delete_owner_network(where: {id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteConnection.graphql new file mode 100644 index 000000000..ba012ee29 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteConnection.graphql @@ -0,0 +1,5 @@ +mutation deleteConnection($id: Int!) { + delete_modelling_connection(where: {id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteNwGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteNwGroup.graphql new file mode 100644 index 000000000..c692b5bd8 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteNwGroup.graphql @@ -0,0 +1,5 @@ +mutation deleteNwGroup($id: bigint!) { + delete_modelling_nwgroup(where: {id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteService.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteService.graphql new file mode 100644 index 000000000..5cde10ff4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteService.graphql @@ -0,0 +1,5 @@ +mutation deleteService($id: Int!) { + delete_modelling_service(where: {id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteServiceGroup.graphql new file mode 100644 index 000000000..cd2dec375 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/deleteServiceGroup.graphql @@ -0,0 +1,5 @@ +mutation deleteServiceGroup($id: Int!) { + delete_modelling_service_group(where: {id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql new file mode 100644 index 000000000..cb41fdd17 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql @@ -0,0 +1,16 @@ +fragment appRoleDetails on modelling_nwgroup { + id + app_id + id_string + group_type + name + comment + is_deleted + creator + creation_date + nwobjects: nwobject_nwgroups{ + owner_network{ + ...appServerDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appServerDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appServerDetails.graphql new file mode 100644 index 000000000..6b2e659b0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appServerDetails.graphql @@ -0,0 +1,8 @@ +fragment appServerDetails on owner_network { + id + name + ip + import_source + is_deleted + custom_type +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql new file mode 100644 index 000000000..0336e04e3 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql @@ -0,0 +1,45 @@ +fragment connectionDetails on modelling_connection { + id + app_id + proposed_app_id + name + reason + is_interface + used_interface_id + is_requested + is_published + ticket_id + common_service + creator + creation_date + source_nwobjects: nwobject_connections (where: { connection_field: { _eq: 1 } }){ + owner_network{ + ...appServerDetails + } + } + source_approles: nwgroup_connections (where: { connection_field: { _eq: 1 } }){ + nwgroup{ + ...appRoleDetails + } + } + destination_nwobjects: nwobject_connections (where: { connection_field: { _eq: 2 } }){ + owner_network{ + ...appServerDetails + } + } + destination_approles: nwgroup_connections (where: { connection_field: { _eq: 2 } }){ + nwgroup{ + ...appRoleDetails + } + } + service_groups: service_group_connections{ + service_group{ + ...serviceGroupDetails + } + } + services: service_connections{ + service{ + ...serviceDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceDetails.graphql new file mode 100644 index 000000000..49a597571 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceDetails.graphql @@ -0,0 +1,12 @@ +fragment serviceDetails on modelling_service { + id + name + is_global + port + port_end + proto_id + protocol: stm_ip_proto { + id: ip_proto_id + name: ip_proto_name + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql new file mode 100644 index 000000000..1508cfaaf --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql @@ -0,0 +1,14 @@ +fragment serviceGroupDetails on modelling_service_group { + id + app_id + name + is_global + comment + creator + creation_date + services: service_service_groups{ + service{ + ...serviceDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRoles.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRoles.graphql new file mode 100644 index 000000000..e11b0f5e0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRoles.graphql @@ -0,0 +1,10 @@ +query getAppRoles ($appId: Int!){ + modelling_nwgroup (where: { app_id: { _eq: $appId }, group_type: { _eq: 20 } } order_by: { name: asc }){ + ...appRoleDetails + nwobjects: nwobject_nwgroups{ + owner_network{ + ...appServerDetails + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRolesForAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRolesForAppServer.graphql new file mode 100644 index 000000000..733b6db74 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppRolesForAppServer.graphql @@ -0,0 +1,5 @@ +query getAppRolesForAppServer ($id: bigint!){ + modelling_nwobject_nwgroup (where: { nwobject_id: { _eq: $id } }){ + nwgroup_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServerForAppRole.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServerForAppRole.graphql new file mode 100644 index 000000000..c1cdb3c68 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServerForAppRole.graphql @@ -0,0 +1,7 @@ +query getAppServerForAppRole ($nwGroupId: bigint!){ + modelling_nwobject_nwgroup (where: { nwgroup_id: { _eq: $nwGroupId } } order_by: { name: asc }){ + owner_network{ + ...appServerDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServers.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServers.graphql new file mode 100644 index 000000000..f3bc2f925 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAppServers.graphql @@ -0,0 +1,5 @@ +query getAppServers ($appId: Int!){ + owner_network (where: { owner_id: { _eq: $appId }, nw_type: { _eq: 10 } } order_by: { name: asc }){ + ...appServerDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAreas.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAreas.graphql new file mode 100644 index 000000000..cdef0549d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getAreas.graphql @@ -0,0 +1,15 @@ +query getAreas { + modelling_nwgroup (where: { group_type: { _eq: 23 } } order_by: { name: asc }){ + id + name + id_string + subnets: nwobject_nwgroups{ + owner_network{ + id + name + ip + ip_end + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql new file mode 100644 index 000000000..4a732746f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql @@ -0,0 +1,8 @@ +query getCommonServices{ + modelling_connection (where: { common_service: { _eq: true } } order_by: { name: asc }){ + ...connectionDetails + owner{ + name + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForAppServer.graphql new file mode 100644 index 000000000..8175e5061 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForAppServer.graphql @@ -0,0 +1,5 @@ +query getConnectionIdsForAppServer ($id: bigint!){ + modelling_nwobject_connection (where: { nwobject_id: { _eq: $id } }){ + connection_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForNwGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForNwGroup.graphql new file mode 100644 index 000000000..265108898 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForNwGroup.graphql @@ -0,0 +1,5 @@ +query getConnectionIdsForNwGroup ($id: bigint!){ + modelling_nwgroup_connection (where: { nwgroup_id: { _eq: $id } }){ + connection_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForService.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForService.graphql new file mode 100644 index 000000000..362dc7db4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForService.graphql @@ -0,0 +1,5 @@ +query getConnectionIdsForService ($serviceId: Int!){ + modelling_service_connection (where: { service_id: { _eq: $serviceId } }){ + connection_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForServiceGroup.graphql new file mode 100644 index 000000000..16b3329d3 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionIdsForServiceGroup.graphql @@ -0,0 +1,5 @@ +query getConnectionIdsForServiceGroup ($serviceGroupId: Int!){ + modelling_service_group_connection (where: { service_group_id: { _eq: $serviceGroupId } }){ + connection_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnections.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnections.graphql new file mode 100644 index 000000000..25a83e082 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnections.graphql @@ -0,0 +1,5 @@ +query getConnections ($appId: Int!){ + modelling_connection (where: { _or: [{app_id: { _eq: $appId }}, {proposed_app_id: { _eq: $appId }}] } order_by: { is_interface: desc, common_service: desc, name: asc }){ + ...connectionDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionsByTicketId.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionsByTicketId.graphql new file mode 100644 index 000000000..19773fe55 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getConnectionsByTicketId.graphql @@ -0,0 +1,5 @@ +query getConnectionsByTicketId ($ticketId: bigint){ + modelling_connection (where: { ticket_id: { _eq: $ticketId } } order_by: { is_interface: desc, common_service: desc, name: asc }){ + ...connectionDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getDummyAppRole.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getDummyAppRole.graphql new file mode 100644 index 000000000..7c8400ca5 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getDummyAppRole.graphql @@ -0,0 +1,5 @@ +query getDummyAppRole { + modelling_nwgroup (where: { app_id: { _is_null: true }, group_type: { _eq: 20 } }){ + ...appRoleDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServiceGroups.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServiceGroups.graphql new file mode 100644 index 000000000..9e48af6c0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServiceGroups.graphql @@ -0,0 +1,10 @@ +query getGlobalServiceGroups{ + modelling_service_group (where: { is_global: { _eq: true } } order_by: { name: asc }){ + ...serviceGroupDetails + services: service_service_groups{ + service{ + ...serviceDetails + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServices.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServices.graphql new file mode 100644 index 000000000..a561415f7 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getGlobalServices.graphql @@ -0,0 +1,5 @@ +query getGlobalServices{ + modelling_service (where: { is_global: { _eq: true } } order_by: { name: asc }){ + ...serviceDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistory.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistory.graphql new file mode 100644 index 000000000..5600d49df --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistory.graphql @@ -0,0 +1,12 @@ +query getHistory { + modelling_change_history (order_by: { change_time: desc }){ + id + app_id + change_type + object_type + object_id + change_text + changer + change_time + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistoryForApp.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistoryForApp.graphql new file mode 100644 index 000000000..1c2084943 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getHistoryForApp.graphql @@ -0,0 +1,12 @@ +query getHistoryForApp ($appId: Int!){ + modelling_change_history (where: {app_id: {_eq: $appId}} order_by: { change_time: desc }){ + id + app_id + change_type + object_type + object_id + change_text + changer + change_time + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getImportedAppServers.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getImportedAppServers.graphql new file mode 100644 index 000000000..a4da8b2f5 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getImportedAppServers.graphql @@ -0,0 +1,5 @@ +query getImportedAppServers ($importSource: String!, $appId: Int){ + owner_network (where: { import_source: { _eq: $importSource }, nw_type: { _eq: 10 }, owner_id: { _eq: $appId } }){ + ...appServerDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceById.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceById.graphql new file mode 100644 index 000000000..886ec4a8f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceById.graphql @@ -0,0 +1,5 @@ +query getInterfaceById($intId: Int!){ + modelling_connection (where: { id: { _eq: $intId } }){ + ...connectionDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceUsers.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceUsers.graphql new file mode 100644 index 000000000..2af232e7a --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getInterfaceUsers.graphql @@ -0,0 +1,5 @@ +query getInterfaceUsers ($id: Int){ + modelling_connection (where: { used_interface_id: { _eq: $id } } ){ + id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNewestAppRoles.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNewestAppRoles.graphql new file mode 100644 index 000000000..e11806818 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNewestAppRoles.graphql @@ -0,0 +1,6 @@ +query getNewestAppRoles ($pattern: String!){ + modelling_nwgroup (where: { id_string: { _ilike: $pattern }, group_type: { _eq: 20 } } order_by: { id: desc }){ + id + id_string + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNwGroupObjects.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNwGroupObjects.graphql new file mode 100644 index 000000000..451915d7c --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getNwGroupObjects.graphql @@ -0,0 +1,9 @@ +query getNwGroupObjects ($grpType: Int!){ + modelling_nwgroup (where: { group_type: { _eq: $grpType }, is_deleted: { _eq: false } } order_by: { name: asc }){ + id + name + id_string + app_id + group_type + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getPublishedInterfaces.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getPublishedInterfaces.graphql new file mode 100644 index 000000000..9546c8229 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getPublishedInterfaces.graphql @@ -0,0 +1,5 @@ +query getPublishedInterfaces{ + modelling_connection (where: { is_interface: { _eq: true }, is_published: { _eq: true }} order_by: { name: asc }){ + ...connectionDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedConnections.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedConnections.graphql new file mode 100644 index 000000000..8b5e481bf --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedConnections.graphql @@ -0,0 +1,7 @@ +query getSelectedConnections ($appId: Int!){ + modelling_selected_connections (where: { app_id: { _eq: $appId } }){ + connection { + ...connectionDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedNwGroupObjects.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedNwGroupObjects.graphql new file mode 100644 index 000000000..d02bc1322 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getSelectedNwGroupObjects.graphql @@ -0,0 +1,10 @@ +query getSelectedNwGroupObjects ($appId: Int!){ + modelling_selected_objects (where: { app_id: { _eq: $appId } }){ + nwgroup { + id + id_string + name + group_type + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupById.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupById.graphql new file mode 100644 index 000000000..b8fd8ba87 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupById.graphql @@ -0,0 +1,10 @@ +query getServiceGroupById ($id: Int!){ + modelling_service_group_by_pk(id: $id){ + ...serviceGroupDetails + services: service_service_groups{ + service{ + ...serviceDetails + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupIdsForService.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupIdsForService.graphql new file mode 100644 index 000000000..b64963863 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupIdsForService.graphql @@ -0,0 +1,5 @@ +query getServiceGroupIdsForService ($serviceId: Int!){ + modelling_service_service_group (where: { service_id: { _eq: $serviceId } }){ + service_group_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupsForApp.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupsForApp.graphql new file mode 100644 index 000000000..87663e9ac --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServiceGroupsForApp.graphql @@ -0,0 +1,10 @@ +query getServiceGroupsForApp ($appId: Int!){ + modelling_service_group (where: { app_id: { _eq: $appId } } order_by: { name: asc }){ + ...serviceGroupDetails + services: service_service_groups{ + service{ + ...serviceDetails + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServicesForApp.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServicesForApp.graphql new file mode 100644 index 000000000..bd9c984c0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getServicesForApp.graphql @@ -0,0 +1,5 @@ +query getServicesForApp ($appId: Int!){ + modelling_service (where: { app_id: { _eq: $appId } } order_by: { name: asc }){ + ...serviceDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppRole.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppRole.graphql new file mode 100644 index 000000000..0cecdf9c8 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppRole.graphql @@ -0,0 +1,20 @@ +mutation newAppRole( + $name: String + $idString: String + $appId: Int + $comment: String + $creator: String + ) { + insert_modelling_nwgroup(objects: { + name: $name + id_string: $idString + app_id: $appId + comment: $comment + creator: $creator + group_type: 20 + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql new file mode 100644 index 000000000..ce23beb9a --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql @@ -0,0 +1,23 @@ +mutation newAppServer( + $name: String + $appId: Int + $ip: cidr + $ipEnd: cidr + $importSource: String + $customType: Int + ) { + insert_owner_network(objects: { + name: $name + owner_id: $appId + ip: $ip + ip_end: $ipEnd + import_source: $importSource + is_deleted: false + nw_type: 10 + custom_type: $customType + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newArea.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newArea.graphql new file mode 100644 index 000000000..ff9c7b114 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newArea.graphql @@ -0,0 +1,16 @@ +mutation newArea( + $name: String + $idString: String + $creator: String + ) { + insert_modelling_nwgroup(objects: { + name: $name + id_string: $idString + creator: $creator + group_type: 23 + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAreaSubnet.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAreaSubnet.graphql new file mode 100644 index 000000000..6049f8ecd --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAreaSubnet.graphql @@ -0,0 +1,19 @@ +mutation newAreaSubnet( + $name: String + $ip: cidr + $ipEnd: cidr + $importSource: String + ) { + insert_owner_network(objects: { + name: $name + ip: $ip + ip_end: $ipEnd + import_source: $importSource + is_deleted: false + nw_type: 11 + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newConnection.graphql new file mode 100644 index 000000000..9f974f14a --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newConnection.graphql @@ -0,0 +1,29 @@ +mutation newConnection( + $name: String + $appId: Int + $proposedAppId: Int + $reason: String + $isInterface: Boolean + $usedInterfaceId: Int + $isRequested: Boolean + $ticketId: bigint + $creator: String + $commonSvc: Boolean + ) { + insert_modelling_connection(objects: { + name: $name + app_id: $appId + proposed_app_id: $proposedAppId + reason: $reason + is_interface: $isInterface + used_interface_id: $usedInterfaceId + is_requested: $isRequested + ticket_id: $ticketId + creator: $creator + common_service: $commonSvc + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newService.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newService.graphql new file mode 100644 index 000000000..db214df19 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newService.graphql @@ -0,0 +1,21 @@ +mutation newService( + $name: String + $appId: Int + $isGlobal: Boolean + $port: Int + $portEnd: Int + $protoId: Int + ) { + insert_modelling_service(objects: { + name: $name + app_id: $appId + is_global: $isGlobal + port: $port + port_end: $portEnd + proto_id: $protoId + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newServiceGroup.graphql new file mode 100644 index 000000000..f2fb1c949 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newServiceGroup.graphql @@ -0,0 +1,19 @@ +mutation newServiceGroup( + $name: String + $appId: Int + $isGlobal: Boolean + $comment: String + $creator: String + ) { + insert_modelling_service_group(objects: { + name: $name + app_id: $appId + is_global: $isGlobal + comment: $comment + creator: $creator + }) { + returning { + newId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeAppServerFromConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeAppServerFromConnection.graphql new file mode 100644 index 000000000..8cf0f556c --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeAppServerFromConnection.graphql @@ -0,0 +1,9 @@ +mutation removeAppServerFromConnection( + $nwObjectId: bigint! + $connectionId: Int! + $connectionField: Int! + ) { + delete_modelling_nwobject_connection(where: {nwobject_id: {_eq: $nwObjectId}, connection_id: {_eq: $connectionId}, connection_field: {_eq: $connectionField}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwGroupFromConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwGroupFromConnection.graphql new file mode 100644 index 000000000..00478589d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwGroupFromConnection.graphql @@ -0,0 +1,9 @@ +mutation removeNwGroupFromConnection( + $nwGroupId: bigint! + $connectionId: Int! + $connectionField: Int! + ) { + delete_modelling_nwgroup_connection(where: {nwgroup_id: {_eq: $nwGroupId}, connection_id: {_eq: $connectionId}, connection_field: {_eq: $connectionField}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwObjectFromNwGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwObjectFromNwGroup.graphql new file mode 100644 index 000000000..ec7e946c8 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeNwObjectFromNwGroup.graphql @@ -0,0 +1,8 @@ +mutation removeNwObjectFromNwGroup( + $nwObjectId: bigint! + $nwGroupId: bigint! + ) { + delete_modelling_nwobject_nwgroup(where: {nwobject_id: {_eq: $nwObjectId}, nwgroup_id: {_eq: $nwGroupId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedConnection.graphql new file mode 100644 index 000000000..5b671ca35 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedConnection.graphql @@ -0,0 +1,8 @@ +mutation removeSelectedConnection( + $appId: Int! + $connectionId: Int! + ) { + delete_modelling_selected_connections(where: {app_id: {_eq: $appId}, connection_id: {_eq: $connectionId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObject.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObject.graphql new file mode 100644 index 000000000..f15424293 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObject.graphql @@ -0,0 +1,8 @@ +mutation removeSelectedNwGroupObject( + $appId: Int! + $nwGroupId: bigint! + ) { + delete_modelling_selected_objects(where: {app_id: {_eq: $appId}, nwgroup_id: {_eq: $nwGroupId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObjectFromAllApps.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObjectFromAllApps.graphql new file mode 100644 index 000000000..5ff91909a --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeSelectedNwGroupObjectFromAllApps.graphql @@ -0,0 +1,7 @@ +mutation removeSelectedNwGroupObjectFromAllApps( + $nwGroupId: bigint! + ) { + delete_modelling_selected_objects(where: {nwgroup_id: {_eq: $nwGroupId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromConnection.graphql new file mode 100644 index 000000000..33b23c0e7 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromConnection.graphql @@ -0,0 +1,8 @@ +mutation removeServiceFromConnection( + $serviceId: Int! + $connectionId: Int! + ) { + delete_modelling_service_connection(where: {service_id: {_eq: $serviceId}, connection_id: {_eq: $connectionId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromServiceGroup.graphql new file mode 100644 index 000000000..4f5cfa815 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceFromServiceGroup.graphql @@ -0,0 +1,8 @@ +mutation removeServiceFromServiceGroup( + $serviceId: Int! + $serviceGroupId: Int! + ) { + delete_modelling_service_service_group(where: {service_id: {_eq: $serviceId}, service_group_id: {_eq: $serviceGroupId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceGroupFromConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceGroupFromConnection.graphql new file mode 100644 index 000000000..6ce9f37ae --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/removeServiceGroupFromConnection.graphql @@ -0,0 +1,8 @@ +mutation removeServiceGroupFromConnection( + $serviceGroupId: Int! + $connectionId: Int! + ) { + delete_modelling_service_group_connection(where: {service_group_id: {_eq: $serviceGroupId}, connection_id: {_eq: $connectionId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerDeletedState.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerDeletedState.graphql new file mode 100644 index 000000000..29450f061 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerDeletedState.graphql @@ -0,0 +1,12 @@ +mutation setAppServerDeletedState( + $id: bigint! + $deleted: Boolean! + ) { + update_owner_network_by_pk( + pk_columns: { id: $id } + _set: { + is_deleted: $deleted + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerType.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerType.graphql new file mode 100644 index 000000000..300fd49be --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAppServerType.graphql @@ -0,0 +1,12 @@ +mutation setAppServerType( + $id: bigint! + $customType: Int + ) { + update_owner_network_by_pk( + pk_columns: { id: $id } + _set: { + custom_type: $customType + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAreaDeletedState.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAreaDeletedState.graphql new file mode 100644 index 000000000..35f9eb5a2 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/setAreaDeletedState.graphql @@ -0,0 +1,12 @@ +mutation setAreaDeletedState( + $id: bigint! + $deleted: Boolean! + ) { + update_modelling_nwgroup_by_pk( + pk_columns: { id: $id } + _set: { + is_deleted: $deleted + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppRole.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppRole.graphql new file mode 100644 index 000000000..84ccbf6b2 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppRole.graphql @@ -0,0 +1,18 @@ +mutation updateAppRole( + $id: bigint! + $name: String + $idString: String + $appId: Int + $comment: String + ) { + update_modelling_nwgroup_by_pk( + pk_columns: { id: $id } + _set: { + name: $name + id_string: $idString + app_id: $appId + comment: $comment + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppServer.graphql new file mode 100644 index 000000000..d2b73e0dc --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateAppServer.graphql @@ -0,0 +1,22 @@ +mutation updateAppServer( + $id: bigint! + $name: String + $appId: Int + $ip: cidr + $importSource: String + $customType: Int + ) { + update_owner_network_by_pk( + pk_columns: { id: $id } + _set: { + name: $name + owner_id: $appId + ip: $ip + ip_end: $ip + import_source: $importSource + is_deleted: false + custom_type: $customType + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateConnection.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateConnection.graphql new file mode 100644 index 000000000..72878aeed --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateConnection.graphql @@ -0,0 +1,28 @@ +mutation updateConnection( + $id: Int! + $name: String + $appId: Int + $proposedAppId: Int + $reason: String + $isInterface: Boolean + $usedInterfaceId: Int + $isRequested: Boolean + $isPublished: Boolean + $commonSvc: Boolean + ) { + update_modelling_connection_by_pk( + pk_columns: { id: $id } + _set: { + name: $name + app_id: $appId + proposed_app_id: $proposedAppId + reason: $reason + is_interface: $isInterface + used_interface_id: $usedInterfaceId + is_requested: $isRequested + is_published: $isPublished + common_service: $commonSvc + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateService.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateService.graphql new file mode 100644 index 000000000..861d0a258 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateService.graphql @@ -0,0 +1,18 @@ +mutation updateService( + $id: Int! + $name: String + $port: Int + $portEnd: Int + $protoId: Int + ) { + update_modelling_service_by_pk( + pk_columns: { id: $id } + _set: { + name: $name + port: $port + port_end: $portEnd + proto_id: $protoId + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateServiceGroup.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateServiceGroup.graphql new file mode 100644 index 000000000..a47dff825 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/updateServiceGroup.graphql @@ -0,0 +1,14 @@ +mutation updateServiceGroup( + $id: Int! + $name: String + $comment: String + ) { + update_modelling_service_group_by_pk( + pk_columns: { id: $id } + _set: { + name: $name + comment: $comment + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getAllUiLogEntrys.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getAllUiLogEntrys.graphql new file mode 100644 index 000000000..cb60dbc27 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getAllUiLogEntrys.graphql @@ -0,0 +1,10 @@ +query getAllUiLogEntrys{ + log_data_issue (where: {source: {_eq: "ui"}} order_by: { data_issue_id: desc }){ + data_issue_id + severity + issue_timestamp + suspected_cause + description + user_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/getImportStatus.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getImportStatus.graphql similarity index 100% rename from roles/lib/files/FWO.Api.Client/APIcalls/device/getImportStatus.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/monitor/getImportStatus.graphql diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getUiLogEntrys.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getUiLogEntrys.graphql index bd17688da..b18a016c6 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getUiLogEntrys.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/monitor/getUiLogEntrys.graphql @@ -5,5 +5,6 @@ query getUiLogEntrys ($user: Int!){ issue_timestamp suspected_cause description + user_id } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/_repo.graphql deleted file mode 100644 index a8ae2d117..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/_repo.graphql +++ /dev/null @@ -1,25 +0,0 @@ - - -# needs to be exact import id for the specific device, otherwise it might not return desired results -query listHistoricalObjects($import_id: Int!, $management_id: Int) { - object_aggregate( - where: { - mgm_id: { _eq: $mgmt } - obj_create: { _lte: $import_id } - obj_last_seen: { _gte: $import_id } - } - ) { - aggregate { - count - } - } - object( - where: { - mgm_id: { _eq: $mgmt } - obj_create: { _lte: $import_id } - obj_last_seen: { _gte: $import_id } - } - ) { - ...networkObjectDetails - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/fragments/networkObjectDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/fragments/networkObjectDetails.graphql index 2c218a6a1..85d256884 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/fragments/networkObjectDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/fragments/networkObjectDetails.graphql @@ -33,10 +33,6 @@ fragment networkObjectDetails on object { objgrp_flats(order_by: {objgrp_flat_member_id: asc}) { id_flat: objgrp_flat_id byFlatId: objectByObjgrpFlatMemberId { - network_object_limits { - first_ip - last_ip - } obj_id obj_name obj_ip diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/getTenantNetworkObjectDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/getTenantNetworkObjectDetails.graphql new file mode 100644 index 000000000..935149b21 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/networkObject/getTenantNetworkObjectDetails.graphql @@ -0,0 +1,29 @@ +query getNetworkObjectDetails( + $management_id: [Int!] + $nwObjTyp: [String!] + $nwObjUid: [String!] + $time: String + $obj_name: [String!] + $obj_ip: [cidr!] + $limit: Int + $offset: Int +) { + management(where: { mgm_id: { _in: $management_id }, stm_dev_typ:{dev_typ_is_multi_mgmt:{_eq:false}} }) { + id: mgm_id + name: mgm_name + networkObjects: get_objects_for_tenant( + limit: $limit + offset: $offset + where: { + stm_obj_typ: { obj_typ_name: { _in: $nwObjTyp } } + active: { _eq: true } + obj_name: { _in: $obj_name } + obj_ip: { _in: $obj_ip } + obj_uid: { _in: $nwObjUid } + } + order_by: { obj_name: asc } + ) { + ...networkObjectDetails + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deactivateOwner.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deactivateOwner.graphql new file mode 100644 index 000000000..9a9fed2a1 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deactivateOwner.graphql @@ -0,0 +1,11 @@ +mutation deactivateOwner( + $id: Int! + ) { + update_owner_by_pk( + pk_columns: { id: $id } + _set: { + active: false + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteAreaSubnet.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteAreaSubnet.graphql new file mode 100644 index 000000000..04f1fc0de --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteAreaSubnet.graphql @@ -0,0 +1,7 @@ +mutation deleteAreaSubnet( + $id: bigint! + ) { + delete_owner_network(where: {owner_id: {_is_null: true}, id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnership.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnership.graphql new file mode 100644 index 000000000..18cafc554 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnership.graphql @@ -0,0 +1,8 @@ +mutation deleteNetworkOwnership( + $ownerId: Int! + $id: Int! + ) { + delete_owner_network(where: {owner_id: {_eq: $ownerId}, id: {_eq: $id}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnerships.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnerships.graphql deleted file mode 100644 index 82fe219a2..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteNetworkOwnerships.graphql +++ /dev/null @@ -1,5 +0,0 @@ -mutation deleteNetworkOwnerships($ownerId: Int!) { - delete_owner_network(where: {owner_id: {_eq: $ownerId}}) { - affected_rows - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteRuleOwnership.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteRuleOwnership.graphql new file mode 100644 index 000000000..89c4fd2a5 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/deleteRuleOwnership.graphql @@ -0,0 +1,8 @@ +mutation deleteRuleOwnership( + $ownerId: Int! + $ruleMetadataId: bigint! + ) { + delete_rule_owner(where: {owner_id: {_eq: $ownerId}, rule_metadata_id: {_eq: $ruleMetadataId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/fragments/ownerDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/fragments/ownerDetails.graphql index fe09d81bb..9891df13c 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/fragments/ownerDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/fragments/ownerDetails.graphql @@ -6,6 +6,11 @@ fragment ownerDetails on owner { is_default tenant_id recert_interval - next_recert_date app_id_external + recert_check_params + last_recert_check + criticality + active + import_source + common_service_possible } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwners.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwners.graphql new file mode 100644 index 000000000..99124d554 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwners.graphql @@ -0,0 +1,6 @@ + +query getEditableOwners ($appIds: [Int!]){ + owner_list: owner (where: {id: {_in: $appIds}} order_by: { name: asc }){ + ...ownerDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwnersWithConn.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwnersWithConn.graphql new file mode 100644 index 000000000..a64bc1267 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getEditableOwnersWithConn.graphql @@ -0,0 +1,9 @@ + +query getEditableOwnersWithConn ($appIds: [Int!]){ + owner_list: owner (where: {id: {_in: $appIds}} order_by: { name: asc }){ + ...ownerDetails + connections_aggregate { + aggregate { count } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getNetworkOwnerships.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getNetworkOwnerships.graphql index ca6680ed7..06c74f24a 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getNetworkOwnerships.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getNetworkOwnerships.graphql @@ -3,5 +3,6 @@ query getNetworkOwnerships ($ownerId: Int!) { owner_network (where: {owner_id: {_eq: $ownerId}} order_by: { id: asc }){ id ip + ip_end } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsForUser.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsForUser.graphql index d18fe3301..569645a71 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsForUser.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsForUser.graphql @@ -2,5 +2,6 @@ query getOwnerIdsForUser ($userDn: String!) { owner (where: {dn: {_eq: $userDn}} order_by: { id: asc }){ id + recert_interval } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsFromGroups.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsFromGroups.graphql index b74bf8fe4..d8b8bbf99 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsFromGroups.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnerIdsFromGroups.graphql @@ -2,5 +2,6 @@ query getOwnerIdsFromGroups ($groupDns: [String]!) { owner (where: {group_dn: {_in: $groupDns}} order_by: { id: asc }){ id + recert_interval } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnersWithConn.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnersWithConn.graphql new file mode 100644 index 000000000..b75792541 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getOwnersWithConn.graphql @@ -0,0 +1,9 @@ + +query getOwnersWithConn { + owner_list: owner (where: {id: { _gt: 0 }} order_by: { name: asc }){ + ...ownerDetails + connections_aggregate { + aggregate { count } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/getRuleOwnerships.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getRuleOwnerships.graphql new file mode 100644 index 000000000..148cb95d9 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/getRuleOwnerships.graphql @@ -0,0 +1,10 @@ + +query getRuleOwnerships ($ownerId: Int!) { + rule_owner (where: {owner_id: {_eq: $ownerId}} order_by: { rule_metadata_id: asc }){ + rule_metadatum { + rule_metadata_id + dev_id + rule_uid + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql index 69ddf5a65..84f24c794 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql @@ -1,10 +1,12 @@ mutation newNetworkOwnership( $ownerId: Int! $ip: cidr + $ip_end: cidr ) { insert_owner_network(objects: { owner_id: $ownerId ip: $ip + ip_end: $ip_end }) { returning { newId: id diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newOwner.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newOwner.graphql index aa97e9ba1..f3332b64e 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newOwner.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newOwner.graphql @@ -4,8 +4,11 @@ mutation newOwner( $groupDn: String! $tenantId: Int $recertInterval: Int - $nextRecertDate: timestamp $appIdExternal: String! + $recertCheckParams: String + $criticality: String + $importSource: String + $commSvcPossible: Boolean ) { insert_owner(objects: { name: $name @@ -13,8 +16,11 @@ mutation newOwner( group_dn: $groupDn tenant_id: $tenantId recert_interval: $recertInterval - next_recert_date: $nextRecertDate app_id_external: $appIdExternal + recert_check_params: $recertCheckParams + criticality: $criticality + import_source: $importSource + common_service_possible: $commSvcPossible }) { returning { newId: id diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newRuleOwnership.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newRuleOwnership.graphql new file mode 100644 index 000000000..a2cd514e3 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newRuleOwnership.graphql @@ -0,0 +1,13 @@ +mutation newRuleOwnership( + $ownerId: Int! + $ruleMetadataId: bigint! + ) { + insert_rule_owner(objects: { + owner_id: $ownerId + rule_metadata_id: $ruleMetadataId + }) { + returning { + newId: rule_metadata_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/setOwnerLastCheck.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/setOwnerLastCheck.graphql new file mode 100644 index 000000000..66579f941 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/setOwnerLastCheck.graphql @@ -0,0 +1,12 @@ +mutation setOwnerLastCheck( + $id: Int! + $lastRecertCheck: timestamp + ) { + update_owner_by_pk( + pk_columns: { id: $id } + _set: { + last_recert_check: $lastRecertCheck + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/updateOwner.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/updateOwner.graphql index b48265905..f25ce2ebb 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/owner/updateOwner.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/owner/updateOwner.graphql @@ -5,8 +5,10 @@ mutation updateOwner( $groupDn: String! $tenantId: Int $recertInterval: Int - $nextRecertDate: timestamp $appIdExternal: String! + $recertCheckParams: String + $criticality: String + $commSvcPossible: Boolean ) { update_owner_by_pk( pk_columns: { id: $id } @@ -16,8 +18,11 @@ mutation updateOwner( group_dn: $groupDn tenant_id: $tenantId recert_interval: $recertInterval - next_recert_date: $nextRecertDate app_id_external: $appIdExternal + recert_check_params: $recertCheckParams + criticality: $criticality + common_service_possible: $commSvcPossible + active: true }) { UpdatedId: id } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/addRecertEntries.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/addRecertEntries.graphql new file mode 100644 index 000000000..b5b601155 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/addRecertEntries.graphql @@ -0,0 +1,9 @@ +mutation addOpenRecerts($recerts:[recertification_insert_input!]!) { + insert_recertification( + objects: $recerts + ) { + returning { + id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/clearOpenRecerts.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/clearOpenRecerts.graphql new file mode 100644 index 000000000..e677904e0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/clearOpenRecerts.graphql @@ -0,0 +1,13 @@ +mutation clearOpenRecerts($ownerId: Int, $mgmId: Int) { + delete_recertification( + where: { + owner_id: { _eq: $ownerId } + rule_metadatum: { device: { mgm_id: { _eq: $mgmId } } } + recert_date: { _is_null: true } + } + ) { + returning { + DeletedId: id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/view_rule_with_owner.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/ruleOpenCertOverview.graphql similarity index 55% rename from roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/view_rule_with_owner.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/ruleOpenCertOverview.graphql index 2924af55a..e8f07924b 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/view_rule_with_owner.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/fragments/ruleOpenCertOverview.graphql @@ -1,16 +1,15 @@ -fragment ruleCertOverview on view_rule_with_owner { +fragment ruleOpenCertOverview on rule { rule_id rule_uid - owner_id - owner_name - matches rule_action - device { dev_id } + device { + dev_id + } section_header: rule_head_text rule_comment rule_track rule_disabled - src_zone { + src_zone: zone { zone_name zone_id } @@ -25,6 +24,26 @@ fragment ruleCertOverview on view_rule_with_owner { rule_to_be_removed rule_decert_date rule_recertification_comment + recertification: recertifications (where: { owner: $ownerWhere, recert_date: {_is_null: true}, next_recert_date: {_lte: $refdate1}}, order_by: { owner: { name: asc }}) { + recert_date + recertified + ip_match + next_recert_date + owner { + id + group_dn + name + } + } + recert_history: recertifications (where: { owner: $ownerWhere, recert_date: {_is_null: false}}, order_by: { recert_date: desc }) { + recert_date + recertified + user_dn + comment + owner { + name + } + } } rule_src_neg rule_dst_neg @@ -42,7 +61,7 @@ fragment ruleCertOverview on view_rule_with_owner { ...networkObjectOverview } } - dst_zone { + dst_zone: zoneByRuleToZone { zone_name zone_id } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecerts.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecerts.graphql new file mode 100644 index 000000000..0c96596aa --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecerts.graphql @@ -0,0 +1,17 @@ +query getFutureRecertsForOwners($ownerId: Int!, $mgmId: Int!) { + recert_get_one_owner_one_mgm( + where: { recert_date: { _is_null: true } } + args: { i_mgm_id: $mgmId, i_owner_id: $ownerId } + ) { + id + rule_metadata_id + rule_id + ip_match + owner_id + user_dn + recertified + next_recert_date + recert_date + comment + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecertsForRule.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecertsForRule.graphql new file mode 100644 index 000000000..2d09ae5e4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/getOpenRecertsForRule.graphql @@ -0,0 +1,6 @@ + +query getOpenRecertsForRule ($ruleId: bigint!) { + recertification (where: {_and: [{rule_id: {_eq: $ruleId}}, {recert_date: {_is_null: true}}]}){ + recertified + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/newRecertification.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/prepareNextRecertification.graphql similarity index 56% rename from roles/lib/files/FWO.Api.Client/APIcalls/recertification/newRecertification.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/recertification/prepareNextRecertification.graphql index 156331228..4092e1cee 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/newRecertification.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/prepareNextRecertification.graphql @@ -1,22 +1,16 @@ -mutation newRecertification( +mutation prepareNextRecertification( $ruleMetadataId: bigint! $ruleId: bigint! $ipMatch: String $ownerId: Int! - $userDn: String - $recertified: Boolean - $recertDate: timestamp - $comment: String + $nextRecertDate: timestamp ) { insert_recertification(objects: { rule_metadata_id: $ruleMetadataId rule_id: $ruleId ip_match: $ipMatch owner_id: $ownerId - user_dn: $userDn - recertified: $recertified - recert_date: $recertDate - comment: $comment + next_recert_date: $nextRecertDate }) { returning { newId: id diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/recertify.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/recertify.graphql new file mode 100644 index 000000000..e23baf0d6 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/recertify.graphql @@ -0,0 +1,20 @@ +mutation recertify( + $ruleId: bigint! + $ownerId: Int! + $userDn: String + $recertified: Boolean + $recertDate: timestamp + $comment: String + ) { + update_recertification( + where: {_and: [{rule_id: {_eq: $ruleId}}, {owner_id: {_eq: $ownerId}}, {recert_date: {_is_null: true}}]}, + _set: { + user_dn: $userDn + recertified: $recertified + recert_date: $recertDate + comment: $comment + } + ) { + affected_rows + } + } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataDecert.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataDecert.graphql deleted file mode 100644 index cc25f4a71..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataDecert.graphql +++ /dev/null @@ -1,18 +0,0 @@ -mutation updateRuleMetadataDecert ( - $ids: [bigint!] - $decertDate: timestamp - $comment: String - ) { - update_rule_metadata( - where: {rule_metadata_id: {_in: $ids}}, - _set: { - rule_to_be_removed: true, - rule_decert_date: $decertDate - rule_recertification_comment: $comment - } - ) { - returning { - UpdatedId: rule_metadata_id - } - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataRecert.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataRecert.graphql deleted file mode 100644 index 9ea8dc892..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/recertification/updateRuleMetadataRecert.graphql +++ /dev/null @@ -1,19 +0,0 @@ -mutation updateRuleMetadataRecert ( - $ids: [bigint!], - $certDate: timestamp, - $userDn: String - $comment: String - ) { - update_rule_metadata( - where: {rule_metadata_id: {_in: $ids}}, - _set: { - rule_last_certified: $certDate, - rule_last_certifier_dn: $userDn - rule_recertification_comment: $comment - } - ) { - returning { - UpdatedId: rule_metadata_id - } - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/getGeneratedReports.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/getGeneratedReports.graphql index 6e2da7494..f885eede1 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/report/getGeneratedReports.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/getGeneratedReports.graphql @@ -1,5 +1,5 @@ query getGeneratedReports { - report { + report(order_by:{report_id:desc}) { report_id report_name report_start_time @@ -13,4 +13,4 @@ report_template_name } } -} \ No newline at end of file +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/getImportsToNotify.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/getImportsToNotify.graphql new file mode 100644 index 000000000..5ceba5023 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/getImportsToNotify.graphql @@ -0,0 +1,15 @@ +query getImportsToNotify { + import_control(where: { + successful_import: {_eq: true} + changes_found: {_eq: true} + notification_done: {_eq: false} + } order_by: {stop_time: asc}) { + control_id + stop_time + mgm_id + management{ + mgm_name + } + security_relevant_changes_counter + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/getReportSchedules.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/getReportSchedules.graphql index 36a3ea734..91053869d 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/report/getReportSchedules.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/getReportSchedules.graphql @@ -1,5 +1,5 @@ query getReportSchedules { - report_schedule { + report_schedule(order_by: {report_schedule_id: desc}) { report_schedule_id report_schedule_name report_schedule_every @@ -19,7 +19,7 @@ query getReportSchedules { report_filter report_parameters } - report_schedule_formats{ + report_schedule_formats { report_schedule_format_name } report_schedule_counter diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/getRuleUidsOfDevice.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/getRuleUidsOfDevice.graphql new file mode 100644 index 000000000..fac73b7d0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/getRuleUidsOfDevice.graphql @@ -0,0 +1,20 @@ +query getRuleUidsOfDevice ($devId: Int!, $relevantImportId: bigint) { + rule ( + where: { + dev_id: { _eq: $devId } + active: { _eq: true } + access_rule: { _eq: true } + rule_head_text: { _is_null: true } + rule_disabled: { _eq: false } + action_id: { _nin: [2,3,7] } + import_control: { control_id: {_lte: $relevantImportId } }, importControlByRuleLastSeen: { control_id: {_gte: $relevantImportId }} + } + order_by: { rule_num_numeric: asc }){ + rule_uid + rule_metadatum{ + rule_metadata_id + rule_uid + dev_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/getUsageDataCount.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/getUsageDataCount.graphql new file mode 100644 index 000000000..a76006fea --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/getUsageDataCount.graphql @@ -0,0 +1,8 @@ + +query getUsageDataCount($devId: Int) { + rule_aggregate(where: {_and: [ {dev_id: {_eq: $devId } }, { rule_metadatum: {rule_last_hit: { _is_null: false } } } ] }) { + aggregate { + count + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/setImportsNotified.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/setImportsNotified.graphql new file mode 100644 index 000000000..720e5ff68 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/setImportsNotified.graphql @@ -0,0 +1,9 @@ +mutation setImportsNotified($ids: [bigint!]) { + update_import_control( + where: { control_id: {_in: $ids} } + _set: { + notification_done: true + }) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeGeneratedReportsChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeGeneratedReportsChanges.graphql new file mode 100644 index 000000000..14057b001 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeGeneratedReportsChanges.graphql @@ -0,0 +1,16 @@ +subscription subscribeGeneratedReportsChanges { + report(order_by:{report_id:desc}) { + report_id + report_name + report_start_time + report_end_time + report_type + description + uiuser { + uiuser_username + } + report_template { + report_template_name + } + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeReportScheduleChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeReportScheduleChanges.graphql index 71931da7a..d16fdd659 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeReportScheduleChanges.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/subscribeReportScheduleChanges.graphql @@ -1,5 +1,5 @@ subscription subscribeReportScheduleChanges { - report_schedule { + report_schedule(order_by: {report_schedule_id: desc}) { report_schedule_id report_schedule_name report_schedule_every @@ -8,7 +8,6 @@ report_schedule_owner_user: uiuser { uiuser_id uiuser_username - uuid ldap_connection: ldap_connection { ldap_connection_id } @@ -20,8 +19,9 @@ report_filter report_parameters } - report_schedule_formats{ + report_schedule_formats { report_schedule_format_name } + report_schedule_counter } -} \ No newline at end of file +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/report/editReportTemplate.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/report/updateReportTemplate.graphql similarity index 94% rename from roles/lib/files/FWO.Api.Client/APIcalls/report/editReportTemplate.graphql rename to roles/lib/files/FWO.Api.Client/APIcalls/report/updateReportTemplate.graphql index 5b08744dd..e320c0866 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/report/editReportTemplate.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/report/updateReportTemplate.graphql @@ -1,4 +1,4 @@ -mutation editReportTemplate( +mutation updateReportTemplate( $reportTemplateId: Int $reportTemplateName: String $reportTemplateCreate: timestamp diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/addOwnerToReqTask.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/addOwnerToReqTask.graphql new file mode 100644 index 000000000..2f2b06346 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/addOwnerToReqTask.graphql @@ -0,0 +1,13 @@ +mutation addOwnerToReqTask( + $reqTaskId: bigint + $ownerId: Int! + ) { + insert_reqtask_owner(objects: { + reqtask_id: $reqTaskId + owner_id: $ownerId + }) { + returning { + newId: owner_id + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/implTaskDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/implTaskDetails.graphql index 9e6cfd466..15ebe2b95 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/implTaskDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/implTaskDetails.graphql @@ -40,6 +40,7 @@ fragment implTaskDetails on request_impltask { field user_id original_nat_id + rule_uid } comments: impltask_comments { comment: comment { diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/reqTaskDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/reqTaskDetails.graphql index 2c89c3d50..5804130c5 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/reqTaskDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/fragments/reqTaskDetails.graphql @@ -14,6 +14,7 @@ fragment reqTaskDetails on request_reqtask { nw_obj_grp_id user_grp_id reason + additional_info free_text last_recert_date current_handler: uiuser { @@ -42,6 +43,8 @@ fragment reqTaskDetails on request_reqtask { field user_id original_nat_id + device_id + rule_uid } implementation_tasks: impltasks { ...implTaskDetails diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/getTickets.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/getTickets.graphql index e96a893dc..3a5405a07 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/getTickets.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/getTickets.graphql @@ -1,5 +1,5 @@ -query getTickets($from_state: Int!, $to_state: Int!) { - request_ticket(where: {_or: [{_and: [{state_id: {_gte: $from_state}}, {state_id: {_lt: $to_state}}]}, {reqtasks: {_and: [{state_id: {_gte: $from_state}}, {state_id: {_lt: $to_state}}]}}]}, order_by: {id: asc}) { +query getTickets($fromState: Int!, $toState: Int!) { + request_ticket(where: {_or: [{_and: [{state_id: {_gte: $fromState}}, {state_id: {_lt: $toState}}]}, {reqtasks: {_and: [{state_id: {_gte: $fromState}}, {state_id: {_lt: $toState}}]}}]}, order_by: {id: asc}) { ...ticketDetails } } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/getTicketsByOwners.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/getTicketsByOwners.graphql new file mode 100644 index 000000000..180bbd58e --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/getTicketsByOwners.graphql @@ -0,0 +1,15 @@ +query getTicketsByOwners( + $ownerIds: [Int!] + $fromState: Int! + $toState: Int! + ) { + request_ticket(where: { + _and: [{ + reqtasks: { reqtask_owners: { owner_id: {_in: $ownerIds}} }, + _or: [{_and: [{state_id: {_gte: $fromState}}, {state_id: {_lt: $toState}}]}, + {reqtasks: {_and: [{state_id: {_gte: $fromState}}, {state_id: {_lt: $toState}}]}}] + }] + }, order_by: {id: asc}) { + ...ticketDetails + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/newImplementationElement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/newImplementationElement.graphql index 4a4c4e9ec..84e42014f 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/newImplementationElement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/newImplementationElement.graphql @@ -4,11 +4,12 @@ mutation newImplementationElement( $ip: cidr $port: Int $proto: Int - $network_obj_id: bigint - $service_id: bigint + $networkObjId: bigint + $serviceId: bigint $field: rule_field_enum! - $user_id: bigint - $original_nat_id: Int + $userId: bigint + $originalNatId: bigint + $ruleUid: String ) { insert_request_implelement(objects: { implementation_action: $implementationAction @@ -16,11 +17,12 @@ mutation newImplementationElement( ip: $ip port: $port ip_proto_id: $proto - network_object_id: $network_obj_id - service_id: $service_id + network_object_id: $networkObjId + service_id: $serviceId field: $field - user_id: $user_id - original_nat_id: $original_nat_id + user_id: $userId + original_nat_id: $originalNatId + rule_uid: $ruleUid }) { returning { newId: id diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestElement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestElement.graphql index 346fc47d5..73f48e3ef 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestElement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestElement.graphql @@ -4,11 +4,13 @@ mutation newRequestElement( $ip: cidr $port: Int $proto: Int - $network_obj_id: bigint - $service_id: bigint + $networkObjId: bigint + $serviceId: bigint $field: rule_field_enum! - $user_id: bigint - $original_nat_id: Int + $userId: bigint + $originalNatId: bigint + $deviceId: Int + $ruleUid: String ) { insert_request_reqelement(objects: { request_action: $requestAction @@ -16,11 +18,13 @@ mutation newRequestElement( ip: $ip port: $port ip_proto_id: $proto - network_object_id: $network_obj_id - service_id: $service_id + network_object_id: $networkObjId + service_id: $serviceId field: $field - user_id: $user_id - original_nat_id: $original_nat_id + user_id: $userId + original_nat_id: $originalNatId + device_id: $deviceId + rule_uid: $ruleUid }) { returning { newId: id diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestTask.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestTask.graphql index 1b7f2990b..c4f8dc213 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestTask.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/newRequestTask.graphql @@ -10,6 +10,7 @@ mutation newRequestTask( $validFrom: timestamp $validTo: timestamp $reason: String + $additionalInfo: String $freeText: String ) { insert_request_reqtask(objects: { @@ -24,6 +25,7 @@ mutation newRequestTask( target_begin_date: $validFrom target_end_date: $validTo reason: $reason + additional_info: $additionalInfo free_text: $freeText }) { returning { diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/removeOwnerFromReqTask.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/removeOwnerFromReqTask.graphql new file mode 100644 index 000000000..2043a191d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/removeOwnerFromReqTask.graphql @@ -0,0 +1,8 @@ +mutation removeOwnerFromReqTask( + $reqTaskId: bigint + $ownerId: Int! + ) { + delete_reqtask_owner(where: {owner_id: {_eq: $ownerId}, reqtask_id: {_eq: $reqTaskId}}) { + affected_rows + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateImplementationElement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateImplementationElement.graphql index d96150866..1dc947bcc 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateImplementationElement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateImplementationElement.graphql @@ -5,11 +5,12 @@ mutation updateImplementationElement( $ip: cidr $port: Int $proto: Int - $network_obj_id: bigint - $service_id: bigint + $networkObjId: bigint + $serviceId: bigint $field: rule_field_enum! - $user_id: bigint - $original_nat_id: Int + $userId: bigint + $originalNatId: bigint + $ruleUid: String ) { update_request_implelement_by_pk( pk_columns: { id: $id } @@ -19,11 +20,12 @@ mutation updateImplementationElement( ip: $ip port: $port ip_proto_id: $proto - network_object_id: $network_obj_id - service_id: $service_id + network_object_id: $networkObjId + service_id: $serviceId field: $field - user_id: $user_id - original_nat_id: $original_nat_id + user_id: $userId + original_nat_id: $originalNatId + rule_uid: $ruleUid }) { UpdatedId: id } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestElement.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestElement.graphql index aa191fb49..b268d975d 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestElement.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestElement.graphql @@ -5,11 +5,13 @@ mutation updateRequestElement( $ip: cidr $port: Int $proto: Int - $network_obj_id: bigint - $service_id: bigint + $networkObjId: bigint + $serviceId: bigint $field: rule_field_enum! - $user_id: bigint - $original_nat_id: Int + $userId: bigint + $originalNatId: bigint + $deviceId: Int + $ruleUid: String ) { update_request_reqelement_by_pk( pk_columns: { id: $id } @@ -19,11 +21,13 @@ mutation updateRequestElement( ip: $ip port: $port ip_proto_id: $proto - network_object_id: $network_obj_id - service_id: $service_id + network_object_id: $networkObjId + service_id: $serviceId field: $field - user_id: $user_id - original_nat_id: $original_nat_id + user_id: $userId + original_nat_id: $originalNatId + device_id: $deviceId + rule_uid: $ruleUid }) { UpdatedId: id } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTask.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTask.graphql index dc0a11d70..7a4f151aa 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTask.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTask.graphql @@ -10,6 +10,7 @@ mutation updateRequestTask( $validFrom: timestamp $validTo: timestamp $reason: String + $additionalInfo: String $freeText: String $devices: String ) { @@ -26,6 +27,7 @@ mutation updateRequestTask( target_begin_date: $validFrom target_end_date: $validTo reason: $reason + additional_info: $additionalInfo free_text: $freeText devices: $devices }) { diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTaskAdditionalInfo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTaskAdditionalInfo.graphql new file mode 100644 index 000000000..6d11e8c86 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/request/updateRequestTaskAdditionalInfo.graphql @@ -0,0 +1,12 @@ +mutation updateRequestTaskAdditionalInfo( + $id: bigint! + $additionalInfo: String + ) { + update_request_reqtask_by_pk( + pk_columns: { id: $id } + _set: { + additional_info: $additionalInfo + }) { + UpdatedId: id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/rule/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/rule/_repo.graphql deleted file mode 100644 index 0990e97df..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/rule/_repo.graphql +++ /dev/null @@ -1,120 +0,0 @@ - -query getSpecificRuleById($ruleId: Int!) { - rule(where: { rule_id: { _eq: $ruleId } }) { - ...ruleDetailsForReport - } -} - -query listRuleChangesOverview( - $startId: Int - $stopId: Int - $devId: Int - $changeType: bpchar -) { - changelog_rule( - where: { - _and: [ - { control_id: { _lt: $stopId } } - { control_id: { _gt: $startId } } - { security_relevant: { _eq: true } } - ] - dev_id: { _eq: $devId } - change_action: { _eq: $changeType } - } - ) { - change_request_info - change_time - changelog_rule_comment - new_rule_id - old_rule_id - unique_name - dev_id - change_action - new_rule: rule { - ...ruleOverview - } - old_rule: ruleByOldRuleId { - ...ruleOverview - } - } -} - -query listRuleChangesDetails( - $startId: Int - $stopId: Int - $devId: Int - $changeType: bpchar -) { - changelog_rule( - where: { - _and: [ - { control_id: { _lt: $stopId } } - { control_id: { _gt: $startId } } - { security_relevant: { _eq: true } } - ] - dev_id: { _eq: $devId } - change_action: { _eq: $changeType } - } - ) { - dev_id - change_action - import_run_details: import_control { - import_id: control_id - mgm_id - is_initial_import - import_time: stop_time - } - rule { - ...ruleDetailsForReport - } - ruleByOldRuleId { - ...ruleDetailsForReport - } - } -} - - - -############################## -## mutations -############################## - - -mutation updateRuleRuleComment($rule_id: Int!, $new_comment: String!) { - update_rule(where: {rule_id: {_eq: $rule_id}}, _set: {rule_comment: $new_comment}) { - affected_rows - returning { - rule_id - rule_comment_post: rule_comment - } - } -} - -query filterRulesByTenant($importId: bigint) { - view_tenant_rules(where: {access_rule: {_eq: true}, rule_last_seen: {_gte: $importId}, rule_create: {_lte: $importId}}) { - rule_id - rule_src - rule_dst - rule_create - rule_last_seen - tenant_id - } -} - -query filterRulesByTenantWithoutAnyRulesWithCount($importId: bigint) { - view_tenant_rules_aggregate - (where: {access_rule: {_eq: true}, rule_last_seen: {_gte: $importId}, rule_create: {_lte: $importId}, _and: [{rule_src: {_neq: "all"}}, {rule_dst: {_neq: "all"}}, {rule_src: {_neq: "Any"}}, {rule_dst: {_neq: "Any"}}]}) - { - aggregate { - count - } - } - view_tenant_rules(where: {access_rule: {_eq: true}, rule_last_seen: {_gte: $importId}, rule_create: {_lte: $importId}, _and: [{rule_src: {_neq: "all"}}, {rule_dst: {_neq: "all"}}, {rule_src: {_neq: "Any"}}, {rule_dst: {_neq: "Any"}}]}) { - rule_id - rule_src - rule_dst - rule_create - rule_last_seen - tenant_id - } -} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetails.graphql index d090fe986..33b764bf5 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetails.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetails.graphql @@ -1,6 +1,7 @@ fragment ruleDetails on rule { rule_id rule_uid + dev_id rule_action section_header: rule_head_text rule_comment diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetailsForReport.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetailsForReport.graphql index c4116d8a7..8ffa21369 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetailsForReport.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleDetailsForReport.graphql @@ -1,6 +1,7 @@ fragment ruleDetails on rule { rule_id rule_uid + dev_id rule_action section_header: rule_head_text rule_comment diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleOverview.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleOverview.graphql index b79d3ee41..5042df8cf 100644 --- a/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleOverview.graphql +++ b/roles/lib/files/FWO.Api.Client/APIcalls/rule/fragments/ruleOverview.graphql @@ -1,6 +1,7 @@ fragment ruleOverview on rule { rule_id rule_uid + dev_id rule_action section_header: rule_head_text rule_comment @@ -30,7 +31,7 @@ fragment ruleOverview on rule { access_rule nat_rule xlate_rule - rule_froms(where: {object:{obj_create:{_lte:$relevantImportId}, obj_last_seen:{_gte:$relevantImportId}}}) { + rule_froms(where: {object: {obj_create: {_lte: $relevantImportId}, obj_last_seen: {_gte: $relevantImportId}}}) { usr { ...userOverview } @@ -42,7 +43,7 @@ fragment ruleOverview on rule { zone_name zone_id } - rule_tos(where: {object:{obj_create:{_lte:$relevantImportId}, obj_last_seen:{_gte:$relevantImportId}}}) { + rule_tos(where: {object: {obj_create: {_lte: $relevantImportId}, obj_last_seen: {_gte: $relevantImportId}}}) { usr { ...userOverview } @@ -50,7 +51,7 @@ fragment ruleOverview on rule { ...networkObjectOverview } } - rule_services(where: {service:{svc_create:{_lte:$relevantImportId}, svc_last_seen:{_gte:$relevantImportId}}}) { + rule_services(where: {service: {svc_create: {_lte: $relevantImportId}, svc_last_seen: {_gte: $relevantImportId}}}) { service { ...networkServiceOverview } diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/rule/getRuleByUid.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/rule/getRuleByUid.graphql new file mode 100644 index 000000000..83b466cd4 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/APIcalls/rule/getRuleByUid.graphql @@ -0,0 +1,15 @@ +query getRuleByUid( + $deviceId: Int! + $ruleUid: String +) { + rule( + where: { + dev_id: { _eq: $deviceId } + rule_uid: { _eq: $ruleUid } + active: { _eq: true } + access_rule: { _eq: true } + } + ) { + rule_id: rule_id + } +} diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/user/_repo.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/user/_repo.graphql deleted file mode 100644 index 0cebcc73d..000000000 --- a/roles/lib/files/FWO.Api.Client/APIcalls/user/_repo.graphql +++ /dev/null @@ -1,35 +0,0 @@ -fragment userDetails on usr { - user_id - user_uid - user_name - user_comment - user_lastname - user_firstname - usr_typ_id - stm_usr_typ { - usr_typ_name - } - user_member_names - user_member_refs -} - -query listUsers( - $management_id: [Int!] - $time: String - $user_name: [String!] - $limit: Int - $offset: Int -) { - management(where: { mgm_id: { _in: $management_id } }) { - mgm_id - mgm_name - usrs( - limit: $limit - offset: $offset - where: { active: { _eq: true }, user_name: { _in: $user_name } } - order_by: { user_name: asc } - ) { - ...userDetails - } - } -} diff --git a/roles/lib/files/FWO.Api.Client/ApiCrudHelper.cs b/roles/lib/files/FWO.Api.Client/ApiCrudHelper.cs index a1c1bc606..fe3da42b9 100644 --- a/roles/lib/files/FWO.Api.Client/ApiCrudHelper.cs +++ b/roles/lib/files/FWO.Api.Client/ApiCrudHelper.cs @@ -30,7 +30,7 @@ public class NewReturning public class AggregateCount { [JsonProperty("aggregate"), JsonPropertyName("aggregate")] - public Aggregate Aggregate {get; set;} + public Aggregate Aggregate {get; set;} = new Aggregate(); } public class Aggregate diff --git a/roles/lib/files/FWO.Api.Client/ApiSubscription.cs b/roles/lib/files/FWO.Api.Client/ApiSubscription.cs index d3b6eda6f..b8f964771 100644 --- a/roles/lib/files/FWO.Api.Client/ApiSubscription.cs +++ b/roles/lib/files/FWO.Api.Client/ApiSubscription.cs @@ -1,108 +1,29 @@ -using GraphQL; -using System; +using System; using System.Collections.Generic; using System.Linq; using System.Text; -using System.Text.Json; using System.Threading.Tasks; -using FWO.Api.Client; -using Newtonsoft.Json.Linq; -using FWO.Logging; -using GraphQL.Client.Abstractions; -using GraphQL.Client.Http; namespace FWO.Api.Client { - public class ApiSubscription : IDisposable + public abstract class ApiSubscription : IDisposable { - public delegate void SubscriptionUpdate(SubscriptionResponseType reponse); - public event SubscriptionUpdate OnUpdate; + private bool disposed = false; - private IObservable> subscriptionStream; - private IDisposable subscription; - private readonly GraphQLHttpClient graphQlClient; - private readonly GraphQLRequest request; - private readonly Action internalExceptionHandler; + protected abstract void Dispose(bool disposing); - public ApiSubscription(ApiConnection apiConnection, GraphQLHttpClient graphQlClient, GraphQLRequest request, Action exceptionHandler, SubscriptionUpdate OnUpdate) - { - this.OnUpdate = OnUpdate; - this.graphQlClient = graphQlClient; - this.request = request; - - // handle subscription terminating exceptions - internalExceptionHandler = (Exception exception) => - { - // Case: Jwt expired - if (exception.Message.Contains("JWTExpired")) - { - // Quit subscription by throwing exception. - // This does NOT lead to a real thrown exception within the application but is instead handled by the graphql library - throw exception; - } - exceptionHandler(exception); - }; - - CreateSubscription(); - - apiConnection.OnAuthHeaderChanged += ApiConnectionOnAuthHeaderChanged; - } - - private void CreateSubscription() - { - Log.WriteDebug("API", $"Creating API subscription {request.OperationName}."); - subscriptionStream = graphQlClient.CreateSubscriptionStream(request, internalExceptionHandler); - Log.WriteDebug("API", "API subscription created."); - - subscription = subscriptionStream.Subscribe(response => - { - if (ApiConstants.UseSystemTextJsonSerializer) - { - JsonElement.ObjectEnumerator responseObjectEnumerator = response.Data.EnumerateObject(); - responseObjectEnumerator.MoveNext(); - SubscriptionResponseType returnValue = JsonSerializer.Deserialize(responseObjectEnumerator.Current.Value.GetRawText()) ?? - throw new Exception($"Could not convert result from Json to {nameof(SubscriptionResponseType)}.\nJson: {responseObjectEnumerator.Current.Value.GetRawText()}"); ; - OnUpdate(returnValue); - } - else - { - try - { - // If repsonse.Data == null -> Jwt expired - connection was closed - // Leads to this method getting called again - if (response.Data == null) - { - // Terminate subscription - subscription.Dispose(); - } - else - { - JObject data = (JObject)response.Data; - JProperty prop = (JProperty)(data.First ?? throw new Exception($"Could not retrieve unique result attribute from Json.\nJson: {response.Data}")); - JToken result = prop.Value; - SubscriptionResponseType returnValue = result.ToObject() ?? throw new Exception($"Could not convert result from Json to {typeof(SubscriptionResponseType)}.\nJson: {response.Data}"); - OnUpdate(returnValue); - } - } - catch (Exception ex) - { - Log.WriteError("GraphQL Subscription", "Subscription lead to exception", ex); - throw; - } - } - }); - } - - private void ApiConnectionOnAuthHeaderChanged(object? sender, string jwt) + public void Dispose() { - subscription.Dispose(); - CreateSubscription(); + if (disposed) return; + Dispose(true); + disposed = true; + GC.SuppressFinalize(this); } - public void Dispose() + ~ ApiSubscription() { - subscription.Dispose(); - GC.SuppressFinalize(this); + if (disposed) return; + Dispose(false); } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/Alert.cs b/roles/lib/files/FWO.Api.Client/Data/Alert.cs index 5f6e0fdd1..f93cf25e4 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Alert.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Alert.cs @@ -22,7 +22,12 @@ public enum AlertCode Autodiscovery = 21, AutoDiscoveryErrorUnspecific = 22, - WorkflowAlert = 31 + WorkflowAlert = 31, + + ImportAppData = 41, + ImportAreaSubnetData = 42, + + ImportChangeNotify = 51 } public class Alert diff --git a/roles/lib/files/FWO.Api.Client/Data/Cidr.cs b/roles/lib/files/FWO.Api.Client/Data/Cidr.cs index 3644a7f14..1c6fa1398 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Cidr.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Cidr.cs @@ -4,7 +4,7 @@ namespace FWO.Api.Data { public class Cidr { - private IPAddressRange IpRange { get; set; } + private IPAddressRange IpRange { get; set; } = new IPAddressRange(); public bool Valid { get; set; } = false; @@ -14,6 +14,9 @@ public string CidrString set => this.setCidrFromString(value); } + public Cidr() + {} + public Cidr(string value) { this.setCidrFromString(value); @@ -46,5 +49,15 @@ private void setCidrFromString(string value) Valid = false; } } + + public bool IsV6() + { + return CidrString.Contains(':'); + } + public bool IsV4() + { + return !IsV6(); + } + } } diff --git a/roles/lib/files/FWO.Api.Client/Data/Client.cs b/roles/lib/files/FWO.Api.Client/Data/Client.cs deleted file mode 100644 index 1d82635cc..000000000 --- a/roles/lib/files/FWO.Api.Client/Data/Client.cs +++ /dev/null @@ -1,15 +0,0 @@ -// TODO: UNUSED - -using System; -using System.Collections.Generic; -using System.Linq; -using System.Threading.Tasks; - -namespace FWO.Api.Data -{ - //public class Client - //{ - // public readonly string Name; - // public readonly Manufacturer[] Manufacturers; - //} -} diff --git a/roles/lib/files/FWO.Api.Client/Data/ComplianceNetworkZone.cs b/roles/lib/files/FWO.Api.Client/Data/ComplianceNetworkZone.cs new file mode 100644 index 000000000..fe825434d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ComplianceNetworkZone.cs @@ -0,0 +1,181 @@ +using FWO.Api.Client; +using NetTools; +using Newtonsoft.Json; +using System.Net; +using System.Text.Json.Serialization; + +namespace FWO.Api.Data +{ + public class ComplianceNetworkZone + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } = -1; + + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + [JsonProperty("description"), JsonPropertyName("description")] + public string Description { get; set; } = ""; + + [JsonProperty("ip_ranges", ItemConverterType = typeof(IpAddressRangeJsonTypeConverter)), JsonPropertyName("ip_ranges")] + public IPAddressRange[] IPRanges { get; set; } = new IPAddressRange[0]; + + [JsonProperty("super_network_zone"), JsonPropertyName("super_network_zone")] + public ComplianceNetworkZone? Superzone { get; set; } = null; + + [JsonProperty("sub_network_zones"), JsonPropertyName("sub_network_zones")] + public ComplianceNetworkZone[] Subzones { get; set; } = new ComplianceNetworkZone[0]; + + [JsonProperty("network_zone_communication_sources", ItemConverterType = typeof(WrapperConverter), + ItemConverterParameters = new object[] { "from_network_zone" }), JsonPropertyName("network_zone_communication_sources")] + public ComplianceNetworkZone[] AllowedCommunicationSources { get; set; } = new ComplianceNetworkZone[0]; + + [JsonProperty("network_zone_communication_destinations", ItemConverterType = typeof(WrapperConverter), + ItemConverterParameters = new object[] { "to_network_zone" }), JsonPropertyName("network_zone_communication_destinations")] + public ComplianceNetworkZone[] AllowedCommunicationDestinations { get; set; } = new ComplianceNetworkZone[0]; + + + public bool CommunicationAllowedFrom(ComplianceNetworkZone from) + { + return AllowedCommunicationSources.Contains(from); + } + + public bool CommunicationAllowedTo(ComplianceNetworkZone to) + { + return AllowedCommunicationDestinations.Contains(to); + } + + public bool OverlapExists(List ipRanges, List> unseenIpRanges) + { + bool result = false; + + for (int i = 0; i < IPRanges.Length; i++) + { + for (int j = 0; j < ipRanges.Count; j++) + { + if (OverlapExists(IPRanges[i], ipRanges[j])) + { + result = true; + RemoveOverlap(unseenIpRanges[j], IPRanges[i]); + } + } + } + return result; + } + + /// + /// Checks if IP range a and b overlap. + /// + /// First IP range + /// Second IP range + /// True, if IP ranges overlap, false otherwise. + private bool OverlapExists(IPAddressRange a, IPAddressRange b) + { + return IpToUint(a.Begin) <= IpToUint(b.End) && IpToUint(b.Begin) <= IpToUint(a.End); + } + + private void RemoveOverlap(List ranges, IPAddressRange toRemove) + { + for (int i = 0; i < ranges.Count; i++) + { + if (OverlapExists(ranges[i], toRemove)) + { + if (IpToUint(toRemove.Begin) <= IpToUint(ranges[i].Begin) && IpToUint(toRemove.End) >= IpToUint(ranges[i].End)) + { + // Complete overlap, remove the entire range + ranges.RemoveAt(i); + i--; + } + else if (IpToUint(toRemove.Begin) <= IpToUint(ranges[i].Begin)) + { + // Overlap on the left side, update the start + ranges[i].Begin = UintToIp(IpToUint(toRemove.End) + 1); + } + else if (IpToUint(toRemove.End) >= IpToUint(ranges[i].End)) + { + // Overlap on the right side, update the end + ranges[i].End = UintToIp(IpToUint(toRemove.Begin) - 1); + } + else + { + // Overlap in the middle, split the range + // begin..remove.begin-1 + IPAddress end = ranges[i].End; + ranges[i].End = UintToIp(IpToUint(toRemove.Begin) - 1); + // remove.end+1..end + ranges.Insert(i, new IPAddressRange(UintToIp(IpToUint(toRemove.End) + 1), end)); + i++; + } + } + } + } + + private uint IpToUint(IPAddress ipAddress) + { + byte[] bytes = ipAddress.GetAddressBytes(); + + // flip big-endian(network order) to little-endian + if (BitConverter.IsLittleEndian) + { + Array.Reverse(bytes); + } + + return BitConverter.ToUInt32(bytes, 0); + } + + private IPAddress UintToIp(uint ipAddress) + { + byte[] bytes = BitConverter.GetBytes(ipAddress); + + // flip big-endian(network order) to little-endian + if (BitConverter.IsLittleEndian) + { + Array.Reverse(bytes); + } + + return new IPAddress(bytes); + } + + public object Clone() + { + IPAddressRange[] ipRangesClone = new IPAddressRange[IPRanges.Length]; + for (int i = 0; i < IPRanges.Length; i++) + { + ipRangesClone[i] = new IPAddressRange(IPRanges[i].Begin, IPRanges[i].End); + } + + return new ComplianceNetworkZone() + { + Id = Id, + Superzone = (ComplianceNetworkZone?)Superzone?.Clone(), + Name = Name, + Description = Description, + IPRanges = ipRangesClone, + Subzones = CloneArray(Subzones), + AllowedCommunicationSources = CloneArray(AllowedCommunicationSources), + AllowedCommunicationDestinations = CloneArray(AllowedCommunicationDestinations) + }; + } + + private static ComplianceNetworkZone[] CloneArray(ComplianceNetworkZone[] array) + { + ComplianceNetworkZone[] arrayClone = new ComplianceNetworkZone[array.Length]; + for (int i = 0; i < array.Length; i++) + { + arrayClone[i] = (ComplianceNetworkZone)array[i].Clone(); + } + return arrayClone; + } + + public override bool Equals(object? obj) + { + if (obj == null) return false; + return ((ComplianceNetworkZone)obj).Id == Id; + } + + public override int GetHashCode() + { + return HashCode.Combine(Id); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/Device.cs b/roles/lib/files/FWO.Api.Client/Data/Device.cs index 8205b7468..067fcfb83 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Device.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Device.cs @@ -35,15 +35,6 @@ public class Device [JsonProperty("comment"), JsonPropertyName("comment")] public string? Comment { get; set; } - [JsonProperty("rules"), JsonPropertyName("rules")] - public Rule[]? Rules { get; set; } - - [JsonProperty("changelog_rules"), JsonPropertyName("changelog_rules")] - public RuleChange[]? RuleChanges { get; set; } - - [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")] - public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics(); - public bool Selected { get; set; } = false; public bool Relevant { get; set; } public bool AwaitMgmt { get; set; } @@ -71,22 +62,6 @@ public Device(Device device) ActionId = device.ActionId; } - public void AssignRuleNumbers() - { - if (Rules != null) - { - int ruleNumber = 1; - - foreach (Rule rule in Rules) - { - if (string.IsNullOrEmpty(rule.SectionHeader)) // Not a section header - { - rule.DisplayOrderNumber = ruleNumber++; - } - } - } - } - public bool Sanitize() { bool shortened = false; @@ -97,51 +72,5 @@ public bool Sanitize() Comment = Sanitizer.SanitizeCommentOpt(Comment, ref shortened); return shortened; } - - public bool ContainsRules() - { - return (Rules != null && Rules.Count()>0); - } - } - - - public static class DeviceUtility - { - // adding rules fetched in slices - public static bool Merge(this Device[] devices, Device[] devicesToMerge) - { - bool newObjects = false; - - for (int i = 0; i < devices.Length && i < devicesToMerge.Length; i++) - { - if (devices[i].Id == devicesToMerge[i].Id) - { - try - { - if (devices[i].Rules != null && devicesToMerge[i].Rules != null && devicesToMerge[i].Rules?.Length > 0) - { - devices[i].Rules = devices[i].Rules?.Concat(devicesToMerge[i].Rules!).ToArray(); - newObjects = true; - } - if (devices[i].RuleChanges != null && devicesToMerge[i].RuleChanges != null && devicesToMerge[i].RuleChanges?.Length > 0) - { - devices[i].RuleChanges = devices[i].RuleChanges!.Concat(devicesToMerge[i].RuleChanges!).ToArray(); - newObjects = true; - } - if (devices[i].RuleStatistics != null && devicesToMerge[i].RuleStatistics != null) - devices[i].RuleStatistics.ObjectAggregate.ObjectCount += devicesToMerge[i].RuleStatistics.ObjectAggregate.ObjectCount; // correct ?? - } - catch (NullReferenceException) - { - throw new ArgumentNullException("Rules is null"); - } - } - else - { - throw new NotSupportedException("Devices have to be in the same order in oder to merge."); - } - } - return newObjects; - } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/DeviceFilter.cs b/roles/lib/files/FWO.Api.Client/Data/DeviceFilter.cs index de33eee3a..1d2412e12 100644 --- a/roles/lib/files/FWO.Api.Client/Data/DeviceFilter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/DeviceFilter.cs @@ -18,7 +18,27 @@ public class ManagementSelect public ElementReference? UiReference { get; set; } + public bool Visible { get; set; } = true; public bool Selected { get; set; } = false; + public bool Shared { get; set; } = true; + public ManagementSelect Clone() + { + List ClonedDevices = new(); + foreach(var dev in Devices) + { + ClonedDevices.Add(new DeviceSelect(dev)); + } + + return new ManagementSelect() + { + Id = Id, + Name = Name, + Devices = ClonedDevices, + UiReference = UiReference, + Visible = Visible, + Selected = Selected + }; + } } public class DeviceSelect @@ -29,7 +49,20 @@ public class DeviceSelect [JsonProperty("name"), JsonPropertyName("name")] public string? Name { get; set; } + public bool Visible { get; set; } = true; + public bool Selected { get; set; } = false; + public bool Shared { get; set; } = true; + public DeviceSelect() + {} + + public DeviceSelect(DeviceSelect dev) + { + Id = dev.Id; + Name = dev.Name; + Visible = dev.Visible; + Selected = dev.Selected; + } } public class DeviceFilter @@ -37,10 +70,24 @@ public class DeviceFilter [JsonProperty("management"), JsonPropertyName("management")] public List Managements { get; set; } = new List(); + [JsonProperty("visibleManagements"), JsonPropertyName("visibleManagements")] + public List VisibleManagements { get; set; } = new List(); + + [JsonProperty("visibleGateways"), JsonPropertyName("visibleGateways")] + public List VisibleGateways { get; set; } = new List(); public DeviceFilter() {} + public DeviceFilter(DeviceFilter devFilter) + { + Managements = new List(devFilter.Managements); + } + + public DeviceFilter(List mgmSelect) + { + Managements = new List(mgmSelect); + } public DeviceFilter(List devIds) { ManagementSelect dummyManagement = new ManagementSelect(); @@ -50,12 +97,35 @@ public DeviceFilter(List devIds) } Managements.Add(dummyManagement); } + public DeviceFilter(int[] devIds) + { + ManagementSelect dummyManagement = new ManagementSelect(); + foreach(int id in devIds) + { + dummyManagement.Devices.Add(new DeviceSelect(){Id = id}); + } + Managements.Add(dummyManagement); + } + + public DeviceFilter Clone() + { + List ClonedManagements = new(); + foreach(var mgt in Managements) + { + ClonedManagements.Add(mgt.Clone()); + } + + return new DeviceFilter() + { + Managements = ClonedManagements + }; + } public bool areAllDevicesSelected() { foreach (ManagementSelect management in Managements) foreach (DeviceSelect device in management.Devices) - if (!device.Selected) + if (!device.Selected && device.Visible) return false; return true; } @@ -73,10 +143,12 @@ public void applyFullDeviceSelection(bool selectAll) { foreach (ManagementSelect management in Managements) { - management.Selected = selectAll; + // only select visible managements + management.Selected = selectAll && management.Visible; foreach (DeviceSelect device in management.Devices) { - device.Selected = selectAll; + // only select visible devices + device.Selected = selectAll && device.Visible; } } } @@ -148,7 +220,11 @@ public void SynchronizeDevFilter(DeviceFilter incomingDevFilter) DeviceSelect? incomingDev = incomingMgt.Devices.Find(x => x.Id == device.Id); if (incomingDev != null) { - device.Selected = incomingDev.Selected; + // the next line could be the problem as it changes an object: + if (device.Visible) + { + device.Selected = incomingDev.Selected; + } } } } @@ -161,7 +237,9 @@ public void SynchronizeMgmtFilter() foreach (ManagementSelect management in Managements) { int selectedDevicesCount = management.Devices.Where(d => d.Selected).Count(); - management.Selected = management.Devices.Count > 0 && selectedDevicesCount == management.Devices.Count; + int visibleDevicesCount = management.Devices.Where(d => d.Visible).Count(); + // Management is selected if all visible devices are selected + management.Selected = management.Devices.Count > 0 && selectedDevicesCount == visibleDevicesCount; } } @@ -170,10 +248,16 @@ public int NumberMgmtDev() int counter = 0; foreach (ManagementSelect management in Managements) { - counter ++; - foreach (DeviceSelect device in management.Devices) + if (management.Visible) { - counter ++; + counter++; + foreach (DeviceSelect device in management.Devices) + { + if (device.Visible) + { + counter++; + } + } } } return counter; diff --git a/roles/lib/files/FWO.Api.Client/Data/DeviceType.cs b/roles/lib/files/FWO.Api.Client/Data/DeviceType.cs index 3f29d0d6c..9045928d7 100644 --- a/roles/lib/files/FWO.Api.Client/Data/DeviceType.cs +++ b/roles/lib/files/FWO.Api.Client/Data/DeviceType.cs @@ -5,8 +5,6 @@ using Newtonsoft.Json; namespace FWO.Api.Data { - [Newtonsoft.Json.JsonConverter(typeof(NoTypeConverterJsonConverter))] - [TypeConverter(typeof(JsonStringConverter))] public class DeviceType { [JsonProperty("id"), JsonPropertyName("id")] @@ -22,15 +20,12 @@ public class DeviceType public string Manufacturer { get; set; } = ""; [JsonProperty("isPureRoutingDevice"), JsonPropertyName("isPureRoutingDevice")] - public Boolean IsPureRoutingDevice { get; set; } + public bool IsPureRoutingDevice { get; set; } [JsonProperty("isManagement"), JsonPropertyName("isManagement")] - public Boolean IsManagement { get; set; } + public bool IsManagement { get; set; } - // [JsonProperty("predefinedObjects"), JsonPropertyName("predefinedObjects")] - // public ??? PredefinedObjects { get; set; } - - public static List LegacyDevTypeList = new List + private static List LegacyDevTypeList = new List { 2, // Netscreen 5.x-6.x 4, // FortiGateStandalone 5ff @@ -40,13 +35,13 @@ public class DeviceType 8 // JUNOS 10-21 }; - public static Dictionary SupermanagerMap = new Dictionary + private static Dictionary SupermanagerMap = new Dictionary { // Mgmt -> Supermgmt { 11, 12 }, // FortiADOM 5ff -> FortiManager 5ff { 9, 13 } // Check Point R8x -> Check Point MDS R8x }; - public static Dictionary SupermanagerGatewayMap = new Dictionary + private static Dictionary SupermanagerGatewayMap = new Dictionary { // Supermgmt -> Gateway { 12, 10}, // FortiManager 5ff-> FortiGate 5ff @@ -55,16 +50,17 @@ public class DeviceType { 14, 16} // Cisco Firepower }; - public static List CheckPointManagers = new List + private static List CheckPointManagers = new List { 13, 9 // Check Point MDS R8x and Check Point R8x }; - public static List FortiManagers = new List + private static List FortiManagers = new List { 12 // FortiManager 5ff }; + public DeviceType() {} @@ -110,8 +106,13 @@ public bool CanBeSupermanager() public bool CanBeAutodiscovered(Management mgmt) { - return SupermanagerMap.Values.Contains(Id) || (CheckPointManagers.Contains(Id) && mgmt.SuperManagerId==null); + return !IsUri(mgmt.Hostname) && (SupermanagerMap.Values.Contains(Id) || (CheckPointManagers.Contains(Id) && mgmt.SuperManagerId==null)); } + private static bool IsUri(string hostname) + { + return hostname.StartsWith("https://") || hostname.StartsWith("http://") || hostname.StartsWith("file://"); + } + public int GetSupermanagerId() { diff --git a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs new file mode 100644 index 000000000..0c625782e --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs @@ -0,0 +1,211 @@ +using System.Text; +using NetTools; +using FWO.Logging; +using System.Net; +using FWO.GlobalConstants; + +namespace FWO.Api.Data +{ + public static class DisplayBase + { + public static StringBuilder DisplayService(NetworkService service, bool isTechReport, string? serviceName = null) + { + StringBuilder result = new (); + string ports = service.DestinationPortEnd == null || service.DestinationPortEnd == 0 || service.DestinationPort == service.DestinationPortEnd ? + $"{service.DestinationPort}" : $"{service.DestinationPort}-{service.DestinationPortEnd}"; + if (isTechReport) + { + if (service.DestinationPort == null) + { + if (service.Protocol?.Name != null) + { + result.Append($"{service.Protocol?.Name}"); + } + else + { + result.Append($"{service.Name}"); + } + } + else + { + result.Append($"{ports}/{service.Protocol?.Name}"); + } + } + else + { + result.Append($"{serviceName ?? service.Name}"); + if (service.DestinationPort != null) + { + result.Append($" ({ports}/{service.Protocol?.Name})"); + } + else if (service.Protocol?.Name != null) + { + result.Append($" ({service.Protocol?.Name})"); + } + } + return result; + } + + public static string DisplayIpWithName(NetworkObject elem) + { + if(elem.Name != null && elem.Name != "") + { + return elem.Name + DisplayIp(elem.IP, elem.IpEnd, true); + } + return DisplayIp(elem.IP, elem.IpEnd); + } + + public static string DisplayIp(string ip1, string ip2, bool inBrackets = false) + { + try + { + if (ip2 == "") + { + ip2 = ip1; + } + string nwObjType = AutoDetectType(ip1, ip2); + return DisplayIp(ip1, ip2, nwObjType, inBrackets); + } + catch(Exception exc) + { + Log.WriteError("Ip displaying", $"Exception thrown: {exc.Message}"); + return ""; + } + } + + public static string DisplayIp(string ip1, string ip2, string nwObjType, bool inBrackets = false) + { + string result = ""; + if (nwObjType != ObjectType.Group) + { + if (!IsV4Address(ip1) && !IsV6Address(ip1)) + { + Log.WriteError("Ip displaying", $"Found undefined IP family: {ip1} - {ip2}"); + } + else if (IsV4Address(ip1) == IsV6Address(ip2)) + { + Log.WriteError("Ip displaying", $"Found mixed IP family: {ip1} - {ip2}"); + } + else + { + if (ip2 == "") + { + ip2 = ip1; + } + string IpStart = StripOffUnnecessaryNetmask(ip1); + string IpEnd = StripOffUnnecessaryNetmask(ip2); + + try + { + result = inBrackets ? " (" : ""; + if (nwObjType == ObjectType.Network) + { + if(GetNetmask(IpStart) == "") + { + IPAddressRange ipRange = new (IPAddress.Parse(IpStart), IPAddress.Parse(IpEnd)); + if (ipRange != null) + { + result += ipRange.ToCidrString(); + } + } + else + { + result += IpStart; + } + } + else + { + result += IpStart; + if (nwObjType == ObjectType.IPRange) + { + result += $"-{IpEnd}"; + } + } + result += inBrackets ? ")" : ""; + } + catch (Exception exc) + { + Log.WriteError("Ip displaying", $"Wrong ip format {IpStart} - {IpEnd}\nMessage: {exc.Message}"); + } + } + } + return result; + } + + public static string GetNetmask(string ip) + { + int pos = ip.LastIndexOf("/"); + if (pos > -1 && ip.Length > pos + 1) + { + return ip[(pos + 1)..]; + } + return ""; + } + + private static string StripOffNetmask(string ip) + { + int pos = ip.LastIndexOf("/"); + if (pos > -1 && ip.Length > pos + 1) + { + return ip[..pos]; + } + return ip; + } + + private static string StripOffUnnecessaryNetmask(string ip) + { + string netmask = GetNetmask(ip); + if (IsV4Address(ip) && netmask == "32" || IsV6Address(ip) && netmask == "128") + { + return StripOffNetmask(ip); + } + return ip; + } + + private static bool SpanSingleNetwork(string ipInStart, string ipInEnd) + { + // IPAddressRange range = IPAddressRange.Parse(IPAddress.Parse(ipInStart), IPAddress.Parse(ipInEnd)); + + IPAddressRange range = IPAddressRange.Parse(StripOffNetmask(ipInStart) + "-" + StripOffNetmask(ipInEnd)); + try + { + range.ToCidrString(); + } + catch (Exception) + { + return false; + } + return true; + } + + public static string AutoDetectType(string ip1, string ip2) + { + ip1 = StripOffUnnecessaryNetmask(ip1); + ip2 = StripOffUnnecessaryNetmask(ip2); + if (ip1 == ip2) + { + string netmask = GetNetmask(ip1); + if(netmask != "") + { + return ObjectType.Network; + } + return ObjectType.Host; + } + if (SpanSingleNetwork(ip1, ip2)) + { + return ObjectType.Network; + } + return ObjectType.IPRange; + } + + private static bool IsV6Address(string ip) + { + return ip.Contains(':'); + } + + private static bool IsV4Address(string ip) + { + return ip.Contains('.'); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/DistName.cs b/roles/lib/files/FWO.Api.Client/Data/DistName.cs index 4239feb4f..3851ae9de 100644 --- a/roles/lib/files/FWO.Api.Client/Data/DistName.cs +++ b/roles/lib/files/FWO.Api.Client/Data/DistName.cs @@ -1,103 +1,106 @@ +using FWO.GlobalConstants; + namespace FWO.Api.Data { - public class DistName - { - public string UserName { get; set; } - public string Role { get; set; } - public string Group { get; set; } - public List Root { get; set; } - public List Path { get; set; } + public class DistName + { + public string UserName { get; set; } + public string Role { get; set; } + public string Group { get; set; } + public List Root { get; set; } + public List Path { get; set; } + + public DistName(string? dn) + { + //Regex r = new Regex("(?:^|,\\s?)(?:(?[A-Z]+)=(?\"(?:[^\"]| \"\")+\"|(?:\\,|[^,])+))+"); + //GroupCollection groups = r.Match(dn ?? "").Groups; + //foreach (string group in r.GetGroupNames()) + //{ + // groups[group]; + //} - public DistName(string? dn) - { - //Regex r = new Regex("(?:^|,\\s?)(?:(?[A-Z]+)=(?\"(?:[^\"]| \"\")+\"|(?:\\,|[^,])+))+"); - //GroupCollection groups = r.Match(dn ?? "").Groups; - //foreach (string group in r.GetGroupNames()) - //{ - // groups[group]; - //} + UserName = ""; + Role = ""; + Group = ""; + Root = []; + Path = []; + bool lastValue = false; + if (dn != null) + { + while (lastValue == false) + { + int IndexPrefixDelim = dn.IndexOf("="); + if(IndexPrefixDelim > 0) + { + string Name = dn.Substring(0, IndexPrefixDelim); + string Value; + dn = dn.Substring (IndexPrefixDelim + 1); + int IndexValueDelim = dn.IndexOf(","); + if(IndexValueDelim > 0) + { + Value = dn.Substring(0, IndexValueDelim); + dn = dn.Substring (IndexValueDelim + 1); + } + else + { + Value = dn; + lastValue = true; + } + switch (Name.ToLower()) + { + case "uid": + case "samaccountname": + case "userprincipalname": + case "mail": + UserName = Value; + break; + case "cn": + if(UserName == "") + { + // the first one may be the user if not delivered as uid or a role or a group + UserName = Value; + Role = Value; + Group = Value; + } + else + { + // following ones belong to the path + Path.Add(Value); + } + break; + case "ou": + case "o": + case "l": + case "st": + case "street": + Path.Add(Value); + break; + case "dc": + case "c": + Root.Add(Value); + Path.Add(Value); + break; + default: + break; + } + } + else + { + lastValue = true; + } + } + } + } - UserName = ""; - Role = ""; - Group = ""; - Root = new List(); - Path = new List(); - bool lastValue = false; - if (dn != null) - { - while (lastValue == false) - { - int IndexPrefixDelim = dn.IndexOf("="); - if(IndexPrefixDelim > 0) - { - string Name = dn.Substring(0, IndexPrefixDelim); - string Value; - dn = dn.Substring (IndexPrefixDelim + 1); - int IndexValueDelim = dn.IndexOf(","); - if(IndexValueDelim > 0) - { - Value = dn.Substring(0, IndexValueDelim); - dn = dn.Substring (IndexValueDelim + 1); - } - else - { - Value = dn; - lastValue = true; - } - switch (Name.ToLower()) - { - case "uid": - case "samaccountname": - case "userprincipalname": - case "mail": - UserName = Value; - break; - case "cn": - if(UserName == "") - { - // the first one may be the user if not delivered as uid or a role or a group - UserName = Value; - Role = Value; - Group = Value; - } - else - { - // following ones belong to the path - Path.Add(Value); - } - break; - case "ou": - case "o": - case "l": - case "st": - case "street": - Path.Add(Value); - break; - case "dc": - case "c": - Root.Add(Value); - Path.Add(Value); - break; - default: - break; - } - } - else - { - lastValue = true; - } - } - } - } + public bool IsInternal() + { + return Root.Contains(GlobalConst.kFwoProdName) && Root.Contains("internal"); + } - public bool IsInternal() - { - return Root.Contains("fworch") && Root.Contains("internal"); - } + public string GetTenantNameViaLdapTenantLevel (int tenantLevel = 1) + { + return (tenantLevel > 0 && Path.Count >= tenantLevel) ? Path[Path.Count - tenantLevel] : ""; + } - public string getTenant (int tenantLevel = 1) - { - return (tenantLevel > 0 && Path.Count >= tenantLevel) ? Path[Path.Count - tenantLevel] : ""; - } - } + } } diff --git a/roles/lib/files/FWO.Api.Client/Data/FileFormat.cs b/roles/lib/files/FWO.Api.Client/Data/FileFormat.cs index 641ceeacf..ff36d8adc 100644 --- a/roles/lib/files/FWO.Api.Client/Data/FileFormat.cs +++ b/roles/lib/files/FWO.Api.Client/Data/FileFormat.cs @@ -32,5 +32,9 @@ public static void AddOrRemove(this List fileFormats, string name) fileFormats.Add(new FileFormat { Name = name }); } } + public static void Remove(this List fileFormats, string name) + { + fileFormats.RemoveAll(fileFormat => fileFormat.Name == name); + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/FwoOwner.cs b/roles/lib/files/FWO.Api.Client/Data/FwoOwner.cs index 5718af9b8..2c1bb98a9 100644 --- a/roles/lib/files/FWO.Api.Client/Data/FwoOwner.cs +++ b/roles/lib/files/FWO.Api.Client/Data/FwoOwner.cs @@ -8,7 +8,26 @@ public class FwoOwner : FwoOwnerBase [JsonProperty("id"), JsonPropertyName("id")] public int Id { get; set; } - public List NwObjElements { get; set; } = new List(); + [JsonProperty("last_recert_check"), JsonPropertyName("last_recert_check")] + public DateTime? LastRecertCheck { get; set; } + + [JsonProperty("recert_check_params"), JsonPropertyName("recert_check_params")] + public string? RecertCheckParamString { get; set; } + + [JsonProperty("criticality"), JsonPropertyName("criticality")] + public string? Criticality { get; set; } + + [JsonProperty("active"), JsonPropertyName("active")] + public bool Active { get; set; } = true; + + [JsonProperty("import_source"), JsonPropertyName("import_source")] + public string? ImportSource { get; set; } + + [JsonProperty("common_service_possible"), JsonPropertyName("common_service_possible")] + public bool CommSvcPossible { get; set; } = false; + + [JsonProperty("connections_aggregate"), JsonPropertyName("connections_aggregate")] + public Client.AggregateCount ConnectionCount { get; set; } = new(); public FwoOwner() @@ -17,7 +36,26 @@ public FwoOwner() public FwoOwner(FwoOwner owner) : base(owner) { Id = owner.Id; - NwObjElements = owner.NwObjElements; + LastRecertCheck = owner.LastRecertCheck; + RecertCheckParamString = owner.RecertCheckParamString; + Criticality = owner.Criticality; + Active = owner.Active; + ImportSource = owner.ImportSource; + CommSvcPossible = owner.CommSvcPossible; + ConnectionCount = owner.ConnectionCount; + } + + public string Display(string comSvcTxt) + { + return Name + " (" + ExtAppId + (CommSvcPossible? $", {comSvcTxt}" : "") + ")"; + } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + Criticality = Sanitizer.SanitizeOpt(Criticality, ref shortened); + ImportSource = Sanitizer.SanitizeCommentOpt(ImportSource, ref shortened); + return shortened; } } diff --git a/roles/lib/files/FWO.Api.Client/Data/FwoOwnerBase.cs b/roles/lib/files/FWO.Api.Client/Data/FwoOwnerBase.cs index 63801994e..a5b85737a 100644 --- a/roles/lib/files/FWO.Api.Client/Data/FwoOwnerBase.cs +++ b/roles/lib/files/FWO.Api.Client/Data/FwoOwnerBase.cs @@ -3,6 +3,12 @@ namespace FWO.Api.Data { + public enum RuleOwnershipMode + { + mixed, + exclusive + } + public class FwoOwnerBase { [JsonProperty("name"), JsonPropertyName("name")] @@ -23,9 +29,6 @@ public class FwoOwnerBase [JsonProperty("recert_interval"), JsonPropertyName("recert_interval")] public int? RecertInterval { get; set; } - [JsonProperty("next_recert_date"), JsonPropertyName("next_recert_date")] - public DateTime? NextRecertDate { get; set; } - [JsonProperty("app_id_external"), JsonPropertyName("app_id_external")] public string ExtAppId { get; set; } = ""; @@ -41,10 +44,14 @@ public FwoOwnerBase(FwoOwnerBase owner) IsDefault = owner.IsDefault; TenantId = owner.TenantId; RecertInterval = owner.RecertInterval; - NextRecertDate = owner.NextRecertDate; ExtAppId = owner.ExtAppId; } + public virtual string Display() + { + return Name + " (" + ExtAppId + ")"; + } + public virtual bool Sanitize() { bool shortened = false; diff --git a/roles/lib/files/FWO.Api.Client/Data/Icons.cs b/roles/lib/files/FWO.Api.Client/Data/Icons.cs new file mode 100644 index 000000000..fe2cfc980 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/Icons.cs @@ -0,0 +1,106 @@ +namespace FWO.Api.Data +{ + public struct Icons + { + // General + public const string Locked = "oi oi-lock-locked"; + public const string Type = "oi oi-list"; + public const string Example = "oi oi-eye"; + public const string Requirement = "oi oi-eye"; + public const string Security = "oi oi-shield"; + public const string FurtherReading = "oi oi-external-link"; + + // Actions + public const string Add = "oi oi-plus"; + public const string Edit = "oi oi-wrench"; + public const string Delete = "oi oi-trash"; + public const string Search = "oi oi-magnifying-glass"; + public const string Display = "oi oi-eye"; + public const string Use = "oi oi-arrow-thick-right"; + public const string Unuse = "oi oi-arrow-thick-left"; + public const string Close = "oi oi-x"; + public const string Login = "oi oi-account-login"; + public const string Logout = "oi oi-account-logout"; + public const string Check = "oi oi-check"; + public const string Swap = "oi oi-loop-circular"; + public const string CollapseUp = "oi oi-collapse-up"; + public const string CollapseDown = "oi oi-collapse-down"; + public const string CollapseLeft = "oi oi-collapse-left"; + public const string CollapseRight = "oi oi-collapse-right"; + + // Object types: General + public const string Ldap = "oi oi-key"; + public const string Management = "oi oi-inbox"; + public const string Gateway = "oi oi-shield"; + public const string Credential = "oi oi-key"; + public const string Role = "oi oi-tags"; + public const string Tenant = "oi oi-command"; + public const string Owner = "oi oi-flag"; + public const string Email = "oi oi-envelope-closed"; + + // Object types: Reporting + public const string UserGroup = "oi oi-people"; + public const string ObjGroup = "oi oi-list-rich"; + public const string Host = "oi oi-laptop"; + public const string Network = "oi oi-rss"; + public const string Range = "oi oi-resize-width"; + public const string NwObject = "oi oi-laptop"; + public const string Service = "oi oi-wrench"; + public const string User = "oi oi-person"; + + // Object types: Modelling + public const string ModObject = "oi oi-tag"; + public const string ServiceGroup = "oi oi-list-rich"; + public const string AppRole = "oi oi-list-rich"; + public const string NwGroup = "oi oi-folder"; + public const string Connection = "oi oi-transfer"; + public const string Interface = "oi oi-target"; + + // Modules + public const string Reporting = "oi oi-spreadsheet"; + public const string Workflow = "oi oi-project"; //"oi oi-data-transfer-download"; //"oi oi-comment-square"; + public const string Recertification = "oi oi-badge"; + public const string Modelling = "oi oi-puzzle-piece"; + public const string NetworkAnalysis = "oi oi-spreadsheet"; + public const string Compliance = "oi oi-dashboard"; + public const string Monitoring = "oi oi-monitor"; + public const string Settings = "oi oi-cog"; + public const string Help = "oi oi-info"; + public const string Api = "oi oi-eye"; + + // Reporting + public const string Template = "oi oi-document"; + public const string Schedule = "oi oi-timer"; + public const string Archive = "oi oi-hard-drive"; + public const string Export = "oi oi-arrow-thick-right"; + public const string Output = "oi oi-share"; + public const string Filter = "oi oi-eye"; + + // Workflow + public const string Tickets = "oi oi-layers"; + public const string Approval = "oi oi-check"; + public const string Planning = "oi oi-project"; + public const string Implementation = "oi oi-task"; + public const string Review = "oi oi-check"; + public const string State = "oi oi-tag"; + public const string Matrix = "oi oi-grid-four-up"; + public const string Action = "oi oi-arrow-right"; + public const string Phase = "oi oi-loop-square"; + public const string Assign = "oi oi-arrow-thick-right"; // "oi-arrow-circle-right" ? + + // Monitoring + public const string Alarm = "oi oi-bell"; + public const string Import = "oi oi-data-transfer-download"; + public const string UiMessages = "oi oi-monitor"; + + // Settings + public const string Policy = "oi oi-document"; + public const string Text = "oi oi-text"; + public const string Language = "oi oi-comment-square"; + + // Api + public const string RestDoku = "oi oi-command"; + public const string GraphQL = "oi oi-inbox"; + public const string Hasura = "oi oi-shield"; + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ImpChangeNotificationType.cs b/roles/lib/files/FWO.Api.Client/Data/ImpChangeNotificationType.cs new file mode 100644 index 000000000..faf5be7ce --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ImpChangeNotificationType.cs @@ -0,0 +1,13 @@ + +namespace FWO.Api.Data +{ + public enum ImpChangeNotificationType + { + SimpleText = 0, + HtmlInBody = 1, + PdfAsAttachment = 10, + HtmlAsAttachment = 11, + // CsvAsAttachment = 12, // Currently not implemented + JsonAsAttachment = 13 + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ImportCredential.cs b/roles/lib/files/FWO.Api.Client/Data/ImportCredential.cs index a31915e9b..322d42458 100644 --- a/roles/lib/files/FWO.Api.Client/Data/ImportCredential.cs +++ b/roles/lib/files/FWO.Api.Client/Data/ImportCredential.cs @@ -54,7 +54,6 @@ public bool Sanitize() Name = Sanitizer.SanitizeMand(Name, ref shortened); ImportUser = Sanitizer.SanitizeOpt(ImportUser, ref shortened); PublicKey = Sanitizer.SanitizeKeyOpt(PublicKey, ref shortened); - // Secret = (DevType.IsLegacyDevType() ? Sanitizer.SanitizeKeyMand(Secret, ref shortened) : Sanitizer.SanitizePasswMand(Secret, ref shortened)); Secret = Sanitizer.SanitizeKeyMand(Secret, ref shortened); CloudClientId = Sanitizer.SanitizeOpt(CloudClientId, ref shortened); CloudClientSecret = Sanitizer.SanitizeKeyOpt(CloudClientSecret, ref shortened); diff --git a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs index 61c28061e..93271eda3 100644 --- a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs +++ b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs @@ -1,6 +1,9 @@ using System.Text.Json.Serialization; using Newtonsoft.Json; +using System.Reflection.Metadata.Ecma335; + using FWO.Middleware.RequestParameters; +using FWO.Encryption; namespace FWO.Api.Data { @@ -90,27 +93,27 @@ public LdapConnectionBase(LdapGetUpdateParameters ldapGetUpdateParameters) public string Host() { - return (Address != "" ? Address + ":" + Port : ""); + return Address != "" ? Address + ":" + Port : ""; } public bool IsWritable() { - return (WriteUser != null && WriteUser != ""); + return WriteUser != null && WriteUser != ""; } public bool HasGroupHandling() { - return (GroupSearchPath != null && GroupSearchPath != ""); + return GroupSearchPath != null && GroupSearchPath != ""; } public bool HasRoleHandling() { - return (RoleSearchPath != null && RoleSearchPath != ""); + return RoleSearchPath != null && RoleSearchPath != ""; } public bool IsInternal() { - return ((new DistName(UserSearchPath)).IsInternal()); + return new DistName(UserSearchPath).IsInternal(); } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/Management.cs b/roles/lib/files/FWO.Api.Client/Data/Management.cs index 6abab9c68..25454925b 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Management.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Management.cs @@ -15,19 +15,19 @@ public class Management public string Hostname { get; set; } = ""; [JsonProperty("import_credential"), JsonPropertyName("import_credential")] - public ImportCredential ImportCredential { get; set; } + public ImportCredential ImportCredential { get; set; } = new ImportCredential(); [JsonProperty("configPath"), JsonPropertyName("configPath")] - public string ConfigPath { get; set; } = ""; + public string? ConfigPath { get; set; } = ""; [JsonProperty("domainUid"), JsonPropertyName("domainUid")] - public string DomainUid { get; set; } = ""; + public string? DomainUid { get; set; } = ""; [JsonProperty("cloudSubscriptionId"), JsonPropertyName("cloudSubscriptionId")] - public string CloudSubscriptionId { get; set; } = ""; + public string? CloudSubscriptionId { get; set; } = ""; [JsonProperty("cloudTenantId"), JsonPropertyName("cloudTenantId")] - public string CloudTenantId { get; set; } = ""; + public string? CloudTenantId { get; set; } = ""; [JsonProperty("superManager"), JsonPropertyName("superManager")] public int? SuperManagerId { get; set; } @@ -53,30 +53,9 @@ public class Management [JsonProperty("debugLevel"), JsonPropertyName("debugLevel")] public int? DebugLevel { get; set; } - [JsonProperty("tenant_id"), JsonPropertyName("tenant_id")] - public int TenantId { get; set; } - [JsonProperty("devices"), JsonPropertyName("devices")] public Device[] Devices { get; set; } = new Device[]{}; - [JsonProperty("networkObjects"), JsonPropertyName("networkObjects")] - public NetworkObject[] Objects { get; set; } = new NetworkObject[]{}; - - [JsonProperty("serviceObjects"), JsonPropertyName("serviceObjects")] - public NetworkService[] Services { get; set; } = new NetworkService[]{}; - - [JsonProperty("userObjects"), JsonPropertyName("userObjects")] - public NetworkUser[] Users { get; set; } = new NetworkUser[]{}; - - [JsonProperty("reportNetworkObjects"), JsonPropertyName("reportNetworkObjects")] - public NetworkObject[] ReportObjects { get; set; } = new NetworkObject[]{}; - - [JsonProperty("reportServiceObjects"), JsonPropertyName("reportServiceObjects")] - public NetworkService[] ReportServices { get; set; } = new NetworkService[]{}; - - [JsonProperty("reportUserObjects"), JsonPropertyName("reportUserObjects")] - public NetworkUser[] ReportUsers { get; set; } = new NetworkUser[]{}; - [JsonProperty("deviceType"), JsonPropertyName("deviceType")] public DeviceType DeviceType { get; set; } = new DeviceType(); @@ -89,26 +68,9 @@ public class Management public bool Delete { get; set; } public long ActionId { get; set; } - //[JsonProperty("rule_id"), JsonPropertyName("rule_id")] - public List ReportedRuleIds { get; set; } = new List(); - public List ReportedNetworkServiceIds { get; set; } = new List(); - - [JsonProperty("objects_aggregate"), JsonPropertyName("objects_aggregate")] - public ObjectStatistics NetworkObjectStatistics { get; set; } = new ObjectStatistics(); - - [JsonProperty("services_aggregate"), JsonPropertyName("services_aggregate")] - public ObjectStatistics ServiceObjectStatistics { get; set; } = new ObjectStatistics(); - - [JsonProperty("usrs_aggregate"), JsonPropertyName("usrs_aggregate")] - public ObjectStatistics UserObjectStatistics { get; set; } = new ObjectStatistics(); - - [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")] - public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics(); public Management() - { - // ImportCredential= new ImportCredential(); - } + {} public Management(Management management) { @@ -123,6 +85,7 @@ public Management(Management management) DomainUid = management.DomainUid; CloudSubscriptionId = management.CloudSubscriptionId; CloudTenantId = management.CloudTenantId; + SuperManagerId = management.SuperManagerId; ImporterHostname = management.ImporterHostname; Port = management.Port; ImportDisabled = management.ImportDisabled; @@ -130,30 +93,20 @@ public Management(Management management) HideInUi = management.HideInUi; Comment = management.Comment; DebugLevel = management.DebugLevel; - TenantId = management.TenantId; Devices = management.Devices; - Objects = management.Objects; - Services = management.Services; - Users = management.Users; - ReportObjects = management.ReportObjects; - ReportServices = management.ReportServices; - ReportUsers = management.ReportUsers; - DeviceType = management.DeviceType; + if (management.DeviceType != null) + DeviceType = new DeviceType(management.DeviceType); Import = management.Import; - Ignore = management.Ignore; - AwaitDevice = management.AwaitDevice; - Delete = management.Delete; - ActionId = management.ActionId; - ReportedRuleIds = management.ReportedRuleIds; - SuperManagerId = management.SuperManagerId; - ReportedNetworkServiceIds = management.ReportedNetworkServiceIds; if (management.Import != null && management.Import.ImportAggregate != null && management.Import.ImportAggregate.ImportAggregateMax != null && management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId != null) + { RelevantImportId = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId; - - if (management.DeviceType != null) - DeviceType = new DeviceType(management.DeviceType); + } + Ignore = management.Ignore; + AwaitDevice = management.AwaitDevice; + Delete = management.Delete; + ActionId = management.ActionId; } public string Host() @@ -161,21 +114,12 @@ public string Host() return Hostname + ":" + Port; } - public void AssignRuleNumbers() - { - foreach (Device device in Devices) - { - device.AssignRuleNumbers(); - } - } - - public bool Sanitize() + public virtual bool Sanitize() { bool shortened = false; - shortened = ImportCredential.Sanitize(); Name = Sanitizer.SanitizeMand(Name, ref shortened); Hostname = Sanitizer.SanitizeMand(Hostname, ref shortened); - ConfigPath = Sanitizer.SanitizeMand(ConfigPath, ref shortened); + ConfigPath = Sanitizer.SanitizeOpt(ConfigPath, ref shortened); DomainUid = Sanitizer.SanitizeOpt(DomainUid, ref shortened); ImporterHostname = Sanitizer.SanitizeMand(ImporterHostname, ref shortened); Comment = Sanitizer.SanitizeCommentOpt(Comment, ref shortened); @@ -184,84 +128,4 @@ public bool Sanitize() return shortened; } } - - public static class ManagementUtility - { - public static bool Merge(this Management[] managements, Management[] managementsToMerge) - { - bool newObjects = false; - - for (int i = 0; i < managementsToMerge.Length; i++) - newObjects |= managements[i].Merge(managementsToMerge[i]); - - return newObjects; - } - - public static bool Merge(this Management management, Management managementToMerge) - { - bool newObjects = false; - - if (management.Objects != null && managementToMerge.Objects != null && managementToMerge.Objects.Length > 0) - { - management.Objects = management.Objects.Concat(managementToMerge.Objects).ToArray(); - newObjects = true; - } - - if (management.Services != null && managementToMerge.Services != null && managementToMerge.Services.Length > 0) - { - management.Services = management.Services.Concat(managementToMerge.Services).ToArray(); - newObjects = true; - } - - if (management.Users != null && managementToMerge.Users != null && managementToMerge.Users.Length > 0) - { - management.Users = management.Users.Concat(managementToMerge.Users).ToArray(); - newObjects = true; - } - - if (management.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0) - { - // important: if any management still returns rules, newObjects is set to true - if (management.Devices.Merge(managementToMerge.Devices) == true) - newObjects = true; - } - return newObjects; - } - - public static bool MergeReportObjects(this Management management, Management managementToMerge) - { - bool newObjects = false; - - if (management.ReportObjects != null && managementToMerge.ReportObjects != null && managementToMerge.ReportObjects.Length > 0) - { - management.ReportObjects = management.ReportObjects.Concat(managementToMerge.ReportObjects).ToArray(); - newObjects = true; - } - - if (management.ReportServices != null && managementToMerge.ReportServices != null && managementToMerge.ReportServices.Length > 0) - { - management.ReportServices = management.ReportServices.Concat(managementToMerge.ReportServices).ToArray(); - newObjects = true; - } - - if (management.ReportUsers != null && managementToMerge.ReportUsers != null && managementToMerge.ReportUsers.Length > 0) - { - management.ReportUsers = management.ReportUsers.Concat(managementToMerge.ReportUsers).ToArray(); - newObjects = true; - } - - if (management.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0) - { - // important: if any management still returns rules, newObjects is set to true - if (management.Devices.Merge(managementToMerge.Devices) == true) - newObjects = true; - } - return newObjects; - } - - public static string NameAndDeviceNames(this Management management) - { - return $"{management.Name} [{string.Join(", ", Array.ConvertAll(management.Devices, device => device.Name))}]"; - } - } } diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs new file mode 100644 index 000000000..97fffb9f6 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs @@ -0,0 +1,94 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; +using FWO.GlobalConstants; + +namespace FWO.Api.Data +{ + public class ModellingAppRole : ModellingNwGroup + { + [JsonProperty("comment"), JsonPropertyName("comment")] + public string? Comment { get; set; } + + [JsonProperty("creator"), JsonPropertyName("creator")] + public string? Creator { get; set; } + + [JsonProperty("creation_date"), JsonPropertyName("creation_date")] + public DateTime? CreationDate { get; set; } + + [JsonProperty("nwobjects"), JsonPropertyName("nwobjects")] + public List AppServers { get; set; } = new(); + + public ModellingNetworkArea? Area { get; set; } = new(); + + + public ModellingAppRole() + {} + + public ModellingAppRole(ModellingAppRole appRole) : base(appRole) + { + Comment = appRole.Comment; + Creator = appRole.Creator; + CreationDate = appRole.CreationDate; + AppServers = appRole.AppServers; + Area = appRole.Area; + } + + public ModellingNwGroup ToBase() + { + return new ModellingNwGroup() + { + Id = Id, + Number = Number, + GroupType = GroupType, + IdString = IdString, + Name = Name, + AppId = AppId, + IsDeleted = IsDeleted + }; + } + + public override string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public override NetworkObject ToNetworkObjectGroup() + { + Group[] objectGroups = ModellingAppRoleWrapper.ResolveAppServersAsNetworkObjectGroup(AppServers ?? new List()); + return new() + { + Id = Id, + Number = Number, + Name = Name ?? "", + Comment = Comment ?? "", + Type = new NetworkObjectType(){ Name = ObjectType.Group }, + ObjectGroups = objectGroups, + MemberNames = string.Join("|", Array.ConvertAll(objectGroups, o => o.Object?.Name)) + }; + } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + Comment = Sanitizer.SanitizeCommentOpt(Comment, ref shortened); + Creator = Sanitizer.SanitizeOpt(Creator, ref shortened); + return shortened; + } + } + + public class ModellingAppRoleWrapper : ModellingNwGroupWrapper + { + [JsonProperty("nwgroup"), JsonPropertyName("nwgroup")] + public new ModellingAppRole Content { get; set; } = new(); + + public static ModellingAppRole[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + + public static Group[] ResolveAppServersAsNetworkObjectGroup(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => new Group {Id = wrapper.Content.Id, Object = ModellingAppServer.ToNetworkObject(wrapper.Content)}); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs new file mode 100644 index 000000000..cd08c9842 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs @@ -0,0 +1,104 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingAppServer : ModellingNwObject + { + [JsonProperty("ip"), JsonPropertyName("ip")] + public string Ip { get; set; } = ""; + + [JsonProperty("ip_end"), JsonPropertyName("ip_end")] + public string IpEnd { get; set; } = ""; + + [JsonProperty("import_source"), JsonPropertyName("import_source")] + public string ImportSource { get; set; } = ""; + + [JsonProperty("custom_type"), JsonPropertyName("custom_type")] + public int? CustomType { get; set; } + + public bool InUse { get; set; } = true; + + + public override string Display() + { + return (IsDeleted ? "!" : "") + (InUse ? "" : "*") + DisplayBase.DisplayIpWithName(ToNetworkObject(this)); + } + + public override string DisplayHtml() + { + string tooltip = $"data-toggle=\"tooltip\" title=\"{TooltipText}\""; + return $"{base.DisplayHtml()}"; + } + + public override string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + Ip = Sanitizer.SanitizeCidrMand(Ip, ref shortened); + IpEnd = Sanitizer.SanitizeCidrMand(IpEnd, ref shortened); + ImportSource = Sanitizer.SanitizeMand(ImportSource, ref shortened); + return shortened; + } + + public static NetworkObject ToNetworkObject(ModellingAppServer appServer) + { + return new NetworkObject() + { + Id = appServer.Id, + Number = appServer.Number, + Name = appServer.Name, + IP = appServer.Ip, + IpEnd = appServer.IpEnd + }; + } + + public ModellingAppServer() + {} + + public ModellingAppServer(ModellingAppServer appServer) + { + Id = appServer.Id; + Number = appServer.Number; + AppId = appServer.AppId; + Name = appServer.Name; + IsDeleted = appServer.IsDeleted; + Ip = appServer.Ip; + IpEnd = appServer.IpEnd; + ImportSource = appServer.ImportSource; + InUse = appServer.InUse; + CustomType = appServer.CustomType; + } + + public override bool Equals(object? obj) + { + return obj switch + { + ModellingAppServer apps => Id == apps.Id && AppId == apps.AppId && Name == apps.Name && IsDeleted == apps.IsDeleted + && Ip == apps.Ip && IpEnd == apps.IpEnd && ImportSource == apps.ImportSource && InUse == apps.InUse && CustomType == apps.CustomType, + _ => base.Equals(obj), + }; + } + + public override int GetHashCode() + { + return Id.GetHashCode(); + } + } + + + public class ModellingAppServerWrapper + { + [JsonProperty("owner_network"), JsonPropertyName("owner_network")] + public ModellingAppServer Content { get; set; } = new(); + + public static ModellingAppServer[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs new file mode 100644 index 000000000..d8ed88ea0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs @@ -0,0 +1,210 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingConnection + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } + + [JsonProperty("app_id"), JsonPropertyName("app_id")] + public int? AppId { get; set; } + + [JsonProperty("proposed_app_id"), JsonPropertyName("proposed_app_id")] + public int? ProposedAppId { get; set; } + + [JsonProperty("owner"), JsonPropertyName("owner")] + public FwoOwner App { get; set; } = new(); + + [JsonProperty("name"), JsonPropertyName("name")] + public string? Name { get; set; } = ""; + + [JsonProperty("reason"), JsonPropertyName("reason")] + public string? Reason { get; set; } = ""; + + [JsonProperty("is_interface"), JsonPropertyName("is_interface")] + public bool IsInterface { get; set; } = false; + + [JsonProperty("used_interface_id"), JsonPropertyName("used_interface_id")] + public long? UsedInterfaceId { get; set; } + + [JsonProperty("is_requested"), JsonPropertyName("is_requested")] + public bool IsRequested { get; set; } = false; + + [JsonProperty("is_published"), JsonPropertyName("is_published")] + public bool IsPublished { get; set; } = false; + + [JsonProperty("ticket_id"), JsonPropertyName("ticket_id")] + public long? TicketId { get; set; } + + [JsonProperty("common_service"), JsonPropertyName("common_service")] + public bool IsCommonService { get; set; } = false; + + [JsonProperty("creator"), JsonPropertyName("creator")] + public string? Creator { get; set; } + + [JsonProperty("creation_date"), JsonPropertyName("creation_date")] + public DateTime? CreationDate { get; set; } + + [JsonProperty("services"), JsonPropertyName("services")] + public List Services { get; set; } = new(); + + [JsonProperty("service_groups"), JsonPropertyName("service_groups")] + public List ServiceGroups { get; set; } = new(); + + [JsonProperty("source_nwobjects"), JsonPropertyName("source_nwobjects")] + public List SourceAppServers { get; set; } = new(); + + [JsonProperty("source_approles"), JsonPropertyName("source_approles")] + public List SourceAppRoles { get; set; } = new(); + + [JsonProperty("destination_nwobjects"), JsonPropertyName("destination_nwobjects")] + public List DestinationAppServers { get; set; } = new(); + + [JsonProperty("destination_approles"), JsonPropertyName("destination_approles")] + public List DestinationAppRoles { get; set; } = new(); + + + public List SourceNwGroups { get; set; } = new(); + public List DestinationNwGroups { get; set; } = new(); + + + public bool SrcFromInterface { get; set; } = false; + public bool DstFromInterface { get; set; } = false; + public bool InterfaceIsRequested { get; set; } = false; + + public int OrderNumber { get; set; } = 0; + + + public ModellingConnection() + {} + + public ModellingConnection(ModellingConnection conn) + { + OrderNumber = conn.OrderNumber; + Id = conn.Id; + AppId = conn.AppId; + ProposedAppId = conn.ProposedAppId; + Name = conn.Name; + Reason = conn.Reason; + IsInterface = conn.IsInterface; + UsedInterfaceId = conn.UsedInterfaceId; + IsRequested = conn.IsRequested; + IsPublished = conn.IsPublished; + TicketId = conn.TicketId; + IsCommonService = conn.IsCommonService; + Creator = conn.Creator; + CreationDate = conn.CreationDate; + Services = new List(conn.Services); + ServiceGroups = new List(conn.ServiceGroups); + SourceAppServers = new List(conn.SourceAppServers); + SourceAppRoles = new List(conn.SourceAppRoles); + SourceNwGroups = new List(conn.SourceNwGroups); + DestinationAppServers = new List(conn.DestinationAppServers); + DestinationAppRoles = new List(conn.DestinationAppRoles); + DestinationNwGroups = new List(conn.DestinationNwGroups); + SrcFromInterface = conn.SrcFromInterface; + DstFromInterface = conn.DstFromInterface; + InterfaceIsRequested = conn.InterfaceIsRequested; + } + + public int CompareTo(ModellingConnection secondConnection) + { + int interfaceCompare = Compare(IsInterface, secondConnection.IsInterface); + if (interfaceCompare != 0) + { + return interfaceCompare; + } + int comSvcCompare = Compare(IsCommonService, secondConnection.IsCommonService); + if (comSvcCompare != 0) + { + return comSvcCompare; + } + return Name?.CompareTo(secondConnection.Name) ?? -1; + } + + private static int Compare(bool first, bool second) + { + if(first && !second) + { + return -1; + } + if(!first && second) + { + return 1; + } + return 0; + } + + public string DisplayWithOwner(FwoOwner owner) + { + return Name + " (" + owner.ExtAppId + ":" + owner.Name + ")"; + } + + public string GetConnType() + { + if(IsInterface) + { + return "interface"; + } + if(IsCommonService) + { + return "common_service"; + } + return "connection"; + } + + public bool SourceFilled() + { + return SourceAppServers.Count > 0 || SourceAppRoles.Count > 0 || SourceNwGroups.Count > 0; + } + + public bool DestinationFilled() + { + return DestinationAppServers.Count > 0 || DestinationAppRoles.Count > 0 || DestinationNwGroups.Count > 0; + } + + public void ExtractNwGroups() + { + SourceNwGroups = new(); + foreach(var nwGroup in SourceAppRoles) + { + if(nwGroup.Content.GroupType != (int)ModellingTypes.ModObjectType.AppRole) + { + SourceNwGroups.Add(new ModellingNwGroupWrapper() { Content = nwGroup.Content.ToBase() }); + } + } + SourceAppRoles = SourceAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ModObjectType.AppRole).ToList(); + DestinationNwGroups = new(); + foreach(var nwGroup in DestinationAppRoles) + { + if(nwGroup.Content.GroupType != (int)ModellingTypes.ModObjectType.AppRole) + { + DestinationNwGroups.Add(new ModellingNwGroupWrapper() { Content = nwGroup.Content.ToBase() }); + } + } + DestinationAppRoles = DestinationAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ModObjectType.AppRole).ToList(); + } + + public bool Sanitize() + { + bool shortened = false; + Name = Sanitizer.SanitizeOpt(Name, ref shortened); + Reason = Sanitizer.SanitizeCommentOpt(Reason, ref shortened); + Creator = Sanitizer.SanitizeOpt(Creator, ref shortened); + return shortened; + } + } + + public class ModellingConnectionWrapper + { + [JsonProperty("connection"), JsonPropertyName("connection")] + public ModellingConnection Content { get; set; } = new(); + + public static ModellingConnection[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingDnDContainer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingDnDContainer.cs new file mode 100644 index 000000000..f7a2eda98 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingDnDContainer.cs @@ -0,0 +1,22 @@ +namespace FWO.Api.Data +{ + public class ModellingDnDContainer + { + public List AppServerElements { get; set; } = new(); + public List AppRoleElements { get; set; } = new(); + public List NwGroupElements { get; set; } = new(); + public List SvcElements { get; set; } = new(); + public List SvcGrpElements { get; set; } = new(); + public ModellingConnection ConnElement { get; set; } = null; + + public void Clear() + { + AppServerElements = new(); + AppRoleElements = new(); + NwGroupElements = new(); + SvcElements = new(); + SvcGrpElements = new(); + ConnElement = null; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs new file mode 100644 index 000000000..e4917b1e1 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs @@ -0,0 +1,21 @@ +namespace FWO.Api.Data +{ + public class ModellingFilter + { + public List SelectedOwners {get; set;} = new (); + public FwoOwner SelectedOwner + { + get { return SelectedOwners.FirstOrDefault() ?? new(); } + set { SelectedOwners = new() { value }; } + } + + + public ModellingFilter() + {} + + public ModellingFilter(ModellingFilter modellingFilter) + { + SelectedOwners = modellingFilter.SelectedOwners; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingHistoryEntry.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingHistoryEntry.cs new file mode 100644 index 000000000..04a805b91 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingHistoryEntry.cs @@ -0,0 +1,32 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingHistoryEntry + { + [JsonProperty("id"), JsonPropertyName("id")] + public long Id { get; set; } + + [JsonProperty("app_id"), JsonPropertyName("app_id")] + public int? AppId { get; set; } + + [JsonProperty("change_type"), JsonPropertyName("change_type")] + public int ChangeType { get; set; } + + [JsonProperty("object_type"), JsonPropertyName("object_type")] + public int ObjectType { get; set; } + + [JsonProperty("object_id"), JsonPropertyName("object_id")] + public long ObjectId { get; set; } + + [JsonProperty("change_text"), JsonPropertyName("change_text")] + public string ChangeText { get; set; } = ""; + + [JsonProperty("changer"), JsonPropertyName("changer")] + public string Changer { get; set; } = ""; + + [JsonProperty("change_time"), JsonPropertyName("change_time")] + public DateTime? ChangeTime { get; set; } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs new file mode 100644 index 000000000..cea36bc14 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs @@ -0,0 +1,171 @@ +namespace FWO.Api.Data +{ + public class ModellingManagedIdString + { + private string IdString = ""; + private const string separator = "-"; + + public ModellingNamingConvention NamingConvention { get; set; } = new(); + + + public ModellingManagedIdString() + {} + + public ModellingManagedIdString(string idstring) + { + IdString = idstring; + NamingConvention = new(); + } + + public ModellingManagedIdString(ModellingManagedIdString managedIdstring) + { + IdString = managedIdstring.IdString; + NamingConvention = managedIdstring.NamingConvention; + } + + public string Whole + { + get + { + return IdString; + } + set + { + IdString = value; + } + } + + public string FixedPart + { + get + { + return IdString.Length >= NamingConvention.FixedPartLength ? IdString.Substring(0, NamingConvention.FixedPartLength) : IdString; + } + set + { + string valueToInsert = value.Length > NamingConvention.FixedPartLength ? value.Substring(0, NamingConvention.FixedPartLength) : value; + valueToInsert = FillFixedIfNecessary(valueToInsert, "?"); + if (IdString.Length >= NamingConvention.FixedPartLength) + { + IdString = valueToInsert + IdString.Substring(NamingConvention.FixedPartLength); + } + else + { + IdString = valueToInsert; + } + } + } + + public string AppPart + { + get + { + return NamingConvention.UseAppPart ? (AppPartExisting() ? IdString.Substring(NamingConvention.FixedPartLength, AppPartEnd() - NamingConvention.FixedPartLength + 1): "") : ""; + } + set + { + if(NamingConvention.UseAppPart) + { + IdString = FillFixedIfNecessary(IdString); + IdString = IdString.Substring(0, NamingConvention.FixedPartLength) + value + FreePart; + } + } + } + + public string CombinedFixPart + { + get + { + return FixedPart + (AppPart.EndsWith(separator) ? AppPart.Substring(0, AppPart.Length - 1) : AppPart); + } + set + { + IdString = value + FreePart; + } + } + + public string Separator + { + get + { + return NamingConvention.UseAppPart && AppPart.EndsWith(separator) ? separator : ""; + } + set + { + if(NamingConvention.UseAppPart) + { + AppPart += value; + } + } + } + + public string FreePart + { + get + { + return NamingConvention.UseAppPart && AppPartExisting() ? IdString.Substring(AppPartEnd() + 1) : IdString.Substring(NamingConvention.FixedPartLength); + } + set + { + IdString = FillFixedIfNecessary(IdString); + IdString = IdString.Substring(0, AppPartExisting() ? AppPartEnd() + 1 : NamingConvention.FixedPartLength) + value; + } + } + + public void SetAppPartFromExtId(string extAppId) + { + string zoneType = extAppId.StartsWith("APP") ? "0" : (extAppId.StartsWith("COM") ? "1" : "?"); + int idx = extAppId.IndexOf(separator); + string appNumber = idx > 0 ? extAppId.Substring(idx + 1, extAppId.Length - idx - 1) : ""; + AppPart = zoneType + appNumber + separator; + } + + public void ConvertAreaToAppRoleFixedPart (string areaIdString) + { + FixedPart = ConvertAreaToAppRole(areaIdString, NamingConvention); + } + + public static string ConvertAreaToAppRole (string areaIdString, ModellingNamingConvention namingConvention) + { + if(areaIdString.Length >= namingConvention.FixedPartLength) + { + return areaIdString.Substring(0, namingConvention.FixedPartLength).Remove(0, namingConvention.NetworkAreaPattern.Length).Insert(0, namingConvention.AppRolePattern); + } + return areaIdString; + } + + public static string ConvertAppRoleToArea (string appRoleIdString, ModellingNamingConvention namingConvention) + { + int convLength = namingConvention.AppRolePattern.Length > namingConvention.FixedPartLength ? namingConvention.FixedPartLength : namingConvention.AppRolePattern.Length; + if(appRoleIdString.Length >= namingConvention.FixedPartLength) + { + return appRoleIdString.Substring(0, namingConvention.FixedPartLength).Remove(0, convLength).Insert(0, namingConvention.NetworkAreaPattern); + } + return ""; + } + + + private int AppPartEnd() + { + return IdString.IndexOf(separator); + } + + private bool AppPartExisting() + { + return AppPartEnd() > NamingConvention.FixedPartLength && IdString.Length >= AppPartEnd(); + } + + private string FillFixedIfNecessary(string idString, string filler = " ") + { + if (idString.Length < NamingConvention.FixedPartLength) + { + int positionsToFill = NamingConvention.FixedPartLength - idString.Length; + for (int i = 0; i < positionsToFill; i++) + { + idString += filler; + } + } + return idString; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs new file mode 100644 index 000000000..c6f86c3bf --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs @@ -0,0 +1,26 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingNamingConvention + { + [JsonProperty("networkAreaRequired"), JsonPropertyName("networkAreaRequired")] + public bool NetworkAreaRequired { get; set; } = false; + + [JsonProperty("useAppPart"), JsonPropertyName("useAppPart")] + public bool UseAppPart { get; set; } = false; + + [JsonProperty("fixedPartLength"), JsonPropertyName("fixedPartLength")] + public int FixedPartLength { get; set; } + + [JsonProperty("freePartLength"), JsonPropertyName("freePartLength")] + public int FreePartLength { get; set; } + + [JsonProperty("networkAreaPattern"), JsonPropertyName("networkAreaPattern")] + public string NetworkAreaPattern { get; set; } = ""; + + [JsonProperty("appRolePattern"), JsonPropertyName("appRolePattern")] + public string AppRolePattern { get; set; } = ""; + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNetworkArea.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNetworkArea.cs new file mode 100644 index 000000000..9da31d06c --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNetworkArea.cs @@ -0,0 +1,106 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; +using FWO.GlobalConstants; + +namespace FWO.Api.Data +{ + public class ModellingNetworkArea : ModellingNwGroup + { + [JsonProperty("subnets"), JsonPropertyName("subnets")] + public List Subnets { get; set; } = new(); + + public int MemberCount = 0; + + // public override NetworkObject ToNetworkObjectGroup() + // { + // Group[] objectGroups = NetworkSubnetWrapper.ResolveAsNetworkObjectGroup(Subnets ?? new List()); + // return new() + // { + // Id = Id, + // Number = Number, + // Name = Name ?? "", + // Type = new NetworkObjectType(){ Name = ObjectType.Group }, + // ObjectGroups = objectGroups, + // MemberNames = string.Join("|", Array.ConvertAll(objectGroups, o => o.Object?.Name)) + // }; + // } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + foreach(var subnet in Subnets) + { + shortened |= subnet.Content.Sanitize(); + } + return shortened; + } + } + + // public class ModellingNetworkAreaWrapper : ModellingNwGroupWrapper + // { + // [JsonProperty("nwgroup"), JsonPropertyName("nwgroup")] + // public new ModellingNetworkArea Content { get; set; } = new(); + + // public static ModellingNetworkArea[] Resolve(List wrappedList) + // { + // return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + // } + // } + + + public class NetworkSubnet + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } = 0; + + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + // -> cidr + [JsonProperty("ip"), JsonPropertyName("ip")] + public string? Ip { get; set; } + + [JsonProperty("ip_end"), JsonPropertyName("ip_end")] + public string? IpEnd { get; set; } + + // public long Number; + + + // public static NetworkObject ToNetworkObject(NetworkSubnet subnet) + // { + // return new NetworkObject() + // { + // Id = subnet.Id, + // Number = subnet.Number, + // Name = subnet.Name, + // IP = subnet.Ip ?? "", + // IpEnd = subnet.IpEnd ?? "" + // }; + // } + + public bool Sanitize() + { + bool shortened = false; + Name = Sanitizer.SanitizeMand(Name, ref shortened); + Ip = Sanitizer.SanitizeOpt(Ip, ref shortened); + IpEnd = Sanitizer.SanitizeOpt(IpEnd, ref shortened); + return shortened; + } + } + + public class NetworkSubnetWrapper + { + [JsonProperty("owner_network"), JsonPropertyName("owner_network")] + public NetworkSubnet Content { get; set; } = new(); + + public static NetworkSubnet[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + + // public static Group[] ResolveAsNetworkObjectGroup(List wrappedList) + // { + // return Array.ConvertAll(wrappedList.ToArray(), wrapper => new Group {Id = wrapper.Content.Id, Object = NetworkSubnet.ToNetworkObject(wrapper.Content)}); + // } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs new file mode 100644 index 000000000..2d032dd1b --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs @@ -0,0 +1,75 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; +using FWO.GlobalConstants; + +namespace FWO.Api.Data +{ + public class ModellingNwGroup : ModellingNwObject + { + [JsonProperty("group_type"), JsonPropertyName("group_type")] + public int GroupType { get; set; } + + [JsonProperty("id_string"), JsonPropertyName("id_string")] + public string IdString + { + get { return ManagedIdString.Whole; } + set { ManagedIdString = new (value); } + } + public ModellingManagedIdString ManagedIdString { get; set; } = new (); + + + public ModellingNwGroup() + {} + + public ModellingNwGroup(ModellingNwGroup nwGroup) : base(nwGroup) + { + GroupType = nwGroup.GroupType; + IdString = nwGroup.IdString; + ManagedIdString = nwGroup.ManagedIdString; + } + + public override string Display() + { + return base.Display() + " (" + IdString + ")"; + } + + public override string DisplayHtml() + { + return $"{base.DisplayHtml()}"; + } + + public override string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public virtual NetworkObject ToNetworkObjectGroup() + { + return new() + { + Id = Id, + Number = Number, + Name = Display(), + Type = new NetworkObjectType(){ Name = ObjectType.Group } + }; + } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + ManagedIdString.FreePart = Sanitizer.SanitizeMand(ManagedIdString.FreePart, ref shortened); + return shortened; + } + } + + public class ModellingNwGroupWrapper + { + [JsonProperty("nwgroup"), JsonPropertyName("nwgroup")] + public virtual ModellingNwGroup Content { get; set; } = new(); + + public static ModellingNwGroup[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNwObject.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNwObject.cs new file mode 100644 index 000000000..57708e5dd --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNwObject.cs @@ -0,0 +1,35 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingNwObject: ModellingObject + { + [JsonProperty("id"), JsonPropertyName("id")] + public long Id { get; set; } + + [JsonProperty("is_deleted"), JsonPropertyName("is_deleted")] + public bool IsDeleted { get; set; } + + + public ModellingNwObject() + {} + + public ModellingNwObject(ModellingNwObject nwObject) : base(nwObject) + { + Id = nwObject.Id; + IsDeleted = nwObject.IsDeleted; + } + + public override string Display() + { + return (IsDeleted ? "!" : "") + Name; + } + + public override string DisplayHtml() + { + string tooltip = $"data-toggle=\"tooltip\" title=\"{TooltipText}\""; + return $"{(IsDeleted ? "" : "")}{base.DisplayHtml()}{(IsDeleted ? "" : "")}"; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs new file mode 100644 index 000000000..4e8e63ede --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs @@ -0,0 +1,56 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingObject + { + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + [JsonProperty("app_id"), JsonPropertyName("app_id")] + public int? AppId { get; set; } + + public string TooltipText = ""; + public long Number; + + + public ModellingObject() + {} + + public ModellingObject(ModellingObject modellingObject) + { + Name = modellingObject.Name; + AppId = modellingObject.AppId; + TooltipText = modellingObject.TooltipText; + Number = modellingObject.Number; + } + + public virtual string Display() + { + return Name; + } + + public virtual string DisplayHtml() + { + return $"{Display()}"; + } + + public virtual string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public virtual string DisplayWithIcon(bool displayGrey) + { + return $"{DisplayWithIcon()}"; + } + + public virtual bool Sanitize() + { + bool shortened = false; + Name = Sanitizer.SanitizeMand(Name, ref shortened); + return shortened; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs new file mode 100644 index 000000000..2b8bf2b27 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs @@ -0,0 +1,72 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingService : ModellingSvcObject + { + [JsonProperty("port"), JsonPropertyName("port")] + public int? Port { get; set; } + + [JsonProperty("port_end"), JsonPropertyName("port_end")] + public int? PortEnd { get; set; } + + [JsonProperty("proto_id"), JsonPropertyName("proto_id")] + public int? ProtoId { get; set; } + + [JsonProperty("protocol"), JsonPropertyName("protocol")] + public NetworkProtocol? Protocol { get; set; } = new(); + + + public ModellingService() + {} + + public ModellingService(ModellingService service) : base(service) + { + Port = service.Port; + PortEnd = service.PortEnd; + ProtoId = service.ProtoId; + Protocol = service.Protocol; + } + + public override string Display() + { + return DisplayBase.DisplayService(ToNetworkService(this), false, Name).ToString(); + } + + public override string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public static NetworkService ToNetworkService(ModellingService service) + { + return new NetworkService() + { + Id = service.Id, + Number = service.Number, + Name = service?.Name ?? "", + DestinationPort = service?.Port, + DestinationPortEnd = service?.PortEnd, + ProtoId = service?.ProtoId, + Protocol = service?.Protocol ?? new NetworkProtocol() + }; + } + } + + public class ModellingServiceWrapper + { + [JsonProperty("service"), JsonPropertyName("service")] + public ModellingService Content { get; set; } = new(); + + public static ModellingService[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + + public static NetworkService[] ResolveAsNetworkServices(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => ModellingService.ToNetworkService(wrapper.Content)); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs new file mode 100644 index 000000000..dd0328735 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs @@ -0,0 +1,76 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; +using FWO.GlobalConstants; + +namespace FWO.Api.Data +{ + public class ModellingServiceGroup : ModellingSvcObject + { + [JsonProperty("comment"), JsonPropertyName("comment")] + public string? Comment { get; set; } + + [JsonProperty("creator"), JsonPropertyName("creator")] + public string? Creator { get; set; } + + [JsonProperty("creation_date"), JsonPropertyName("creation_date")] + public DateTime? CreationDate { get; set; } + + [JsonProperty("services"), JsonPropertyName("services")] + public List Services { get; set; } = new(); + + + public ModellingServiceGroup() + {} + + public ModellingServiceGroup(ModellingServiceGroup svcGroup) : base(svcGroup) + { + Comment = svcGroup.Comment; + Creator = svcGroup.Creator; + CreationDate = svcGroup.CreationDate; + Services = svcGroup.Services; + } + + public override string DisplayWithIcon() + { + return $" " + DisplayHtml(); + } + + public NetworkService ToNetworkServiceGroup() + { + Group[] serviceGroups = ModellingServiceGroupWrapper.ResolveAsNetworkServiceGroup(Services ?? new List()); + return new() + { + Id = Id, + Name = Name ?? "", + Comment = Comment ?? "", + Type = new NetworkServiceType(){ Name = ObjectType.Group }, + ServiceGroups = serviceGroups, + MemberNames = string.Join("|", Array.ConvertAll(serviceGroups, o => o.Object?.Name)) + }; + } + + public override bool Sanitize() + { + bool shortened = base.Sanitize(); + Comment = Sanitizer.SanitizeCommentOpt(Comment, ref shortened); + Creator = Sanitizer.SanitizeOpt(Creator, ref shortened); + return shortened; + } + } + + public class ModellingServiceGroupWrapper + { + [JsonProperty("service_group"), JsonPropertyName("service_group")] + public ModellingServiceGroup Content { get; set; } = new(); + + public static ModellingServiceGroup[] Resolve(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content); + } + + public static Group[] ResolveAsNetworkServiceGroup(List wrappedList) + { + return Array.ConvertAll(wrappedList.ToArray(), wrapper => new Group {Id = wrapper.Content.Id, Object = ModellingService.ToNetworkService(wrapper.Content)}); + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingSvcObject.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingSvcObject.cs new file mode 100644 index 000000000..95e5c53d0 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingSvcObject.cs @@ -0,0 +1,29 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class ModellingSvcObject: ModellingObject + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } + + [JsonProperty("is_global"), JsonPropertyName("is_global")] + public bool IsGlobal { get; set; } = false; + + + public ModellingSvcObject() + {} + + public ModellingSvcObject(ModellingSvcObject svcObj) : base(svcObj) + { + Id = svcObj.Id; + IsGlobal = svcObj.IsGlobal; + } + + public override string DisplayHtml() + { + return $"{(IsGlobal ? "" : "")}{Display()}{(IsGlobal ? "" : "")}"; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs new file mode 100644 index 000000000..1fa10b01b --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs @@ -0,0 +1,70 @@ +namespace FWO.Api.Data +{ + public static class ModellingTypes + { + public enum ConnectionField + { + Source = 1, + Destination = 2 + } + + public enum ChangeType + { + Insert = 1, + Update = 2, + Delete = 3, + Assign = 4, + Unassign = 5, + MarkDeleted = 6, + Reactivate = 7 + } + + public enum ModObjectType + { + Connection = 1, + + AppServer = 10, + Network = 11, + + AppRole = 20, + AppZone = 21, + NetworkZone = 22, + NetworkArea = 23, + + Service = 30, + ServiceGroup = 31, + } + + public static bool IsNwGroup(this ModObjectType objectType) + { + switch(objectType) + { + case ModObjectType.AppRole: + case ModObjectType.AppZone: + case ModObjectType.NetworkZone: + case ModObjectType.NetworkArea: + return true; + default: + return false; + } + } + + public static bool IsNwObject(this ModObjectType objectType) + { + switch(objectType) + { + case ModObjectType.AppServer: + case ModObjectType.Network: + return true; + default: + return false; + } + } + } + + public class AppServerType + { + public int Id { get; set; } = 0; + public string Name { get; set; } = ""; + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkLocation.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkLocation.cs index 20c930372..fa2cbc41e 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkLocation.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkLocation.cs @@ -25,7 +25,7 @@ int IComparable.CompareTo(object? secondObject) if (this.User != null && secondNetworkLocation.User != null) { if (this.User?.Name.CompareTo(secondNetworkLocation.User?.Name) != 0) - return this.User.Name.CompareTo(secondNetworkLocation.User.Name); + return this.User!.Name.CompareTo(secondNetworkLocation.User!.Name); else return this.Object.Name.CompareTo(secondNetworkLocation.Object.Name); } diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs index 012e40288..6ebeb3076 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs @@ -53,6 +53,8 @@ public class NetworkObject [JsonProperty("objgrp_flats"), JsonPropertyName("objgrp_flats")] public GroupFlat[] ObjectGroupFlats { get; set; } = new GroupFlat[]{}; + public long Number; + public override bool Equals(object? obj) { return obj switch @@ -67,37 +69,16 @@ public override int GetHashCode() return Id.GetHashCode(); } - // obj_id - // obj_name - // obj_ip - // obj_ip_end - // obj_uid - // zone_id <--- - // active - // obj_create - // obj_last_seen - // type: stm_obj_typ { - // name: obj_typ_name - // } - // obj_comment - // obj_member_names - // obj_member_refs - // objgrps - // { - // objgrp_member_id - // objectByObjgrpMemberId - // { - // obj_id - // obj_name - // } - // } - // objgrp_flats { - // objgrp_flat_id - // objectByObjgrpFlatMemberId - // { - // obj_id - // obj_name - // } - // } + public string MemberNamesAsHtml() + { + if (MemberNames != null && MemberNames.Contains("|")) + { + return $"{string.Join("
", MemberNames.Split('|'))}"; + } + else + { + return $"{MemberNames}"; + } + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkProtocol.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkProtocol.cs index ac8e1a3e7..d15924da2 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkProtocol.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkProtocol.cs @@ -10,5 +10,15 @@ public class NetworkProtocol [JsonProperty("name"), JsonPropertyName("name")] public string Name { get; set; } = ""; + + + public NetworkProtocol() + {} + + public NetworkProtocol(IpProtocol i) + { + Id = i.Id; + Name = i.Name; + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs index 56a9e8b03..5397a9c9e 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs @@ -74,6 +74,8 @@ public class NetworkService [JsonProperty("svcgrp_flats"), JsonPropertyName("svcgrp_flats")] public GroupFlat[] ServiceGroupFlats { get; set; } = new GroupFlat[]{}; + public long Number; + public override bool Equals(object? obj) { return obj switch @@ -88,43 +90,16 @@ public override int GetHashCode() return Id.GetHashCode(); } - // svc_id - // svc_name - // svc_uid - // svc_port - // svc_port_end - // svc_source_port - // svc_source_port_end - // svc_code - // svc_timeout - // svc_typ_id - // active - // svc_create - // svc_last_seen - // service_type: stm_svc_typ { - // name: svc_typ_name - // } - // svc_comment - // svc_color_id - // ip_proto_id - // protocol_name: stm_ip_proto { - // name: ip_proto_name - // } - // svc_member_names - // svc_member_refs - // svcgrps { - // id: svcgrp_member_id - // byId: serviceBySvcgrpMemberId { - // svc_id - // svc_name - // } - // } - // svcgrp_flats { - // flat_id: svcgrp_flat_id - // byFlatId: serviceBySvcgrpFlatMemberId { - // svc_id - // svc_name - // } - // } + public string MemberNamesAsHtml() + { + if (MemberNames != null && MemberNames.Contains("|")) + { + return $"{string.Join("
", MemberNames.Split('|'))}"; + } + else + { + return $"{MemberNames}"; + } + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs index b45aa6c12..22b1dcf6c 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs @@ -64,32 +64,16 @@ public override int GetHashCode() return Id.GetHashCode(); } - // user_id - // user_uid - // user_name - // user_comment - // user_lastname - // user_firstname - // usr_typ_id - // stm_usr_typ { - // usr_typ_name - // } - // user_member_names - // user_member_refs - // usergrps { - // id: usergrp_id - // byId: usrByUsergrpMemberId { - // user_id - // user_name - // } - // } - // usergrp_flats { - // flat_id: usergrp_flat_id - // byFlatId: usrByUsergrpFlatMemberId { - // user_id - // user_name - // } - // } - + public string MemberNamesAsHtml() + { + if (MemberNames != null && MemberNames.Contains("|")) + { + return $"{string.Join("
", MemberNames.Split('|'))}"; + } + else + { + return $"{MemberNames}"; + } + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkZone.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkZone.cs index d1dbdf2b9..aeb0c16b1 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NetworkZone.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NetworkZone.cs @@ -1,4 +1,6 @@ -using System.Text.Json.Serialization; +using System.Net; +using System.Text.Json.Serialization; +using NetTools; using Newtonsoft.Json; namespace FWO.Api.Data @@ -10,5 +12,6 @@ public class NetworkZone [JsonProperty("zone_name"), JsonPropertyName("zone_name")] public string Name { get; set; } = ""; + } } diff --git a/roles/lib/files/FWO.Api.Client/Data/NwObjectElement.cs b/roles/lib/files/FWO.Api.Client/Data/NwObjectElement.cs index dd2a5a05e..167297c45 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NwObjectElement.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NwObjectElement.cs @@ -1,5 +1,6 @@ using System.Text.Json.Serialization; using Newtonsoft.Json; +using NetTools; namespace FWO.Api.Data { @@ -15,7 +16,21 @@ public string IpString get { return Cidr.CidrString; } set { Cidr = new Cidr(value); } } - public Cidr Cidr { get; set; } + public Cidr Cidr { get; set; } = new Cidr(); + + [JsonProperty("ip_end"), JsonPropertyName("ip_end")] + public string IpEndString + { + get { return CidrEnd.CidrString; } // ?? Cidr.CidrString; } + set { CidrEnd = new Cidr(value ?? Cidr.CidrString); } // if End value is not set, asume host and set start ip as end ip + } + public Cidr CidrEnd { get; set; } = new Cidr(); + + [JsonProperty("name"), JsonPropertyName("name")] + public string? Name { get; set; } + + [JsonProperty("comment"), JsonPropertyName("comment")] + public string? Comment { get; set; } public long TaskId { get; set; } @@ -30,7 +45,17 @@ public NwObjectElement(string cidrString, long taskId) TaskId = taskId; } - public RequestReqElement ToReqElement(AccessField field) + public NwObjectElement(IPAddressRange ipAddressRange, long taskId) + { + Cidr = new Cidr(ipAddressRange.Begin.ToString()); + if(ipAddressRange.End != null && ipAddressRange.End != ipAddressRange.Begin) + { + CidrEnd = new Cidr(ipAddressRange.End.ToString()); + } + TaskId = taskId; + } + + public RequestReqElement ToReqElement(ElemFieldType field) { RequestReqElement element = new RequestReqElement() { @@ -43,7 +68,7 @@ public RequestReqElement ToReqElement(AccessField field) return element; } - public RequestImplElement ToImplElement(AccessField field) + public RequestImplElement ToImplElement(ElemFieldType field) { RequestImplElement element = new RequestImplElement() { diff --git a/roles/lib/files/FWO.Api.Client/Data/NwRuleElement.cs b/roles/lib/files/FWO.Api.Client/Data/NwRuleElement.cs new file mode 100644 index 000000000..6c5a9641d --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/NwRuleElement.cs @@ -0,0 +1,34 @@ +namespace FWO.Api.Data +{ + public class NwRuleElement + { + public long ElemId { get; set; } + public long TaskId { get; set; } + public string RuleUid { get; set; } = ""; + + + public RequestReqElement ToReqElement() + { + RequestReqElement element = new RequestReqElement() + { + Id = ElemId, + TaskId = TaskId, + Field = ElemFieldType.rule.ToString(), + RuleUid = RuleUid + }; + return element; + } + + public RequestImplElement ToImplElement() + { + RequestImplElement element = new RequestImplElement() + { + Id = ElemId, + ImplTaskId = TaskId, + Field = ElemFieldType.rule.ToString(), + RuleUid = RuleUid + }; + return element; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/NwServiceElement.cs b/roles/lib/files/FWO.Api.Client/Data/NwServiceElement.cs index 442dcffef..7cdebdf1c 100644 --- a/roles/lib/files/FWO.Api.Client/Data/NwServiceElement.cs +++ b/roles/lib/files/FWO.Api.Client/Data/NwServiceElement.cs @@ -4,18 +4,18 @@ public class NwServiceElement { public long ElemId { get; set; } public long TaskId { get; set; } - public int Port { get; set; } = 1; - public int? ProtoId { get; set; } = 6; + public int Port { get; set; } + public int ProtoId { get; set; } public long? ServiceId { get; set; } - public RequestReqElement ToReqElement(AccessField field) + public RequestReqElement ToReqElement() { RequestReqElement element = new RequestReqElement() { Id = ElemId, TaskId = TaskId, - Field = field.ToString(), + Field = ElemFieldType.service.ToString(), Port = Port, ProtoId = ProtoId, ServiceId = ServiceId @@ -23,13 +23,13 @@ public RequestReqElement ToReqElement(AccessField field) return element; } - public RequestImplElement ToImplElement(AccessField field) + public RequestImplElement ToImplElement() { RequestImplElement element = new RequestImplElement() { Id = ElemId, ImplTaskId = TaskId, - Field = field.ToString(), + Field = ElemFieldType.service.ToString(), Port = Port, ProtoId = ProtoId, ServiceId = ServiceId diff --git a/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs b/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs index 925a19424..e985d21cd 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs @@ -2,10 +2,19 @@ namespace FWO.Api.Data { public class RecertFilter { - public List RecertOwnerList {get; set;} = new List(); - public bool RecertOverdueOnly {get; set;} = false; - public bool RecertWithoutOwner {get; set;} = false; + public List RecertOwnerList {get; set;} = new (); public bool RecertShowAnyMatch {get; set;} = false; - public bool RecertSingleLinePerRule {get; set;} = false; + public int RecertificationDisplayPeriod = 0; + + public RecertFilter() + {} + + public RecertFilter(RecertFilter recertFilter) + { + RecertOwnerList = new(recertFilter.RecertOwnerList); + RecertShowAnyMatch = recertFilter.RecertShowAnyMatch; + RecertificationDisplayPeriod = recertFilter.RecertificationDisplayPeriod; + + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/Recertification.cs b/roles/lib/files/FWO.Api.Client/Data/Recertification.cs new file mode 100644 index 000000000..d10fa1576 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/Recertification.cs @@ -0,0 +1,14 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class Recertification : RecertificationBase + { + [JsonProperty("owner"), JsonPropertyName("owner")] + public FwoOwner? FwoOwner { get; set; } = new FwoOwner(); + + [JsonProperty("user_dn"), JsonPropertyName("user_dn")] + public string UserDn { get; set; } = ""; + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/RecertificationBase.cs b/roles/lib/files/FWO.Api.Client/Data/RecertificationBase.cs new file mode 100644 index 000000000..fc33d97ac --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/RecertificationBase.cs @@ -0,0 +1,34 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class RecertificationBase + { + + [JsonProperty("recert_date"), JsonPropertyName("recert_date")] + public DateTime? RecertDate { get; set; } + + [JsonProperty("recertified"), JsonPropertyName("recertified")] + public bool Recertified { get; set; } = false; + + [JsonProperty("ip_match"), JsonPropertyName("ip_match")] + public string IpMatch { get; set; } = ""; + + [JsonProperty("next_recert_date"), JsonPropertyName("next_recert_date")] + public DateTime? NextRecertDate { get; set; } + + [JsonProperty("owner_id"), JsonPropertyName("owner_id")] + public int OwnerId { get; set; } + + [JsonProperty("comment"), JsonPropertyName("comment")] + public string Comment { get; set; } = ""; + + [JsonProperty("rule_id"), JsonPropertyName("rule_id")] + public int RuleId { get; set; } + + [JsonProperty("rule_metadata_id"), JsonPropertyName("rule_metadata_id")] + public int RuleMetadataId { get; set; } + } + +} diff --git a/roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs b/roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs similarity index 95% rename from roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs rename to roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs index 087f89bda..48ad3d7cd 100644 --- a/roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs +++ b/roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs @@ -3,7 +3,7 @@ namespace FWO.Api.Data { - public class ScheduledReport + public class ReportSchedule { [JsonProperty("report_schedule_id"), JsonPropertyName("report_schedule_id")] public int Id { get; set; } @@ -30,7 +30,7 @@ public class ScheduledReport public List OutputFormat { get; set; } = new List(); [JsonProperty("report_schedule_active"), JsonPropertyName("report_schedule_active")] - public bool Active { get; set; } + public bool Active { get; set; } = true; [JsonProperty("report_schedule_counter"), JsonPropertyName("report_schedule_counter")] public int Counter { get; set; } diff --git a/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs b/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs index 9f299286f..f1af001cf 100644 --- a/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs +++ b/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs @@ -24,7 +24,7 @@ public class ReportTemplate public string Filter { get; set; } = ""; [JsonProperty("report_parameters"), JsonPropertyName("report_parameters")] - public ReportParams ReportParams { get; set; } = new ReportParams(); + public ReportParams ReportParams { get; set; } = new(); public bool Detailed = false; @@ -32,13 +32,10 @@ public class ReportTemplate public ReportTemplate() {} - public ReportTemplate(string filter = "", DeviceFilter deviceFilter = null, int? reportType = 0, TimeFilter timeFilter = null, RecertFilter recertFilter = null) + public ReportTemplate(string filter, ReportParams reportParams) { Filter = filter; - ReportParams.DeviceFilter = deviceFilter; - ReportParams.ReportType = reportType; - ReportParams.TimeFilter = timeFilter; - ReportParams.RecertFilter = recertFilter; + ReportParams = reportParams; Detailed = false; } @@ -54,15 +51,33 @@ public bool Sanitize() public class ReportParams { [JsonProperty("report_type"), JsonPropertyName("report_type")] - public int? ReportType { get; set; } = 0; + public int ReportType { get; set; } = 0; [JsonProperty("device_filter"), JsonPropertyName("device_filter")] - public DeviceFilter DeviceFilter { get; set; } = new DeviceFilter(); + public DeviceFilter DeviceFilter { get; set; } = new(); [JsonProperty("time_filter"), JsonPropertyName("time_filter")] - public TimeFilter TimeFilter { get; set; } = new TimeFilter(); + public TimeFilter TimeFilter { get; set; } = new(); + + [JsonProperty("tenant_filter"), JsonPropertyName("tenant_filter")] + public TenantFilter TenantFilter { get; set; } = new(); [JsonProperty("recert_filter"), JsonPropertyName("recert_filter")] - public RecertFilter RecertFilter { get; set; } = new RecertFilter(); + public RecertFilter RecertFilter { get; set; } = new(); + + [JsonProperty("unused_filter"), JsonPropertyName("unused_filter")] + public UnusedFilter UnusedFilter { get; set; } = new(); + + [JsonProperty("modelling_filter"), JsonPropertyName("modelling_filter")] + public ModellingFilter ModellingFilter { get; set; } = new(); + + public ReportParams() + {} + + public ReportParams(int reportType, DeviceFilter deviceFilter) + { + ReportType = reportType; + DeviceFilter = deviceFilter; + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestApproval.cs b/roles/lib/files/FWO.Api.Client/Data/RequestApproval.cs index b5890b7c1..644d79392 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestApproval.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestApproval.cs @@ -12,7 +12,7 @@ public class RequestApproval : RequestApprovalBase public long TaskId { get; set; } [JsonProperty("comments"), JsonPropertyName("comments")] - public List Comments { get; set; } = new List(); + public List Comments { get; set; } = new (); public RequestApproval() @@ -25,7 +25,7 @@ public RequestApproval(RequestApproval approval) : base(approval) Comments = approval.Comments; } - public string getAllComments() + public string GetAllComments() { string allComments = ""; foreach(var comment in Comments) diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestComment.cs b/roles/lib/files/FWO.Api.Client/Data/RequestComment.cs index 12a559c34..4d3a7d5f7 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestComment.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestComment.cs @@ -21,7 +21,7 @@ public RequestComment(RequestComment comment) : base(comment) public class RequestCommentDataHelper { [JsonProperty("comment"), JsonPropertyName("comment")] - public RequestComment Comment { get; set; } = new RequestComment(); + public RequestComment Comment { get; set; } = new (); public RequestCommentDataHelper() diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestElementBase.cs b/roles/lib/files/FWO.Api.Client/Data/RequestElementBase.cs index 0f79c0b26..26f23757e 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestElementBase.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestElementBase.cs @@ -3,23 +3,24 @@ namespace FWO.Api.Data { - public enum AccessField + public enum ElemFieldType { source, destination, - service + service, + rule } public class RequestElementBase { [JsonProperty("ip"), JsonPropertyName("ip")] - public string? CidrString { get; set; } + public string? IpString { get; set; } [JsonProperty("port"), JsonPropertyName("port")] - public int Port { get; set; } = 1; + public int? Port { get; set; } [JsonProperty("ip_proto_id"), JsonPropertyName("ip_proto_id")] - public int? ProtoId { get; set; } = 6; + public int? ProtoId { get; set; } [JsonProperty("network_object_id"), JsonPropertyName("network_object_id")] public long? NetworkId { get; set; } @@ -28,7 +29,7 @@ public class RequestElementBase public long? ServiceId { get; set; } [JsonProperty("field"), JsonPropertyName("field")] - public string Field { get; set; } = "source"; + public string Field { get; set; } = ElemFieldType.source.ToString(); [JsonProperty("user_id"), JsonPropertyName("user_id")] public long? UserId { get; set; } @@ -36,13 +37,16 @@ public class RequestElementBase [JsonProperty("original_nat_id"), JsonPropertyName("original_nat_id")] public long? OriginalNatId { get; set; } + [JsonProperty("rule_uid"), JsonPropertyName("rule_uid")] + public string? RuleUid { get; set; } + public RequestElementBase() { } public RequestElementBase(RequestElementBase element) { - CidrString = element.CidrString; + IpString = element.IpString; Port = element.Port; ProtoId = element.ProtoId; NetworkId = element.NetworkId; @@ -50,13 +54,15 @@ public RequestElementBase(RequestElementBase element) Field = element.Field; UserId = element.UserId; OriginalNatId = element.OriginalNatId; + RuleUid = element.RuleUid; } public virtual bool Sanitize() { bool shortened = false; - CidrString = Sanitizer.SanitizeOpt(CidrString, ref shortened); + IpString = Sanitizer.SanitizeOpt(IpString, ref shortened); Field = Sanitizer.SanitizeMand(Field, ref shortened); + RuleUid = Sanitizer.SanitizeOpt(RuleUid, ref shortened); return shortened; } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestImplElement.cs b/roles/lib/files/FWO.Api.Client/Data/RequestImplElement.cs index 2a8bca19b..1c8061100 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestImplElement.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestImplElement.cs @@ -14,10 +14,10 @@ public class RequestImplElement : RequestElementBase [JsonProperty("implementation_action"), JsonPropertyName("implementation_action")] public string ImplAction { get; set; } = "create"; - public Cidr Cidr { get; set; } + public Cidr Cidr { get; set; } = new Cidr(); public RequestImplElement() - { } + {} public RequestImplElement(RequestImplElement element) : base(element) { @@ -39,6 +39,7 @@ public RequestImplElement(RequestReqElement element) Field = element.Field; UserId = element.UserId; OriginalNatId = element.OriginalNatId; + RuleUid = element.RuleUid; } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestImplTask.cs b/roles/lib/files/FWO.Api.Client/Data/RequestImplTask.cs index 095c7b275..7a41c5696 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestImplTask.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestImplTask.cs @@ -15,16 +15,16 @@ public class RequestImplTask: RequestTaskBase public int? DeviceId { get; set; } [JsonProperty("implementation_action"), JsonPropertyName("implementation_action")] - public string ImplAction { get; set; } = FWO.Api.Data.RequestAction.create.ToString(); + public string ImplAction { get; set; } = RequestAction.create.ToString(); [JsonProperty("elements"), JsonPropertyName("elements")] - public List ImplElements { get; set; } = new List(); + public List ImplElements { get; set; } = new (); [JsonProperty("comments"), JsonPropertyName("comments")] - public List Comments { get; set; } = new List(); + public List Comments { get; set; } = new (); - public List RemovedElements { get; set; } = new List(); + public List RemovedElements { get; set; } = new (); public long TicketId { get; set; } @@ -69,6 +69,10 @@ public RequestImplTask(RequestReqTask reqtask, bool copyComments = true) TicketId = reqtask.TicketId; if (reqtask.Elements != null && reqtask.Elements.Count > 0) { + if(reqtask.TaskType == Data.TaskType.rule_delete.ToString()) + { + DeviceId = reqtask.Elements[0].DeviceId; + } ImplElements = new List(); foreach(RequestReqElement element in reqtask.Elements) { @@ -91,9 +95,9 @@ public override bool Sanitize() return shortened; } - public List getNwObjectElements(AccessField field) + public List GetNwObjectElements(ElemFieldType field) { - List elements = new List(); + List elements = new (); foreach(var implElem in ImplElements) { if (implElem.Field == field.ToString()) @@ -110,19 +114,19 @@ public List getNwObjectElements(AccessField field) return elements; } - public List getServiceElements() + public List GetServiceElements() { - List elements = new List(); + List elements = new (); foreach(var implElem in ImplElements) { - if (implElem.Field == AccessField.service.ToString()) + if (implElem.Field == ElemFieldType.service.ToString()) { elements.Add( new NwServiceElement() { ElemId = implElem.Id, TaskId = implElem.ImplTaskId, - Port = implElem.Port, - ProtoId = implElem.ProtoId, + Port = implElem.Port ?? 0, + ProtoId = implElem.ProtoId ?? 0, ServiceId = implElem.ServiceId }); } @@ -130,7 +134,25 @@ public List getServiceElements() return elements; } - public string getAllComments() + public List GetRuleElements() + { + List elements = new (); + foreach(var implElem in ImplElements) + { + if (implElem.Field == ElemFieldType.rule.ToString()) + { + elements.Add( new NwRuleElement() + { + ElemId = implElem.Id, + TaskId = implElem.ImplTaskId, + RuleUid = implElem.RuleUid ?? "" + }); + } + } + return elements; + } + + public string GetAllComments() { string allComments = ""; foreach(var comment in Comments) diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestOwnerWriter.cs b/roles/lib/files/FWO.Api.Client/Data/RequestOwnerWriter.cs new file mode 100644 index 000000000..4bd0ed3a7 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/RequestOwnerWriter.cs @@ -0,0 +1,19 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class RequestOwnerWriter + { + [JsonProperty("owner_id"), JsonPropertyName("owner_id")] + public int? OwnerId { get; set; } + + public RequestOwnerWriter() + {} + + public RequestOwnerWriter(FwoOwner owner) + { + OwnerId = owner.Id; + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestReqElement.cs b/roles/lib/files/FWO.Api.Client/Data/RequestReqElement.cs index 6a73f31f9..3f43cb334 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestReqElement.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestReqElement.cs @@ -12,18 +12,22 @@ public class RequestReqElement : RequestElementBase public long TaskId { get; set; } [JsonProperty("request_action"), JsonPropertyName("request_action")] - public string RequestAction { get; set; } = FWO.Api.Data.RequestAction.create.ToString(); + public string RequestAction { get; set; } = Data.RequestAction.create.ToString(); - public Cidr Cidr { get; set; } + [JsonProperty("device_id"), JsonPropertyName("device_id")] + public int? DeviceId { get; set; } + + public Cidr Cidr { get; set; } = new Cidr(); public RequestReqElement() - { } + {} public RequestReqElement(RequestReqElement element) : base (element) { Id = element.Id; TaskId = element.TaskId; RequestAction = element.RequestAction; + DeviceId = element.DeviceId; Cidr = new Cidr(element.Cidr != null ? element.Cidr.CidrString : ""); } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestReqElementWriter.cs b/roles/lib/files/FWO.Api.Client/Data/RequestReqElementWriter.cs index f7f9d7ced..fc378b75d 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestReqElementWriter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestReqElementWriter.cs @@ -6,8 +6,10 @@ namespace FWO.Api.Data public class RequestReqElementWriter : RequestElementBase { [JsonProperty("request_action"), JsonPropertyName("request_action")] - public string RequestAction { get; set; } = FWO.Api.Data.RequestAction.create.ToString(); + public string RequestAction { get; set; } = Data.RequestAction.create.ToString(); + [JsonProperty("device_id"), JsonPropertyName("device_id")] + public int? DeviceId { get; set; } public RequestReqElementWriter() {} @@ -15,10 +17,8 @@ public RequestReqElementWriter() public RequestReqElementWriter(RequestReqElement element) : base(element) { RequestAction = element.RequestAction; - if(element.Cidr != null) - { - CidrString = element.Cidr.CidrString; - } + DeviceId = element.DeviceId; + IpString = element.Cidr != null && element.Cidr.Valid ? element.Cidr.CidrString : null; } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestReqTask.cs b/roles/lib/files/FWO.Api.Client/Data/RequestReqTask.cs index be86a1d70..0c85fad9b 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestReqTask.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestReqTask.cs @@ -12,22 +12,23 @@ public class RequestReqTask : RequestReqTaskBase public long TicketId { get; set; } [JsonProperty("elements"), JsonPropertyName("elements")] - public List Elements { get; set; } = new List(); + public List Elements { get; set; } = new (); [JsonProperty("implementation_tasks"), JsonPropertyName("implementation_tasks")] - public List ImplementationTasks { get; set; } = new List(); + public List ImplementationTasks { get; set; } = new (); [JsonProperty("request_approvals"), JsonPropertyName("request_approvals")] - public List Approvals { get; set; } = new List(); + public List Approvals { get; set; } = new (); [JsonProperty("owners"), JsonPropertyName("owners")] - public List Owners { get; set; } = new List(); + public List Owners { get; set; } = new (); [JsonProperty("comments"), JsonPropertyName("comments")] - public List Comments { get; set; } = new List(); - - public List RemovedElements { get; set; } = new List(); + public List Comments { get; set; } = new (); + public List RemovedElements { get; set; } = new (); + public List NewOwners { get; set; } = new (); + public List RemovedOwners { get; set; } = new (); public RequestReqTask() { } @@ -42,11 +43,13 @@ public RequestReqTask(RequestReqTask reqtask) : base(reqtask) Owners = reqtask.Owners; Comments = reqtask.Comments; RemovedElements = reqtask.RemovedElements; + NewOwners = reqtask.NewOwners; + RemovedOwners = reqtask.RemovedOwners; } public string OwnerList() { - List ownerNames = new List(); + List ownerNames = new (); foreach(var owner in Owners) { ownerNames.Add(owner.Owner.Name); @@ -67,9 +70,9 @@ public int HighestImplTaskNumber() return highestNumber; } - public List getNwObjectElements(AccessField field) + public List GetNwObjectElements(ElemFieldType field) { - List elements = new List(); + List elements = new (); foreach(var reqElem in Elements) { if (reqElem.Field == field.ToString()) @@ -86,27 +89,45 @@ public List getNwObjectElements(AccessField field) return elements; } - public List getServiceElements() + public List GetServiceElements() { - List elements = new List(); - foreach(var implElem in Elements) + List elements = new (); + foreach(var reqElem in Elements) { - if (implElem.Field == AccessField.service.ToString()) + if (reqElem.Field == ElemFieldType.service.ToString()) { elements.Add( new NwServiceElement() { - ElemId = implElem.Id, - TaskId = implElem.TaskId, - Port = implElem.Port, - ProtoId = implElem.ProtoId, - ServiceId = implElem.ServiceId + ElemId = reqElem.Id, + TaskId = reqElem.TaskId, + Port = reqElem.Port ?? 0, + ProtoId = reqElem.ProtoId ?? 0, + ServiceId = reqElem.ServiceId }); } } return elements; } - public string getAllComments() + public List GetRuleElements() + { + List elements = new (); + foreach(var reqElem in Elements) + { + if (reqElem.Field == ElemFieldType.rule.ToString()) + { + elements.Add( new NwRuleElement() + { + ElemId = reqElem.Id, + TaskId = reqElem.TaskId, + RuleUid = reqElem.RuleUid ?? "" + }); + } + } + return elements; + } + + public string GetAllComments() { string allComments = ""; foreach(var comment in Comments) @@ -117,5 +138,17 @@ public string getAllComments() } return allComments; } + + public int GetRuleDeviceId() + { + foreach(var reqElem in Elements) + { + if (reqElem.Field == ElemFieldType.rule.ToString() && reqElem.DeviceId != null) + { + return (int)reqElem.DeviceId; + } + } + return 0; + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskBase.cs b/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskBase.cs index f3bf8713c..7e1ee017f 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskBase.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskBase.cs @@ -16,11 +16,14 @@ public enum AutoCreateImplTaskOptions public class RequestReqTaskBase : RequestTaskBase { [JsonProperty("request_action"), JsonPropertyName("request_action")] - public string RequestAction { get; set; } = FWO.Api.Data.RequestAction.create.ToString(); + public string RequestAction { get; set; } = Data.RequestAction.create.ToString(); [JsonProperty("reason"), JsonPropertyName("reason")] public string? Reason { get; set; } + [JsonProperty("additional_info"), JsonPropertyName("additional_info")] + public string? AdditionalInfo { get; set; } + [JsonProperty("last_recert_date"), JsonPropertyName("last_recert_date")] public DateTime? LastRecertDate { get; set; } @@ -37,7 +40,7 @@ public string SelectedDevices } } - private List deviceList { get; set; } = new List(); + private List deviceList { get; set; } = new (); public RequestReqTaskBase() @@ -47,6 +50,7 @@ public RequestReqTaskBase(RequestReqTaskBase reqtask) : base(reqtask) { RequestAction = reqtask.RequestAction; Reason = reqtask.Reason; + AdditionalInfo = reqtask.AdditionalInfo; LastRecertDate = reqtask.LastRecertDate; SelectedDevices = reqtask.SelectedDevices; } @@ -56,14 +60,9 @@ public List getDeviceList() return deviceList; } - public void SetDeviceList(int[] devArray) - { - deviceList = devArray.ToList(); - } - public void SetDeviceList(List devList) { - deviceList = new List(); + deviceList = new (); foreach(var dev in devList) { deviceList.Add(dev.Id); diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskWriter.cs b/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskWriter.cs index d0b6f485b..8a51341bf 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskWriter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestReqTaskWriter.cs @@ -6,10 +6,13 @@ namespace FWO.Api.Data public class RequestReqTaskWriter : RequestReqTaskBase { [JsonProperty("elements"), JsonPropertyName("elements")] - public RequestElementDataHelper Elements { get; set; } = new RequestElementDataHelper(); + public RequestElementDataHelper Elements { get; set; } = new (); [JsonProperty("approvals"), JsonPropertyName("approvals")] - public RequestApprovalDataHelper Approvals { get; set; } = new RequestApprovalDataHelper(); + public RequestApprovalDataHelper Approvals { get; set; } = new (); + + [JsonProperty("reqtask_owners"), JsonPropertyName("reqtask_owners")] + public RequestOwnerDataHelper Owners { get; set; } = new (); public RequestReqTaskWriter(RequestReqTask reqtask) : base(reqtask) { @@ -21,18 +24,28 @@ public RequestReqTaskWriter(RequestReqTask reqtask) : base(reqtask) { Approvals.RequestApprovalList.Add(new RequestApprovalWriter(approval)); } + foreach(var owner in reqtask.Owners) + { + Owners.RequestOwnerList.Add(new RequestOwnerWriter(owner.Owner)); + } } } public class RequestElementDataHelper { [JsonProperty("data"), JsonPropertyName("data")] - public List RequestElementList { get; set; } = new List(); + public List RequestElementList { get; set; } = new (); } public class RequestApprovalDataHelper { [JsonProperty("data"), JsonPropertyName("data")] - public List RequestApprovalList { get; set; } = new List(); + public List RequestApprovalList { get; set; } = new (); + } + + public class RequestOwnerDataHelper + { + [JsonProperty("data"), JsonPropertyName("data")] + public List RequestOwnerList { get; set; } = new (); } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestStateAction.cs b/roles/lib/files/FWO.Api.Client/Data/RequestStateAction.cs index 65e1349e7..609a415a9 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestStateAction.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestStateAction.cs @@ -10,7 +10,13 @@ public enum StateActionTypes AddApproval = 2, SetAlert = 5, TrafficPathAnalysis = 6, - ExternalCall = 10 + ExternalCall = 10, + SendEmail = 15, + CreateConnection = 20, + UpdateConnectionOwner = 21, + UpdateConnectionRelease = 22, + DisplayConnection = 23 + // CreateReport = 30 } public enum StateActionEvents @@ -19,7 +25,9 @@ public enum StateActionEvents OnSet = 1, OnLeave = 2, // WhileSet = 3, - OfferButton = 4 + OfferButton = 4, + OwnerChange = 10, + OnAssignment = 15 } public class RequestStateAction @@ -54,6 +62,20 @@ public class RequestStateAction public RequestStateAction() { } + + public static bool IsReadonlyType(string actionTypeString) + { + if( Enum.TryParse(actionTypeString, out StateActionTypes actionType)) + { + return actionType switch + { + StateActionTypes.TrafficPathAnalysis => true, + StateActionTypes.DisplayConnection => true, + _ => false, + }; + } + return false; + } } public class RequestStateActionDataHelper diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestStates.cs b/roles/lib/files/FWO.Api.Client/Data/RequestStates.cs index 6dd5fc313..e25812995 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestStates.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestStates.cs @@ -14,7 +14,7 @@ public class RequestState public string Name { get; set; } = ""; [JsonProperty("actions"), JsonPropertyName("actions")] - public List Actions { get; set; } = new List(); + public List Actions { get; set; } = new (); public RequestState(){} @@ -28,7 +28,7 @@ public RequestState(RequestState state) public string ActionList() { - List actionNames = new List(); + List actionNames = new (); foreach(var action in Actions) { actionNames.Add(action.Action.Name); @@ -39,11 +39,12 @@ public string ActionList() public class RequestStateDict { - public Dictionary Name = new Dictionary(); + public Dictionary Name = new (); public async Task Init(ApiConnection apiConnection) { - List states = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.RequestQueries.getStates); + List states = await apiConnection.SendQueryAsync>(Client.Queries.RequestQueries.getStates); + Name = new (); foreach(var state in states) { Name.Add(state.Id, state.Name); diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestTaskBase.cs b/roles/lib/files/FWO.Api.Client/Data/RequestTaskBase.cs index ba7ad4196..c0607e3ca 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestTaskBase.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestTaskBase.cs @@ -12,7 +12,8 @@ public enum TaskType rule_modify = 4, group_create = 5, group_modify = 6, - group_delete = 7 + group_delete = 7, + new_interface = 11 } public enum RequestAction @@ -33,9 +34,6 @@ public class RequestTaskBase : RequestStatefulObject [JsonProperty("task_type"), JsonPropertyName("task_type")] public string TaskType { get; set; } = FWO.Api.Data.TaskType.access.ToString(); - // [JsonProperty("request_action"), JsonPropertyName("request_action")] - // public string RequestAction { get; set; } = FWO.Api.Data.RequestAction.create.ToString(); - [JsonProperty("rule_action"), JsonPropertyName("rule_action")] public int? RuleAction { get; set; } @@ -75,7 +73,6 @@ public RequestTaskBase(RequestTaskBase reqtask) : base(reqtask) Title = reqtask.Title; TaskNumber = reqtask.TaskNumber; TaskType = reqtask.TaskType; - // RequestAction = reqtask.RequestAction; RuleAction = reqtask.RuleAction; Tracking = reqtask.Tracking; Start = reqtask.Start; diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestTicket.cs b/roles/lib/files/FWO.Api.Client/Data/RequestTicket.cs index cec35483c..16e6aff9e 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestTicket.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestTicket.cs @@ -6,10 +6,10 @@ namespace FWO.Api.Data public class RequestTicket : RequestTicketBase { [JsonProperty("reqtasks"), JsonPropertyName("reqtasks")] - public List Tasks { get; set; } = new List(); + public List Tasks { get; set; } = new (); [JsonProperty("comments"), JsonPropertyName("comments")] - public List Comments { get; set; } = new List(); + public List Comments { get; set; } = new (); public RequestTicket() @@ -50,10 +50,7 @@ public void UpdateCidrStringsInTaskElements() { foreach(RequestReqElement elem in reqtask.Elements) { - if (elem.Cidr != null && elem.Cidr.Valid) - { - elem.CidrString = elem.Cidr.CidrString; - } + elem.IpString = elem.Cidr != null && elem.Cidr.Valid ? elem.Cidr.CidrString : null ; } } } @@ -64,18 +61,18 @@ public void UpdateCidrsInTaskElements() { foreach(RequestReqElement elem in reqtask.Elements) { - if (elem.CidrString != null) + if (elem.IpString != null) { - elem.Cidr = new Cidr(elem.CidrString); + elem.Cidr = new Cidr(elem.IpString); } } foreach(RequestImplTask implTask in reqtask.ImplementationTasks) { foreach(RequestImplElement elem in implTask.ImplElements) { - if (elem.CidrString != null) + if (elem.IpString != null) { - elem.Cidr = new Cidr(elem.CidrString); + elem.Cidr = new Cidr(elem.IpString); } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RequestTicketWriter.cs b/roles/lib/files/FWO.Api.Client/Data/RequestTicketWriter.cs index ceab87a2b..87bf3f54b 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RequestTicketWriter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RequestTicketWriter.cs @@ -7,7 +7,7 @@ public class RequestTicketWriter { [JsonProperty("data"), JsonPropertyName("data")] - public List Tasks { get; set; } = new List(); + public List Tasks { get; set; } = new (); public RequestTicketWriter(RequestTicket ticket) diff --git a/roles/lib/files/FWO.Api.Client/Data/Roles.cs b/roles/lib/files/FWO.Api.Client/Data/Roles.cs new file mode 100644 index 000000000..3eb74d131 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/Roles.cs @@ -0,0 +1,29 @@ +namespace FWO.Api.Data +{ + public struct Roles + { + // General + public const string Anonymous = "anonymous"; + public const string Admin = "admin"; + public const string Auditor = "auditor"; + public const string FwAdmin = "fw-admin"; + + // Rules + public const string Reporter = "reporter"; + public const string ReporterViewAll = "reporter-viewall"; + public const string Recertifier = "recertifier"; + public const string Modeller = "modeller"; + + // Workflow + public const string Requester = "requester"; + public const string Approver = "approver"; + public const string Planner = "planner"; + public const string Implementer = "implementer"; + public const string Reviewer = "reviewer"; + + // Technical + public const string MiddlewareServer = "middleware-server"; + public const string Importer = "importer"; + public const string DbBackup = "dbbackup"; + } +} diff --git a/roles/lib/files/FWO.Api.Client/Data/Rule.cs b/roles/lib/files/FWO.Api.Client/Data/Rule.cs index 300c49593..2e15c8ab1 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Rule.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Rule.cs @@ -17,8 +17,6 @@ public class Rule [JsonProperty("rule_num_numeric"), JsonPropertyName("rule_num_numeric")] public double OrderNumber { get; set; } - public int DisplayOrderNumber { get; set; } - [JsonProperty("rule_name"), JsonPropertyName("rule_name")] public string? Name { get; set; } = ""; @@ -76,9 +74,6 @@ public class Rule [JsonProperty("translate"), JsonPropertyName("translate")] public NatData NatData {get; set;} = new NatData(); - public bool Certified { get; set; } - public string DeviceName { get; set; } = ""; - [JsonProperty("owner_name"), JsonPropertyName("owner_name")] public string OwnerName {get; set;} = ""; @@ -88,6 +83,16 @@ public class Rule [JsonProperty("matches"), JsonPropertyName("matches")] public string IpMatch {get; set;} = ""; + [JsonProperty("dev_id"), JsonPropertyName("dev_id")] + public int DeviceId { get; set; } + + [JsonProperty("rule_custom_fields"), JsonPropertyName("rule_custom_fields")] + public string CustomFields { get; set; } = ""; + + + public int DisplayOrderNumber { get; set; } + public bool Certified { get; set; } + public string DeviceName { get; set; } = ""; } } diff --git a/roles/lib/files/FWO.Api.Client/Data/RuleMetadata.cs b/roles/lib/files/FWO.Api.Client/Data/RuleMetadata.cs index 43ca4c17e..b9445824e 100644 --- a/roles/lib/files/FWO.Api.Client/Data/RuleMetadata.cs +++ b/roles/lib/files/FWO.Api.Client/Data/RuleMetadata.cs @@ -35,6 +35,18 @@ public class RuleMetadata [JsonProperty("rule_recertification_comment"), JsonPropertyName("rule_recertification_comment")] public string Comment { get; set; } = ""; + [JsonProperty("recertification"), JsonPropertyName("recertification")] + public List RuleRecertification { get; set; } = new List(); + + [JsonProperty("recert_history"), JsonPropertyName("recert_history")] + public List RecertHistory { get; set; } = new List(); + + [JsonProperty("dev_id"), JsonPropertyName("dev_id")] + public int DeviceId { get; set; } + + [JsonProperty("rule_uid"), JsonPropertyName("rule_uid")] + public string? Uid { get; set; } = ""; + public DateTime NextRecert { get; set; } public string LastCertifierName { get; set; } = ""; @@ -44,6 +56,10 @@ public class RuleMetadata public string Style { get; set; } = ""; + + + + public void UpdateRecertPeriods(int recertificationPeriod, int recertificationNoticePeriod) { diff --git a/roles/lib/files/FWO.Api.Client/Data/Sanitizer.cs b/roles/lib/files/FWO.Api.Client/Data/Sanitizer.cs index 523b362ce..5af092008 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Sanitizer.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Sanitizer.cs @@ -28,7 +28,7 @@ public static string SanitizeMand(string input, ref bool shortened) // Ldap names: more restrictive due to Ldap restrictions. Chars not allowed (would have to be escaped in Dn): +;,\"<># public static string SanitizeLdapNameMand(string input, ref bool shortened) { - string output = Regex.Replace(input, @"[^\w\.\*\-\:\?@/\(\)]", "").Trim(); + string output = Regex.Replace(input, @"[^\w\.\*\-\:\?@/\(\) ]", "").Trim(); if(output.Length < input.Length) { shortened = true; @@ -49,7 +49,7 @@ public static string SanitizeLdapNameMand(string input, ref bool shortened) // Ldap path (Dn): Additionally needed on top of Ldap names chars: =, public static string SanitizeLdapPathMand(string input, ref bool shortened) { - string output = Regex.Replace(input, @"[^\w\.\*\-\:\?@/\(\)\=\,]", "").Trim(); + string output = Regex.Replace(input, @"[^\w\.\*\-\:\?@/\(\)\=\, ]", "").Trim(); if(output.Length < input.Length) { shortened = true; @@ -99,6 +99,15 @@ public static string SanitizeKeyMand(string input, ref bool shortened) return output; } + public static string? SanitizeKeyOpt(string? input, ref bool shortened) + { + if (input != null) + { + return SanitizeKeyMand(input, ref shortened); + } + else return null; + } + // Comments may contain everything but quotes (EOL chars are allowed) public static string? SanitizeCommentOpt(string? input, ref bool shortened) { @@ -127,14 +136,24 @@ public static string SanitizeCommentMand(string input, ref bool shortened) return output; } - public static string? SanitizeKeyOpt(string? input, ref bool shortened) + // Cidrs may contain Numbers[a-f]:./ + public static string SanitizeCidrMand(string input, ref bool shortened) + { + string output = Regex.Replace(input, @"[^a-fA-F0-9\.\:/]", "").Trim(); + if(output.Length < input.Length) + { + shortened = true; + } + return output; + } + + public static string? SanitizeCidrOpt(string? input, ref bool shortened) { if (input != null) { - return SanitizeKeyMand(input, ref shortened); + return SanitizeCidrMand(input, ref shortened); } else return null; } - } } diff --git a/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs b/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs index 3d6d08d94..097279f46 100644 --- a/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs +++ b/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs @@ -1,4 +1,5 @@ using FWO.Api.Client.Queries; +using FWO.GlobalConstants; using FWO.Api.Data; using System.Text.Json.Serialization; using Newtonsoft.Json; @@ -19,10 +20,10 @@ public enum WorkflowPhases public class StateMatrix { [JsonProperty("matrix"), JsonPropertyName("matrix")] - public Dictionary> Matrix { get; set; } = new Dictionary>(); + public Dictionary> Matrix { get; set; } = new (); [JsonProperty("derived_states"), JsonPropertyName("derived_states")] - public Dictionary DerivedStates { get; set; } = new Dictionary(); + public Dictionary DerivedStates { get; set; } = new (); [JsonProperty("lowest_input_state"), JsonPropertyName("lowest_input_state")] public int LowestInputState { get; set; } @@ -42,7 +43,7 @@ public class StateMatrix public async Task Init(WorkflowPhases phase, ApiConnection apiConnection, TaskType taskType = TaskType.master) { - GlobalStateMatrix glbStateMatrix = new GlobalStateMatrix(); + GlobalStateMatrix glbStateMatrix = new (); await glbStateMatrix.Init(apiConnection, taskType); Matrix = glbStateMatrix.GlobalMatrix[phase].Matrix; DerivedStates = glbStateMatrix.GlobalMatrix[phase].DerivedStates; @@ -61,14 +62,22 @@ public async Task Init(WorkflowPhases phase, ApiConnection apiConnection, TaskTy MinImplTasksNeeded = glbStateMatrix.GlobalMatrix[WorkflowPhases.implementation].LowestInputState; } - public List getAllowedTransitions(int stateIn) + public bool getNextActivePhase(ref WorkflowPhases phase) { - List statesOut = new List(); - if(Matrix.ContainsKey(stateIn)) + foreach (var tmpPhase in PhaseActive) { - statesOut = Matrix[stateIn]; + if (tmpPhase.Key > phase && tmpPhase.Value) + { + phase = tmpPhase.Key; + return true; + } } - return statesOut; + return false; + } + + public List getAllowedTransitions(int stateIn) + { + return Matrix.ContainsKey(stateIn) ? Matrix[stateIn] : new (); } public int getDerivedStateFromSubStates(List statesIn) @@ -147,10 +156,11 @@ public int getDerivedStateFromSubStates(List statesIn) return stateOut; } } + public class GlobalStateMatrix { [JsonProperty("config_value"), JsonPropertyName("config_value")] - public Dictionary GlobalMatrix { get; set; } = new Dictionary(); + public Dictionary GlobalMatrix { get; set; } = new (); public async Task Init(ApiConnection apiConnection, TaskType taskType = TaskType.master, bool reset = false) @@ -165,6 +175,7 @@ public async Task Init(ApiConnection apiConnection, TaskType taskType = TaskType TaskType.group_create => "reqGrpCreStateMatrix", TaskType.group_modify => "reqGrpModStateMatrix", TaskType.group_delete => "reqGrpDelStateMatrix", + TaskType.new_interface => "reqNewIntStateMatrix", _ => throw new Exception($"Error: wrong task type:" + taskType.ToString()), }; diff --git a/roles/lib/files/FWO.Api.Client/Data/Tenant.cs b/roles/lib/files/FWO.Api.Client/Data/Tenant.cs index 0ade5f786..cac204232 100644 --- a/roles/lib/files/FWO.Api.Client/Data/Tenant.cs +++ b/roles/lib/files/FWO.Api.Client/Data/Tenant.cs @@ -1,6 +1,8 @@ using System.Text.Json.Serialization; using Newtonsoft.Json; using FWO.Middleware.RequestParameters; +using FWO.Api.Client; +using FWO.Api.Client.Queries; namespace FWO.Api.Data { @@ -25,16 +27,24 @@ public class Tenant public bool Superadmin { get; set; } // curently not in use [JsonProperty("tenant_to_devices"), JsonPropertyName("tenant_to_devices")] - public TenantDevice[] TenantDevices { get; set; } // TODO: Replace with Device[] (probably not possible) + public TenantGateway[] TenantGateways { get; set; } // TODO: Replace with Device[] (probably not possible) + + [JsonProperty("tenant_to_managements"), JsonPropertyName("tenant_to_managements")] + public TenantManagement[] TenantManagements { get; set; } + + public int[] VisibleGatewayIds { get; set; } = []; + public int[] VisibleManagementIds { get; set; } = []; + + public TenantViewManagement[] TenantVisibleManagements { get; set; } = []; + public TenantViewGateway[] TenantVisibleGateways { get; set; } = []; - public int[] VisibleDevices { get; set; } // TODO: Remove later (probably not possible) - public int[] VisibleManagements { get; set; } // TODO: Remove later (probably not possible) public Tenant() { - TenantDevices = new TenantDevice[]{}; - VisibleDevices = new int[]{}; - VisibleManagements = new int[]{}; + TenantGateways = []; + TenantManagements = []; + VisibleGatewayIds = []; + VisibleManagementIds = []; } public Tenant(Tenant tenant) @@ -44,10 +54,21 @@ public Tenant(Tenant tenant) Comment = tenant.Comment; Project = tenant.Project; ViewAllDevices = tenant.ViewAllDevices; - // Superadmin = tenant.Superadmin; - TenantDevices = tenant.TenantDevices; - VisibleDevices = tenant.VisibleDevices; - VisibleManagements = tenant.VisibleManagements; + TenantGateways = tenant.TenantGateways; + TenantManagements = tenant.TenantManagements; + + if (tenant.TenantGateways != null) + { + foreach (TenantGateway gateway in tenant.TenantGateways) + { + VisibleGatewayIds = VisibleGatewayIds.Concat([gateway.VisibleGateway.Id]).ToArray(); + } + } + else + { + TenantGateways = []; + VisibleGatewayIds = []; + } } public Tenant(TenantGetReturnParameters tenantGetParameters) @@ -57,30 +78,14 @@ public Tenant(TenantGetReturnParameters tenantGetParameters) Comment = tenantGetParameters.Comment; Project = tenantGetParameters.Project; ViewAllDevices = tenantGetParameters.ViewAllDevices; - // Superadmin = tenantGetParameters.Superadmin; - List deviceList = new List(); - if (tenantGetParameters.Devices != null) - { - foreach(TenantViewDevice apiDevice in tenantGetParameters.Devices) - { - Device visibleDevice = new Device(){Id = apiDevice.Id, Name = apiDevice.Name}; - deviceList.Add(new TenantDevice(){VisibleDevice = visibleDevice}); - } - } - TenantDevices = deviceList.ToArray(); - VisibleDevices = new int[]{}; - VisibleManagements = new int[]{}; - } + List deviceList = []; - public string DeviceList() - { - List deviceList = new List(); - foreach (TenantDevice device in TenantDevices) + foreach(int id in VisibleGatewayIds) { - if (device.VisibleDevice.Name != null) - deviceList.Add(device.VisibleDevice.Name); + TenantVisibleGateways.Append(new TenantViewGateway(id, "", true)); } - return string.Join(", ", deviceList); + + TenantVisibleGateways = deviceList.ToArray(); } public bool Sanitize() @@ -94,26 +99,58 @@ public bool Sanitize() public TenantGetReturnParameters ToApiParams() { - TenantGetReturnParameters tenantGetParams = new TenantGetReturnParameters + TenantGetReturnParameters tenantGetParams = new() { Id = this.Id, Name = this.Name, Comment = this.Comment, Project = this.Project, ViewAllDevices = this.ViewAllDevices, - // Superadmin = this.Superadmin, - Devices = new List() + VisibleGateways = [], + VisibleManagements = [], + SharedGateways = [], + UnfilteredGateways = [], + SharedManagements = [], + UnfilteredManagements = [] }; - foreach (TenantDevice device in TenantDevices) + + if (TenantGateways != null) + { + foreach (var gateway in TenantGateways) + { + tenantGetParams.VisibleGateways.Add(new TenantViewGateway(gateway.VisibleGateway.Id, gateway.VisibleGateway.Name != null ? gateway.VisibleGateway.Name : "")); + if (gateway.Shared) + { + tenantGetParams.SharedGateways.Add(new TenantViewGateway(gateway.VisibleGateway.Id, gateway.VisibleGateway.Name != null ? gateway.VisibleGateway.Name : "")); + } + else + { + tenantGetParams.UnfilteredGateways.Add(new TenantViewGateway(gateway.VisibleGateway.Id, gateway.VisibleGateway.Name != null ? gateway.VisibleGateway.Name : "", false)); + } + } + } + + if (TenantManagements != null) { - tenantGetParams.Devices.Add(new TenantViewDevice(){ Id = device.VisibleDevice.Id, Name = (device.VisibleDevice.Name != null ? device.VisibleDevice.Name : "")}); + foreach (var mgm in TenantManagements) + { + tenantGetParams.VisibleManagements.Add(new TenantViewManagement(mgm.VisibleManagement.Id, mgm.VisibleManagement.Name != null ? mgm.VisibleManagement.Name : "")); + if (mgm.Shared) + { + tenantGetParams.SharedManagements.Add(new TenantViewManagement(mgm.VisibleManagement.Id, mgm.VisibleManagement.Name != null ? mgm.VisibleManagement.Name : "")); + } + else + { + tenantGetParams.UnfilteredManagements.Add(new TenantViewManagement(mgm.VisibleManagement.Id, mgm.VisibleManagement.Name != null ? mgm.VisibleManagement.Name : "")); + } + } } return tenantGetParams; } public TenantEditParameters ToApiUpdateParams() { - TenantEditParameters tenantUpdateParams = new TenantEditParameters + TenantEditParameters tenantUpdateParams = new() { Id = this.Id, Comment = this.Comment, @@ -122,11 +159,51 @@ public TenantEditParameters ToApiUpdateParams() }; return tenantUpdateParams; } + + public static async Task GetSingleTenant(ApiConnection conn, int tenantId) + { + Tenant[] tenants = []; + tenants = await conn.SendQueryAsync(AuthQueries.getTenants, new { tenant_id = tenantId }); + if (tenants.Length > 0) + { + return tenants[0]; + } + else + { + return null; + } + } + + // the following method adds device visibility information to a tenant (fetched from API) + public async Task AddDevices(ApiConnection conn) + { + var tenIdObj = new { tenantId = Id }; + + Device[] deviceIds = await conn.SendQueryAsync(AuthQueries.getVisibleDeviceIdsPerTenant, tenIdObj, "getVisibleDeviceIdsPerTenant"); + VisibleGatewayIds = Array.ConvertAll(deviceIds, device => device.Id); + + Management[] managementIds = await conn.SendQueryAsync(AuthQueries.getVisibleManagementIdsPerTenant, tenIdObj, "getVisibleManagementIdsPerTenant"); + VisibleManagementIds = Array.ConvertAll(managementIds, management => management.Id); + } + } - public class TenantDevice + public class TenantGateway { [JsonProperty("device"), JsonPropertyName("device")] - public Device VisibleDevice { get; set; } = new Device(); + public Device VisibleGateway { get; set; } = new Device(); + + [JsonProperty("shared"), JsonPropertyName("shared")] + public bool Shared { get; set; } = false; } + + public class TenantManagement + { + [JsonProperty("management"), JsonPropertyName("management")] + public Management VisibleManagement { get; set; } = new Management(); + + [JsonProperty("shared"), JsonPropertyName("shared")] + public bool Shared { get; set; } = false; + } + } diff --git a/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs new file mode 100644 index 000000000..44c7fedcf --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs @@ -0,0 +1,30 @@ +using System.Text.Json.Serialization; +using FWO.GlobalConstants; +using Newtonsoft.Json; + +namespace FWO.Api.Data +{ + public class TenantFilter + { + [JsonProperty("is_active"), JsonPropertyName("is_active")] + public bool IsActive { get; set; } = false; + + [JsonProperty("tenant_id"), JsonPropertyName("tenant_id")] + public int TenantId { get; set; } + + public TenantFilter() + {} + + public TenantFilter(TenantFilter tenantFilter) + { + IsActive = tenantFilter.IsActive; + TenantId = tenantFilter.TenantId; + } + + public TenantFilter(Tenant? tenant) + { + IsActive = tenant?.Id > GlobalConst.kTenant0Id; + TenantId = tenant?.Id ?? 0; + } + } +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Api.Client/Data/TimeFilter.cs b/roles/lib/files/FWO.Api.Client/Data/TimeFilter.cs index aff383137..984ab155f 100644 --- a/roles/lib/files/FWO.Api.Client/Data/TimeFilter.cs +++ b/roles/lib/files/FWO.Api.Client/Data/TimeFilter.cs @@ -3,6 +3,28 @@ namespace FWO.Api.Data { + public enum TimeRangeType + { + Shortcut = 0, + Interval = 1, + Fixeddates = 2 + } + + public class TimeRangeShortcuts + { + // of course an enum would be better, but there are already values with blanks in the database + public static List Ranges = new List + { + "this year", + "last year", + "this month", + "last month", + "this week", + "last week", + "today", + "yesterday" + }; + } public class TimeFilter { @@ -40,11 +62,4 @@ public class TimeFilter [JsonProperty("open_end"), JsonPropertyName("open_end")] public bool OpenEnd { get; set; } = false; } - - public enum TimeRangeType - { - Shortcut = 0, - Interval = 1, - Fixeddates = 2 - } } diff --git a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs index 34e688550..d89cee123 100644 --- a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs +++ b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs @@ -1,6 +1,7 @@ using System.Text.Json.Serialization; using Newtonsoft.Json; using FWO.Middleware.RequestParameters; +using FWO.Encryption; namespace FWO.Api.Data { @@ -14,7 +15,7 @@ public string Name get { // for compatibility: take hostname if not filled - return ((name != null && name != "") ? name : Host()); + return (name != null && name != "") ? name : Host(); } set { @@ -22,18 +23,12 @@ public string Name } } - public string TenantIdAsString - { - get => TenantId?.ToString()?? "null"; - set => TenantId = value == "null" ? null : int.Parse(value); - } - public UiLdapConnection() {} public UiLdapConnection(LdapGetUpdateParameters ldapGetUpdateParameters) : base(ldapGetUpdateParameters) { - Name = (ldapGetUpdateParameters.Name != null ? ldapGetUpdateParameters.Name : ""); + Name = ldapGetUpdateParameters.Name ?? ""; } public UiLdapConnection(UiLdapConnection ldapConnection) diff --git a/roles/lib/files/FWO.Api.Client/Data/UiUser.cs b/roles/lib/files/FWO.Api.Client/Data/UiUser.cs index e3889fb57..8560fb44b 100644 --- a/roles/lib/files/FWO.Api.Client/Data/UiUser.cs +++ b/roles/lib/files/FWO.Api.Client/Data/UiUser.cs @@ -20,6 +20,12 @@ public class UiUser [JsonProperty("uiuser_email"), JsonPropertyName("uiuser_email")] public string? Email { get; set; } + [JsonProperty("uiuser_first_name"), JsonPropertyName("uiuser_first_name")] + public string? Firstname { get; set; } + + [JsonProperty("uiuser_last_name"), JsonPropertyName("uiuser_last_name")] + public string? Lastname { get; set; } + [JsonProperty("tenant"), JsonPropertyName("tenant")] public Tenant? Tenant { get; set;} @@ -38,13 +44,11 @@ public class UiUser [JsonProperty("ldap_connection"), JsonPropertyName("ldap_connection")] public UiLdapConnection LdapConnection { get; set;} = new UiLdapConnection(); - public string DefaultRole { get; set; } = ""; - - public List Roles { get; set; } = new List(); - public string Jwt { get; set; } = ""; + public List Roles { get; set; } = new(); + public List Groups { get; set; } = new(); + public List Ownerships { get; set; } = new(); - public List Groups { get; set; } = new List(); public UiUser() { @@ -62,10 +66,13 @@ public UiUser(UiUser user) Tenant = new Tenant(user.Tenant); } Password = user.Password; + Firstname = user.Firstname; + Lastname = user.Lastname; Email = user.Email; Language = user.Language; Groups = user.Groups; Roles = user.Roles; + Ownerships = user.Ownerships; if (user.LdapConnection != null) { LdapConnection = new UiLdapConnection(user.LdapConnection); @@ -78,6 +85,8 @@ public UiUser(UserGetReturnParameters userGetReturnParameters) DbId = userGetReturnParameters.UserId; Dn = userGetReturnParameters.UserDn; Email = userGetReturnParameters.Email; + Firstname = userGetReturnParameters.Firstname; + Lastname = userGetReturnParameters.Lastname; if (userGetReturnParameters.TenantId != 0) { Tenant = new Tenant(){Id = userGetReturnParameters.TenantId}; @@ -99,6 +108,8 @@ public bool Sanitize() bool shortened = false; Name = Sanitizer.SanitizeLdapNameMand(Name, ref shortened); Email = Sanitizer.SanitizeOpt(Email, ref shortened); + Firstname = Sanitizer.SanitizeOpt(Firstname, ref shortened); + Lastname = Sanitizer.SanitizeOpt(Lastname, ref shortened); Password = Sanitizer.SanitizePasswMand(Password, ref shortened); return shortened; } @@ -111,7 +122,9 @@ public UserGetReturnParameters ToApiParams() UserId = this.DbId, UserDn = this.Dn, Email = this.Email, - TenantId = (this.Tenant != null ? this.Tenant.Id : 0), + Firstname = this.Firstname, + Lastname = this.Lastname, + TenantId = this.Tenant != null ? this.Tenant.Id : 0, Language = this.Language, LastLogin = this.LastLogin, LastPasswordChange = this.LastPasswordChange, @@ -119,5 +132,15 @@ public UserGetReturnParameters ToApiParams() LdapId = this.LdapConnection.Id }; } + + public string RoleList() + { + return string.Join(", ", Roles); + } + + public string GroupList() + { + return string.Join(", ", Groups); + } } } diff --git a/roles/lib/files/FWO.Api.Client/Data/UnusedFilter.cs b/roles/lib/files/FWO.Api.Client/Data/UnusedFilter.cs new file mode 100644 index 000000000..83d65ed9b --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Data/UnusedFilter.cs @@ -0,0 +1,8 @@ +namespace FWO.Api.Data +{ + public class UnusedFilter + { + public int UnusedForDays = int.MaxValue; + public int CreationTolerance = 0; + } +} diff --git a/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj b/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj index 9c9e77b1e..cb71a32d9 100644 --- a/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj +++ b/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj @@ -1,23 +1,24 @@  - net6.0 + net8.0 enable enable - - - - - + + + + + + diff --git a/roles/lib/files/FWO.Api.Client/GraphQlApiConnection.cs b/roles/lib/files/FWO.Api.Client/GraphQlApiConnection.cs index 1a4dd93e5..ad810a806 100644 --- a/roles/lib/files/FWO.Api.Client/GraphQlApiConnection.cs +++ b/roles/lib/files/FWO.Api.Client/GraphQlApiConnection.cs @@ -2,7 +2,6 @@ using System.Net.Http; using System.Text.Json; using System.Threading.Tasks; -using FWO.Logging; using GraphQL; using GraphQL.Client.Http; using GraphQL.Client.Serializer.SystemTextJson; @@ -12,6 +11,7 @@ using System.Net.WebSockets; using System.Net.Security; using Newtonsoft.Json.Linq; +using FWO.Logging; namespace FWO.Api.Client { @@ -23,6 +23,7 @@ public class GraphQlApiConnection : ApiConnection private GraphQLHttpClient graphQlClient; private string? jwt; + private string prevRole = ""; private void Initialize(string ApiServerUri) { @@ -72,6 +73,39 @@ public override void SetRole(string role) graphQlClient.HttpClient.DefaultRequestHeaders.Add("x-hasura-role", role); } + public override void SetProperRole(System.Security.Claims.ClaimsPrincipal user, List targetRoleList) + { + try + { + prevRole = graphQlClient.HttpClient.DefaultRequestHeaders.GetValues("x-hasura-role")?.First() ?? ""; + } + catch(Exception){} + + // first look if user is already in one of the target roles + foreach(string role in targetRoleList) + { + if (user.IsInRole(role)) + { + SetRole(role); + return; + } + } + // now look if user has a target role as allowed role + foreach(string role in targetRoleList) + { + if(user.Claims.FirstOrDefault(claim => claim.Type == "x-hasura-allowed-roles" && claim.Value == role) != null) + { + SetRole(role); + return; + } + } + } + + public override void SwitchBack() + { + SetRole(prevRole); + } + /// /// Sends an APICall (query, mutation) /// NB: SendQueryAsync always returns an array of objects (even if the result is a single element) @@ -141,12 +175,12 @@ public override async Task SendQueryAsync( } } - public override ApiSubscription GetSubscription(Action exceptionHandler, ApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null) + public override GraphQlApiSubscription GetSubscription(Action exceptionHandler, GraphQlApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null) { try { GraphQLRequest request = new GraphQLRequest(subscription, variables, operationName); - return new ApiSubscription(this, graphQlClient, request, exceptionHandler, subscriptionUpdateHandler); + return new GraphQlApiSubscription(this, graphQlClient, request, exceptionHandler, subscriptionUpdateHandler); } catch (Exception exception) { @@ -154,5 +188,13 @@ public override ApiSubscription GetSubscription : ApiSubscription, IDisposable + { + public delegate void SubscriptionUpdate(SubscriptionResponseType reponse); + public event SubscriptionUpdate OnUpdate; + + private IObservable> subscriptionStream; + private IDisposable subscription; + private readonly GraphQLHttpClient graphQlClient; + private readonly GraphQLRequest request; + private readonly Action internalExceptionHandler; + + public GraphQlApiSubscription(ApiConnection apiConnection, GraphQLHttpClient graphQlClient, GraphQLRequest request, Action exceptionHandler, SubscriptionUpdate OnUpdate) + { + this.OnUpdate = OnUpdate; + this.graphQlClient = graphQlClient; + this.request = request; + + // handle subscription terminating exceptions + internalExceptionHandler = (Exception exception) => + { + // Case: Jwt expired + if (exception.Message.Contains("JWTExpired")) + { + // Quit subscription by throwing exception. + // This does NOT lead to a real thrown exception within the application but is instead handled by the graphql library + throw exception; + } + exceptionHandler(exception); + }; + + CreateSubscription(); + + apiConnection.OnAuthHeaderChanged += ApiConnectionOnAuthHeaderChanged; + } + + private void CreateSubscription() + { + Log.WriteDebug("API", $"Creating API subscription {request.OperationName}."); + subscriptionStream = graphQlClient.CreateSubscriptionStream(request, internalExceptionHandler); + Log.WriteDebug("API", "API subscription created."); + + subscription = subscriptionStream.Subscribe(response => + { + if (ApiConstants.UseSystemTextJsonSerializer) + { + JsonElement.ObjectEnumerator responseObjectEnumerator = response.Data.EnumerateObject(); + responseObjectEnumerator.MoveNext(); + SubscriptionResponseType returnValue = JsonSerializer.Deserialize(responseObjectEnumerator.Current.Value.GetRawText()) ?? + throw new Exception($"Could not convert result from Json to {nameof(SubscriptionResponseType)}.\nJson: {responseObjectEnumerator.Current.Value.GetRawText()}"); ; + OnUpdate(returnValue); + } + else + { + try + { + // If repsonse.Data == null -> Jwt expired - connection was closed + // Leads to this method getting called again + if (response.Data == null) + { + // Terminate subscription + subscription.Dispose(); + } + else + { + JObject data = (JObject)response.Data; + JProperty prop = (JProperty)(data.First ?? throw new Exception($"Could not retrieve unique result attribute from Json.\nJson: {response.Data}")); + JToken result = prop.Value; + SubscriptionResponseType returnValue = result.ToObject() ?? throw new Exception($"Could not convert result from Json to {typeof(SubscriptionResponseType)}.\nJson: {response.Data}"); + OnUpdate(returnValue); + } + } + catch (Exception ex) + { + Log.WriteError("GraphQL Subscription", "Subscription lead to exception", ex); + throw; + } + } + }); + } + + private void ApiConnectionOnAuthHeaderChanged(object? sender, string jwt) + { + subscription.Dispose(); + CreateSubscription(); + } + + protected override void Dispose(bool disposing) + { + if (disposing) + { + subscription.Dispose(); + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/JsonCustomConverters.cs b/roles/lib/files/FWO.Api.Client/JsonCustomConverters.cs new file mode 100644 index 000000000..06dd7624f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/JsonCustomConverters.cs @@ -0,0 +1,82 @@ +using NetTools; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.Linq; +using System.Net; +using System.Text; +using System.Text.Json.Nodes; +using System.Threading.Tasks; + +namespace FWO.Api.Client +{ + public class WrapperConverter : JsonConverter + { + private readonly string wrappedObjectName = ""; + + public WrapperConverter(string wrappedObjectName) + { + this.wrappedObjectName = wrappedObjectName; + } + + public override bool CanConvert(Type objectType) => typeof(ValueType).IsAssignableFrom(objectType); + + public override object? ReadJson(JsonReader reader, Type objectType, object? existingValue, JsonSerializer serializer) + { + // Load the JSON as a JObject + JObject jsonObject = JObject.Load(reader); + + // Check if the "wrappedObjectName" property exists + if (jsonObject.TryGetValue(wrappedObjectName, out JToken? wrappedObjectToken)) + { + // Deserialize the wrapped object + return wrappedObjectToken.ToObject(serializer); + } + + // Deserialize the wrapper object otherwise + return jsonObject.ToObject(serializer); + } + + public override void WriteJson(JsonWriter writer, object? value, JsonSerializer serializer) + { + // Wrap the object with a property named "wrappedObjectName" + JObject jsonObject = new JObject + { + { wrappedObjectName, value == null ? null : JToken.FromObject(value, serializer) } + }; + + // Write the JSON + jsonObject.WriteTo(writer); + } + } + + public class IpAddressRangeJsonTypeConverter : JsonConverter + { + public override IPAddressRange ReadJson(JsonReader reader, Type objectType, IPAddressRange? existingValue, bool hasExistingValue, JsonSerializer serializer) + { + // Load the JSON as a JObject + JObject jsonObject = JObject.Load(reader); + // Deserialize the IP address range based on the properties ip_range_start and ip_range_end + IPAddress start = IPAddress.Parse((jsonObject.GetValue("ip_range_start")?.ToObject() ?? throw new ArgumentNullException("ip_range_start")).Replace("/32", "")); + IPAddress end = IPAddress.Parse((jsonObject.GetValue("ip_range_end")?.ToObject() ?? throw new ArgumentNullException("ip_range_start")).Replace("/32", "")); + return new IPAddressRange(start, end); + } + + public override void WriteJson(JsonWriter writer, IPAddressRange? value, JsonSerializer serializer) + { + if (value != null) + { + // Create a JSON JObject + JObject result = new JObject + { + { "ip_range_start", value.Begin.ToString() }, + { "ip_range_end", value.Begin.ToString() } + }; + + result.WriteTo(writer); + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/JsonStringConverter.cs b/roles/lib/files/FWO.Api.Client/JsonStringConverter.cs deleted file mode 100644 index 06d64253c..000000000 --- a/roles/lib/files/FWO.Api.Client/JsonStringConverter.cs +++ /dev/null @@ -1,79 +0,0 @@ -using FWO.Api.Data; -using Newtonsoft.Json; -using Newtonsoft.Json.Serialization; -using System; -using System.Collections.Generic; -using System.ComponentModel; -using System.Globalization; -using System.Linq; -using System.Text; -using System.Threading.Tasks; - -namespace FWO.Api.Client -{ - public class JsonStringConverter : TypeConverter - { - public override bool CanConvertFrom(ITypeDescriptorContext? context, Type sourceType) - { - return sourceType == typeof(string) || base.CanConvertFrom(context, sourceType); - } - - public override object? ConvertFrom(ITypeDescriptorContext? context, CultureInfo? culture, object value) - { - if (value is string stringValue) - { - return JsonConvert.DeserializeObject(stringValue); - } - else - { - return base.ConvertFrom(context, culture, value); - } - } - - public override object? ConvertTo(ITypeDescriptorContext? context, CultureInfo? culture, object? value, Type destinationType) - { - if (destinationType == null || destinationType == typeof(string)) - { - return JsonConvert.SerializeObject(value); - } - else - { - return base.ConvertTo(context, culture, value, destinationType); - } - } - } - - public class NoTypeConverterJsonConverter : JsonConverter - { - static readonly IContractResolver resolver = new NoTypeConverterContractResolver(); - - class NoTypeConverterContractResolver : DefaultContractResolver - { - protected override JsonContract CreateContract(Type objectType) - { - if (typeof(T).IsAssignableFrom(objectType)) - { - var contract = this.CreateObjectContract(objectType); - contract.Converter = null; // Also null out the converter to prevent infinite recursion. - return contract; - } - return base.CreateContract(objectType); - } - } - - public override bool CanConvert(Type objectType) - { - return typeof(T).IsAssignableFrom(objectType); - } - - public override object? ReadJson(JsonReader reader, Type objectType, object? existingValue, JsonSerializer serializer) - { - return JsonSerializer.CreateDefault(new JsonSerializerSettings { ContractResolver = resolver }).Deserialize(reader, objectType); - } - - public override void WriteJson(JsonWriter writer, object? value, JsonSerializer serializer) - { - JsonSerializer.CreateDefault(new JsonSerializerSettings { ContractResolver = resolver }).Serialize(writer, value); - } - } -} diff --git a/roles/lib/files/FWO.Api.Client/Queries/AuthQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/AuthQueries.cs index 8a9eb76c2..9cd7e9c5c 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/AuthQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/AuthQueries.cs @@ -12,19 +12,30 @@ public class AuthQueries : Queries public static readonly string updateTenant; public static readonly string deleteTenant; public static readonly string addDeviceToTenant; - public static readonly string deleteDeviceFromTenant; + public static readonly string addTenantToManagement; + public static readonly string addTenantToGateway; + public static readonly string deleteAllGatewaysOfTenant; + public static readonly string deleteAllManagementsOfTenant; + public static readonly string getVisibleDeviceIdsPerTenant; + public static readonly string getVisibleManagementIdsPerTenant; + public static readonly string getUnfilteredDeviceIdsPerTenant; + public static readonly string getUnfilteredManagementIdsPerTenant; + public static readonly string getTenantNetworks; + public static readonly string addTenantNetwork; + public static readonly string deleteTenantNetwork; + public static readonly string getUsers; + public static readonly string getUserEmails; public static readonly string getUserByDn; public static readonly string getUserByDbId; - public static readonly string addUser; + public static readonly string upsertUiUser; public static readonly string updateUserEmail; public static readonly string updateUserLanguage; public static readonly string updateUserLastLogin; public static readonly string updateUserPasswordChange; public static readonly string deleteUser; public static readonly string assertUserExists; - public static readonly string getVisibleDeviceIdsPerTenant; - public static readonly string getVisibleManagementIdsPerTenant; + public static readonly string getLdapConnections; public static readonly string getAllLdapConnections; public static readonly string getLdapConnectionsSubscription; @@ -42,22 +53,31 @@ static AuthQueries() updateTenant = File.ReadAllText(QueryPath + "auth/updateTenant.graphql"); deleteTenant = File.ReadAllText(QueryPath + "auth/deleteTenant.graphql"); addDeviceToTenant = File.ReadAllText(QueryPath + "auth/addDeviceToTenant.graphql"); - deleteDeviceFromTenant = File.ReadAllText(QueryPath + "auth/deleteDeviceFromTenant.graphql"); - getVisibleDeviceIdsPerTenant = File.ReadAllText(QueryPath + "auth/getVisibleDeviceIdsPerTenant.graphql"); - getVisibleManagementIdsPerTenant = File.ReadAllText(QueryPath + "auth/getVisibleManagementIdsPerTenant.graphql"); - getLdapConnections = File.ReadAllText(QueryPath + "auth/getLdapConnections.graphql"); - getAllLdapConnections = File.ReadAllText(QueryPath + "auth/getAllLdapConnections.graphql"); - getLdapConnectionsSubscription = File.ReadAllText(QueryPath + "auth/getLdapConnectionsSubscription.graphql"); + addTenantToManagement = File.ReadAllText(QueryPath + "auth/addTenantToManagement.graphql"); + addTenantToGateway = File.ReadAllText(QueryPath + "auth/addTenantToGateway.graphql"); + deleteAllGatewaysOfTenant = File.ReadAllText(QueryPath + "auth/deleteAllGatewaysOfTenant.graphql"); + deleteAllManagementsOfTenant = File.ReadAllText(QueryPath + "auth/deleteAllManagementsOfTenant.graphql"); + getVisibleDeviceIdsPerTenant = File.ReadAllText(QueryPath + "auth/getTenantVisibleDeviceIds.graphql"); + getVisibleManagementIdsPerTenant = File.ReadAllText(QueryPath + "auth/getTenantVisibleManagementIds.graphql"); + getTenantNetworks = File.ReadAllText(QueryPath + "auth/getTenantNetworks.graphql"); + addTenantNetwork = File.ReadAllText(QueryPath + "auth/addTenantNetwork.graphql"); + deleteTenantNetwork = File.ReadAllText(QueryPath + "auth/deleteTenantNetwork.graphql"); + getUsers = File.ReadAllText(QueryPath + "auth/getUsers.graphql"); + getUserEmails = File.ReadAllText(QueryPath + "auth/getUserEmails.graphql"); getUserByDn = File.ReadAllText(QueryPath + "auth/getUserByDn.graphql"); getUserByDbId = File.ReadAllText(QueryPath + "auth/getUserByDbId.graphql"); - addUser = File.ReadAllText(QueryPath + "auth/addUser.graphql"); + upsertUiUser = File.ReadAllText(QueryPath + "auth/upsertUiUser.graphql"); updateUserEmail = File.ReadAllText(QueryPath + "auth/updateUserEmail.graphql"); updateUserLanguage = File.ReadAllText(QueryPath + "auth/updateUserLanguage.graphql"); updateUserLastLogin = File.ReadAllText(QueryPath + "auth/updateUserLastLogin.graphql"); updateUserPasswordChange = File.ReadAllText(QueryPath + "auth/updateUserPasswordChange.graphql"); deleteUser = File.ReadAllText(QueryPath + "auth/deleteUser.graphql"); assertUserExists = File.ReadAllText(QueryPath + "auth/assertUserExists.graphql"); + + getLdapConnections = File.ReadAllText(QueryPath + "auth/getLdapConnections.graphql"); + getAllLdapConnections = File.ReadAllText(QueryPath + "auth/getAllLdapConnections.graphql"); + getLdapConnectionsSubscription = File.ReadAllText(QueryPath + "auth/getLdapConnectionsSubscription.graphql"); newLdapConnection = File.ReadAllText(QueryPath + "auth/newLdapConnection.graphql"); updateLdapConnection = File.ReadAllText(QueryPath + "auth/updateLdapConnection.graphql"); deleteLdapConnection = File.ReadAllText(QueryPath + "auth/deleteLdapConnection.graphql"); diff --git a/roles/lib/files/FWO.Api.Client/Queries/ComplianceQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ComplianceQueries.cs new file mode 100644 index 000000000..a31b87581 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Queries/ComplianceQueries.cs @@ -0,0 +1,30 @@ +using FWO.Logging; + +namespace FWO.Api.Client.Queries +{ + public class ComplianceQueries : Queries + { + public static readonly string addNetworkZone; + public static readonly string deleteNetworkZone; + public static readonly string getNetworkZones; + public static readonly string updateNetworkZones; + public static readonly string modifyNetworkZoneCommunication; + + static ComplianceQueries() + { + try + { + addNetworkZone = File.ReadAllText(QueryPath + "compliance/addNetworkZone.graphql"); + deleteNetworkZone = File.ReadAllText(QueryPath + "compliance/deleteNetworkZone.graphql"); + getNetworkZones = File.ReadAllText(QueryPath + "compliance/getNetworkZones.graphql"); + updateNetworkZones = File.ReadAllText(QueryPath + "compliance/updateNetworkZone.graphql"); + modifyNetworkZoneCommunication = File.ReadAllText(QueryPath + "compliance/updateNetworkZoneCommunication.graphql"); + } + catch (Exception exception) + { + Log.WriteError("Initialize Compliance Queries", "Api compliance queries could not be loaded.", exception); + Environment.Exit(-1); + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs index ea6d9cb2b..13bd5cec7 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs @@ -7,6 +7,9 @@ public class ConfigQueries : Queries public static readonly string getLanguages; public static readonly string getAllTexts; public static readonly string getTextsPerLanguage; + public static readonly string getCustomTextsPerLanguage; + public static readonly string upsertCustomText; + public static readonly string deleteCustomText; public static readonly string getConfigSubscription; public static readonly string addConfigItem; public static readonly string updateConfigItem; @@ -15,6 +18,10 @@ public class ConfigQueries : Queries public static readonly string getConfigItemByKey; public static readonly string subscribeAutodiscoveryConfigChanges; public static readonly string subscribeDailyCheckConfigChanges; + public static readonly string subscribeImportAppDataConfigChanges; + public static readonly string subscribeImportSubnetDataConfigChanges; + public static readonly string subscribeImportNotifyConfigChanges; + static ConfigQueries() { @@ -23,14 +30,20 @@ static ConfigQueries() getLanguages = File.ReadAllText(QueryPath + "config/getLanguages.graphql"); getAllTexts = File.ReadAllText(QueryPath + "config/getTexts.graphql"); getTextsPerLanguage = File.ReadAllText(QueryPath + "config/getTextsPerLanguage.graphql"); + getCustomTextsPerLanguage = File.ReadAllText(QueryPath + "config/getCustomTextsPerLanguage.graphql"); + upsertCustomText = File.ReadAllText(QueryPath + "config/upsertCustomText.graphql"); + deleteCustomText = File.ReadAllText(QueryPath + "config/deleteCustomText.graphql"); + getConfigSubscription = File.ReadAllText(QueryPath + "config/getConfigSubscription.graphql"); addConfigItem = File.ReadAllText(QueryPath + "config/addConfigItem.graphql"); updateConfigItem = File.ReadAllText(QueryPath + "config/updateConfigItem.graphql"); getConfigItemsByUser = File.ReadAllText(QueryPath + "config/getConfigItemsByUser.graphql"); getConfigItemByKey = File.ReadAllText(QueryPath + "config/getConfigItemByKey.graphql"); upsertConfigItem = File.ReadAllText(QueryPath + "config/upsertConfigItem.graphql"); subscribeAutodiscoveryConfigChanges = File.ReadAllText(QueryPath + "config/subscribeAutodiscoveryConfigChanges.graphql"); - getConfigSubscription = File.ReadAllText(QueryPath + "config/getConfigSubscription.graphql"); subscribeDailyCheckConfigChanges = File.ReadAllText(QueryPath + "config/subscribeDailyCheckConfigChanges.graphql"); + subscribeImportAppDataConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportAppDataConfigChanges.graphql"); + subscribeImportSubnetDataConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportSubnetDataConfigChanges.graphql"); + subscribeImportNotifyConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportNotifyConfigChanges.graphql"); } catch (Exception exception) { diff --git a/roles/lib/files/FWO.Api.Client/Queries/DeviceQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/DeviceQueries.cs index f84d43478..259cebad4 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/DeviceQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/DeviceQueries.cs @@ -9,7 +9,7 @@ namespace FWO.Api.Client.Queries { public class DeviceQueries : Queries { - public static readonly string getDevicesByManagements; + public static readonly string getDevicesByManagement; public static readonly string getManagementsDetails; public static readonly string getManagementDetailsWithoutSecrets; public static readonly string getDeviceTypeDetails; @@ -22,7 +22,6 @@ public class DeviceQueries : Queries public static readonly string updateDevice; public static readonly string changeDeviceState; public static readonly string deleteDevice; - public static readonly string getImportStatus; public static readonly string deleteImport; public static readonly string getCredentials; public static readonly string getCredentialsWithoutSecrets; @@ -35,7 +34,7 @@ static DeviceQueries() { try { - getDevicesByManagements = File.ReadAllText(QueryPath + "device/getDevicesByManagement.graphql"); + getDevicesByManagement = File.ReadAllText(QueryPath + "device/getDevicesByManagement.graphql"); getManagementsDetails = File.ReadAllText(QueryPath + "device/getManagementsDetails.graphql") + " " + File.ReadAllText(QueryPath + "device/fragments/managementDetails.graphql") + " " + File.ReadAllText(QueryPath + "device/fragments/deviceTypeDetails.graphql") + " " @@ -58,9 +57,8 @@ static DeviceQueries() updateDevice = File.ReadAllText(QueryPath + "device/updateDevice.graphql"); changeDeviceState = File.ReadAllText(QueryPath + "device/changeDeviceState.graphql"); deleteDevice = File.ReadAllText(QueryPath + "device/deleteDevice.graphql"); - getImportStatus = File.ReadAllText(QueryPath + "device/getImportStatus.graphql"); deleteImport = File.ReadAllText(QueryPath + "device/deleteImport.graphql"); - + getCredentials = File.ReadAllText(QueryPath + "device/getCredentials.graphql") + " " + File.ReadAllText(QueryPath + "device/fragments/importCredentials.graphql"); getCredentialsWithoutSecrets = File.ReadAllText(QueryPath + "device/getCredentialsWithoutSecrets.graphql") + " " diff --git a/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs new file mode 100644 index 000000000..1b6458b46 --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs @@ -0,0 +1,184 @@ +using FWO.Logging; + +namespace FWO.Api.Client.Queries +{ + public class ModellingQueries : Queries + { + public static readonly string appServerDetailsFragment; + public static readonly string appRoleDetailsFragment; + public static readonly string serviceDetailsFragment; + public static readonly string serviceGroupDetailsFragment; + public static readonly string connectionDetailsFragment; + + public static readonly string getAreas; + public static readonly string newArea; + public static readonly string setAreaDeletedState; + public static readonly string newAreaSubnet; + public static readonly string getConnectionIdsForNwGroup; + + public static readonly string getAppServers; + public static readonly string getImportedAppServers; + public static readonly string newAppServer; + public static readonly string updateAppServer; + public static readonly string setAppServerDeletedState; + public static readonly string setAppServerType; + public static readonly string deleteAppServer; + public static readonly string getAppRolesForAppServer; + public static readonly string getConnectionIdsForAppServer; + + public static readonly string getPublishedInterfaces; + public static readonly string getInterfaceById; + public static readonly string getConnections; + public static readonly string getConnectionsByTicketId; + public static readonly string getInterfaceUsers; + public static readonly string getCommonServices; + public static readonly string newConnection; + public static readonly string updateConnection; + public static readonly string deleteConnection; + public static readonly string addAppServerToConnection; + public static readonly string removeAppServerFromConnection; + public static readonly string addNwGroupToConnection; + public static readonly string removeNwGroupFromConnection; + public static readonly string addServiceToConnection; + public static readonly string removeServiceFromConnection; + public static readonly string addServiceGroupToConnection; + public static readonly string removeServiceGroupFromConnection; + public static readonly string getConnectionIdsForService; + public static readonly string getConnectionIdsForServiceGroup; + + public static readonly string getSelectedConnections; + public static readonly string addSelectedConnection; + public static readonly string removeSelectedConnection; + + public static readonly string getNwGroupObjects; + public static readonly string getSelectedNwGroupObjects; + public static readonly string addSelectedNwGroupObject; + public static readonly string removeSelectedNwGroupObject; + public static readonly string removeSelectedNwGroupObjectFromAllApps; + + public static readonly string getAppRoles; + public static readonly string getNewestAppRoles; + public static readonly string getDummyAppRole; + public static readonly string newAppRole; + public static readonly string updateAppRole; + public static readonly string deleteNwGroup; + // public static readonly string getAppServerForAppRole; + public static readonly string addNwObjectToNwGroup; + public static readonly string removeNwObjectFromNwGroup; + + public static readonly string getServicesForApp; + public static readonly string getGlobalServices; + public static readonly string newService; + public static readonly string updateService; + public static readonly string deleteService; + + public static readonly string getServiceGroupsForApp; + public static readonly string getServiceGroupById; + public static readonly string getGlobalServiceGroups; + public static readonly string newServiceGroup; + public static readonly string updateServiceGroup; + public static readonly string deleteServiceGroup; + public static readonly string addServiceToServiceGroup; + public static readonly string removeServiceFromServiceGroup; + public static readonly string getServiceGroupIdsForService; + + public static readonly string getHistory; + public static readonly string getHistoryForApp; + public static readonly string addHistoryEntry; + + + static ModellingQueries() + { + try + { + appServerDetailsFragment = File.ReadAllText(QueryPath + "modelling/fragments/appServerDetails.graphql"); + appRoleDetailsFragment = File.ReadAllText(QueryPath + "modelling/fragments/appRoleDetails.graphql"); + serviceDetailsFragment = File.ReadAllText(QueryPath + "modelling/fragments/serviceDetails.graphql"); + serviceGroupDetailsFragment = File.ReadAllText(QueryPath + "modelling/fragments/serviceGroupDetails.graphql"); + connectionDetailsFragment = appServerDetailsFragment + appRoleDetailsFragment + serviceDetailsFragment + serviceGroupDetailsFragment + + File.ReadAllText(QueryPath + "modelling/fragments/connectionDetails.graphql"); + + getAreas = File.ReadAllText(QueryPath + "modelling/getAreas.graphql"); + newArea = File.ReadAllText(QueryPath + "modelling/newArea.graphql"); + setAreaDeletedState = File.ReadAllText(QueryPath + "modelling/setAreaDeletedState.graphql"); + newAreaSubnet = File.ReadAllText(QueryPath + "modelling/newAreaSubnet.graphql"); + getConnectionIdsForNwGroup = File.ReadAllText(QueryPath + "modelling/getConnectionIdsForNwGroup.graphql"); + + getAppServers = appServerDetailsFragment + File.ReadAllText(QueryPath + "modelling/getAppServers.graphql"); + getImportedAppServers = appServerDetailsFragment + File.ReadAllText(QueryPath + "modelling/getImportedAppServers.graphql"); + newAppServer = File.ReadAllText(QueryPath + "modelling/newAppServer.graphql"); + updateAppServer = File.ReadAllText(QueryPath + "modelling/updateAppServer.graphql"); + setAppServerDeletedState = File.ReadAllText(QueryPath + "modelling/setAppServerDeletedState.graphql"); + setAppServerType = File.ReadAllText(QueryPath + "modelling/setAppServerType.graphql"); + deleteAppServer = File.ReadAllText(QueryPath + "modelling/deleteAppServer.graphql"); + getAppRolesForAppServer = File.ReadAllText(QueryPath + "modelling/getAppRolesForAppServer.graphql"); + getConnectionIdsForAppServer = File.ReadAllText(QueryPath + "modelling/getConnectionIdsForAppServer.graphql"); + + getPublishedInterfaces = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getPublishedInterfaces.graphql"); + getInterfaceById = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getInterfaceById.graphql"); + getConnections = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getConnections.graphql"); + getConnectionsByTicketId = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getConnectionsByTicketId.graphql"); + getInterfaceUsers = File.ReadAllText(QueryPath + "modelling/getInterfaceUsers.graphql"); + getCommonServices = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getCommonServices.graphql"); + newConnection = File.ReadAllText(QueryPath + "modelling/newConnection.graphql"); + updateConnection = File.ReadAllText(QueryPath + "modelling/updateConnection.graphql"); + deleteConnection = File.ReadAllText(QueryPath + "modelling/deleteConnection.graphql"); + addAppServerToConnection = File.ReadAllText(QueryPath + "modelling/addAppServerToConnection.graphql"); + removeAppServerFromConnection = File.ReadAllText(QueryPath + "modelling/removeAppServerFromConnection.graphql"); + addNwGroupToConnection = File.ReadAllText(QueryPath + "modelling/addNwGroupToConnection.graphql"); + removeNwGroupFromConnection = File.ReadAllText(QueryPath + "modelling/removeNwGroupFromConnection.graphql"); + addServiceToConnection = File.ReadAllText(QueryPath + "modelling/addServiceToConnection.graphql"); + removeServiceFromConnection = File.ReadAllText(QueryPath + "modelling/removeServiceFromConnection.graphql"); + addServiceGroupToConnection = File.ReadAllText(QueryPath + "modelling/addServiceGroupToConnection.graphql"); + removeServiceGroupFromConnection = File.ReadAllText(QueryPath + "modelling/removeServiceGroupFromConnection.graphql"); + getConnectionIdsForService = File.ReadAllText(QueryPath + "modelling/getConnectionIdsForService.graphql"); + getConnectionIdsForServiceGroup = File.ReadAllText(QueryPath + "modelling/getConnectionIdsForServiceGroup.graphql"); + + getSelectedConnections = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getSelectedConnections.graphql"); + addSelectedConnection = File.ReadAllText(QueryPath + "modelling/addSelectedConnection.graphql"); + removeSelectedConnection = File.ReadAllText(QueryPath + "modelling/removeSelectedConnection.graphql"); + + getNwGroupObjects = File.ReadAllText(QueryPath + "modelling/getNwGroupObjects.graphql"); + getSelectedNwGroupObjects = File.ReadAllText(QueryPath + "modelling/getSelectedNwGroupObjects.graphql"); + addSelectedNwGroupObject = File.ReadAllText(QueryPath + "modelling/addSelectedNwGroupObject.graphql"); + removeSelectedNwGroupObject = File.ReadAllText(QueryPath + "modelling/removeSelectedNwGroupObject.graphql"); + removeSelectedNwGroupObjectFromAllApps = File.ReadAllText(QueryPath + "modelling/removeSelectedNwGroupObjectFromAllApps.graphql"); + + getAppRoles = appServerDetailsFragment + appRoleDetailsFragment + File.ReadAllText(QueryPath + "modelling/getAppRoles.graphql"); + getNewestAppRoles = File.ReadAllText(QueryPath + "modelling/getNewestAppRoles.graphql"); + getDummyAppRole = appServerDetailsFragment + appRoleDetailsFragment + File.ReadAllText(QueryPath + "modelling/getDummyAppRole.graphql"); + newAppRole = File.ReadAllText(QueryPath + "modelling/newAppRole.graphql"); + updateAppRole = File.ReadAllText(QueryPath + "modelling/updateAppRole.graphql"); + deleteNwGroup = File.ReadAllText(QueryPath + "modelling/deleteNwGroup.graphql"); + // getAppServerForAppRole = appServerDetailsFragment + File.ReadAllText(QueryPath + "modelling/getAppServerForAppRole.graphql"); + addNwObjectToNwGroup = File.ReadAllText(QueryPath + "modelling/addNwObjectToNwGroup.graphql"); + removeNwObjectFromNwGroup = File.ReadAllText(QueryPath + "modelling/removeNwObjectFromNwGroup.graphql"); + + getServicesForApp = serviceDetailsFragment + File.ReadAllText(QueryPath + "modelling/getServicesForApp.graphql"); + getGlobalServices = serviceDetailsFragment + File.ReadAllText(QueryPath + "modelling/getGlobalServices.graphql"); + newService = File.ReadAllText(QueryPath + "modelling/newService.graphql"); + updateService = File.ReadAllText(QueryPath + "modelling/updateService.graphql"); + deleteService = File.ReadAllText(QueryPath + "modelling/deleteService.graphql"); + + getServiceGroupsForApp = serviceDetailsFragment + serviceGroupDetailsFragment + File.ReadAllText(QueryPath + "modelling/getServiceGroupsForApp.graphql"); + getServiceGroupById = serviceDetailsFragment + serviceGroupDetailsFragment + File.ReadAllText(QueryPath + "modelling/getServiceGroupById.graphql"); + getGlobalServiceGroups = serviceDetailsFragment + serviceGroupDetailsFragment + File.ReadAllText(QueryPath + "modelling/getGlobalServiceGroups.graphql"); + newServiceGroup = File.ReadAllText(QueryPath + "modelling/newServiceGroup.graphql"); + updateServiceGroup = File.ReadAllText(QueryPath + "modelling/updateServiceGroup.graphql"); + deleteServiceGroup = File.ReadAllText(QueryPath + "modelling/deleteServiceGroup.graphql"); + addServiceToServiceGroup = File.ReadAllText(QueryPath + "modelling/addServiceToServiceGroup.graphql"); + removeServiceFromServiceGroup = File.ReadAllText(QueryPath + "modelling/removeServiceFromServiceGroup.graphql"); + getServiceGroupIdsForService = File.ReadAllText(QueryPath + "modelling/getServiceGroupIdsForService.graphql"); + + getHistory = File.ReadAllText(QueryPath + "modelling/getHistory.graphql"); + getHistoryForApp = File.ReadAllText(QueryPath + "modelling/getHistoryForApp.graphql"); + addHistoryEntry = File.ReadAllText(QueryPath + "modelling/addHistoryEntry.graphql"); + } + catch (Exception exception) + { + Log.WriteError("Initialize ModellingQueries", "Api ModellingQueries could not be loaded.", exception); + Environment.Exit(-1); + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Queries/MonitorQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/MonitorQueries.cs index fc8631815..debe8d00e 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/MonitorQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/MonitorQueries.cs @@ -8,6 +8,7 @@ public class MonitorQueries : Queries public static readonly string getLogEntrys; public static readonly string addUiLogEntry; public static readonly string getUiLogEntrys; + public static readonly string getAllUiLogEntrys; public static readonly string getImportLogEntrys; public static readonly string addAlert; public static readonly string getOpenAlerts; @@ -18,6 +19,7 @@ public class MonitorQueries : Queries public static readonly string addAutodiscoveryLogEntry; public static readonly string getAutodiscoveryLogEntrys; public static readonly string getDailyCheckLogEntrys; + public static readonly string getImportStatus; static MonitorQueries() @@ -29,6 +31,7 @@ static MonitorQueries() addUiLogEntry = File.ReadAllText(QueryPath + "monitor/addUiLogEntry.graphql"); getUiLogEntrys = File.ReadAllText(QueryPath + "monitor/getUiLogEntrys.graphql"); + getAllUiLogEntrys = File.ReadAllText(QueryPath + "monitor/getAllUiLogEntrys.graphql"); getImportLogEntrys = File.ReadAllText(QueryPath + "monitor/getImportLogEntrys.graphql"); @@ -39,6 +42,8 @@ static MonitorQueries() acknowledgeAlert = File.ReadAllText(QueryPath + "monitor/acknowledgeAlert.graphql"); subscribeAlertChanges = File.ReadAllText(QueryPath + "monitor/subscribeAlertChanges.graphql"); + getImportStatus = File.ReadAllText(QueryPath + "monitor/getImportStatus.graphql"); + addAutodiscoveryLogEntry = File.ReadAllText(QueryPath + "monitor/addAutodiscoveryLogEntry.graphql"); getAutodiscoveryLogEntrys = File.ReadAllText(QueryPath + "monitor/getAutodiscoveryLogEntrys.graphql"); getDailyCheckLogEntrys = File.ReadAllText(QueryPath + "monitor/getDailyCheckLogEntrys.graphql"); diff --git a/roles/lib/files/FWO.Api.Client/Queries/OwnerQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/OwnerQueries.cs index 5b287b580..810d376ef 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/OwnerQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/OwnerQueries.cs @@ -7,15 +7,24 @@ public class OwnerQueries : Queries public static readonly string ownerDetailsFragment; public static readonly string getOwners; + public static readonly string getOwnersWithConn; + public static readonly string getEditableOwners; + public static readonly string getEditableOwnersWithConn; public static readonly string newOwner; public static readonly string updateOwner; + public static readonly string deactivateOwner; public static readonly string deleteOwner; - public static readonly string setDefaultOwner; + // public static readonly string setDefaultOwner; + public static readonly string setOwnerLastCheck; public static readonly string getOwnerIdsFromGroups; public static readonly string getOwnerIdsForUser; public static readonly string getNetworkOwnerships; public static readonly string newNetworkOwnership; - public static readonly string deleteNetworkOwnerships; + public static readonly string deleteNetworkOwnership; + public static readonly string deleteAreaSubnet; + public static readonly string getRuleOwnerships; + public static readonly string newRuleOwnership; + public static readonly string deleteRuleOwnership; static OwnerQueries() @@ -25,15 +34,24 @@ static OwnerQueries() ownerDetailsFragment = File.ReadAllText(QueryPath + "owner/fragments/ownerDetails.graphql"); getOwners = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getOwners.graphql"); + getOwnersWithConn = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getOwnersWithConn.graphql"); + getEditableOwners = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getEditableOwners.graphql"); + getEditableOwnersWithConn = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getEditableOwnersWithConn.graphql"); newOwner = File.ReadAllText(QueryPath + "owner/newOwner.graphql"); updateOwner = File.ReadAllText(QueryPath + "owner/updateOwner.graphql"); + deactivateOwner = File.ReadAllText(QueryPath + "owner/deactivateOwner.graphql"); deleteOwner = File.ReadAllText(QueryPath + "owner/deleteOwner.graphql"); - setDefaultOwner = File.ReadAllText(QueryPath + "owner/setDefaultOwner.graphql"); + //setDefaultOwner = File.ReadAllText(QueryPath + "owner/setDefaultOwner.graphql"); + setOwnerLastCheck = File.ReadAllText(QueryPath + "owner/setOwnerLastCheck.graphql"); getOwnerIdsFromGroups = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getOwnerIdsFromGroups.graphql"); getOwnerIdsForUser = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getOwnerIdsForUser.graphql"); getNetworkOwnerships = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getNetworkOwnerships.graphql"); newNetworkOwnership = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/newNetworkOwnership.graphql"); - deleteNetworkOwnerships = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/deleteNetworkOwnerships.graphql"); + deleteNetworkOwnership = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/deleteNetworkOwnership.graphql"); + deleteAreaSubnet = File.ReadAllText(QueryPath + "owner/deleteAreaSubnet.graphql"); + getRuleOwnerships = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/getRuleOwnerships.graphql"); + newRuleOwnership = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/newRuleOwnership.graphql"); + deleteRuleOwnership = ownerDetailsFragment + File.ReadAllText(QueryPath + "owner/deleteRuleOwnership.graphql"); } catch (Exception exception) { diff --git a/roles/lib/files/FWO.Api.Client/Queries/RecertQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/RecertQueries.cs new file mode 100644 index 000000000..99087179f --- /dev/null +++ b/roles/lib/files/FWO.Api.Client/Queries/RecertQueries.cs @@ -0,0 +1,43 @@ +using FWO.Logging; + +namespace FWO.Api.Client.Queries +{ + public class RecertQueries : Queries + { + public static readonly string ruleOverviewFragments; + public static readonly string ruleOpenRecertFragments; + + public static readonly string prepareNextRecertification; + public static readonly string recertify; + public static readonly string getOpenRecertsForRule; + public static readonly string getOpenRecerts; + public static readonly string clearOpenRecerts; + public static readonly string addRecertEntries; + + + static RecertQueries() + { + try + { + ruleOverviewFragments = + File.ReadAllText(QueryPath + "networkObject/fragments/networkObjectOverview.graphql") + + File.ReadAllText(QueryPath + "networkService/fragments/networkServiceOverview.graphql") + + File.ReadAllText(QueryPath + "user/fragments/userOverview.graphql") + + File.ReadAllText(QueryPath + "rule/fragments/ruleOverview.graphql"); + ruleOpenRecertFragments = ruleOverviewFragments + File.ReadAllText(QueryPath + "recertification/fragments/ruleOpenCertOverview.graphql"); + + prepareNextRecertification = File.ReadAllText(QueryPath + "recertification/prepareNextRecertification.graphql"); + recertify = File.ReadAllText(QueryPath + "recertification/recertify.graphql"); + getOpenRecertsForRule = File.ReadAllText(QueryPath + "recertification/getOpenRecertsForRule.graphql"); + getOpenRecerts = File.ReadAllText(QueryPath + "recertification/getOpenRecerts.graphql"); + clearOpenRecerts = File.ReadAllText(QueryPath + "recertification/clearOpenRecerts.graphql"); + addRecertEntries = File.ReadAllText(QueryPath + "recertification/addRecertEntries.graphql"); + } + catch (Exception exception) + { + Log.WriteError("Initialize Api Queries", "Api Recert Queries could not be loaded.", exception); + Environment.Exit(-1); + } + } + } +} diff --git a/roles/lib/files/FWO.Api.Client/Queries/ReportQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ReportQueries.cs index fa649d4fe..2ab8c9f52 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/ReportQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/ReportQueries.cs @@ -1,9 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Threading.Tasks; -using System.IO; -using FWO.Logging; +using FWO.Logging; namespace FWO.Api.Client.Queries { @@ -11,7 +6,7 @@ public class ReportQueries : Queries { public static readonly string getReportTemplates; public static readonly string addReportTemplate; - public static readonly string editReportTemplate; + public static readonly string updateReportTemplate; public static readonly string deleteReportTemplate; public static readonly string subscribeReportScheduleChanges; @@ -28,11 +23,16 @@ public class ReportQueries : Queries public static readonly string getRelevantImportIdsAtTime; public static readonly string statisticsReportCurrent; + public static readonly string subscribeGeneratedReportsChanges; public static readonly string getGeneratedReport; public static readonly string getGeneratedReports; public static readonly string deleteGeneratedReport; public static readonly string addGeneratedReport; + public static readonly string getUsageDataCount; + public static readonly string getImportsToNotify; + public static readonly string setImportsNotified; + static ReportQueries() { try @@ -50,13 +50,17 @@ static ReportQueries() getRelevantImportIdsAtTime = File.ReadAllText(QueryPath + "report/getRelevantImportIdsAtTime.graphql"); statisticsReportCurrent = File.ReadAllText(QueryPath + "report/statisticsCurrent.graphql"); statisticsReportCurrent = File.ReadAllText(QueryPath + "report/statisticsCurrentOverall.graphql"); - editReportTemplate = File.ReadAllText(QueryPath + "report/editReportTemplate.graphql"); + updateReportTemplate = File.ReadAllText(QueryPath + "report/updateReportTemplate.graphql"); deleteReportTemplate = File.ReadAllText(QueryPath + "report/deleteReportTemplate.graphql"); subscribeReportScheduleChanges = File.ReadAllText(QueryPath + "report/subscribeReportScheduleChanges.graphql"); + subscribeGeneratedReportsChanges = File.ReadAllText(QueryPath + "report/subscribeGeneratedReportsChanges.graphql"); getGeneratedReports = File.ReadAllText(QueryPath + "report/getGeneratedReports.graphql"); getGeneratedReport = File.ReadAllText(QueryPath + "report/getGeneratedReport.graphql"); deleteGeneratedReport = File.ReadAllText(QueryPath + "report/deleteGeneratedReport.graphql"); addGeneratedReport = File.ReadAllText(QueryPath + "report/addGeneratedReport.graphql"); + getUsageDataCount = File.ReadAllText(QueryPath + "report/getUsageDataCount.graphql"); + getImportsToNotify = File.ReadAllText(QueryPath + "report/getImportsToNotify.graphql"); + setImportsNotified = File.ReadAllText(QueryPath + "report/setImportsNotified.graphql"); } catch (Exception exception) { diff --git a/roles/lib/files/FWO.Api.Client/Queries/RequestQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/RequestQueries.cs index d4baa41fa..19b549076 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/RequestQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/RequestQueries.cs @@ -9,6 +9,7 @@ public class RequestQueries : Queries public static readonly string reqTaskDetailsFragment; public static readonly string ticketDetailsFragment; public static readonly string getTickets; + public static readonly string getTicketsByOwners; public static readonly string getTicketById; public static readonly string newTicket; public static readonly string updateTicket; @@ -16,6 +17,7 @@ public class RequestQueries : Queries public static readonly string newRequestTask; public static readonly string updateRequestTask; public static readonly string updateRequestTaskState; + public static readonly string updateRequestTaskAdditionalInfo; public static readonly string deleteRequestTask; public static readonly string newRequestElement; public static readonly string updateRequestElement; @@ -43,6 +45,8 @@ public class RequestQueries : Queries public static readonly string addCommentToImplTask; public static readonly string addCommentToTicket; public static readonly string addCommentToApproval; + public static readonly string addOwnerToReqTask; + public static readonly string removeOwnerFromReqTask; static RequestQueries() @@ -55,6 +59,7 @@ static RequestQueries() ticketDetailsFragment = reqTaskDetailsFragment + File.ReadAllText(QueryPath + "request/fragments/ticketDetails.graphql"); getTickets = ticketDetailsFragment + File.ReadAllText(QueryPath + "request/getTickets.graphql"); + getTicketsByOwners = ticketDetailsFragment + File.ReadAllText(QueryPath + "request/getTicketsByOwners.graphql"); getTicketById = ticketDetailsFragment + File.ReadAllText(QueryPath + "request/getTicketById.graphql"); newTicket = File.ReadAllText(QueryPath + "request/newTicket.graphql"); updateTicket = File.ReadAllText(QueryPath + "request/updateTicket.graphql"); @@ -62,6 +67,7 @@ static RequestQueries() newRequestTask = File.ReadAllText(QueryPath + "request/newRequestTask.graphql"); updateRequestTask = File.ReadAllText(QueryPath + "request/updateRequestTask.graphql"); updateRequestTaskState = File.ReadAllText(QueryPath + "request/updateRequestTaskState.graphql"); + updateRequestTaskAdditionalInfo = File.ReadAllText(QueryPath + "request/updateRequestTaskAdditionalInfo.graphql"); deleteRequestTask = File.ReadAllText(QueryPath + "request/deleteRequestTask.graphql"); newRequestElement = File.ReadAllText(QueryPath + "request/newRequestElement.graphql"); updateRequestElement = File.ReadAllText(QueryPath + "request/updateRequestElement.graphql"); @@ -89,6 +95,8 @@ static RequestQueries() addCommentToImplTask = File.ReadAllText(QueryPath + "request/addCommentToImplTask.graphql"); addCommentToTicket = File.ReadAllText(QueryPath + "request/addCommentToTicket.graphql"); addCommentToApproval = File.ReadAllText(QueryPath + "request/addCommentToApproval.graphql"); + addOwnerToReqTask = File.ReadAllText(QueryPath + "request/addOwnerToReqTask.graphql"); + removeOwnerFromReqTask = File.ReadAllText(QueryPath + "request/removeOwnerFromReqTask.graphql"); } catch (Exception exception) { diff --git a/roles/lib/files/FWO.Api.Client/Queries/RuleQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/RuleQueries.cs index 1f581356c..d789f39a5 100644 --- a/roles/lib/files/FWO.Api.Client/Queries/RuleQueries.cs +++ b/roles/lib/files/FWO.Api.Client/Queries/RuleQueries.cs @@ -1,6 +1,4 @@ -using System; -using System.IO; -using FWO.Logging; +using FWO.Logging; namespace FWO.Api.Client.Queries { @@ -12,11 +10,10 @@ public class RuleQueries : Queries public static readonly string getRuleOverview; public static readonly string getRuleDetails; public static readonly string getRuleDetailsForReport; + public static readonly string getRuleByUid; public static readonly string getRuleNetworkObjectDetails; public static readonly string getRuleIdsOfImport; - public static readonly string updateRuleMetadataRecert; - public static readonly string updateRuleMetadataDecert; - public static readonly string newRecertification; + public static readonly string getRuleUidsOfDevice; public static readonly string natRuleOverviewFragments; public static readonly string natRuleDetailsFragments; @@ -25,8 +22,7 @@ public class RuleQueries : Queries public static readonly string getNatRuleDetails; public static readonly string getNatRuleDetailsForReport; - public static readonly string ruleRecertFragments; - + static RuleQueries() { try @@ -59,22 +55,14 @@ static RuleQueries() ruleDetailsForReportFragments + File.ReadAllText(QueryPath + "rule/getRuleDetails.graphql"); + getRuleByUid = File.ReadAllText(QueryPath + "rule/getRuleByUid.graphql"); + getRuleNetworkObjectDetails = ObjectQueries.networkObjectDetailsFragment; - getRuleIdsOfImport = - File.ReadAllText(QueryPath + "report/getRuleIdsOfImport.graphql"); - - updateRuleMetadataRecert = - File.ReadAllText(QueryPath + "recertification/updateRuleMetadataRecert.graphql"); - - updateRuleMetadataDecert = - File.ReadAllText(QueryPath + "recertification/updateRuleMetadataDecert.graphql"); - - newRecertification = File.ReadAllText(QueryPath + "recertification/newRecertification.graphql"); - - ruleRecertFragments = ruleOverviewFragments + - File.ReadAllText(QueryPath + "recertification/fragments/view_rule_with_owner.graphql"); + getRuleIdsOfImport = File.ReadAllText(QueryPath + "report/getRuleIdsOfImport.graphql"); + + getRuleUidsOfDevice = File.ReadAllText(QueryPath + "report/getRuleUidsOfDevice.graphql"); natRuleOverviewFragments = ruleOverviewFragments + File.ReadAllText(QueryPath + "rule/fragments/natRuleOverview.graphql"); diff --git a/roles/lib/files/FWO.Config.Api/Config.cs b/roles/lib/files/FWO.Config.Api/Config.cs index 68b931f64..38c5a963b 100644 --- a/roles/lib/files/FWO.Config.Api/Config.cs +++ b/roles/lib/files/FWO.Config.Api/Config.cs @@ -48,20 +48,30 @@ public async Task SetUserId(ApiConnection apiConnection, int userId, bool waitFo } protected void SubscriptionUpdateHandler(ConfigItem[] configItems) + { + HandleUpdate(configItems, false); + } + + public void SubscriptionPartialUpdateHandler(ConfigItem[] configItems) + { + HandleUpdate(configItems, true); + } + + protected void HandleUpdate(ConfigItem[] configItems, bool partialUpdate) { semaphoreSlim.Wait(); try { Log.WriteDebug("Config subscription update", "New config values received from config subscription"); RawConfigItems = configItems; - Update(configItems); + Update(configItems, partialUpdate); OnChange?.Invoke(this, configItems); Initialized = true; } finally { semaphoreSlim.Release(); } } - protected void Update(ConfigItem[] configItems) + protected void Update(ConfigItem[] configItems, bool partialUpdate = false) { foreach (PropertyInfo property in GetType().GetProperties()) { @@ -86,12 +96,12 @@ protected void Update(ConfigItem[] configItems) Log.WriteError("Load Config Items", $"Config item with key \"{key}\" could not be loaded. Using default value.", exception); } } - else + else if (!partialUpdate) { // If this is a global config if (UserId == 0) { - Log.WriteError("Load Global Config Items", $"Config item with key \"{key}\" could not be found. Using default value."); + Log.WriteDebug("Load Global Config Items", $"Config item with key \"{key}\" could not be found. Using default value."); } // If this is a user config item (user might not have changed the default setting) else if (property.GetCustomAttribute() != null) diff --git a/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs new file mode 100644 index 000000000..d44484e60 --- /dev/null +++ b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs @@ -0,0 +1,33 @@ +using Newtonsoft.Json; +using System.Text.Json.Serialization; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Config.Api.Data +{ + public class CommonAreaConfig + { + [JsonProperty("area_id"), JsonPropertyName("area_id")] + public long AreaId { get; set; } = 0; + + [JsonProperty("use_in_src"), JsonPropertyName("use_in_src")] + public bool UseInSrc { get; set; } = true; + + [JsonProperty("use_in_dst"), JsonPropertyName("use_in_dst")] + public bool UseInDst { get; set; } = true; + } + + public class CommonArea + { + public ModellingNwGroupWrapper Area { get; set; } = new(); + + public bool UseInSrc { get; set; } = true; + + public bool UseInDst { get; set; } = true; + + public CommonAreaConfig ToConfigItem() + { + return new(){ AreaId = Area.Content.Id, UseInSrc = UseInSrc, UseInDst = UseInDst}; + } + } +} diff --git a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs index cc8eb1985..9568c912a 100644 --- a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs +++ b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs @@ -1,7 +1,9 @@ using Newtonsoft.Json; using System.Text.Json; using System.Text.Json.Serialization; +using FWO.GlobalConstants; using FWO.Api.Data; +using FWO.Mail; namespace FWO.Config.Api.Data { @@ -13,7 +15,7 @@ public class ConfigData : ICloneable public readonly bool Editable; [JsonProperty("DefaultLanguage"), JsonPropertyName("DefaultLanguage")] - public virtual string DefaultLanguage { get; set; } = "English"; + public virtual string DefaultLanguage { get; set; } = GlobalConst.kEnglish; [JsonProperty("sessionTimeout"), JsonPropertyName("sessionTimeout")] public int SessionTimeout { get; set; } = 720; @@ -21,6 +23,9 @@ public class ConfigData : ICloneable [JsonProperty("sessionTimeoutNoticePeriod"), JsonPropertyName("sessionTimeoutNoticePeriod")] public int SessionTimeoutNoticePeriod { get; set; } = 60; + [JsonProperty("uiHostName"), JsonPropertyName("uiHostName")] + public string UiHostName { get; set; } = "http://localhost:5000"; + // [JsonProperty("maxMessages"), JsonPropertyName("maxMessages"), UserConfigData] // public int MaxMessages { get; set; } = 3; @@ -33,6 +38,12 @@ public class ConfigData : ICloneable [JsonProperty("autoFillRightSidebar"), JsonPropertyName("autoFillRightSidebar")] public bool AutoFillRightSidebar { get; set; } = false; + [JsonProperty("unusedTolerance"), JsonPropertyName("unusedTolerance")] + public int UnusedTolerance { get; set; } = 400; + + [JsonProperty("creationTolerance"), JsonPropertyName("creationTolerance")] + public int CreationTolerance { get; set; } = 90; + [JsonProperty("dataRetentionTime"), JsonPropertyName("dataRetentionTime")] public int DataRetentionTime { get; set; } = 731; @@ -54,6 +65,28 @@ public class ConfigData : ICloneable [JsonProperty("fwApiElementsPerFetch"), JsonPropertyName("fwApiElementsPerFetch")] public int FwApiElementsPerFetch { get; set; } = 150; + [JsonProperty("impChangeNotifyRecipients"), JsonPropertyName("impChangeNotifyRecipients")] + public string ImpChangeNotifyRecipients { get; set; } = ""; + + [JsonProperty("impChangeNotifySubject"), JsonPropertyName("impChangeNotifySubject")] + public string ImpChangeNotifySubject { get; set; } = ""; + + [JsonProperty("impChangeNotifyBody"), JsonPropertyName("impChangeNotifyBody")] + public string ImpChangeNotifyBody { get; set; } = ""; + + [JsonProperty("impChangeNotifyActive"), JsonPropertyName("impChangeNotifyActive")] + public bool ImpChangeNotifyActive { get; set; } = false; + + [JsonProperty("impChangeNotifyType"), JsonPropertyName("impChangeNotifyType")] + public int ImpChangeNotifyType { get; set; } + + [JsonProperty("impChangeNotifySleepTime"), JsonPropertyName("impChangeNotifySleepTime")] + public int ImpChangeNotifySleepTime { get; set; } = 60; + + [JsonProperty("impChangeNotifyStartAt"), JsonPropertyName("impChangeNotifyStartAt")] + public DateTime ImpChangeNotifyStartAt { get; set; } = new DateTime(); + + [JsonProperty("recertificationPeriod"), JsonPropertyName("recertificationPeriod")] public int RecertificationPeriod { get; set; } = 365; @@ -69,6 +102,48 @@ public class ConfigData : ICloneable [JsonProperty("commentRequired"), JsonPropertyName("commentRequired")] public bool CommentRequired { get; set; } = false; + [JsonProperty("recAutocreateDeleteTicket"), JsonPropertyName("recAutocreateDeleteTicket")] + public bool RecAutoCreateDeleteTicket { get; set; } = false; + + [JsonProperty("recDeleteRuleTicketTitle"), JsonPropertyName("recDeleteRuleTicketTitle")] + public string RecDeleteRuleTicketTitle { get; set; } = ""; + + [JsonProperty("recDeleteRuleTicketReason"), JsonPropertyName("recDeleteRuleTicketReason")] + public string RecDeleteRuleTicketReason { get; set; } = ""; + + [JsonProperty("recDeleteRuleReqTaskTitle"), JsonPropertyName("recDeleteRuleReqTaskTitle")] + public string RecDeleteRuleReqTaskTitle { get; set; } = ""; + + [JsonProperty("recDeleteRuleReqTaskReason"), JsonPropertyName("recDeleteRuleReqTaskReason")] + public string RecDeleteRuleReqTaskReason { get; set; } = ""; + + [JsonProperty("recDeleteRuleTicketPriority"), JsonPropertyName("recDeleteRuleTicketPriority")] + public int RecDeleteRuleTicketPriority { get; set; } = 3; + + [JsonProperty("recDeleteRuleInitState"), JsonPropertyName("recDeleteRuleInitState")] + public int RecDeleteRuleInitState { get; set; } = 0; + + [JsonProperty("recCheckActive"), JsonPropertyName("recCheckActive")] + public bool RecCheckActive { get; set; } = false; + + [JsonProperty("recCheckParams"), JsonPropertyName("recCheckParams")] + public string RecCheckParams { get; set; } = System.Text.Json.JsonSerializer.Serialize(new RecertCheckParams()); + + [JsonProperty("recCheckEmailSubject"), JsonPropertyName("recCheckEmailSubject")] + public string RecCheckEmailSubject { get; set; } = ""; + + [JsonProperty("recCheckEmailUpcomingText"), JsonPropertyName("recCheckEmailUpcomingText")] + public string RecCheckEmailUpcomingText { get; set; } = ""; + + [JsonProperty("recCheckEmailOverdueText"), JsonPropertyName("recCheckEmailOverdueText")] + public string RecCheckEmailOverdueText { get; set; } = ""; + + [JsonProperty("recRefreshStartup"), JsonPropertyName("recRefreshStartup")] + public bool RecRefreshStartup { get; set; } = false; + + [JsonProperty("recRefreshDaily"), JsonPropertyName("recRefreshDaily")] + public bool RecRefreshDaily { get; set; } = false; + [JsonProperty("pwMinLength"), JsonPropertyName("pwMinLength")] public int PwMinLength { get; set; } = 10; @@ -84,6 +159,30 @@ public class ConfigData : ICloneable [JsonProperty("pwSpecialCharactersRequired"), JsonPropertyName("pwSpecialCharactersRequired")] public bool PwSpecialCharactersRequired { get; set; } = false; + [JsonProperty("emailServerAddress"), JsonPropertyName("emailServerAddress")] + public string EmailServerAddress { get; set; } = ""; + + [JsonProperty("emailPort"), JsonPropertyName("emailPort")] + public int EmailPort { get; set; } + + [JsonProperty("emailTls"), JsonPropertyName("emailTls")] + public EmailEncryptionMethod EmailTls { get; set; } = EmailEncryptionMethod.None; + + [JsonProperty("emailUser"), JsonPropertyName("emailUser")] + public string EmailUser { get; set; } = ""; + + [JsonProperty("emailPassword"), JsonPropertyName("emailPassword")] + public string EmailPassword { get; set; } = ""; + + [JsonProperty("emailSenderAddress"), JsonPropertyName("emailSenderAddress")] + public string EmailSenderAddress { get; set; } = ""; + + [JsonProperty("useDummyEmailAddress"), JsonPropertyName("useDummyEmailAddress")] + public bool UseDummyEmailAddress { get; set; } = false; + + [JsonProperty("dummyEmailAddress"), JsonPropertyName("dummyEmailAddress")] + public string DummyEmailAddress { get; set; } = ""; + [JsonProperty("minCollapseAllDevices"), JsonPropertyName("minCollapseAllDevices"), UserConfigData] public int MinCollapseAllDevices { get; set; } = 15; @@ -102,11 +201,17 @@ public class ConfigData : ICloneable [JsonProperty("reqAvailableTaskTypes"), JsonPropertyName("reqAvailableTaskTypes")] public string ReqAvailableTaskTypes { get; set; } = ""; + [JsonProperty("reqOwnerBased"), JsonPropertyName("reqOwnerBased")] + public bool ReqOwnerBased { get; set; } = false; + + [JsonProperty("reqReducedView"), JsonPropertyName("reqReducedView")] + public bool ReqReducedView { get; set; } = false; + [JsonProperty("reqAllowObjectSearch"), JsonPropertyName("reqAllowObjectSearch")] public bool ReqAllowObjectSearch { get; set; } = false; [JsonProperty("reqAllowManualOwnerAdmin"), JsonPropertyName("reqAllowManualOwnerAdmin")] - public bool ReqAllowManualOwnerAdmin { get; set; } = false; + public bool AllowManualOwnerAdmin { get; set; } = false; [JsonProperty("reqPriorities"), JsonPropertyName("reqPriorities")] public string ReqPriorities { get; set; } = ""; @@ -117,6 +222,70 @@ public class ConfigData : ICloneable [JsonProperty("reqActivatePathAnalysis"), JsonPropertyName("reqActivatePathAnalysis")] public bool ReqActivatePathAnalysis { get; set; } = true; + [JsonProperty("reqShowCompliance"), JsonPropertyName("reqShowCompliance")] + public bool ReqShowCompliance { get; set; } = false; + + [JsonProperty("ruleOwnershipMode"), JsonPropertyName("ruleOwnershipMode")] + public RuleOwnershipMode RuleOwnershipMode { get; set; } = RuleOwnershipMode.mixed; + + + [JsonProperty("allowServerInConn"), JsonPropertyName("allowServerInConn")] + public bool AllowServerInConn { get; set; } = true; + + [JsonProperty("allowServiceInConn"), JsonPropertyName("allowServiceInConn")] + public bool AllowServiceInConn { get; set; } = true; + + [JsonProperty("overviewDisplayLines"), JsonPropertyName("overviewDisplayLines")] + public int OverviewDisplayLines { get; set; } = 3; + + [JsonProperty("reducedProtocolSet"), JsonPropertyName("reducedProtocolSet")] + public bool ReducedProtocolSet { get; set; } = true; + + [JsonProperty("importAppDataPath"), JsonPropertyName("importAppDataPath")] + public string ImportAppDataPath { get; set; } = ""; + + [JsonProperty("importAppDataSleepTime"), JsonPropertyName("importAppDataSleepTime")] + public int ImportAppDataSleepTime { get; set; } = 24; + + [JsonProperty("importAppDataStartAt"), JsonPropertyName("importAppDataStartAt")] + public DateTime ImportAppDataStartAt { get; set; } = new DateTime(); + + [JsonProperty("importSubnetDataPath"), JsonPropertyName("importSubnetDataPath")] + public string ImportSubnetDataPath { get; set; } = ""; + + [JsonProperty("importSubnetDataSleepTime"), JsonPropertyName("importSubnetDataSleepTime")] + public int ImportSubnetDataSleepTime { get; set; } = 24; + + [JsonProperty("importSubnetDataStartAt"), JsonPropertyName("importSubnetDataStartAt")] + public DateTime ImportSubnetDataStartAt { get; set; } = new DateTime(); + + [JsonProperty("modNamingConvention"), JsonPropertyName("modNamingConvention")] + public string ModNamingConvention { get; set; } = ""; + + [JsonProperty("modIconify"), JsonPropertyName("modIconify")] + public bool ModIconify { get; set; } = true; + + [JsonProperty("modCommonAreas"), JsonPropertyName("modCommonAreas")] + public string ModCommonAreas { get; set; } = ""; + + [JsonProperty("modAppServerTypes"), JsonPropertyName("modAppServerTypes")] + public string ModAppServerTypes { get; set; } = ""; + + [JsonProperty("modReqInterfaceName"), JsonPropertyName("modReqInterfaceName")] + public string ModReqInterfaceName { get; set; } = ""; + + [JsonProperty("modReqEmailSubject"), JsonPropertyName("modReqEmailSubject")] + public string ModReqEmailSubject { get; set; } = ""; + + [JsonProperty("modReqEmailBody"), JsonPropertyName("modReqEmailBody")] + public string ModReqEmailBody { get; set; } = ""; + + [JsonProperty("modReqTicketTitle"), JsonPropertyName("modReqTicketTitle")] + public string ModReqTicketTitle { get; set; } = ""; + + [JsonProperty("modReqTaskTitle"), JsonPropertyName("modReqTaskTitle")] + public string ModReqTaskTitle { get; set; } = ""; + public ConfigData(bool editable = false) { diff --git a/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs b/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs new file mode 100644 index 000000000..5f935e870 --- /dev/null +++ b/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs @@ -0,0 +1,22 @@ +using Newtonsoft.Json; +using System.Text.Json.Serialization; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Config.Api.Data +{ + public class RecertCheckParams + { + [JsonProperty("check_interval"), JsonPropertyName("check_interval")] + public Interval RecertCheckInterval { get; set; } = Interval.Months; + + [JsonProperty("check_offset"), JsonPropertyName("check_offset")] + public int RecertCheckOffset { get; set; } = 1; + + [JsonProperty("check_weekday"), JsonPropertyName("check_weekday")] + public int? RecertCheckWeekday { get; set; } + + [JsonProperty("check_dayofmonth"), JsonPropertyName("check_dayofmonth")] + public int? RecertCheckDayOfMonth { get; set; } + } +} diff --git a/roles/lib/files/FWO.Config.Api/Data/UiText.cs b/roles/lib/files/FWO.Config.Api/Data/UiText.cs index 02fb4eb53..e2a07cf7e 100644 --- a/roles/lib/files/FWO.Config.Api/Data/UiText.cs +++ b/roles/lib/files/FWO.Config.Api/Data/UiText.cs @@ -1,5 +1,4 @@ using System.Text.Json.Serialization; -using System.Collections.Generic; using Newtonsoft.Json; namespace FWO.Config.Api.Data @@ -18,19 +17,4 @@ public class UiText [JsonProperty("language"), JsonPropertyName("language")] public string Language { get; set; } = ""; } - - - /// - /// contains texts needed for displaying UI in a single language - /// - public class SingleLanguage - { - public Dictionary text { get; set; } = new Dictionary(); - - // key of all_text ref is a combination ${language,id} - public SingleLanguage(string language, ref Dictionary all_text) - { - - } - } } diff --git a/roles/lib/files/FWO.Config.Api/FWO.Config.Api.csproj b/roles/lib/files/FWO.Config.Api/FWO.Config.Api.csproj index bb39e4ea6..48ceb7666 100644 --- a/roles/lib/files/FWO.Config.Api/FWO.Config.Api.csproj +++ b/roles/lib/files/FWO.Config.Api/FWO.Config.Api.csproj @@ -1,7 +1,7 @@ - net6.0 + net8.0 enable enable @@ -10,6 +10,7 @@ + diff --git a/roles/lib/files/FWO.Config.Api/GlobalConfig.cs b/roles/lib/files/FWO.Config.Api/GlobalConfig.cs index d9878e501..fc350798a 100644 --- a/roles/lib/files/FWO.Config.Api/GlobalConfig.cs +++ b/roles/lib/files/FWO.Config.Api/GlobalConfig.cs @@ -1,11 +1,8 @@ -using System; -using System.Collections.Generic; -using FWO.Logging; +using FWO.Logging; using FWO.Config.File; using FWO.Api.Client; using FWO.Config.Api.Data; using FWO.Api.Client.Queries; -using System.ComponentModel; namespace FWO.Config.Api { @@ -15,28 +12,30 @@ namespace FWO.Config.Api public class GlobalConfig : Config { /// - /// Global string constants used e.g. as database keys etc. + /// Global config constants /// - public static readonly string kEnglish = "English"; - - public static readonly int kSidebarLeftWidth = 300; - public static readonly int kSidebarRightWidth = 300; - - public static readonly string kAutodiscovery = "autodiscovery"; - public static readonly string kDailyCheck = "dailycheck"; - public static readonly string kUi = "ui"; - public string productVersion { get; set; } - public Language[] uiLanguages { get; set; } public Dictionary> langDict { get; set; } + public Dictionary> overDict { get; set; } + + /// + /// create a config collection (used centrally once in a UI server for all users) + /// + public static async Task ConstructAsync(string jwt, bool loadLanguageData = true) + { + ApiConnection apiConnection = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwt); + return await ConstructAsync(apiConnection, loadLanguageData); + } + public static async Task ConstructAsync(ApiConnection apiConnection, bool loadLanguageData = true) { string productVersion = ConfigFile.ProductVersion; Language[] uiLanguages = Array.Empty(); - Dictionary> langDict = new(); + Dictionary> tmpLangDicts = new(); + Dictionary> tmpLangOverDicts = new(); if (loadLanguageData) { @@ -52,16 +51,11 @@ public static async Task ConstructAsync(ApiConnection apiConnectio } try { + // add language dictionaries to dictionary of dictionaries foreach (Language lang in uiLanguages) { - var languageVariable = new { language = lang.Name }; - Dictionary dict = new(); - UiText[] uiTexts = await apiConnection.SendQueryAsync(ConfigQueries.getTextsPerLanguage, languageVariable); - foreach (UiText text in uiTexts) - dict.Add(text.Id, text.Txt); // add "word" to dictionary - - // add language dictionary to dictionary of dictionaries - langDict.Add(lang.Name, dict); + tmpLangDicts.Add(lang.Name, await LoadLangDict(lang, apiConnection)); + tmpLangOverDicts.Add(lang.Name, await LoadLangDict(lang, apiConnection, true)); } } catch (Exception exception) @@ -71,13 +65,17 @@ public static async Task ConstructAsync(ApiConnection apiConnectio } } - return new GlobalConfig(apiConnection, productVersion, uiLanguages, langDict); + return new GlobalConfig(apiConnection, productVersion, uiLanguages, tmpLangDicts, tmpLangOverDicts); } - public static async Task ConstructAsync(string jwt, bool loadLanguageData = true) + private GlobalConfig(ApiConnection apiConnection, string productVersion, Language[] uiLanguages, + Dictionary> langDict, Dictionary> overDict) + : base(apiConnection, 0) { - ApiConnection apiConnection = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwt); - return await ConstructAsync(apiConnection, loadLanguageData); + this.productVersion = productVersion; + this.uiLanguages = uiLanguages; + this.langDict = langDict; + this.overDict = overDict; } public override string GetText(string key) @@ -87,18 +85,18 @@ public override string GetText(string key) return System.Web.HttpUtility.HtmlDecode(langDict[DefaultLanguage][key]); } return "(undefined text)"; - } - - - /// - /// create a config collection (used centrally once in a UI server for all users) - /// - private GlobalConfig(ApiConnection apiConnection, string productVersion, Language[] uiLanguages, Dictionary> langDict) - : base(apiConnection, 0) + } + + private static async Task> LoadLangDict(Language lang, ApiConnection apiConnection, bool over = false) { - this.productVersion = productVersion; - this.uiLanguages = uiLanguages; - this.langDict = langDict; + var languageVariable = new { language = lang.Name }; + Dictionary dict = new(); + List uiTexts = await apiConnection.SendQueryAsync>(over ? ConfigQueries.getCustomTextsPerLanguage : ConfigQueries.getTextsPerLanguage, languageVariable); + foreach (UiText text in uiTexts) + { + dict.Add(text.Id, text.Txt); // add "word" to dictionary + } + return dict; } } } diff --git a/roles/lib/files/FWO.Config.Api/UserConfig.cs b/roles/lib/files/FWO.Config.Api/UserConfig.cs index 495800666..68ed1973b 100644 --- a/roles/lib/files/FWO.Config.Api/UserConfig.cs +++ b/roles/lib/files/FWO.Config.Api/UserConfig.cs @@ -1,7 +1,9 @@ using System.Text.RegularExpressions; +using FWO.GlobalConstants; using FWO.Logging; using FWO.Config.Api.Data; using FWO.Api.Client; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Api.Client.Queries; using System.Reflection; @@ -17,6 +19,7 @@ public class UserConfig : Config private readonly GlobalConfig globalConfig; public Dictionary Translate { get; set; } + public Dictionary Overwrite { get; set; } = new(); public UiUser User { private set; get; } @@ -36,6 +39,7 @@ public UserConfig(GlobalConfig globalConfig, ApiConnection apiConnection, UiUser { User = user; Translate = globalConfig.langDict[user.Language!]; + Overwrite = apiConnection != null ? Task.Run(async () => await GetCustomDict(user.Language!)).Result : globalConfig.overDict[user.Language!]; this.globalConfig = globalConfig; globalConfig.OnChange += GlobalConfigOnChange; } @@ -48,6 +52,10 @@ public UserConfig(GlobalConfig globalConfig) : base() globalConfig.OnChange += GlobalConfigOnChange; } + // only for unit tests + protected UserConfig() : base() + {} + private void GlobalConfigOnChange(Config config, ConfigItem[] changedItems) { // Get properties that belong to the user config @@ -82,6 +90,7 @@ public async Task ChangeLanguage(string languageName, ApiConnection apiConnectio { await apiConnection.SendQueryAsync(AuthQueries.updateUserLanguage, new { id = User.DbId, language = languageName }); Translate = globalConfig.langDict[languageName]; + Overwrite = apiConnection != null ? await GetCustomDict(languageName): globalConfig.overDict[languageName]; User.Language = languageName; InvokeOnChange(this, null); } @@ -101,12 +110,17 @@ public void SetLanguage(string languageName) if (globalConfig.langDict.ContainsKey(User.Language)) { Translate = globalConfig.langDict[User.Language]; + Overwrite = globalConfig.overDict[User.Language]; } } public override string GetText(string key) { - if (Translate.ContainsKey(key)) + if (Overwrite != null && Overwrite.ContainsKey(key)) + { + return Convert(Overwrite[key]); + } + if (Translate != null && Translate.ContainsKey(key)) { return Convert(Translate[key]); } @@ -115,15 +129,15 @@ public override string GetText(string key) string defaultLanguage = globalConfig.DefaultLanguage; if (defaultLanguage == "") { - defaultLanguage = GlobalConfig.kEnglish; + defaultLanguage = GlobalConst.kEnglish; } if (globalConfig.langDict[defaultLanguage].ContainsKey(key)) { return Convert(globalConfig.langDict[defaultLanguage][key]); } - else if (defaultLanguage != GlobalConfig.kEnglish && globalConfig.langDict[GlobalConfig.kEnglish].ContainsKey(key)) + else if (defaultLanguage != GlobalConst.kEnglish && globalConfig.langDict[GlobalConst.kEnglish].ContainsKey(key)) { - return Convert(globalConfig.langDict[GlobalConfig.kEnglish][key]); + return Convert(globalConfig.langDict[GlobalConst.kEnglish][key]); } else { @@ -132,7 +146,104 @@ public override string GetText(string key) } } - public string Convert(string rawText) + public string PureLine(string text) + { + string output = RemoveLinks(Regex.Replace(GetText(text).Trim(), @"\s", " ")); + output = ReplaceListElems(output); + bool cont = true; + while(cont) + { + string outputOrig = output; + output = Regex.Replace(outputOrig, @" ", " "); + if(output.Length == outputOrig.Length) + { + cont = false; + } + } + return output; + } + + public string GetApiText(string key) + { + string text = key; + string pattern = @"[A]\d\d\d\d"; + Match m = Regex.Match(key, pattern); + if (m.Success) + { + string msg = GetText(key.Substring(0, 5)); + if (msg != "(undefined text)") + { + text = msg; + } + } + return text; + } + + public async Task> GetCustomDict(string languageName) + { + Dictionary dict = new(); + try + { + List uiTexts = await apiConnection.SendQueryAsync>(ConfigQueries.getCustomTextsPerLanguage, new { language = languageName }); + if (uiTexts != null) + { + foreach (UiText text in uiTexts) + { + dict.Add(text.Id, text.Txt); + } + } + } + catch (Exception exception) + { + Log.WriteError("Read custom dictionary", $"Could not read custom dict.", exception); + } + return dict; + } + + private static string RemoveLinks(string txtString) + { + string startLink = "= 0) + { + end = txtString.IndexOf(">", begin + startLink.Length); + if (end > 0) + { + txtString = txtString.Remove(begin, end - begin + 1); + } + else + { + cont = false; + } + } + else + { + cont = false; + } + } + txtString = Regex.Replace(txtString, "", ""); + return txtString; + } + + private static string ReplaceListElems(string txtString) + { + txtString = Regex.Replace(txtString, "
    ", ""); + txtString = Regex.Replace(txtString, "
", ""); + txtString = Regex.Replace(txtString, "
    ", ""); + txtString = Regex.Replace(txtString, "
", ""); + txtString = Regex.Replace(txtString, "
  • ", "\r\n"); + txtString = Regex.Replace(txtString, "
    • ", ""); + txtString = Regex.Replace(txtString, "
    ", "\r\n"); + return txtString; + } + + private string Convert(string rawText) { string plainText = System.Web.HttpUtility.HtmlDecode(rawText); @@ -149,7 +260,7 @@ public string Convert(string rawText) while (cont) { begin = plainText.IndexOf(startLink, index); - if (begin > 0) + if (begin >= 0) { end = plainText.IndexOf("\"", begin + startLink.Length); if (end > 0) @@ -170,21 +281,5 @@ public string Convert(string rawText) } return plainText; } - - public string GetApiText(string key) - { - string text = key; - string pattern = @"[A]\d\d\d\d"; - Match m = Regex.Match(key, pattern); - if (m.Success) - { - string msg = GetText(key.Substring(0, 5)); - if (msg != "(undefined text)") - { - text = msg; - } - } - return text; - } } } diff --git a/roles/lib/files/FWO.Config.File/ConfigFile.cs b/roles/lib/files/FWO.Config.File/ConfigFile.cs index c76317e39..5e38775f2 100644 --- a/roles/lib/files/FWO.Config.File/ConfigFile.cs +++ b/roles/lib/files/FWO.Config.File/ConfigFile.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.IO; using System.Text.Json; +using System.Text.Json.Serialization; namespace FWO.Config.File { @@ -26,23 +27,43 @@ public class ConfigFile private const string jwtPrivateKeyPath = basePath + "/secrets/jwt_private_key.pem"; /// - /// Internal connection to middleware server. Used to connect with api server. + /// All config data found in the main config file /// - //private readonly MiddlewareClient middlewareClient; + private class ConfigFileData + { + /// + /// Uri of the middleware server (http) + /// + [JsonPropertyName("middleware_native_uri")] + public string? MiddlewareServerNativeUri { get; set; } + + /// + /// Uri of the middleware server reverse proxy (https) + /// + [JsonPropertyName("middleware_uri")] + public string? MiddlewareServerUri { get; set; } + + [JsonPropertyName("api_uri")] + public string? ApiServerUri { get; set; } + + [JsonPropertyName("remote_addresses")] + public string[]? RemoteAddresses { get; set; } + + [JsonPropertyName("product_version")] + public string? ProductVersion { get; set; } + } /// - /// Internal connection to api server. Used to get/edit config data. + /// Config file data found in the main config file /// - //private readonly APIConnection apiConnection; - + private static ConfigFileData Data { get; set; } = new ConfigFileData(); private static RsaSecurityKey? jwtPrivateKey = null; public static RsaSecurityKey JwtPrivateKey { get { - jwtPrivateKey = CriticalConfigValueLoaded(jwtPrivateKey); - return jwtPrivateKey; + return CriticalConfigValueLoaded(jwtPrivateKey); } } @@ -51,57 +72,47 @@ public static RsaSecurityKey JwtPublicKey { get { - jwtPublicKey = CriticalConfigValueLoaded(jwtPublicKey); - return jwtPublicKey; + return CriticalConfigValueLoaded(jwtPublicKey); } } - private static string? apiServerUri = null; public static string ApiServerUri { get { - apiServerUri = CriticalConfigValueLoaded(apiServerUri); - return apiServerUri; + return CriticalConfigValueLoaded(Data.ApiServerUri); } } - private static string? middlewareServerNativeUri = null; public static string MiddlewareServerNativeUri { get { - middlewareServerNativeUri = CriticalConfigValueLoaded(middlewareServerNativeUri); - return middlewareServerNativeUri; + return CriticalConfigValueLoaded(Data.MiddlewareServerNativeUri); } } - private static string? middlewareServerUri = null; public static string MiddlewareServerUri { get { - middlewareServerUri = CriticalConfigValueLoaded(middlewareServerUri); - return middlewareServerUri; + return CriticalConfigValueLoaded(Data.MiddlewareServerUri); } } - private static string? productVersion = null; public static string ProductVersion { get { - productVersion = CriticalConfigValueLoaded(productVersion); - return productVersion; + return CriticalConfigValueLoaded(Data.ProductVersion); } } - private static Dictionary customSettings = new Dictionary(); - public Dictionary CustomSettings + public static string[] RemoteAddresses { get { - return customSettings; + return CriticalConfigValueLoaded(Data.RemoteAddresses); } } @@ -114,21 +125,17 @@ private static void Read(string configFilePath, string privateKeyFilePath, strin { try { - // Reset all values - jwtPrivateKey = null; - jwtPublicKey = null; - middlewareServerNativeUri = null; - middlewareServerUri = null; - apiServerUri = null; - productVersion = null; - // Read config as json from file string configFile = System.IO.File.ReadAllText(configFilePath).TrimEnd(); // Deserialize config to dictionary - Dictionary configFileData = JsonSerializer.Deserialize>(configFile) ?? throw new Exception("Config file could not be parsed."); + Data = JsonSerializer.Deserialize(configFile) ?? throw new Exception("Config file could not be parsed."); - // Errors can be ignored. If a configuration value that could not be loaded is requested from outside this class, an excpetion is thrown. See NotNullCriticalConfigValue() + // Errors can be ignored. If a configuration value that could not be loaded is requested from outside this class, an excpetion is thrown. See CriticalConfigValueLoaded() + + // Reset all keys + jwtPrivateKey = null; + jwtPublicKey = null; // Try to read jwt private key IgnoreExceptions(() => jwtPrivateKey = KeyImporter.ExtractKeyFromPem(System.IO.File.ReadAllText(privateKeyFilePath), isPrivateKey: true)); @@ -136,17 +143,6 @@ private static void Read(string configFilePath, string privateKeyFilePath, strin // Try to read jwt public key IgnoreExceptions(() => jwtPublicKey = KeyImporter.ExtractKeyFromPem(System.IO.File.ReadAllText(publicKeyFilePath), isPrivateKey: false)); - // Try to get uri of the middleware server (http) - IgnoreExceptions(() => middlewareServerNativeUri = configFileData["middleware_native_uri"]); - - // Try to get uri of the middleware server reverse proxy (https) - IgnoreExceptions(() => middlewareServerUri = configFileData["middleware_uri"]); - - // Try to get api uri - IgnoreExceptions(() => apiServerUri = configFileData["api_uri"]); - - // Try to get productVersion - IgnoreExceptions(() => productVersion = configFileData["product_version"]); } catch (Exception configFileReadException) { @@ -176,7 +172,7 @@ private static ConfigValueType CriticalConfigValueLoaded(Config private static void IgnoreExceptions(Action method) { - try { method(); } catch (Exception e){ Log.WriteDebug("Config value", $"Config value could not be loaded. Error: {e.Message}"); } + try { method(); } catch (Exception e) { Log.WriteDebug("Config value", $"Config value could not be loaded. Error: {e.Message}"); } } } } diff --git a/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj b/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj index e4df9cbdf..1f4a2474b 100644 --- a/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj +++ b/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj @@ -1,13 +1,13 @@  - net6.0 + net8.0 enable enable - + diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs index bcbbae064..8048917d6 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs @@ -1,7 +1,10 @@ -using FWO.Api.Data; +using System.Text.Json; + +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Api.Client; using FWO.Logging; -using System.Text.Json; +using FWO.Encryption; namespace FWO.DeviceAutoDiscovery { @@ -16,6 +19,23 @@ public class AutoDiscoveryBase public AutoDiscoveryBase(Management mgm, ApiConnection apiConn) { superManagement = mgm; + + string mainKey = AesEnc.GetMainKey(); + + string decryptedSecret = superManagement.ImportCredential.Secret; + + // try to decrypt secret, keep it as is if failing + try + { + decryptedSecret = AesEnc.Decrypt(superManagement.ImportCredential.Secret, mainKey); + } + catch (Exception) + { + // Log.WriteWarning("AutoDiscovery", $"Found unencrypted credential secret: {superManagement.ImportCredential.Name}."); + Log.WriteWarning("AutoDiscovery", $"Could not decrypt secret {superManagement.ImportCredential.Secret} in credential named: {superManagement.ImportCredential.Name}."); + } + + superManagement.ImportCredential.Secret = decryptedSecret; apiConnection = apiConn; } diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs index a0606844c..c998d482c 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs @@ -1,4 +1,5 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Api.Client; using FWO.Logging; using FWO.Rest.Client; diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs index 41be762a9..8fbd655af 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs @@ -1,5 +1,6 @@ using System.Net; using RestSharp; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Api.Client; using FWO.Logging; @@ -28,12 +29,12 @@ public override async Task> Run() FortiManagerClient restClientFM = new FortiManagerClient(superManagement); RestResponse sessionResponse = await restClientFM.AuthenticateUser(superManagement.ImportCredential.ImportUser, superManagement.ImportCredential.Secret); - if (sessionResponse.StatusCode == HttpStatusCode.OK && sessionResponse.IsSuccessful && sessionResponse?.Data?.SessionId != null && sessionResponse?.Data?.SessionId != "") + if (sessionResponse.StatusCode == HttpStatusCode.OK && sessionResponse.IsSuccessful && !string.IsNullOrEmpty(sessionResponse?.Data?.SessionId)) { - string sessionId = sessionResponse!.Data!.SessionId; + string sessionId = sessionResponse.Data.SessionId; Log.WriteDebug("Autodiscovery", $"successful FortiManager login, got SessionID: {sessionId}"); // need to use @ verbatim identifier for special chars in sessionId - RestResponse adomResponse = await restClientFM.GetAdoms(@sessionId!); + RestResponse adomResponse = await restClientFM.GetAdoms(sessionId); if (adomResponse.StatusCode == HttpStatusCode.OK && adomResponse.IsSuccessful) { List? adomList = adomResponse?.Data?.Result[0]?.AdomList; @@ -60,13 +61,16 @@ public override async Task> Run() RestResponse deviceResponse = await restClientFM.GetDevices(@sessionId); if (deviceResponse.StatusCode == HttpStatusCode.OK && deviceResponse.IsSuccessful) { - List fortigateList = deviceResponse.Data.Result[0].DeviceList; - foreach (FortiGate fg in fortigateList) + if(deviceResponse.Data != null && deviceResponse.Data.Result.Count > 0) { - Log.WriteDebug("Autodiscovery", $"found device {fg.Name} belonging to management VDOM {fg.MgtVdom}"); - foreach (Vdom vdom in fg.VdomList) + List fortigateList = deviceResponse.Data.Result[0].DeviceList; + foreach (FortiGate fg in fortigateList) { - Log.WriteDebug("Autodiscovery", $"found vdom {vdom.Name} belonging to device {fg.Name}"); + Log.WriteDebug("Autodiscovery", $"found device {fg.Name} belonging to management VDOM {fg.MgtVdom}"); + foreach (Vdom vdom in fg.VdomList) + { + Log.WriteDebug("Autodiscovery", $"found vdom {vdom.Name} belonging to device {fg.Name}"); + } } } foreach (Adom adom in customAdoms) @@ -92,36 +96,39 @@ public override async Task> Run() RestResponse assignResponse = await restClientFM.GetPackageAssignmentsPerAdom(@sessionId, adom.Name); if (assignResponse.StatusCode == HttpStatusCode.OK && assignResponse.IsSuccessful) { - List assignmentList = assignResponse.Data.Result[0].AssignmentList; - foreach (Assignment assign in assignmentList) + if(assignResponse.Data != null && assignResponse.Data.Result.Count > 0) { - Device devFound = new Device(); - // assign.PackageName = assign.PackageName.Replace("/", "\\/"); // replace / in package name with \/ - Log.WriteDebug("Autodiscovery", $"found assignment1 in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); - if (assign.DeviceName != null) + List assignmentList = assignResponse.Data.Result[0].AssignmentList; + foreach (Assignment assign in assignmentList) { - Log.WriteDebug("Autodiscovery", $"found assignment2 (device<>null) in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); - if (assign.DeviceName != "") + Device devFound = new Device(); + // assign.PackageName = assign.PackageName.Replace("/", "\\/"); // replace / in package name with \/ + Log.WriteDebug("Autodiscovery", $"found assignment1 in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); + if (assign.DeviceName != null) { - Log.WriteDebug("Autodiscovery", $"found assignment3 (non-device-empty-string) in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); - string devName = assign.DeviceName; - if (assign.VdomName != null && assign.VdomName != "") - devName += "_" + assign.VdomName; - devFound = new Device + Log.WriteDebug("Autodiscovery", $"found assignment2 (device<>null) in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); + if (assign.DeviceName != "") { - Name = devName, - LocalRulebase = assign.PackageName, - Package = assign.PackageName, - DeviceType = new DeviceType { Id = 10 } // fortiGate - }; - // handle global vs. local based on VdomName? - Log.WriteDebug("Autodiscovery", $"assignment devFound Name = {devFound.Name}"); - Log.WriteDebug("Autodiscovery", $"assignment currentManagement before Append contains {currentManagement.Devices.Length} devices"); - currentManagement.Devices = currentManagement.Devices.Append(devFound).ToArray(); - Log.WriteDebug("Autodiscovery", $"assignment currentManagement after Append contains {currentManagement.Devices.Length} devices"); + Log.WriteDebug("Autodiscovery", $"found assignment3 (non-device-empty-string) in ADOM {adom.Name}: package {assign.PackageName} assigned to device {assign.DeviceName}, vdom: {assign.VdomName} "); + string devName = assign.DeviceName; + if (assign.VdomName != null && assign.VdomName != "") + devName += "_" + assign.VdomName; + devFound = new Device + { + Name = devName, + LocalRulebase = assign.PackageName, + Package = assign.PackageName, + DeviceType = new DeviceType { Id = 10 } // fortiGate + }; + // handle global vs. local based on VdomName? + Log.WriteDebug("Autodiscovery", $"assignment devFound Name = {devFound.Name}"); + Log.WriteDebug("Autodiscovery", $"assignment currentManagement before Append contains {currentManagement.Devices.Length} devices"); + currentManagement.Devices = currentManagement.Devices.Append(devFound).ToArray(); + Log.WriteDebug("Autodiscovery", $"assignment currentManagement after Append contains {currentManagement.Devices.Length} devices"); + } } + adom.Assignments.Add(assign); } - adom.Assignments.Add(assign); } } discoveredDevices.Add(currentManagement); // add discovered adom including devices @@ -138,8 +145,8 @@ public override async Task> Run() } else { - string errorTxt = $"error while logging in to FortiManager: {sessionResponse.ErrorMessage} "; - if (sessionResponse.Data.SessionId == "") + string errorTxt = $"error while logging in to FortiManager: {sessionResponse?.ErrorMessage} "; + if (sessionResponse?.Data?.SessionId == "") errorTxt += "could not authenticate to FortiManager - got empty session ID"; Log.WriteWarning("AutoDiscovery", errorTxt); throw new Exception(errorTxt); diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs index 015f70011..7a030b4f3 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs @@ -1,5 +1,6 @@ using RestSharp; using System.Text.Json; +using FWO.GlobalConstants; using FWO.Api.Data; using System.Text.Json.Serialization; using Newtonsoft.Json; @@ -7,6 +8,7 @@ using RestSharp.Serializers.NewtonsoftJson; using System.Text.Encodings.Web; using System.Text; +using RestSharp.Serializers; namespace FWO.Rest.Client { @@ -18,22 +20,22 @@ public CheckPointClient(Management manager) { RestClientOptions restClientOptions = new RestClientOptions(); restClientOptions.RemoteCertificateValidationCallback += (_, _, _, _) => true; - // restClientOptions.Encoding = Encoding.Latin1; restClientOptions.BaseUrl = new Uri("https://" + manager.Hostname + ":" + manager.Port + "/web_api/"); - restClient = new RestClient(restClientOptions); - // restClient.AddDefaultHeader("Content-Type", "application/json"); + restClient = new RestClient(restClientOptions, null, ConfigureRestClientSerialization); + } + private void ConfigureRestClientSerialization(SerializerConfig config) + { JsonNetSerializer serializer = new JsonNetSerializer(); // Case insensivitive is enabled by default - restClient.UseDefaultSerializers(); - restClient.UseSerializer(() => serializer); - } + config.UseSerializer(() => serializer); + } public async Task> AuthenticateUser(string? user, string? pwd, string? domain) { if (user == null || user == "") { Log.WriteWarning("Autodiscovery", $"GetDomains got empty user string, aborting"); - return new RestResponse(); + return new RestResponse(new RestRequest()); } if (pwd == null) pwd = ""; @@ -94,36 +96,40 @@ public async Task> GetGateways(string session, string ManagementT // getting all gateways of this management RestResponse devices = await restClient.ExecuteAsync(request); - foreach (CpDevice dev in devices?.Data?.DeviceList) + if(devices.Data != null) { - if (gwTypes.Contains(dev.CpDevType)) + foreach (CpDevice dev in devices.Data.DeviceList) { - if (dev.Policy.AccessPolicyInstalled) // get package info + if (gwTypes.Contains(dev.CpDevType)) { - Log.WriteDebug("Autodiscovery", $"found gateway '{dev.Name}' with access policy '{dev.Policy.AccessPolicyName}'"); - RestRequest requestPackage = new RestRequest("show-package", Method.Post); - requestPackage.AddHeader("X-chkp-sid", session); - requestPackage.AddHeader("Content-Type", "application/json"); - Dictionary packageBody = new Dictionary(); - packageBody.Add("name", dev.Policy.AccessPolicyName); - packageBody.Add("details-level", "full"); - requestPackage.AddJsonBody(packageBody); - RestResponse package = await restClient.ExecuteAsync(requestPackage); - if (dev != null && package != null && package.Data != null) + if (dev.Policy.AccessPolicyInstalled) // get package info { - dev.Package = package.Data; - Log.WriteDebug("Autodiscovery", $"for gateway '{dev.Name}' we found a package '{dev?.Package?.Name}' with {dev?.Package?.CpAccessLayers.Count} layers"); - - extractLayerNames(dev.Package, dev.Name, ManagementType, out string localLayerName, out string globalLayerName); - dev.LocalLayerName = localLayerName; - dev.GlobalLayerName = globalLayerName; + Log.WriteDebug("Autodiscovery", $"found gateway '{dev.Name}' with access policy '{dev.Policy.AccessPolicyName}'"); + RestRequest requestPackage = new RestRequest("show-package", Method.Post); + requestPackage.AddHeader("X-chkp-sid", session); + requestPackage.AddHeader("Content-Type", "application/json"); + Dictionary packageBody = new Dictionary(); + packageBody.Add("name", dev.Policy.AccessPolicyName); + packageBody.Add("details-level", "full"); + requestPackage.AddJsonBody(packageBody); + RestResponse package = await restClient.ExecuteAsync(requestPackage); + if (dev != null && package != null && package.Data != null) + { + dev.Package = package.Data; + Log.WriteDebug("Autodiscovery", $"for gateway '{dev.Name}' we found a package '{dev?.Package?.Name}' with {dev?.Package?.CpAccessLayers.Count} layers"); + + extractLayerNames(dev!.Package, dev.Name, ManagementType, out string localLayerName, out string globalLayerName); + dev.LocalLayerName = localLayerName; + dev.GlobalLayerName = globalLayerName; + } } + else + Log.WriteWarning("Autodiscovery", $"found gateway '{dev.Name}' without access policy"); } - else - Log.WriteWarning("Autodiscovery", $"found gateway '{dev.Name}' without access policy"); } + return devices.Data.DeviceList; } - return devices.Data.DeviceList; + return new List(); } private void extractLayerNames(CpPackage package, string devName, string managementType, out string localLayerName, out string globalLayerName) @@ -201,7 +207,7 @@ public class CpApiStatus public class CpDomainHelper { [JsonProperty("objects"), JsonPropertyName("objects")] - public List DomainList { get; set; } + public List DomainList { get; set; } = new List(); [JsonProperty("total"), JsonPropertyName("total")] public int Total { get; set; } diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj b/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj index 4c7df6e94..954ab3d22 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj @@ -1,21 +1,22 @@ - net6.0 + net8.0 enable enable - - + + + diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs index 956f099b6..c4b5b7ae3 100644 --- a/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs +++ b/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs @@ -1,6 +1,7 @@ using RestSharp; using RestSharp.Serializers.SystemTextJson; using System.Text.Json; +using FWO.GlobalConstants; using FWO.Api.Data; using System.Text; using System.Text.Json.Serialization; @@ -8,6 +9,7 @@ using Newtonsoft.Json; using FWO.Logging; using RestSharp.Serializers.NewtonsoftJson; +using RestSharp.Serializers; namespace FWO.Rest.Client { @@ -19,15 +21,17 @@ public FortiManagerClient(Management fortiManager) { RestClientOptions restClientOptions = new RestClientOptions(); restClientOptions.RemoteCertificateValidationCallback += (_, _, _, _) => true; - // restClientOptions.Encoding = Encoding.Latin1; restClientOptions.BaseUrl = new Uri("https://" + fortiManager.Hostname + ":" + fortiManager.Port + "/jsonrpc"); - restClient = new RestClient(restClientOptions); + restClient = new RestClient(restClientOptions, null, ConfigureRestClientSerialization); + } + private void ConfigureRestClientSerialization(SerializerConfig config) + { JsonNetSerializer serializer = new JsonNetSerializer(); // Case insensivitive is enabled by default - restClient.UseDefaultSerializers(); - restClient.UseSerializer(() => serializer); + config.UseSerializer(() => serializer); } + public async Task> AuthenticateUser(string? user, string pwd) { List dataList = new List(); diff --git a/roles/lib/files/FWO.Encryption/AesEnc.cs b/roles/lib/files/FWO.Encryption/AesEnc.cs new file mode 100644 index 000000000..cac5510dc --- /dev/null +++ b/roles/lib/files/FWO.Encryption/AesEnc.cs @@ -0,0 +1,88 @@ +using System.Security.Cryptography; +using System.Text; +using FWO.GlobalConstants; + +namespace FWO.Encryption +{ + public static class AesEnc + { + public static string GetMainKey() + { + string mainKey = File.ReadAllText(GlobalConst.kMainKeyFile); + mainKey = mainKey.TrimEnd('\n'); // remove linke break + return mainKey; + } + + public static string Encrypt(string plaintext, string key) + { + return CustomAesCbcEncryptBase64(plaintext, key); + } + + public static string Decrypt(string encryptedDataString, string key) + { + string decryptedText; + try + { + decryptedText = CustomAesCbcDecryptBase64(encryptedDataString, key); + return decryptedText; + } + catch + { + throw new ArgumentException("Could not decrypt."); + } + } + + public static string CustomAesCbcEncryptBase64(string plaintext, string key) + { + using (Aes aes = Aes.Create()) + { + aes.Key = Encoding.UTF8.GetBytes(key); + aes.GenerateIV(); + aes.Mode = CipherMode.CBC; + aes.Padding = PaddingMode.PKCS7; + + using (ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV)) + { + byte[] plaintextBytes = Encoding.UTF8.GetBytes(plaintext); + byte[] encryptedBytes = encryptor.TransformFinalBlock(plaintextBytes, 0, plaintextBytes.Length); + + // Combine IV and encrypted text + byte[] ivAndEncrypted = new byte[aes.IV.Length + encryptedBytes.Length]; + Array.Copy(aes.IV, ivAndEncrypted, aes.IV.Length); + Array.Copy(encryptedBytes, 0, ivAndEncrypted, aes.IV.Length, encryptedBytes.Length); + + return Convert.ToBase64String(ivAndEncrypted); + } + } + } + + public static string CustomAesCbcDecryptBase64(string ciphertext, string key) + { + byte[] encryptedBytes = Convert.FromBase64String(ciphertext); + + // IV size for AES-CBC is typically 16 bytes + int ivSize = 16; + byte[] iv = new byte[ivSize]; + byte[] encryptedText = new byte[encryptedBytes.Length - ivSize]; + + // Extract IV from the beginning of the ciphertext + Array.Copy(encryptedBytes, 0, iv, 0, ivSize); + Array.Copy(encryptedBytes, ivSize, encryptedText, 0, encryptedText.Length); + + using (Aes aes = Aes.Create()) + { + aes.Key = Encoding.UTF8.GetBytes(key); + aes.IV = iv; + aes.Mode = CipherMode.CBC; + aes.Padding = PaddingMode.PKCS7; + + using (ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV)) + { + byte[] decryptedBytes = decryptor.TransformFinalBlock(encryptedText, 0, encryptedText.Length); + return Encoding.UTF8.GetString(decryptedBytes); + } + } + } + + } +} diff --git a/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj b/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj new file mode 100644 index 000000000..91b30cd1f --- /dev/null +++ b/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj @@ -0,0 +1,13 @@ + + + + net8.0 + enable + enable + + + + + + + diff --git a/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj b/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj new file mode 100644 index 000000000..e18fb19bc --- /dev/null +++ b/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj @@ -0,0 +1,9 @@ + + + + net8.0 + enable + enable + + + diff --git a/roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs b/roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs new file mode 100644 index 000000000..66d88e02f --- /dev/null +++ b/roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs @@ -0,0 +1,46 @@ +namespace FWO.GlobalConstants +{ + /// + /// Global string constants used e.g. as database keys etc. + /// + public struct GlobalConst + { + public const string kFwoProdName = "fworch"; + public const string kFwoBaseDir = "/usr/local/" + kFwoProdName; + public const string kMainKeyFile = kFwoBaseDir + "/etc/secrets/main_key"; + + public const string kEnglish = "English"; + public const int kTenant0Id = 1; + + public const int kSidebarLeftWidth = 300; + public const int kSidebarRightWidth = 300; + public const int kHoursToMilliseconds = 3600000; + + public const string kHtml = "html"; + public const string kPdf = "pdf"; + public const string kJson = "json"; + public const string kCsv = "csv"; + + public const string kAutodiscovery = "autodiscovery"; + public const string kDailyCheck = "dailycheck"; + public const string kUi = "ui"; + public const string kCertification = "Certification"; + public const string kImportAppData = "importAppData"; + public const string kImportAreaSubnetData = "importAreaSubnetData"; + public const string kManual = "manual"; + public const string kModellerGroup = "ModellerGroup_"; + public const string kImportChangeNotify = "importChangeNotify"; + + public const string kLdapInternalPostfix = "dc=" + kFwoProdName + ",dc=internal"; + + public const string kDummyAppRole = "DummyAppRole"; + } + + public struct ObjectType + { + public const string Group = "group"; + public const string Host = "host"; + public const string Network = "network"; + public const string IPRange = "ip_range"; + } +} diff --git a/roles/lib/files/FWO.Logging/FWO.Logging.csproj b/roles/lib/files/FWO.Logging/FWO.Logging.csproj index 0da2a6f35..5d6e8277c 100644 --- a/roles/lib/files/FWO.Logging/FWO.Logging.csproj +++ b/roles/lib/files/FWO.Logging/FWO.Logging.csproj @@ -1,7 +1,7 @@ - net6.0 + net8.0 enable enable diff --git a/roles/lib/files/FWO.Logging/Log.cs b/roles/lib/files/FWO.Logging/Log.cs index ae6ab44fd..16fc7da66 100644 --- a/roles/lib/files/FWO.Logging/Log.cs +++ b/roles/lib/files/FWO.Logging/Log.cs @@ -1,6 +1,4 @@ -using System; -using System.Diagnostics; -using System.Linq; +using System.Diagnostics; using System.Reflection; using System.Runtime.CompilerServices; @@ -12,63 +10,75 @@ public static class Log private static string lockFilePath = $"/var/fworch/lock/{Assembly.GetEntryAssembly()?.GetName().Name}_log.lock"; private static Random random = new Random(); - static Log() + static Log() { Task.Factory.StartNew(async () => { // log switch - log file locking - DateTime lastLockFileRead = new DateTime(0); - bool logOwned = false; + bool logOwnedByExternal = false; + Stopwatch stopwatch = new Stopwatch(); while (true) { try { - DateTime lastLockFileChange = File.GetLastWriteTime(lockFilePath); - - if (lastLockFileRead != lastLockFileChange) + // Open file + using FileStream file = await GetFile(lockFilePath); + // Read file content + using StreamReader reader = new StreamReader(file); + string lockFileContent = (await reader.ReadToEndAsync()).Trim(); + + // Forcefully release lock after timeout + if (logOwnedByExternal && stopwatch.ElapsedMilliseconds > 10_000) + { + using StreamWriter writer = new StreamWriter(file); + await writer.WriteLineAsync("FORCEFULLY RELEASED"); + stopwatch.Reset(); + semaphore.Release(); + logOwnedByExternal = false; + } + // GRANTED - lock was granted by us + else if (lockFileContent.EndsWith("GRANTED")) { - using FileStream file = await GetFile(lockFilePath); - // read file content - using StreamReader reader = new StreamReader(file); - string lockFileContent = (await reader.ReadToEndAsync()).Trim(); - - // REQUESTED - lock was requested by log swap process - // GRANTED - lock was granted by us - // RELEASED - lock was released by log swap process - // ACKNOWLEDGED - lock release was acknowledged by us - if (lockFileContent.EndsWith("REQUESTED")) + // Request lock if it is not already requested by us + // (in case of restart with log already granted) + if (!logOwnedByExternal) { - // only request lock if it is not already requested by us - if (!logOwned) - { - semaphore.Wait(); - logOwned = true; - } - using StreamWriter writer = new StreamWriter(file); - await writer.WriteLineAsync("GRANTED"); + semaphore.Wait(); + stopwatch.Restart(); + logOwnedByExternal = true; } - if (lockFileContent.EndsWith("RELEASED")) + } + // REQUESTED - lock was requested by log swap process + else if (lockFileContent.EndsWith("REQUESTED")) + { + // only request lock if it is not already requested by us + if (!logOwnedByExternal) { - // only release lock if it was formerly requested by us - if (logOwned) - { - semaphore.Release(); - logOwned = false; - } - using StreamWriter writer = new StreamWriter(file); - await writer.WriteLineAsync("ACKNOWLEDGED"); + semaphore.Wait(); + stopwatch.Restart(); + logOwnedByExternal = true; + } + using StreamWriter writer = new StreamWriter(file); + await writer.WriteLineAsync("GRANTED"); + } + // RELEASED - lock was released by log swap process + else if (lockFileContent.EndsWith("RELEASED")) + { + // only release lock if it was formerly requested by us + if (logOwnedByExternal) + { + stopwatch.Reset(); + semaphore.Release(); + logOwnedByExternal = false; } - - lastLockFileRead = lastLockFileChange; } - - await Task.Delay(1000); } - catch (Exception e) + catch (Exception) { //WriteError("Log file locking", "Error while accessing log lock file.", e); } + await Task.Delay(1000); } }, TaskCreationOptions.LongRunning); } @@ -81,7 +91,7 @@ private static async Task GetFile(string path) { return File.Open(path, FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.None); } - catch (Exception e) + catch (Exception) { //WriteDebug("Log file locking", $"Could not access log lock file: {e.Message}."); } @@ -105,12 +115,12 @@ public static void WriteWarning(string Title, string Text, [CallerMemberName] st WriteLog("Warning", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.DarkYellow); } - public static void WriteError(string Title, string? Text = null, Exception? Error = null, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteError(string Title, string? Text = null, Exception? Error = null, string? User = null, string? Role = null, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { string DisplayText = - (Text != null ? - $"{Text}" - : "") + + (User != null ? $"User: {User}, " : "") + + (Role != null ? $"Role: {Role}, " : "") + + (Text != null ? $"{Text}" : "") + (Error != null ? "\n ---\n" + $"Exception thrown: \n {Error?.GetType().Name} \n" + diff --git a/roles/lib/files/FWO.Mail/EmailConnection.cs b/roles/lib/files/FWO.Mail/EmailConnection.cs new file mode 100644 index 000000000..e0a691a8d --- /dev/null +++ b/roles/lib/files/FWO.Mail/EmailConnection.cs @@ -0,0 +1,33 @@ +namespace FWO.Mail +{ + + public enum EmailEncryptionMethod + { + None, + StartTls, + Tls + } + + public class EmailConnection + { + public string ServerAddress { get; set; } = ""; + public int Port { get; set; } + public EmailEncryptionMethod Encryption { get; set; } = EmailEncryptionMethod.None; + public string? User { get; set; } + public string? Password { get; set; } + public string? SenderEmailAddress { get; set; } + + public EmailConnection() + {} + public EmailConnection(string address, int port, EmailEncryptionMethod encryption, string user, string password, string senderAddress) + { + ServerAddress = address; + Port= port; + Encryption = encryption; + User = user; + Password = password; + SenderEmailAddress = senderAddress; + } + } + +} diff --git a/roles/lib/files/FWO.Mail/EmailForm.cs b/roles/lib/files/FWO.Mail/EmailForm.cs new file mode 100644 index 000000000..826f6d544 --- /dev/null +++ b/roles/lib/files/FWO.Mail/EmailForm.cs @@ -0,0 +1,20 @@ +using System.ComponentModel.DataAnnotations; + +namespace FWO.Mail +{ + + public class EmailForm + { + // [Required] + public string? EmailSrvAddress { get; set; } + + // [Required] + // [Range(1, 65535, ErrorMessage = "Port range must be in (1-65535)")] + public int EmailSrvPort { get; set; } + + public string? EmailAuthUser { get; set; } + public string? EmailAuthPassword { get; set; } + public string? EmailSenderAddress { get; set; } + } + +} \ No newline at end of file diff --git a/roles/lib/files/FWO.Mail/FWO.Mail.csproj b/roles/lib/files/FWO.Mail/FWO.Mail.csproj new file mode 100644 index 000000000..ceba8ce07 --- /dev/null +++ b/roles/lib/files/FWO.Mail/FWO.Mail.csproj @@ -0,0 +1,15 @@ + + + + net8.0 + enable + enable + + + + + + + + + diff --git a/roles/lib/files/FWO.Mail/MailerMailKit.cs b/roles/lib/files/FWO.Mail/MailerMailKit.cs new file mode 100644 index 000000000..d1bbff594 --- /dev/null +++ b/roles/lib/files/FWO.Mail/MailerMailKit.cs @@ -0,0 +1,217 @@ +// source: https://blog.christian-schou.dk/send-emails-with-asp-net-core-with-mailkit/ + +using MailKit.Net.Smtp; +using MailKit.Security; +using MimeKit; +using Microsoft.AspNetCore.Http; + +namespace FWO.Mail +{ + public class MailData + { + // Receiver + public List To { get; } + public List Bcc { get; } + + public List Cc { get; } + + // Sender + public string? From { get; } + + public string? DisplayName { get; } + + public string? ReplyTo { get; } + + public string? ReplyToName { get; } + + // Content + public string Subject { get; } + + public string? Body { get; } + + public IFormFileCollection? Attachments { get; set; } + + public MailData( + List to, + string subject, + string? body = null, + string? from = null, + string? displayName = null, + string? replyTo = null, + string? replyToName = null, + List? bcc = null, + List? cc = null + ) + { + // Receiver + To = to; + Bcc = bcc ?? new List(); + Cc = cc ?? new List(); + + // Sender + From = from; + DisplayName = displayName; + ReplyTo = replyTo; + ReplyToName = replyToName; + + // Content + Subject = subject; + Body = body; + } + } + + public interface IMailService + { + Task SendAsync(MailData mailData, EmailConnection emailConn, CancellationToken ct); + } + + public class MailKitMailer + { + private EmailConnection EmailConn; + + public MailKitMailer(EmailConnection emailConn) + { + EmailConn = emailConn; + } + + public async Task SendAsync( + MailData mailData, + EmailConnection emailConn, + CancellationToken ct = default, + bool mailFormatHtml = false + ) + { + try + { + // Initialize a new instance of the MimeKit.MimeMessage class + var mail = new MimeMessage(); + string senderString = ""; + if (emailConn.SenderEmailAddress != null) + { + senderString = emailConn.SenderEmailAddress; + } + + #region Sender / Receiver + // Sender + mail.From.Add(new MailboxAddress(senderString, senderString)); + mail.Sender = new MailboxAddress(senderString, senderString); + + // Receiver + foreach (string mailAddress in mailData.To) + mail.To.Add(MailboxAddress.Parse(mailAddress)); + + // Set Reply to if specified in mail data + if (!string.IsNullOrEmpty(mailData.ReplyTo)) + mail.ReplyTo.Add(new MailboxAddress(mailData.ReplyToName, mailData.ReplyTo)); + + // BCC + // Check if a BCC was supplied in the request + if (mailData.Bcc != null) + { + // Get only addresses where value is not null or with whitespace. x = value of address + foreach ( + string mailAddress in mailData.Bcc.Where(x => !string.IsNullOrWhiteSpace(x)) + ) + mail.Bcc.Add(MailboxAddress.Parse(mailAddress.Trim())); + } + + // CC + // Check if a CC address was supplied in the request + if (mailData.Cc != null) + { + foreach ( + string mailAddress in mailData.Cc.Where(x => !string.IsNullOrWhiteSpace(x)) + ) + mail.Cc.Add(MailboxAddress.Parse(mailAddress.Trim())); + } + #endregion + + #region Content + + // Add Content to Mime Message + var body = new BodyBuilder(); + mail.Subject = mailData.Subject; + if (mailFormatHtml) + body.HtmlBody = mailData.Body; + else + body.TextBody = mailData.Body; + + // Check if we got any attachments and add the to the builder for our message + if (mailData.Attachments != null) + { + byte[] attachmentFileByteArray; + + foreach (IFormFile attachment in mailData.Attachments) + { + // Check if length of the file in bytes is larger than 0 + if (attachment.Length > 0) + { + // Create a new memory stream and attach attachment to mail body + using (MemoryStream memoryStream = new MemoryStream()) + { + // Copy the attachment to the stream + attachment.CopyTo(memoryStream); + attachmentFileByteArray = memoryStream.ToArray(); + } + // Add the attachment from the byte array + body.Attachments.Add(attachment.FileName, attachmentFileByteArray, ContentType.Parse(attachment.ContentType)); + } + } + } + + mail.Body = body.ToMessageBody(); // correction compared to source code + + #endregion + + #region Send Mail + + using var smtp = new SmtpClient(); + smtp.Timeout = 5000; + + switch (emailConn.Encryption) + { + case EmailEncryptionMethod.None: + await smtp.ConnectAsync( + emailConn.ServerAddress, + emailConn.Port, + SecureSocketOptions.None, + ct + ); + break; + case EmailEncryptionMethod.StartTls: + smtp.ServerCertificateValidationCallback = (s, c, h, e) => true; //accept all SSL certificates + await smtp.ConnectAsync( + emailConn.ServerAddress, + emailConn.Port, + SecureSocketOptions.StartTls, + ct + ); + break; + case EmailEncryptionMethod.Tls: + smtp.ServerCertificateValidationCallback = (s, c, h, e) => true; //accept all SSL certificates + await smtp.ConnectAsync( + emailConn.ServerAddress, + emailConn.Port, + SecureSocketOptions.SslOnConnect, + ct + ); + break; + } + if (emailConn.User != null && emailConn.User != "") + { + await smtp.AuthenticateAsync(emailConn.User, emailConn.Password, ct); + } + await smtp.SendAsync(mail, ct); + await smtp.DisconnectAsync(true, ct); + + #endregion + + return true; + } + catch (Exception) + { + return false; + } + } + } +} diff --git a/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj b/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj index be54d8b29..661c928c2 100644 --- a/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj +++ b/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj @@ -1,15 +1,15 @@  - net6.0 + net8.0 enable enable - - + + diff --git a/roles/lib/files/FWO.Middleware.Client/JwtReader.cs b/roles/lib/files/FWO.Middleware.Client/JwtReader.cs index 70e63f6cc..e3ad6e992 100644 --- a/roles/lib/files/FWO.Middleware.Client/JwtReader.cs +++ b/roles/lib/files/FWO.Middleware.Client/JwtReader.cs @@ -6,33 +6,34 @@ using System.Security.Claims; using FWO.Config.File; using FWO.Logging; +using Microsoft.IdentityModel.JsonWebTokens; namespace FWO.Middleware.Client { - public class JwtReader - { - private readonly string jwtString; - private JwtSecurityToken? jwt; + public class JwtReader + { + private readonly string jwtString; + private JsonWebToken? jwt; - private readonly RsaSecurityKey jwtPublicKey; + private readonly RsaSecurityKey jwtPublicKey; - public JwtReader(string jwtString) - { - // Save jwt string - this.jwtString = jwtString; + public JwtReader(string jwtString) + { + // Save jwt string + this.jwtString = jwtString; - // Get public key from config lib - ConfigFile config = new ConfigFile(); - jwtPublicKey = ConfigFile.JwtPublicKey ?? throw new Exception("Jwt public key could not be read form config file."); - } + // Get public key from config lib + ConfigFile config = new ConfigFile(); + jwtPublicKey = ConfigFile.JwtPublicKey ?? throw new Exception("Jwt public key could not be read form config file."); + } /// /// Checks if JWT in HTTP header contains role. /// - /// Role name to check. + /// Role name to check. /// True if JWT contains specified role, otherwise false. public bool ContainsRole(string roleName) - { + { Log.WriteDebug($"{roleName} Role Jwt", "Checking Jwt for admin role."); if (jwt == null) @@ -44,10 +45,10 @@ public bool ContainsRole(string roleName) /// /// Checks if JWT in HTTP header contains role in x-hasura-allowed-roles. /// - /// Role name to check. + /// Role name to check. /// True if JWT contains specified role in x-hasura-allowed-roles, otherwise false. public bool ContainsAllowedRole(string roleName) - { + { Log.WriteDebug($"{roleName} Role Jwt", "Checking Jwt for allowed role."); if (jwt == null) @@ -56,71 +57,83 @@ public bool ContainsAllowedRole(string roleName) return jwt.Claims.FirstOrDefault(claim => claim.Type == "x-hasura-allowed-roles" && claim.Value == roleName) != null; } - public bool Validate() - { - try - { - TokenValidationParameters validationParameters = new TokenValidationParameters - { - RequireExpirationTime = true, - RequireSignedTokens = true, - ValidateAudience = true, - ValidateIssuer = true, - ValidateLifetime = true, - ValidAudience = JwtConstants.Audience, - ValidIssuer = JwtConstants.Issuer, - IssuerSigningKey = jwtPublicKey - }; - - JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); - handler.ValidateToken(jwtString, validationParameters, out SecurityToken validatedSecurityToken); - jwt = (JwtSecurityToken)validatedSecurityToken; - Log.WriteDebug("Jwt Validation", "Jwt was successfully validated."); - return true; - } - - catch (SecurityTokenExpiredException) - { - Log.WriteDebug("Jwt Validation", "Jwt lifetime expired."); - return false; - } - catch (SecurityTokenInvalidSignatureException InvalidSignatureException) - { - Log.WriteError("Jwt Validation", $"Jwt signature could not be verified. Potential attack!", InvalidSignatureException); - return false; - } - catch (SecurityTokenInvalidAudienceException InvalidAudienceException) - { - Log.WriteError("Jwt Validation", $"Jwt audience incorrect.", InvalidAudienceException); - return false; - } - catch (SecurityTokenInvalidIssuerException InvalidIssuerException) - { - Log.WriteError("Jwt Validation", $"Jwt issuer incorrect.", InvalidIssuerException); - return false; - } - catch (Exception UnexpectedError) - { - Log.WriteError("Jwt Validation", $"Unexpected problem while trying to verify Jwt", UnexpectedError); - return false; - } - } - - public Claim[] GetClaims() - { - Log.WriteDebug("Claims Jwt", "Reading claims from Jwt."); - if (jwt == null) - throw new ArgumentNullException(nameof(jwt), "Jwt was not validated yet."); - - return jwt.Claims.ToArray(); - } - - public TimeSpan TimeUntilExpiry() - { - if (jwt == null) - throw new ArgumentNullException(nameof(jwt), "Jwt was not validated yet."); - - return jwt.ValidTo - DateTime.UtcNow; - } - } + public async Task Validate() + { + try + { + TokenValidationParameters validationParameters = new TokenValidationParameters + { + RequireExpirationTime = true, + RequireSignedTokens = true, + ValidateAudience = true, + ValidateIssuer = true, + ValidateLifetime = true, + ValidAudience = JwtConstants.Audience, + ValidIssuer = JwtConstants.Issuer, + IssuerSigningKey = jwtPublicKey, + + }; + + JsonWebTokenHandler handler = new (); + TokenValidationResult tokenValidationResult = await handler.ValidateTokenAsync(jwtString, validationParameters); + if (tokenValidationResult.IsValid) + { + jwt = tokenValidationResult.SecurityToken as JsonWebToken; + Log.WriteDebug("Jwt Validation", "Jwt was successfully validated."); + return true; + } + return false; + } + + catch (SecurityTokenExpiredException) + { + Log.WriteDebug("Jwt Validation", "Jwt lifetime expired."); + return false; + } + catch (SecurityTokenInvalidSignatureException InvalidSignatureException) + { + Log.WriteError("Jwt Validation", $"Jwt signature could not be verified. Potential attack!", InvalidSignatureException); + return false; + } + catch (SecurityTokenInvalidAudienceException InvalidAudienceException) + { + Log.WriteError("Jwt Validation", $"Jwt audience incorrect.", InvalidAudienceException); + return false; + } + catch (SecurityTokenInvalidIssuerException InvalidIssuerException) + { + Log.WriteError("Jwt Validation", $"Jwt issuer incorrect.", InvalidIssuerException); + return false; + } + catch (Exception UnexpectedError) + { + Log.WriteError("Jwt Validation", $"Unexpected problem while trying to verify Jwt", UnexpectedError); + return false; + } + } + + public Claim[] GetClaims() + { + Log.WriteDebug("Claims Jwt", "Reading claims from Jwt."); + if (jwt == null) + throw new ArgumentNullException(nameof(jwt), "Jwt was not validated yet."); + + return jwt.Claims.ToArray(); + } + + public TimeSpan TimeUntilExpiry() + { + if (jwt == null) + throw new ArgumentNullException(nameof(jwt), "Jwt was not validated yet."); + + return jwt.ValidTo - DateTime.UtcNow; + } + + public string GetRole() + { + if (jwt == null) + throw new ArgumentNullException(nameof(jwt), "Jwt was not validated yet."); + return jwt.Claims.FirstOrDefault(claim => claim.Type == "role")?.Value ?? ""; + } + } } diff --git a/roles/lib/files/FWO.Middleware.Client/MiddlewareClient.cs b/roles/lib/files/FWO.Middleware.Client/MiddlewareClient.cs index fe8ef0be5..5ef6bf368 100644 --- a/roles/lib/files/FWO.Middleware.Client/MiddlewareClient.cs +++ b/roles/lib/files/FWO.Middleware.Client/MiddlewareClient.cs @@ -5,33 +5,42 @@ using System.Text.Json; using RestSharp.Serializers.NewtonsoftJson; using Newtonsoft.Json; +using RestSharp.Serializers; +using System.Runtime.CompilerServices; +using System.Data; namespace FWO.Middleware.Client { - public class MiddlewareClient + public class MiddlewareClient : IDisposable { - readonly RestClient restClient; + private bool disposed = false; + private RestClient restClient; + readonly string middlewareServerUri; public MiddlewareClient(string middlewareServerUri) + { + this.middlewareServerUri = middlewareServerUri; + restClient = CreateRestClient(authenticator: null); + } + + private RestClient CreateRestClient(IAuthenticator? authenticator) { RestClientOptions restClientOptions = new RestClientOptions(); restClientOptions.RemoteCertificateValidationCallback += (_, _, _, _) => true; restClientOptions.BaseUrl = new Uri(middlewareServerUri + "api/"); - restClient = new RestClient(restClientOptions); - - //JsonSerializerOptions options = new JsonSerializerOptions(); - //options.PropertyNameCaseInsensitive = true; - //SystemTextJsonSerializer serializer = new SystemTextJsonSerializer(options); - // TODO: UPDATE RESTSHARP SERIALIZER LIBRARY (CURRENT VERSION IS OUT OF DATE) + restClientOptions.Authenticator = authenticator; + return new RestClient(restClientOptions, null, ConfigureRestClientSerialization); + } + private void ConfigureRestClientSerialization(SerializerConfig config) + { JsonNetSerializer serializer = new JsonNetSerializer(); // Case insensivitive is enabled by default - restClient.UseDefaultSerializers(); - restClient.UseSerializer(() => serializer); + config.UseSerializer(() => serializer); } public void SetAuthenticationToken(string jwt) { - restClient.Authenticator = new JwtAuthenticator(jwt); + restClient = CreateRestClient(new JwtAuthenticator(jwt)); } public async Task> AuthenticateUser(AuthenticationTokenGetParameters parameters) @@ -234,5 +243,26 @@ public async Task> DeleteTenant(TenantDeleteParameters parame request.AddJsonBody(parameters); return await restClient.ExecuteAsync(request); } + + protected virtual void Dispose(bool disposing) + { + if (disposed) return; + if (disposing) + { + restClient.Dispose(); + disposed = true; + } + } + + public void Dispose() + { + Dispose(true); + GC.SuppressFinalize(this); + } + + ~ MiddlewareClient() + { + Dispose(false); + } } } diff --git a/roles/lib/files/FWO.Middleware/FWO.Middleware.csproj b/roles/lib/files/FWO.Middleware/FWO.Middleware.csproj index dfcef636b..2cf204117 100644 --- a/roles/lib/files/FWO.Middleware/FWO.Middleware.csproj +++ b/roles/lib/files/FWO.Middleware/FWO.Middleware.csproj @@ -1,13 +1,13 @@  - net6.0 + net8.0 enable enable - + diff --git a/roles/lib/files/FWO.Middleware/JwtConstants.cs b/roles/lib/files/FWO.Middleware/JwtConstants.cs index d8348955b..dd29d99c3 100644 --- a/roles/lib/files/FWO.Middleware/JwtConstants.cs +++ b/roles/lib/files/FWO.Middleware/JwtConstants.cs @@ -1,10 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; - -namespace FWO.Middleware +namespace FWO.Middleware { public class JwtConstants { diff --git a/roles/lib/files/FWO.Middleware/RequestParameters/TenantParameters.cs b/roles/lib/files/FWO.Middleware/RequestParameters/TenantParameters.cs index cd5db98cc..2bda669c9 100644 --- a/roles/lib/files/FWO.Middleware/RequestParameters/TenantParameters.cs +++ b/roles/lib/files/FWO.Middleware/RequestParameters/TenantParameters.cs @@ -1,4 +1,8 @@ namespace FWO.Middleware.RequestParameters + +// used for accessing tenant data stored in LDAP via REST UserManagement API +// but tenant to device mappings (not stored in LDAP but in DB) are also handled here + { public class TenantAddParameters { @@ -12,13 +16,38 @@ public class TenantAddParameters public class TenantGetReturnParameters : TenantAddParameters { public int Id { get; set; } - public List Devices { get; set; } = new List(); + public List SharedGateways { get; set; } = new List(); + public List SharedManagements { get; set; } = new List(); + public List UnfilteredGateways { get; set; } = new List(); + public List UnfilteredManagements { get; set; } = new List(); + public List VisibleGateways { get; set; } = new List(); + public List VisibleManagements { get; set; } = new List(); } - public class TenantViewDevice + public class TenantViewGateway + { + public int Id { get; set; } + public string Name { get; set; } = ""; + public bool Shared { get; set; } = true; + + public TenantViewGateway (int id, string name = "", bool shared = true) + { + Id = id; + Name = name; + Shared = shared; + } + } + public class TenantViewManagement { public int Id { get; set; } public string Name { get; set; } = ""; + public bool Shared { get; set; } = true; + public TenantViewManagement (int id, string name = "", bool shared = true) + { + Id = id; + Name = name; + Shared = shared; + } } public class TenantEditParameters diff --git a/roles/lib/files/FWO.Middleware/RequestParameters/UserParameters.cs b/roles/lib/files/FWO.Middleware/RequestParameters/UserParameters.cs index 9c2f96f5b..a55d3379e 100644 --- a/roles/lib/files/FWO.Middleware/RequestParameters/UserParameters.cs +++ b/roles/lib/files/FWO.Middleware/RequestParameters/UserParameters.cs @@ -6,6 +6,8 @@ public class UserGetReturnParameters public int UserId { get; set; } public string UserDn { get; set; } = ""; public string? Email { get; set; } + public string? Firstname { get; set; } + public string? Lastname { get; set; } public int TenantId { get; set; } public string? Language { get; set; } public DateTime? LastLogin { get; set; } @@ -24,6 +26,8 @@ public class LdapUserGetReturnParameters { public string UserDn { get; set; } = ""; public string? Email { get; set; } + public string? Firstname { get; set; } + public string? Lastname { get; set; } } public class UserAddParameters @@ -32,6 +36,8 @@ public class UserAddParameters public string UserDn { get; set; } = ""; public string Password { get; set; } = ""; public string? Email { get; set; } + public string? Firstname { get; set; } + public string? Lastname { get; set; } public int TenantId { get; set; } public bool PwChangeRequired { get; set; } } @@ -41,6 +47,8 @@ public class UserEditParameters public int LdapId { get; set; } public int UserId { get; set; } public string? Email { get; set; } + public string? Firstname { get; set; } + public string? Lastname { get; set; } } public class UserChangePasswordParameters diff --git a/roles/lib/files/FWO.Recert/FWO.Recert.csproj b/roles/lib/files/FWO.Recert/FWO.Recert.csproj new file mode 100644 index 000000000..357ae3b17 --- /dev/null +++ b/roles/lib/files/FWO.Recert/FWO.Recert.csproj @@ -0,0 +1,14 @@ + + + + net8.0 + enable + enable + + + + + + + + diff --git a/roles/lib/files/FWO.Recert/RecertRefresh.cs b/roles/lib/files/FWO.Recert/RecertRefresh.cs new file mode 100644 index 000000000..721e6ed37 --- /dev/null +++ b/roles/lib/files/FWO.Recert/RecertRefresh.cs @@ -0,0 +1,64 @@ +using System.Diagnostics; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Api.Client; +using FWO.Logging; + +namespace FWO.Recert +{ + public class RecertRefresh + { + private readonly ApiConnection apiConnection; + + public RecertRefresh (ApiConnection apiConnectionIn) + { + apiConnection = apiConnectionIn; + } + + public async Task RecalcRecerts() + { + Stopwatch watch = new (); + + try + { + watch.Start(); + List owners = await apiConnection.SendQueryAsync>(Api.Client.Queries.OwnerQueries.getOwners); + List managements = await apiConnection.SendQueryAsync>(Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets); + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(Api.Client.Queries.RecertQueries.clearOpenRecerts)).ReturnIds; + Log.WriteDebug("Delete open recerts", $"deleted Ids: {(returnIds != null ? string.Join(",", Array.ConvertAll(returnIds, Id => Id.DeletedId)) : "")}"); + // the clearOpenRecerts refreshes materialized view view_rule_with_owner as a side-effect + watch.Stop(); + Log.WriteDebug("Refresh materialized view view_rule_with_owner", $"refresh took {(watch.ElapsedMilliseconds / 1000.0).ToString("0.00")} seconds"); + + foreach (FwoOwner owner in owners) + await RecalcRecertsOfOwner(owner, managements); + } + catch (Exception) + { + return true; + } + return false; + } + + private async Task RecalcRecertsOfOwner(FwoOwner owner, List managements) + { + Stopwatch watch = new (); + watch.Start(); + + foreach (Management mgm in managements) + { + List currentRecerts = + await apiConnection.SendQueryAsync>(Api.Client.Queries.RecertQueries.getOpenRecerts, new { ownerId = owner.Id, mgmId = mgm.Id }); + + if (currentRecerts.Count > 0) + { + await apiConnection.SendQueryAsync(Api.Client.Queries.RecertQueries.addRecertEntries, new { recerts = currentRecerts }); + } + } + + watch.Stop(); + Log.WriteDebug("Refresh Recertification", $"refresh for owner {owner.Name} took {(watch.ElapsedMilliseconds / 1000.0).ToString("0.00")} seconds"); + } + } +} + diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs index 3b82fa64a..a21f7682e 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs @@ -23,13 +23,15 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) query.ruleWhereStatement += "_and: [{"; query.nwObjWhereStatement += "_and: [{"; query.svcObjWhereStatement += "_and: [{"; - query.userObjWhereStatement += "_and: [{"; + query.userObjWhereStatement += "_and: [{"; + query.connectionWhereStatement += "_and: [{"; break; case TokenKind.Or: // or terms need to be enclosed in [] query.ruleWhereStatement += "_or: [{"; query.nwObjWhereStatement += "_or: [{"; query.svcObjWhereStatement += "_or: [{"; - query.userObjWhereStatement += "_or: [{"; + query.userObjWhereStatement += "_or: [{"; + query.connectionWhereStatement += "_or: [{"; break; default: throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (prefix): \"{Connector}\". ###", Connector.Position); @@ -45,6 +47,7 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) query.nwObjWhereStatement += "}, {"; query.svcObjWhereStatement += "}, {"; query.userObjWhereStatement += "}, {"; + query.connectionWhereStatement += "}, {"; break; default: throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (operator): \"{Connector}\". ###", Connector.Position); @@ -60,6 +63,7 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) query.nwObjWhereStatement += "}] "; query.svcObjWhereStatement += "}] "; query.userObjWhereStatement += "}] "; + query.connectionWhereStatement += "}] "; break; default: throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (suffix): \"{Connector}\" ###", Connector.Position); diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs index 324530505..07fa74d88 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs @@ -1,6 +1,3 @@ -using System.ComponentModel; -using System.Net; -using FWO.Logging; using FWO.Report.Filter.Exceptions; namespace FWO.Report.Filter.Ast @@ -10,7 +7,6 @@ abstract class AstNodeFilter : AstNode public Token Name { get; set; } = new Token(new Range(), "", TokenKind.Value); public Token Operator { get; set; } = new Token(new Range(), "", TokenKind.Value); public Token Value { get; set; } = new Token(new Range(), "", TokenKind.Value); - private List? ruleFieldNames { get; set; } protected void CheckOperator(Token isOperator, bool equalsIsExactEquals, params TokenKind[] expectedOperators) { @@ -65,6 +61,18 @@ protected string AddVariable(DynGraphqlQuery query, string name, TokenKind queryVarValue = dateTimeValue.ToString(DynGraphqlQuery.fullTimeFormat); break; + case DateTimeRange dateTimeValue: + queryVarType = "timestamp"; + if (dateTimeValue.Start == null && dateTimeValue.End == null) + throw new NotSupportedException($"LastHit filter with missing date"); + DateTime date = new DateTime(); + if (dateTimeValue.End != null) + date = (DateTime)dateTimeValue.End; + if (dateTimeValue.Start != null) + date = (DateTime)dateTimeValue.Start; + queryVarValue = date.ToString(DynGraphqlQuery.fullTimeFormat); + break; + default: throw new NotSupportedException($"Type \"{typeof(Type)}\" is not supported in GraphQL Query"); } @@ -77,104 +85,5 @@ protected string AddVariable(DynGraphqlQuery query, string name, TokenKind public abstract void ConvertToSemanticType(); - //public void ConvertToSemanticType() - //{ - // TypeConverter converter = TypeDescriptor.GetConverter(this.GetType()); - // if (converter.CanConvertFrom(this.GetType())) - // { - // try - // { - // object convertedValue = converter.ConvertFrom(this) ?? throw new NullReferenceException("Error while converting: converted value is null"); - // SemanticValue = (SemanticType)convertedValue ?? throw new NullReferenceException($"Error while converting: value could not be converted to semantic type: {typeof(SemanticType)}"); - // } - // catch (SemanticException) - // { - // throw; - // } - // catch (Exception ex) - // { - // throw new SemanticException($"Filter could not be converted to expected semantic type {typeof(SemanticType)}: {ex.Message}", Value.Position); - // } - // } - // else - // { - // throw new NotSupportedException($"Internal error: TypeConverter does not support conversion from {this.GetType()} to {typeof(SemanticType)}"); - // } - //} - - //public override void Extract(ref DynGraphqlQuery query) - //{ - // switch (Name.Kind) - // - - // // "xy" and "FullText=xy" are the same filter - // case TokenKind.FullText: - // case TokenKind.Value: - // ExtractFullTextFilter(query); - // break; - // case TokenKind.ReportType: - // ExtractReportTypeFilter(query); - // break; - // case TokenKind.Source: - // ExtractSourceFilter(query); - // break; - // case TokenKind.Destination: - // ExtractDestinationFilter(query); - // break; - // case TokenKind.Action: - // ExtractActionFilter(query); - // break; - // case TokenKind.Service: - // ExtractServiceFilter(query); - // break; - // case TokenKind.DestinationPort: - // ExtractDestinationPortFilter(query); - // break; - // case TokenKind.Protocol: - // ExtractProtocolFilter(query); - // break; - // case TokenKind.Management: - // ExtractManagementFilter(query); - // break; - // case TokenKind.Gateway: - // ExtractGatewayFilter(query); - // break; - // case TokenKind.Remove: - // ExtractRemoveFilter(query); - // break; - // case TokenKind.RecertDisplay: - // ExtractRecertDisplayFilter(query); //, (int)(SemanticValue as int?)!); - // break; - // case TokenKind.Time: - // ExtractTimeFilter(query); - // break; - // default: - // throw new NotSupportedException($"### Compiler Error: Found unexpected and unsupported filter token: \"{Name}\" ###"); - // } - //} - - //private static string SetQueryOpString(Token @operator, Token filter, string value) - //{ - // string operation; - // switch (@operator.Kind) - // { - // case TokenKind.EQ: - // if (filter.Kind == TokenKind.Time || filter.Kind == TokenKind.DestinationPort) - // operation = "_eq"; - // else if ((filter.Kind == TokenKind.Source && IsCidr(value)) || filter.Kind == TokenKind.DestinationPort) - // operation = "_eq"; - // else if (filter.Kind == TokenKind.Management && int.TryParse(value, out int _)) - // operation = "_eq"; - // else - // operation = "_ilike"; - // break; - // case TokenKind.NEQ: - // operation = "_nilike"; - // break; - // default: - // throw new Exception("### Parser Error: Expected Operator Token (and thought there is one) ###"); - // } - // return operation; - //} } } diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs index 68f75fbb4..19581c34b 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs @@ -1,9 +1,4 @@ using FWO.Report.Filter.Exceptions; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; namespace FWO.Report.Filter.Ast { diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterDateTimeRange.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterDateTimeRange.cs index 23a9f2f87..0de31b27e 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterDateTimeRange.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterDateTimeRange.cs @@ -1,10 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; - -namespace FWO.Report.Filter.Ast +namespace FWO.Report.Filter.Ast { internal class AstNodeFilterDateTimeRange : AstNodeFilter { @@ -22,122 +16,49 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) switch (Name.Kind) { + case TokenKind.LastHit: + ExtractLastHitFilter(query, (ReportType)reportType); + break; default: break; } } - //private DynGraphqlQuery ExtractTimeFilter(DynGraphqlQuery query) - //{ - // switch (query.ReportType) - // { - // case ReportType.Rules: - // case ReportType.Statistics: - // case ReportType.NatRules: - // switch (Operator.Kind) - // { - // case TokenKind.EQ: - // case TokenKind.EEQ: - // query.ruleWhereStatement += - // $"import_control: {{ control_id: {{_lte: $relevantImportId }} }}, " + - // $"importControlByRuleLastSeen: {{ control_id: {{_gte: $relevantImportId }} }}"; - // query.nwObjWhereStatement += - // $"import_control: {{ control_id: {{_lte: $relevantImportId }} }}, " + - // $"importControlByObjLastSeen: {{ control_id: {{_gte: $relevantImportId }} }}"; - // query.svcObjWhereStatement += - // $"import_control: {{ control_id: {{_lte: $relevantImportId }} }}, " + - // $"importControlBySvcLastSeen: {{ control_id: {{_gte: $relevantImportId }} }}"; - // query.userObjWhereStatement += - // $"import_control: {{ control_id: {{_lte: $relevantImportId }} }}, " + - // $"importControlByUserLastSeen: {{ control_id: {{_gte: $relevantImportId }} }}"; - // query.ReportTime = Value.Text; - // break; - // default: - // throw new SemanticException($"Unexpected operator token. Expected equals token.", Operator.Position); - // } - // break; - // case ReportType.Changes: - // switch (Operator.Kind) - // { - // case TokenKind.EQ: - // case TokenKind.EEQ: - // case TokenKind.GRT: - // case TokenKind.LSS: - // (string start, string stop) = ResolveTimeRange(Value.Text); - // query.QueryVariables["start"] = start; - // query.QueryVariables["stop"] = stop; - // query.QueryParameters.Add("$start: timestamp! "); - // query.QueryParameters.Add("$stop: timestamp! "); - - // query.ruleWhereStatement += $@" - // _and: [ - // {{ import_control: {{ stop_time: {{ _gte: $start }} }} }} - // {{ import_control: {{ stop_time: {{ _lte: $stop }} }} }} - // ] - // change_type_id: {{ _eq: 3 }} - // security_relevant: {{ _eq: true }}"; - // break; - // default: - // throw new SemanticException($"Unexpected operator token.", Operator.Position); - // } - // break; - // default: - // Log.WriteError("Filter", $"Unexpected report type found: {query.ReportType}"); - // break; - // } - // // todo: deal with time ranges for changes report type - // return query; - //} - - //private (string, string) ResolveTimeRange(string timeRange) - //{ - // string start; - // string stop; - // //string currentTime = (string)DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); - // string currentYear = (string)DateTime.Now.ToString("yyyy"); - // string currentMonth = (string)DateTime.Now.ToString("MM"); - // string currentDay = (string)DateTime.Now.ToString("dd"); - // DateTime startOfCurrentMonth = new DateTime(Convert.ToInt16(currentYear), Convert.ToInt16(currentMonth), 1); - // DateTime startOfNextMonth = startOfCurrentMonth.AddMonths(1); - // DateTime startOfPrevMonth = startOfCurrentMonth.AddMonths(-1); - - // switch (timeRange) - // { - // // todo: add today, yesterday, this week, last week - // case "last year": - // start = $"{(Convert.ToInt16(currentYear) - 1)}-01-01"; - // stop = $"{Convert.ToInt16(currentYear)}-01-01"; - // break; - // case "this year": - // start = $"{Convert.ToInt16(currentYear)}-01-01"; - // stop = $"{Convert.ToInt16(currentYear) + 1}-01-01"; - // break; - // case "this month": - // start = startOfCurrentMonth.ToString("yyyy-MM-dd"); - // stop = startOfNextMonth.ToString("yyyy-MM-dd"); - // break; - // case "last month": - // start = startOfPrevMonth.ToString("yyyy-MM-dd"); - // stop = startOfCurrentMonth.ToString("yyyy-MM-dd"); - // break; - // default: - // string[] times = timeRange.Split('/'); - // if (times.Length == 2) - // { - // start = Convert.ToDateTime(times[0]).ToString("yyyy-MM-dd HH:mm:ss"); - // if (times[1].Trim().Length < 11) - // { - // times[1] += " 23:59:59"; - // } - // stop = Convert.ToDateTime(times[1]).ToString("yyyy-MM-dd HH:mm:ss"); - // } - // else - // throw new SyntaxException($"Error: wrong time range format.", Value.Position); // Unexpected token - // // we have some hard coded string positions here which we should get rid off - // // how can we access the tokens[position].Position information here? - // break; - // } - // return (start, stop); - //} + private DynGraphqlQuery ExtractLastHitFilter(DynGraphqlQuery query, ReportType reportType) + { + string queryVarName = AddVariable(query, "lastHitLimit", Operator.Kind, semanticValue!); + + if (reportType.IsChangeReport()) + { + if (Operator.Kind==TokenKind.LSS) // only show rules which have a hit before a certain date (including no hit rules) + { + query.ruleWhereStatement += $@" + _or: [ + {{ rule: {{ rule_metadatum: {{ rule_last_hit: {{{ExtractOperator()}: ${queryVarName} }} }} }} }} + {{ rule: {{ rule_metadatum: {{ rule_last_hit: {{_is_null: true }} }} }} }} + ]"; + } + else // only show rules which have a hit after a certain date (leaving out no hit rules) + { + query.ruleWhereStatement += $"rule: {{ rule_metadatum:{{ rule_last_hit: {{{ExtractOperator()}: ${queryVarName} }} }} }}"; + } + } + else + { + if (Operator.Kind==TokenKind.LSS) // only show rules which have a hit before a certain date (including no hit rules) + { + query.ruleWhereStatement += $@" + _or: [ + {{ rule_metadatum: {{ rule_last_hit: {{{ExtractOperator()}: ${queryVarName} }} }} }} + {{ rule_metadatum: {{ rule_last_hit: {{_is_null: true }} }} }} + ]"; + } + else // only show rules which have a hit after a certain date (leaving out no hit rules) + { + query.ruleWhereStatement += $"rule_metadatum: {{ rule_last_hit: {{{ExtractOperator()}: ${queryVarName} }} }}"; + } + } + return query; + } } } diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs index fc6257337..efa418c73 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs @@ -1,9 +1,4 @@ using FWO.Report.Filter.Exceptions; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; namespace FWO.Report.Filter.Ast { @@ -36,6 +31,12 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) case TokenKind.RecertDisplay: ExtractRecertDisplayFilter(query); break; + case TokenKind.Owner: + ExtractOwnerFilter(query); + break; + case TokenKind.Unused: + ExtractUnusedFilter(query); + break; default: break; } @@ -43,26 +44,35 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType) private DynGraphqlQuery ExtractRecertDisplayFilter(DynGraphqlQuery query) { - string queryVarName = AddVariable(query, "refdate", Operator.Kind, DateTime.Now.AddDays(-semanticValue)); - - query.ruleWhereStatement += $@" - _or: [ - {{ rule_metadatum: {{ rule_last_certified: {{ _lte: ${queryVarName} }} }} }} - {{ _and:[ - {{ rule_metadatum: {{ rule_last_certified: {{ _is_null: true }} }} }} - {{ rule_metadatum: {{ rule_created: {{ _lte: ${queryVarName} }} }} }} - ] - }} - ]"; + // string queryVarName = AddVariable(query, "refdate", Operator.Kind, DateTime.Now.AddDays(semanticValue)); + // query.ruleWhereStatement += $@" rule_metadatum: {{ recertifications: {{ next_recert_date: {{ _lte: ${queryVarName} }} }} }}"; return query; } private DynGraphqlQuery ExtractDestinationPortFilter(DynGraphqlQuery query) { string queryVarName = AddVariable(query, "dport", Operator.Kind, semanticValue); - query.ruleWhereStatement += "rule_services: { service: { svcgrp_flats: { serviceBySvcgrpFlatMemberId: { svc_port: {_lte" + ": $" + queryVarName + "}, svc_port_end: {_gte: $" + queryVarName + " } } } } }"; + query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{ port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }} }}, " + + $"{{ service_group_connections: {{service_group: {{ service_service_groups: {{ service: {{ port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }} }} }} }} ]"; + return query; + } + + private DynGraphqlQuery ExtractOwnerFilter(DynGraphqlQuery query) + { + string QueryVarName = AddVariable(query, "owner", Operator.Kind, Value.Text); + query.ruleWhereStatement += $"owner: {{ {ExtractOperator()}: ${QueryVarName} }}"; + return query; + } + + private DynGraphqlQuery ExtractUnusedFilter(DynGraphqlQuery query) + { + string QueryVarName = AddVariable(query, "cut", Operator.Kind, DateTime.Now.AddDays(-semanticValue)); + query.ruleWhereStatement += $@"rule_metadatum: {{_or: [ + {{_and: [{{rule_last_hit: {{_is_null: false}} }}, {{rule_last_hit: {{_lte: ${QueryVarName} }} }} ] }}, + {{ rule_last_hit: {{_is_null: true}} }} + ]}}"; return query; } } diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs index 1701639af..014f849ec 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs @@ -1,10 +1,5 @@ using NetTools; -using System; -using System.Collections.Generic; -using System.Linq; using System.Net; -using System.Text; -using System.Threading.Tasks; using FWO.Logging; namespace FWO.Report.Filter.Ast @@ -42,6 +37,8 @@ private DynGraphqlQuery ExtractDestinationFilter(DynGraphqlQuery query) { string QueryVarName = AddVariable(query, "dst", Operator.Kind, Value.Text); query.ruleWhereStatement += $"rule_tos: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}"; + query.connectionWhereStatement += $"_or: [ {{ nwobject_connections: {{connection_field: {{ _eq: 2 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }}, " + + $"{{ nwgroup_connections: {{connection_field: {{ _eq: 2 }}, nwgroup: {{ name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} ]"; } return query; } @@ -55,11 +52,12 @@ private DynGraphqlQuery ExtractSourceFilter(DynGraphqlQuery query) { string QueryVarName = AddVariable(query, "src", Operator.Kind, Value.Text); query.ruleWhereStatement += $"rule_froms: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}"; + query.connectionWhereStatement += $"_or: [ {{ nwobject_connections: {{connection_field: {{ _eq: 1 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }}, " + + $"{{ nwgroup_connections: {{connection_field: {{ _eq: 1 }}, nwgroup: {{ name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} ]"; } return query; } - private static string SanitizeIp(string cidr_str) { IPAddress? ip; @@ -116,46 +114,18 @@ private DynGraphqlQuery ExtractIpFilter(DynGraphqlQuery query, string location, query.QueryVariables[QueryVarNameLast2] = lastFilterIp; query.QueryParameters.Add($"${QueryVarNameFirst1}: cidr! "); query.QueryParameters.Add($"${QueryVarNameLast2}: cidr! "); - // covering the following cases: - // 1 - current ip is fully contained in filter ip range - // 2 - current ip fully contains filter ip range - does not work - // 3 - current ip overlaps with lower boundary of filter ip range - // 4 - current ip overlaps with upper boundary of filter ip range // TODO: might simply set all header IP addresses to 0.0.0.0/32 instead of 0.0.0.0/0 to filter them out + + // logic: end_ip1 >= start_ip2 and start_ip1 <= end_ip2 + // end_ip1 = obj_ip_end + // start_ip2 = QueryVarNameFirst1 + // start_ip1 = obj_ip + // end_ip2 = QueryVarNameLast2 + // obj_ip_end >= QueryVarNameFirst1 and obj_ip <= QueryVarNameLast2 + string ipFilterString = - $@" _or: [ - {{ _and: - [ - {{ obj_ip: {{ _gte: ${QueryVarNameFirst1} }} }} - {{ obj_ip: {{ _lte: ${QueryVarNameLast2} }} }} - ] - }} - {{ _and: - [ - {{ obj_ip: {{ _lte: ${QueryVarNameFirst1} }} }} - {{ obj_ip: {{ _gte: ${QueryVarNameFirst1} }} }} - ] - }} - {{ _and: - [ - {{ obj_ip: {{ _lte: ${QueryVarNameLast2} }} }} - {{ obj_ip: {{ _gte: ${QueryVarNameLast2} }} }} - ] - }} - {{ _and: - [ - {{ obj_ip: {{ _lte: ${QueryVarNameFirst1} }} }} - {{ obj_ip: {{ _gte: ${QueryVarNameLast2} }} }} - ] - }} - {{ - _and: - [ - {{ network_object_limits: {{ first_ip: {{ _lte: ${QueryVarNameFirst1} }} }} }} - {{ network_object_limits: {{ last_ip: {{ _gte: ${QueryVarNameLast2} }} }} }} - ] - }} - ]"; + $@" obj_ip_end: {{ _gte: ${QueryVarNameFirst1} }} + obj_ip: {{ _lte: ${QueryVarNameLast2} }}"; query.ruleWhereStatement += $@" {locationTable}: {{ object: @@ -174,6 +144,9 @@ private DynGraphqlQuery ExtractIpFilter(DynGraphqlQuery query, string location, }} }} }}"; + ipFilterString = $@" ip_end: {{ _gte: ${QueryVarNameFirst1} }} ip: {{ _lte: ${QueryVarNameLast2} }}"; + int conField = location == "src" ? 1 : 2; + query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: {conField} }}, owner_network: {{ {ipFilterString} }} }}"; return query; } diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs index a38af3c3a..b86611f5b 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs @@ -1,9 +1,4 @@ using FWO.Report.Filter.Exceptions; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; namespace FWO.Report.Filter.Ast { @@ -18,9 +13,15 @@ public override void ConvertToSemanticType() { "rules" or "rule" => ReportType.Rules, "resolvedrules" or "resolvedrule" => ReportType.ResolvedRules, + "resolvedrulestech" or "resolvedruletech" => ReportType.ResolvedRulesTech, + "unusedrules" or "unusedrule" => ReportType.UnusedRules, "statistics" or "statistic" => ReportType.Statistics, "changes" or "change" => ReportType.Changes, + "resolvedchanges" or "resolvedchange" => ReportType.ResolvedChanges, + "resolvedchangestech" or "resolvedchangetech" => ReportType.ResolvedChangesTech, "natrules" or "nat_rules" => ReportType.NatRules, + "recertifications" or "recertification" => ReportType.Recertification, + "connections" or "connection" => ReportType.Connections, _ => throw new SemanticException($"Unexpected report type found", Value.Position) }; } diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs index bbc56f4ad..cf9ba9041 100644 --- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs +++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs @@ -1,8 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; +using FWO.Report.Filter; namespace FWO.Report.Filter.Ast { @@ -52,11 +48,41 @@ private DynGraphqlQuery ExtractFullTextFilter(DynGraphqlQuery query) string queryVarName = AddVariable(query, "fullTextFiler", Operator.Kind, semanticValue!); string queryOperator = ExtractOperator(); - List ruleFieldNames = new List() { "rule_src", "rule_dst", "rule_svc", "rule_action" }; // TODO: add comment later - List searchParts = new List(); + List ruleFieldNames = new () { "rule_src", "rule_dst", "rule_svc", "rule_action", "rule_name", "rule_comment", "rule_uid" }; + List ruleSearchParts = new (); foreach (string field in ruleFieldNames) - searchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} "); - query.ruleWhereStatement += $"_or: [ {string.Join(", ", searchParts)} ]"; + { + ruleSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} "); + } + query.ruleWhereStatement += $"_or: [ {string.Join(", ", ruleSearchParts)} ]"; + + List connFieldNames = new () { "name", "reason" /*, "creator" */ }; + List nwobjFieldNames = new () { "name" /*, "creator" */ }; + List nwGroupFieldNames = new () { "id_string", "name", "comment" /*, "creator" */ }; + List svcFieldNames = new () { "name" }; + List svcGroupFieldNames = new () { "name", "comment" /*, "creator" */ }; + List connSearchParts = new (); + foreach (string field in connFieldNames) + { + connSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} "); + } + foreach (string field in nwobjFieldNames) + { + connSearchParts.Add($"{{ nwobject_connections: {{owner_network: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} "); + } + foreach (string field in nwGroupFieldNames) + { + connSearchParts.Add($"{{ nwgroup_connections: {{nwgroup: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} "); + } + foreach (string field in svcFieldNames) + { + connSearchParts.Add($"{{ service_connections: {{service: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} "); + } + foreach (string field in svcGroupFieldNames) + { + connSearchParts.Add($"{{ service_group_connections: {{service_group: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} "); + } + query.connectionWhereStatement += $"_or: [ {string.Join(", ", connSearchParts)} ]"; return query; } @@ -97,6 +123,8 @@ private DynGraphqlQuery ExtractProtocolFilter(DynGraphqlQuery query) { string queryVarName = AddVariable(query, "proto", Operator.Kind, semanticValue!); query.ruleWhereStatement += $"rule_services: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}"; + query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }}, " + + $"{{ service_group_connections: {{service_group: {{ service_service_groups: {{ service: {{ stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} }} }} ]"; return query; } @@ -110,7 +138,10 @@ private DynGraphqlQuery ExtractActionFilter(DynGraphqlQuery query) private DynGraphqlQuery ExtractServiceFilter(DynGraphqlQuery query) { string queryVarName = AddVariable(query, "svc", Operator.Kind, semanticValue!); - query.ruleWhereStatement += $"rule_services: {{service: {{svcgrp_flats: {{serviceBySvcgrpFlatMemberId: {{svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }}"; + query.ruleWhereStatement += $"rule_services: {{ service: {{ svcgrp_flats: {{ serviceBySvcgrpFlatMemberId: {{ svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} "; + query.connectionWhereStatement += $"_or: [ {{ service_connections: {{ service: {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}, " + + $"{{ service_group_connections: {{service_group: {{ _or: [ {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }}, " + + $"{{ service_service_groups: {{ service: {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} ] }} }} }} ]"; return query; } } diff --git a/roles/lib/files/FWO.Report.Filter/Compiler.cs b/roles/lib/files/FWO.Report.Filter/Compiler.cs index 16bb7b05c..c1f1f6157 100644 --- a/roles/lib/files/FWO.Report.Filter/Compiler.cs +++ b/roles/lib/files/FWO.Report.Filter/Compiler.cs @@ -1,4 +1,5 @@ using FWO.Report.Filter.Ast; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Logging; @@ -19,9 +20,7 @@ public class Compiler } public static DynGraphqlQuery Compile(ReportTemplate filter) - // string input, Dictionary recertificationFilter, ReportType? reportType = null, DeviceFilter? deviceFilter = null, TimeFilter? timeFilter = null, bool detailed = false) { - bool detailedCalc = filter.Detailed || filter.ReportParams.ReportType == (int) ReportType.ResolvedRules || filter.ReportParams.ReportType == (int) ReportType.ResolvedRulesTech; Log.WriteDebug("Filter", $"Input: \"{filter.Filter}\", Report Type: \"${filter.ReportParams.ReportType}\", Device Filter: \"{filter.ReportParams.DeviceFilter}\""); return DynGraphqlQuery.GenerateQuery(filter, CompileToAst(filter.Filter)); } diff --git a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs index 8c69f1d4b..22f7e2ec4 100644 --- a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs +++ b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs @@ -1,5 +1,6 @@ using FWO.Report.Filter.Ast; using FWO.Api.Client.Queries; +using FWO.GlobalConstants; using FWO.Api.Data; using System.Text.RegularExpressions; using FWO.Logging; @@ -17,20 +18,19 @@ public class DynGraphqlQuery public string nwObjWhereStatement { get; set; } = ""; public string svcObjWhereStatement { get; set; } = ""; public string userObjWhereStatement { get; set; } = ""; + public string connectionWhereStatement { get; set; } = ""; public List QueryParameters { get; set; } = new List() { " $limit: Int ", - " $offset: Int ", - " $mgmId: [Int!]", - " $relevantImportId: bigint" + " $offset: Int " }; + public string ReportTimeString { get; set; } = ""; public List RelevantManagementIds { get; set; } = new List(); public ReportType ReportType { get; set; } = ReportType.Rules; - // $mgmId and $relevantImporId are only needed for time based filtering - private DynGraphqlQuery(string rawInput) { RawFilter = rawInput; } + public DynGraphqlQuery(string rawInput) { RawFilter = rawInput; } public static string fullTimeFormat = "yyyy-MM-dd HH:mm:ss"; public static string dateFormat = "yyyy-MM-dd"; @@ -61,7 +61,22 @@ private static void SetDeviceFilter(ref DynGraphqlQuery query, DeviceFilter? dev } } - private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFilter, ReportType? reportType) + private static void SetTenantFilter(ref DynGraphqlQuery query, ReportTemplate filter) + { + // the following additional filters are used for standard and simulated tenant filtering (by admin users) + if (filter.ReportParams.TenantFilter.IsActive) + { + int tenant_id = filter.ReportParams.TenantFilter.TenantId; + query.FullQuery = Regex.Replace(query.FullQuery, @"\srules\s*\(", $" rules: get_rules_for_tenant(args: {{tenant: {tenant_id}}}, "); + query.FullQuery = Regex.Replace(query.FullQuery, @"changelog_rules\s*\(", $" changelog_rules: get_changelog_rules_for_tenant(args: {{tenant: {tenant_id}}}, "); + query.FullQuery = Regex.Replace(query.FullQuery, @"rule_froms\s*\(", $"rule_froms: get_rule_froms_for_tenant(args: {{tenant: {tenant_id}}}"); + query.FullQuery = Regex.Replace(query.FullQuery, @"rule_froms\s*{", $"rule_froms: get_rule_froms_for_tenant(args: {{tenant: {tenant_id}}}) {{"); + query.FullQuery = Regex.Replace(query.FullQuery, @"rule_tos\s*\(", $"rule_tos: get_rule_tos_for_tenant(args: {{tenant: {tenant_id}}}"); + query.FullQuery = Regex.Replace(query.FullQuery, @"rule_tos\s*{", $"rule_tos: get_rule_tos_for_tenant(args: {{tenant: {tenant_id}}}) {{"); + } + } + + private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFilter, ReportType? reportType, RecertFilter recertFilter) { if (timeFilter != null) { @@ -73,6 +88,8 @@ private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFil case ReportType.ResolvedRulesTech: case ReportType.Statistics: case ReportType.NatRules: + case ReportType.UnusedRules: + query.QueryParameters.Add("$relevantImportId: bigint "); query.ruleWhereStatement += $"import_control: {{ control_id: {{_lte: $relevantImportId }} }}, " + $"importControlByRuleLastSeen: {{ control_id: {{_gte: $relevantImportId }} }}"; @@ -90,11 +107,14 @@ private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFil timeFilter.ReportTime.ToString(fullTimeFormat)); break; case ReportType.Changes: + case ReportType.ResolvedChanges: + case ReportType.ResolvedChangesTech: (string start, string stop) = ResolveTimeRange(timeFilter); query.QueryVariables["start"] = start; query.QueryVariables["stop"] = stop; query.QueryParameters.Add("$start: timestamp! "); query.QueryParameters.Add("$stop: timestamp! "); + query.QueryParameters.Add("$relevantImportId: bigint "); query.ruleWhereStatement += $@" _and: [ @@ -108,7 +128,12 @@ private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFil query.nwObjWhereStatement += "{}"; query.svcObjWhereStatement += "{}"; query.userObjWhereStatement += "{}"; - query.ReportTimeString = DateTime.Now.ToString(fullTimeFormat); + query.ReportTimeString = DateTime.Now.AddDays(recertFilter.RecertificationDisplayPeriod).ToString(fullTimeFormat); + query.QueryParameters.Add("$refdate1: timestamp! "); + query.QueryVariables["refdate1"] = query.ReportTimeString; + query.ruleWhereStatement += $@" rule_metadatum: {{ recertifications: {{ next_recert_date: {{ _lte: $refdate1 }} }} }} "; + break; + case ReportType.Connections: break; default: Log.WriteError("Filter", $"Unexpected report type found: {reportType}"); @@ -190,200 +215,241 @@ private static (string, string) ResolveTimeRange(TimeFilter timeFilter) else stop = timeFilter.EndTime.ToString(fullTimeFormat); break; - + default: throw new NotSupportedException($"Found unexpected TimeRangeType"); } return (start, stop); } + private static void SetRecertFilter(ref DynGraphqlQuery query, RecertFilter? recertFilter) + { + if (recertFilter != null) + { + // setting owner filter: + if (recertFilter.RecertOwnerList.Count > 0) + { + query.QueryParameters.Add("$ownerWhere: owner_bool_exp"); + query.QueryVariables["ownerWhere"] = new {id = new {_in = recertFilter.RecertOwnerList}}; + } + else + { + // if no ownerIds are set in the filter, return all recerts + query.QueryParameters.Add("$ownerWhere: owner_bool_exp"); + query.QueryVariables["ownerWhere"] = new {id = new {}}; + } + } + } + + private static void SetConnectionFilter(ref DynGraphqlQuery query, ModellingFilter? modellingFilter) + { + if (modellingFilter != null) + { + query.QueryParameters.Add("$appId: Int!"); + query.QueryVariables["appId"] = modellingFilter.SelectedOwner.Id; + query.connectionWhereStatement += $@"{{app_id: {{ _eq: $appId }} }}"; + } + } + + private static void SetUnusedFilter(ref DynGraphqlQuery query, UnusedFilter? unusedFilter) + { + if (unusedFilter != null) + { + query.QueryParameters.Add("$cut: timestamp"); + query.QueryParameters.Add("$tolerance: timestamp"); + query.QueryVariables["cut"] = DateTime.Now.AddDays(-unusedFilter.UnusedForDays); + query.QueryVariables["tolerance"] = DateTime.Now.AddDays(-unusedFilter.CreationTolerance); + query.ruleWhereStatement += $@"{{rule_metadatum: {{_or: [ + {{_and: [{{rule_last_hit: {{_is_null: false}} }}, {{rule_last_hit: {{_lte: $cut}} }} ] }}, + {{_and: [{{rule_last_hit: {{_is_null: true}} }}, {{rule_created: {{_lte: $tolerance}} }} ] }} + ]}} }}"; + } + } + private static void SetFixedFilters(ref DynGraphqlQuery query, ReportTemplate reportParams) { - // leave out all header texts - if (reportParams.ReportParams.ReportType != null && - reportParams.ReportParams.ReportType == (int) ReportType.Statistics && - reportParams.ReportParams.ReportType != (int) ReportType.Recertification) + if (((ReportType)reportParams.ReportParams.ReportType).IsRuleReport() || reportParams.ReportParams.ReportType == (int)ReportType.Statistics) + { + query.QueryParameters.Add("$mgmId: [Int!] "); + } + + // leave out all header texts + if (reportParams.ReportParams.ReportType == (int)ReportType.Statistics || + reportParams.ReportParams.ReportType == (int)ReportType.Recertification) { query.ruleWhereStatement += "{rule_head_text: {_is_null: true}}, "; } - SetDeviceFilter(ref query, reportParams.ReportParams.DeviceFilter); - SetTimeFilter(ref query, reportParams.ReportParams.TimeFilter, (ReportType) reportParams.ReportParams.ReportType); + SetTenantFilter(ref query, reportParams); + if (((ReportType)reportParams.ReportParams.ReportType).IsDeviceRelatedReport()) + { + SetDeviceFilter(ref query, reportParams.ReportParams.DeviceFilter); + SetTimeFilter(ref query, reportParams.ReportParams.TimeFilter, (ReportType)reportParams.ReportParams.ReportType, reportParams.ReportParams.RecertFilter); + } + if ((ReportType)reportParams.ReportParams.ReportType==ReportType.Recertification) + { + SetRecertFilter(ref query, reportParams.ReportParams.RecertFilter); + } + if ((ReportType)reportParams.ReportParams.ReportType==ReportType.UnusedRules) + { + SetUnusedFilter(ref query, reportParams.ReportParams.UnusedFilter); + } + if ((ReportType)reportParams.ReportParams.ReportType==ReportType.Connections) + { + SetConnectionFilter(ref query, reportParams.ReportParams.ModellingFilter); + } } public static DynGraphqlQuery GenerateQuery(ReportTemplate filter, AstNode? ast) { - - // if (filter.ReportParams.ReportType == (int) ReportType.Recertification && - // !filter.ReportParams.RecertFilter.RecertShowAnyMatch) - // { - // filter.Filter += $" (not src==0.0.0.0 and not dst==0.0.0.0) "; - // } - DynGraphqlQuery query = new DynGraphqlQuery(filter.Filter); query.ruleWhereStatement += "_and: ["; + query.connectionWhereStatement += "_and: ["; SetFixedFilters(ref query, filter); query.ruleWhereStatement += "{"; + query.connectionWhereStatement += "{"; // now we convert the ast into a graphql query: if (ast != null) - ast.Extract(ref query, (ReportType) filter.ReportParams.ReportType); + ast.Extract(ref query, (ReportType)filter.ReportParams.ReportType); query.ruleWhereStatement += "}] "; + query.connectionWhereStatement += "}] "; string paramString = string.Join(" ", query.QueryParameters.ToArray()); - if (filter.ReportParams.ReportType == (int) ReportType.ResolvedRules || filter.ReportParams.ReportType == (int) ReportType.ResolvedRulesTech) + string mgmtWhereString = $@"where: {{ hide_in_gui: {{_eq: false }} + mgm_id: {{_in: $mgmId }} + stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} + }} order_by: {{ mgm_name: asc }}"; + + string devWhereString = $@"where: {{ hide_in_gui: {{_eq: false }}, + stm_dev_typ: {{is_pure_routing_device:{{_eq:false}} }} + }} order_by: {{ dev_name: asc }}"; + + if (((ReportType)filter.ReportParams.ReportType).IsResolvedReport()) filter.Detailed = true; - - switch ((ReportType) filter.ReportParams.ReportType) + + switch ((ReportType)filter.ReportParams.ReportType) { case ReportType.Statistics: query.FullQuery = Queries.compact($@" - query statisticsReport ({paramString}) - {{ - management( - where: {{ - hide_in_gui: {{_eq: false }} - mgm_id: {{_in: $mgmId }} - stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} - }} - order_by: {{ mgm_name: asc }} - ) - {{ - name: mgm_name - id: mgm_id - objects_aggregate(where: {{ {query.nwObjWhereStatement} }}) {{ aggregate {{ count }} }} - services_aggregate(where: {{ {query.svcObjWhereStatement} }}) {{ aggregate {{ count }} }} - usrs_aggregate(where: {{ {query.userObjWhereStatement} }}) {{ aggregate {{ count }} }} - rules_aggregate(where: {{ {query.ruleWhereStatement} }}) {{ aggregate {{ count }} }} - devices( where: {{ hide_in_gui: {{_eq: false }}, stm_dev_typ: {{is_pure_routing_device:{{_eq:false}} }} }} order_by: {{ dev_name: asc }} ) + query statisticsReport ({paramString}) + {{ + management({mgmtWhereString}) {{ - name: dev_name - id: dev_id + name: mgm_name + id: mgm_id + objects_aggregate(where: {{ {query.nwObjWhereStatement} }}) {{ aggregate {{ count }} }} + services_aggregate(where: {{ {query.svcObjWhereStatement} }}) {{ aggregate {{ count }} }} + usrs_aggregate(where: {{ {query.userObjWhereStatement} }}) {{ aggregate {{ count }} }} rules_aggregate(where: {{ {query.ruleWhereStatement} }}) {{ aggregate {{ count }} }} + devices({devWhereString}) + {{ + name: dev_name + id: dev_id + rules_aggregate(where: {{ {query.ruleWhereStatement} }}) {{ aggregate {{ count }} }} + }} }} }} - }}"); - break; + "); + break; case ReportType.Rules: case ReportType.ResolvedRules: case ReportType.ResolvedRulesTech: + case ReportType.UnusedRules: query.FullQuery = Queries.compact($@" - {(filter.Detailed ? RuleQueries.ruleDetailsForReportFragments : RuleQueries.ruleOverviewFragments)} - - query rulesReport ({paramString}) - {{ - management( where: - {{ - mgm_id: {{_in: $mgmId }}, - hide_in_gui: {{_eq: false }} - stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} - }} order_by: {{ mgm_name: asc }} ) + {(filter.Detailed ? RuleQueries.ruleDetailsForReportFragments : RuleQueries.ruleOverviewFragments)} + query rulesReport ({paramString}) + {{ + management({mgmtWhereString}) {{ id: mgm_id name: mgm_name - devices ( where: {{ hide_in_gui: {{_eq: false }} }} order_by: {{ dev_name: asc }} ) + devices ({devWhereString}) + {{ + id: dev_id + name: dev_name + rules( + limit: $limit + offset: $offset + where: {{ access_rule: {{_eq: true}} {query.ruleWhereStatement} }} + order_by: {{ rule_num_numeric: asc }} ) {{ - id: dev_id - name: dev_name - rules( - limit: $limit - offset: $offset - where: {{ access_rule: {{_eq: true}} {query.ruleWhereStatement} }} - order_by: {{ rule_num_numeric: asc }} ) - {{ - mgm_id: mgm_id - ...{(filter.Detailed ? "ruleDetails" : "ruleOverview")} - }} - }} + mgm_id: mgm_id + {((ReportType)filter.ReportParams.ReportType == ReportType.UnusedRules ? "rule_metadatum { rule_last_hit }" : "")} + ...{(filter.Detailed ? "ruleDetails" : "ruleOverview")} + }} + }} }} - }}"); + }} + "); break; case ReportType.Recertification: - // remove Query Parameter relevant import id - var itemToRemove = query.QueryParameters.Single(r => r == " $relevantImportId: bigint"); - query.QueryParameters.Remove(itemToRemove); - //query.ruleWhereStatement = "{}"; - - paramString = string.Join(" ", query.QueryParameters.ToArray()); - string recertFilterString = ""; - - if (filter.ReportParams.RecertFilter.RecertWithoutOwner) - { - recertFilterString += $"owner_id: {{_is_null: true }}"; - } - else - { - recertFilterString += $@"owner_id: {{_in: [{string.Join(",", filter.ReportParams.RecertFilter.RecertOwnerList)}] }}"; - } - - query.FullQuery = Queries.compact($@"{RuleQueries.ruleRecertFragments} - - query rulesCertReport({paramString}) {{ - management( - where: {{ - mgm_id: {{ _in: $mgmId }} - hide_in_gui: {{ _eq: false }} - stm_dev_typ: {{ - dev_typ_is_multi_mgmt: {{ _eq: false }} - is_pure_routing_device: {{ _eq: false }} - }} - }} - order_by: {{ mgm_name: asc }} - ) {{ - id: mgm_id - name: mgm_name - devices( - where: {{ hide_in_gui: {{ _eq: false }} }} - order_by: {{ dev_name: asc }} - ) {{ - id: dev_id - name: dev_name - rules: rules_with_owner( - where: {{ {query.ruleWhereStatement} {recertFilterString} }} - limit: $limit - offset: $offset - order_by: {{ rule_num_numeric: asc }} - ) {{ - mgm_id: mgm_id - ...ruleCertOverview + query.FullQuery = Queries.compact($@" + {RecertQueries.ruleOpenRecertFragments} + query rulesCertReport({paramString}) + {{ + management({mgmtWhereString}) + {{ + id: mgm_id + name: mgm_name + devices({devWhereString}) + {{ + id: dev_id + name: dev_name + rules( + where: {{ + rule_metadatum: {{ recertifications_aggregate: {{ count: {{ filter: {{ _and: [{{owner: $ownerWhere}}, {{recert_date: {{_is_null: true}}}}, {{next_recert_date: {{_lte: $refdate1}}}}]}}, predicate: {{_gt: 0}}}}}}}} + active:{{ _eq:true }} + {query.ruleWhereStatement} + }} + limit: $limit + offset: $offset + order_by: {{ rule_num_numeric: asc }} + ) + {{ + mgm_id: mgm_id + ...ruleOpenCertOverview + }} }} }} }} - }}"); + "); break; - + case ReportType.Changes: + case ReportType.ResolvedChanges: + case ReportType.ResolvedChangesTech: query.FullQuery = Queries.compact($@" - {(filter.Detailed ? RuleQueries.ruleDetailsForReportFragments : RuleQueries.ruleOverviewFragments)} - - query changeReport({paramString}) {{ - management(where: {{ hide_in_gui: {{_eq: false }} stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} }} order_by: {{mgm_name: asc}}) + {(filter.Detailed ? RuleQueries.ruleDetailsForReportFragments : RuleQueries.ruleOverviewFragments)} + query changeReport({paramString}) {{ - id: mgm_id - name: mgm_name - devices (where: {{ hide_in_gui: {{_eq: false}} stm_dev_typ:{{is_pure_routing_device:{{_eq:false}} }} }}, order_by: {{dev_name: asc}} ) + management(where: {{ hide_in_gui: {{_eq: false }} stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} }} order_by: {{mgm_name: asc}}) {{ - id: dev_id - name: dev_name - changelog_rules( - offset: $offset - limit: $limit - where: {{ - _or:[ - {{_and: [{{change_action:{{_eq:""I""}}}}, {{rule: {{access_rule:{{_eq:true}}}}}}]}}, - {{_and: [{{change_action:{{_eq:""D""}}}}, {{ruleByOldRuleId: {{access_rule:{{_eq:true}}}}}}]}}, - {{_and: [{{change_action:{{_eq:""C""}}}}, {{rule: {{access_rule:{{_eq:true}}}}}}, {{ruleByOldRuleId: {{access_rule:{{_eq:true}}}}}}]}} - ] - {query.ruleWhereStatement} - }} - order_by: {{ control_id: asc }} - ) + id: mgm_id + name: mgm_name + devices ({devWhereString}) + {{ + id: dev_id + name: dev_name + changelog_rules( + offset: $offset + limit: $limit + where: {{ + _or:[ + {{_and: [{{change_action:{{_eq:""I""}}}}, {{rule: {{access_rule:{{_eq:true}}}}}}]}}, + {{_and: [{{change_action:{{_eq:""D""}}}}, {{ruleByOldRuleId: {{access_rule:{{_eq:true}}}}}}]}}, + {{_and: [{{change_action:{{_eq:""C""}}}}, {{rule: {{access_rule:{{_eq:true}}}}}}, {{ruleByOldRuleId: {{access_rule:{{_eq:true}}}}}}]}} + ] + {query.ruleWhereStatement} + }} + order_by: {{ control_id: asc }} + ) {{ import: import_control {{ time: stop_time }} change_action @@ -404,33 +470,48 @@ query changeReport({paramString}) {{ case ReportType.NatRules: query.FullQuery = Queries.compact($@" - {(filter.Detailed ? RuleQueries.natRuleDetailsForReportFragments : RuleQueries.natRuleOverviewFragments)} - - query natRulesReport ({paramString}) - {{ - management( where: {{ mgm_id: {{_in: $mgmId }}, hide_in_gui: {{_eq: false }} stm_dev_typ: {{dev_typ_is_multi_mgmt: {{_eq: false}} is_pure_routing_device: {{_eq: false}} }} }} order_by: {{ mgm_name: asc }} ) + {(filter.Detailed ? RuleQueries.natRuleDetailsForReportFragments : RuleQueries.natRuleOverviewFragments)} + query natRulesReport ({paramString}) + {{ + management({mgmtWhereString}) {{ id: mgm_id name: mgm_name - devices ( where: {{ hide_in_gui: {{_eq: false }} stm_dev_typ:{{is_pure_routing_device:{{_eq:false}} }} }} order_by: {{ dev_name: asc }} ) - {{ - id: dev_id - name: dev_name - rules( - limit: $limit - offset: $offset - where: {{ nat_rule: {{_eq: true}}, ruleByXlateRule: {{}} {query.ruleWhereStatement} }} - order_by: {{ rule_num_numeric: asc }} ) - {{ - mgm_id: mgm_id - ...{(filter.Detailed ? "natRuleDetails" : "natRuleOverview")} - }} - }} + devices ({devWhereString}) + {{ + id: dev_id + name: dev_name + rules( + limit: $limit + offset: $offset + where: {{ nat_rule: {{_eq: true}}, ruleByXlateRule: {{}} {query.ruleWhereStatement} }} + order_by: {{ rule_num_numeric: asc }} ) + {{ + mgm_id: mgm_id + ...{(filter.Detailed ? "natRuleDetails" : "natRuleOverview")} + }} + }} }} - }}"); + }} + "); + break; + + case ReportType.Connections: + + query.FullQuery = Queries.compact($@" + {ModellingQueries.connectionDetailsFragment} + query getConnections ({paramString}) + {{ + modelling_connection (where: {{ {query.connectionWhereStatement} }} order_by: {{ is_interface: desc, common_service: desc, name: asc }}) + {{ + ...connectionDetails + }} + }} + "); break; } + SetTenantFilter(ref query, filter); string pattern = ""; // remove comment lines (#) before joining lines! @@ -448,6 +529,16 @@ query natRulesReport ({paramString}) query.FullQuery = Regex.Replace(query.FullQuery, pattern, ""); pattern = @"\s+"; query.FullQuery = Regex.Replace(query.FullQuery, pattern, " "); + + // // query debugging + // Log.WriteDebug("Filter", $"FullQuery = {query.FullQuery}"); + // string queryVars = ""; + // foreach ((string k, object o) in query.QueryVariables) + // { + // queryVars += $"\"{k}\": {o.ToString()}, "; + // } + // Log.WriteDebug("Filter", $"Variables = {queryVars}"); + return query; } } diff --git a/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj b/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj index d21fb051a..ecee7ecfc 100644 --- a/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj +++ b/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj @@ -1,15 +1,16 @@  - net6.0 + net8.0 enable enable - + + diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs new file mode 100644 index 000000000..73665fd93 --- /dev/null +++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs @@ -0,0 +1,237 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; + +namespace FWO.Report.Filter +{ + public class ReportFilters + { + public ReportType ReportType { get; set; } = ReportType.Rules; + + public DeviceFilter DeviceFilter { get; set; } = new(); + public DeviceFilter ReducedDeviceFilter { get; set; } = new(); + public bool SelectAll = true; + public bool CollapseDevices = false; + + public TimeFilter TimeFilter { get; set; } = new(); + public TimeFilter SavedTimeFilter { get; set; } = new(); + + public TenantFilter TenantFilter { get; set; } = new(); + public Tenant? SelectedTenant = null; + + public RecertFilter RecertFilter { get; set; } = new(); + + public UnusedFilter UnusedFilter { get; set; } = new(); + public int UnusedDays = 0; + + public ModellingFilter ModellingFilter { get; set; } = new(); + + public string DisplayedTimeSelection = ""; + + private UserConfig userConfig; + + + public ReportFilters() + {} + + public void Init(UserConfig userConfigIn, bool showRuleRelatedReports) + { + userConfig = userConfigIn; + ReportType = showRuleRelatedReports ? ReportType.Rules : ReportType.Connections; + DisplayedTimeSelection = userConfig.GetText("now"); + UnusedDays = userConfig.UnusedTolerance; + + if (DeviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices) + { + CollapseDevices = true; + } + } + + public void SyncFiltersFromTemplate(ReportTemplate template) + { + ReportType = (ReportType)template.ReportParams.ReportType; + if(template.ReportParams.DeviceFilter != null && template.ReportParams.DeviceFilter.Managements.Count > 0) + { + DeviceFilter.SynchronizeDevFilter(template.ReportParams.DeviceFilter); + } + SelectAll = !DeviceFilter.isAnyDeviceFilterSet(); + + if(template.ReportParams.TimeFilter != null) + { + TimeFilter = template.ReportParams.TimeFilter; + } + SetDisplayedTimeSelection(); + RecertFilter = new(template.ReportParams.RecertFilter); + UnusedDays = template.ReportParams.UnusedFilter.UnusedForDays; + ModellingFilter = template.ReportParams.ModellingFilter; + } + + public ReportParams ToReportParams() + { + ReportParams reportParams = new ReportParams((int)ReportType, ReportType == ReportType.UnusedRules ? ReducedDeviceFilter : DeviceFilter) + { + TimeFilter = SavedTimeFilter, + RecertFilter = new RecertFilter(RecertFilter), + UnusedFilter = new UnusedFilter() + { + UnusedForDays = UnusedDays, + CreationTolerance = userConfig.CreationTolerance + }, + ModellingFilter = new ModellingFilter(ModellingFilter) + }; + if (ReportType != ReportType.Statistics) + { + // also make sure the report a user belonging to a tenant <> 1 sees, gets the additional filters in DynGraphqlQuery.cs + if (SelectedTenant == null && userConfig.User.Tenant?.Id > 1) + { + SelectedTenant = userConfig.User.Tenant; + // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see + } + reportParams.TenantFilter = new TenantFilter(SelectedTenant); + } + return reportParams; + } + + public bool SetDisplayedTimeSelection() + { + if (ReportType.IsChangeReport()) + { + switch (TimeFilter.TimeRangeType) + { + case TimeRangeType.Shortcut: + DisplayedTimeSelection = userConfig.GetText(TimeFilter.TimeRangeShortcut); + break; + case TimeRangeType.Interval: + DisplayedTimeSelection = userConfig.GetText("last") + " " + + TimeFilter.Offset + " " + userConfig.GetText(TimeFilter.Interval.ToString()); + break; + case TimeRangeType.Fixeddates: + if(TimeFilter.OpenStart && TimeFilter.OpenEnd) + { + DisplayedTimeSelection = userConfig.GetText("open"); + } + else if(TimeFilter.OpenStart) + { + DisplayedTimeSelection = userConfig.GetText("until") + " " + TimeFilter.EndTime.ToString(); + } + else if(TimeFilter.OpenEnd) + { + DisplayedTimeSelection = userConfig.GetText("from") + " " + TimeFilter.StartTime.ToString(); + } + else + { + DisplayedTimeSelection = TimeFilter.StartTime.ToString() + " - " + TimeFilter.EndTime.ToString(); + } + break; + default: + DisplayedTimeSelection = ""; + break; + }; + } + else + { + if (TimeFilter.IsShortcut) + { + DisplayedTimeSelection = userConfig.GetText(TimeFilter.TimeShortcut); + } + else + { + DisplayedTimeSelection = TimeFilter.ReportTime.ToString(); + } + } + return true; + } + + /// sets deviceFilter.Managements and selectedTenant according to either + /// a) selected tenant for tenant simulation + /// b) tenant of the user logged in (if belonging to tenant <> tenant0) + public void TenantViewChanged(Tenant? newTenantView) + { + SelectedTenant = newTenantView; + + // we must modify the device visibility in the device filter + if (SelectedTenant==null || SelectedTenant.Id == 1) + { + // tenant0 or no tenant selected --> all devices are visible + MarkAllDevicesVisible(DeviceFilter.Managements); + } + else + { + // not all devices are visible + SetDeviceVisibility(SelectedTenant); + } + SelectAll = !DeviceFilter.isAnyDeviceFilterSet(); + } + + private void MarkAllDevicesVisible(List mgms) + { + foreach (ManagementSelect management in mgms) + { + management.Visible = true; + management.Shared = false; + foreach (DeviceSelect gw in management.Devices) + { + gw.Visible = true; + gw.Shared = false; + } + } + } + + private void SetDeviceVisibility(Tenant tenantView) + { + if ((userConfig.User.Tenant.Id==null || userConfig.User.Tenant.Id==1) && tenantView.Id!=1) + { + // filtering for tenant simulation only done by a tenant0 user + foreach (TenantGateway gw in tenantView.TenantGateways) + { + if (!tenantView.VisibleGatewayIds.Contains(gw.VisibleGateway.Id)) + { + tenantView.VisibleGatewayIds.Append(gw.VisibleGateway.Id); + tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.VisibleGateway.Id }).ToArray(); + } + } + + // also add all gateways of non-shared managments - necessary for simulated tenant filtering + foreach (TenantManagement mgm in tenantView.TenantManagements) + { + if (!mgm.Shared) + { + foreach (Device gw in mgm.VisibleManagement.Devices) + { + if (!tenantView.VisibleGatewayIds.Contains(gw.Id)) + { + tenantView.VisibleGatewayIds.Append(gw.Id); + tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.Id }).ToArray(); + } + } + } + } + } + + foreach (ManagementSelect mgm in DeviceFilter.Managements) + { + mgm.Shared = false; + bool mgmVisible = false; + foreach (DeviceSelect gw in mgm.Devices) + { + gw.Visible = tenantView.VisibleGatewayIds.Contains(gw.Id); + if (gw.Visible) + { + // one gateway is visible, so the management must be visible + mgmVisible = true; + } + else + { + gw.Selected = false; // make sure invisible devices are not selected + mgm.Shared = true; // if one gateway is not visible, the mgm is shared (filtered) + } + } + mgm.Visible = mgmVisible; + if (!mgm.Visible) + { // make sure invisible managements are not selected + mgm.Selected = false; + } + } + } + } +} diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs index e16630667..15d263ba0 100644 --- a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs +++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs @@ -8,6 +8,85 @@ public enum ReportType NatRules = 4, ResolvedRules = 5, ResolvedRulesTech = 6, - Recertification = 7 + Recertification = 7, + ResolvedChanges = 8, + ResolvedChangesTech = 9, + UnusedRules = 10, + + Connections = 21 + } + + public static class ReportTypeGroups + { + public static bool IsRuleReport(this ReportType reportType) + { + switch(reportType) + { + case ReportType.Rules: + case ReportType.ResolvedRules: + case ReportType.ResolvedRulesTech: + case ReportType.NatRules: + case ReportType.Recertification: + case ReportType.UnusedRules: + return true; + default: + return false; + } + } + + public static bool IsChangeReport(this ReportType reportType) + { + switch(reportType) + { + case ReportType.Changes: + case ReportType.ResolvedChanges: + case ReportType.ResolvedChangesTech: + return true; + default: + return false; + } + } + + public static bool IsResolvedReport(this ReportType reportType) + { + switch(reportType) + { + case ReportType.ResolvedRules: + case ReportType.ResolvedRulesTech: + case ReportType.ResolvedChanges: + case ReportType.ResolvedChangesTech: + return true; + default: + return false; + } + } + + public static bool IsTechReport(this ReportType reportType) + { + switch(reportType) + { + case ReportType.ResolvedRulesTech: + case ReportType.ResolvedChangesTech: + return true; + default: + return false; + } + } + + public static bool IsDeviceRelatedReport(this ReportType reportType) + { + return reportType.IsRuleReport() || reportType.IsChangeReport() || reportType == ReportType.Statistics; + } + + public static bool IsModellingReport(this ReportType reportType) + { + switch(reportType) + { + case ReportType.Connections: + return true; + default: + return false; + } + } } } diff --git a/roles/lib/files/FWO.Report.Filter/Parser.cs b/roles/lib/files/FWO.Report.Filter/Parser.cs index a6fa18d28..133f64aeb 100644 --- a/roles/lib/files/FWO.Report.Filter/Parser.cs +++ b/roles/lib/files/FWO.Report.Filter/Parser.cs @@ -29,107 +29,20 @@ public Parser(List tokens) private AstNode? ParseStart() { - // if (NextTokenExists()) - // { - if (GetNextToken().Kind == TokenKind.Value) - { - // Left = new AstNodeFilterReportType() - // { - // Name = new Token(new Range(0, 0), "", TokenKind.ReportType), - // Operator = new Token(new Range(0, 0), "", TokenKind.EEQ), - // Value = new Token(new Range(0, 0), "rules", TokenKind.Value) - // }, - // Connector = new Token(new Range(0, 0), "", TokenKind.And), - - // Right = ParseTime() - // }; - // } - // else - // { - // AstNodeConnector root = new AstNodeConnector - // { - // Left = new AstNodeFilterReportType() - // { - // Name = CheckToken(TokenKind.ReportType), - // Operator = CheckToken(TokenKind.EQ, TokenKind.EEQ), - return new AstNodeFilterString - { - Name = new Token(new Range(0, 0), "", TokenKind.Value), - Operator = new Token(new Range(0, 0), "", TokenKind.EQ), - Value = CheckToken(TokenKind.Value) - }; - } - else + if (GetNextToken().Kind == TokenKind.Value) + { + return new AstNodeFilterString { - return ParseOr(); - } + Name = new Token(new Range(0, 0), "", TokenKind.Value), + Operator = new Token(new Range(0, 0), "", TokenKind.EQ), + Value = CheckToken(TokenKind.Value) + }; } - // } - - // private AstNode ParseTime() - // { - // if (NextTokenExists() == false || GetNextToken().Kind != TokenKind.Time) - // { - // AstNodeConnector root = new AstNodeConnector - // { - // Left = new AstNodeFilterDateTimeRange() - // { - // Name = new Token(new Range(0, 0), "", TokenKind.Time), - // Operator = new Token(new Range(0, 0), "", TokenKind.EQ), - // Value = new Token(new Range(0, 0), "now", TokenKind.Value) //DateTime.Now.ToString() - // } - // }; - - // if (NextTokenExists()) - // { - // root.Connector = new Token(new Range(0, 0), "", TokenKind.And); - // root.Right = ParseStart(); - // return root; - // } - // else - // { - // return root.Left; - // } - // } - - // else // TokenKinde == Time - // { - // AstNodeConnector root = new AstNodeConnector - // { - // Left = new AstNodeFilterDateTimeRange() - // { - // Name = CheckToken(TokenKind.Time), - // Operator = ParseOperator(), - // Value = CheckToken(TokenKind.Value) - // } - // }; - - // if (NextTokenExists() && GetNextToken().Kind == TokenKind.And) - // { - // root.Connector = CheckToken(TokenKind.And); - // root.Right = ParseStart(); - // return root; - // } - - // else - // { - // return root.Left; - // } - // } - // } - - // private AstNode ParseStart() - // { - // if (GetNextToken().Kind == TokenKind.Value) - // { - // return new AstNodeFilterString - // { - // Name = new Token(new Range(0, 0), "", TokenKind.Value), - // Operator = new Token(new Range(0, 0), "", TokenKind.EQ), - // Value = CheckToken(TokenKind.Value) - // }; - // } - // } + else + { + return ParseOr(); + } + } private AstNode ParseOr() { @@ -225,19 +138,19 @@ private AstNode ParseFilter() Token Value = CheckToken(TokenKind.Value); return Name.Kind switch { - TokenKind.Value or TokenKind.Service or TokenKind.Action or TokenKind.Management or TokenKind.Gateway or TokenKind.FullText or TokenKind.Protocol + TokenKind.Value or TokenKind.Owner or TokenKind.Service or TokenKind.Action or TokenKind.Management or TokenKind.Gateway or TokenKind.FullText or TokenKind.Protocol => new AstNodeFilterString() { Name = Name, Operator = Operator, Value = Value }, TokenKind.Disabled or TokenKind.SourceNegated or TokenKind.DestinationNegated or TokenKind.ServiceNegated or TokenKind.Remove => new AstNodeFilterBool() { Name = Name, Operator = Operator, Value = Value }, - TokenKind.Time + TokenKind.Time or TokenKind.LastHit => new AstNodeFilterDateTimeRange() { Name = Name, Operator = Operator, Value = Value }, TokenKind.ReportType => new AstNodeFilterReportType() { Name = Name, Operator = Operator, Value = Value }, - TokenKind.DestinationPort or TokenKind.RecertDisplay + TokenKind.DestinationPort or TokenKind.RecertDisplay or TokenKind.Unused => new AstNodeFilterInt() { Name = Name, Operator = Operator, Value = Value }, TokenKind.Source or TokenKind.Destination @@ -255,9 +168,9 @@ private Token ParseOperator() private Token ParseFilterName() { return CheckToken( - TokenKind.Destination, TokenKind.Source, TokenKind.Service, TokenKind.Protocol, + TokenKind.LastHit, TokenKind.Owner, TokenKind.Destination, TokenKind.Source, TokenKind.Service, TokenKind.Protocol, TokenKind.DestinationPort, TokenKind.Action, TokenKind.FullText, TokenKind.Gateway, - TokenKind.Management, TokenKind.Remove, TokenKind.RecertDisplay, TokenKind.Disabled); + TokenKind.Management, TokenKind.Remove, TokenKind.RecertDisplay, TokenKind.Disabled, TokenKind.Unused); } private Token CheckToken(params TokenKind[] expectedTokenKinds) diff --git a/roles/lib/files/FWO.Report.Filter/TokenKind.cs b/roles/lib/files/FWO.Report.Filter/TokenKind.cs index 62dbc6cf7..1ac4c2b2c 100644 --- a/roles/lib/files/FWO.Report.Filter/TokenKind.cs +++ b/roles/lib/files/FWO.Report.Filter/TokenKind.cs @@ -3,6 +3,7 @@ public enum TokenKind { Value, + Owner, Disabled, SourceNegated, DestinationNegated, @@ -20,6 +21,8 @@ public enum TokenKind Time, RecertDisplay, FullText, + LastHit, + Unused, BL, // ( BR, // ) And, diff --git a/roles/lib/files/FWO.Report.Filter/TokenSyntax.cs b/roles/lib/files/FWO.Report.Filter/TokenSyntax.cs index 7ed809c34..0350b6620 100644 --- a/roles/lib/files/FWO.Report.Filter/TokenSyntax.cs +++ b/roles/lib/files/FWO.Report.Filter/TokenSyntax.cs @@ -45,6 +45,24 @@ public static TokenSyntax Get(TokenKind tokenKind) NoWhiteSpaceRequiered: new string[] { } ), + TokenKind.Owner => new TokenSyntax + ( + WhiteSpaceRequiered: new string[] { "owner", "application", "app" }, + NoWhiteSpaceRequiered: new string[] { } + ), + + TokenKind.LastHit => new TokenSyntax + ( + WhiteSpaceRequiered: new string[] { "lasthit", "last-hit", "last-used", "lastused", "last-usage", "lastusage", "last-use", "lastuse" }, + NoWhiteSpaceRequiered: new string[] { } + ), + + TokenKind.Unused => new TokenSyntax + ( + WhiteSpaceRequiered: new string[] { "not-used-for-days", "unused", "unused-days", "not-used" }, + NoWhiteSpaceRequiered: new string[] { } + ), + TokenKind.Source => new TokenSyntax ( WhiteSpaceRequiered: new string[] { "source", "src" }, diff --git a/roles/lib/files/FWO.Report/Data/DeviceReport.cs b/roles/lib/files/FWO.Report/Data/DeviceReport.cs new file mode 100644 index 000000000..9d0dd2484 --- /dev/null +++ b/roles/lib/files/FWO.Report/Data/DeviceReport.cs @@ -0,0 +1,100 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Report +{ + public class DeviceReport // : Device + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } + + [JsonProperty("name"), JsonPropertyName("name")] + public string? Name { get; set; } + + [JsonProperty("rules"), JsonPropertyName("rules")] + public Rule[]? Rules { get; set; } + + [JsonProperty("changelog_rules"), JsonPropertyName("changelog_rules")] + public RuleChange[]? RuleChanges { get; set; } + + [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")] + public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics(); + + + public DeviceReport() + { } + + public DeviceReport(DeviceReport device) + { + Id = device.Id; + Name = device.Name; + Rules = device.Rules; + RuleChanges = device.RuleChanges; + RuleStatistics = device.RuleStatistics; + } + + public void AssignRuleNumbers() + { + if (Rules != null) + { + int ruleNumber = 1; + + foreach (Rule rule in Rules) + { + if (string.IsNullOrEmpty(rule.SectionHeader)) // Not a section header + { + rule.DisplayOrderNumber = ruleNumber++; + } + } + } + } + + public bool ContainsRules() + { + return Rules != null && Rules.Count() >0 ; + } + } + + + public static class DeviceUtility + { + // adding rules fetched in slices + public static bool Merge(this DeviceReport[] devices, DeviceReport[] devicesToMerge) + { + bool newObjects = false; + + for (int i = 0; i < devices.Length && i < devicesToMerge.Length; i++) + { + if (devices[i].Id == devicesToMerge[i].Id) + { + try + { + if (devices[i].Rules != null && devicesToMerge[i].Rules != null && devicesToMerge[i].Rules?.Length > 0) + { + devices[i].Rules = devices[i].Rules?.Concat(devicesToMerge[i].Rules!).ToArray(); + newObjects = true; + } + if (devices[i].RuleChanges != null && devicesToMerge[i].RuleChanges != null && devicesToMerge[i].RuleChanges?.Length > 0) + { + devices[i].RuleChanges = devices[i].RuleChanges!.Concat(devicesToMerge[i].RuleChanges!).ToArray(); + newObjects = true; + } + if (devices[i].RuleStatistics != null && devicesToMerge[i].RuleStatistics != null) + devices[i].RuleStatistics.ObjectAggregate.ObjectCount += devicesToMerge[i].RuleStatistics.ObjectAggregate.ObjectCount; // correct ?? + } + catch (NullReferenceException) + { + throw new ArgumentNullException("Rules is null"); + } + } + else + { + throw new NotSupportedException("Devices have to be in the same order in oder to merge."); + } + } + return newObjects; + } + } +} diff --git a/roles/lib/files/FWO.Report/Data/ManagementReport.cs b/roles/lib/files/FWO.Report/Data/ManagementReport.cs new file mode 100644 index 000000000..1e9dc376e --- /dev/null +++ b/roles/lib/files/FWO.Report/Data/ManagementReport.cs @@ -0,0 +1,185 @@ +using Newtonsoft.Json; +using System.Text.Json.Serialization; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Report +{ + public class ManagementReport + { + [JsonProperty("id"), JsonPropertyName("id")] + public int Id { get; set; } + + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + [JsonProperty("devices"), JsonPropertyName("devices")] + public DeviceReport[] Devices { get; set; } = Array.Empty(); + + [JsonProperty("import"), JsonPropertyName("import")] + public Import Import { get; set; } = new Import(); + + public long? RelevantImportId { get; set; } + + [JsonProperty("networkObjects"), JsonPropertyName("networkObjects")] + public NetworkObject[] Objects { get; set; } = Array.Empty(); + + [JsonProperty("serviceObjects"), JsonPropertyName("serviceObjects")] + public NetworkService[] Services { get; set; } = Array.Empty(); + + [JsonProperty("userObjects"), JsonPropertyName("userObjects")] + public NetworkUser[] Users { get; set; } = Array.Empty(); + + [JsonProperty("reportNetworkObjects"), JsonPropertyName("reportNetworkObjects")] + public NetworkObject[] ReportObjects { get; set; } = Array.Empty(); + + [JsonProperty("reportServiceObjects"), JsonPropertyName("reportServiceObjects")] + public NetworkService[] ReportServices { get; set; } = Array.Empty(); + + [JsonProperty("reportUserObjects"), JsonPropertyName("reportUserObjects")] + public NetworkUser[] ReportUsers { get; set; } = Array.Empty(); + + + //[JsonProperty("rule_id"), JsonPropertyName("rule_id")] + public List ReportedRuleIds { get; set; } = new List(); + public List ReportedNetworkServiceIds { get; set; } = new List(); + + [JsonProperty("objects_aggregate"), JsonPropertyName("objects_aggregate")] + public ObjectStatistics NetworkObjectStatistics { get; set; } = new ObjectStatistics(); + + [JsonProperty("services_aggregate"), JsonPropertyName("services_aggregate")] + public ObjectStatistics ServiceObjectStatistics { get; set; } = new ObjectStatistics(); + + [JsonProperty("usrs_aggregate"), JsonPropertyName("usrs_aggregate")] + public ObjectStatistics UserObjectStatistics { get; set; } = new ObjectStatistics(); + + [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")] + public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics(); + + public bool Ignore { get; set; } + + + public ManagementReport() + {} + + public ManagementReport(ManagementReport managementReport) + { + Id = managementReport.Id; + Name = managementReport.Name; + Devices = managementReport.Devices; + Import = managementReport.Import; + if (managementReport.Import != null && managementReport.Import.ImportAggregate != null && + managementReport.Import.ImportAggregate.ImportAggregateMax != null && + managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId != null) + { + RelevantImportId = managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId; + } + Objects = managementReport.Objects; + Services = managementReport.Services; + Users = managementReport.Users; + ReportObjects = managementReport.ReportObjects; + ReportServices = managementReport.ReportServices; + ReportUsers = managementReport.ReportUsers; + ReportedRuleIds = managementReport.ReportedRuleIds; + ReportedNetworkServiceIds = managementReport.ReportedNetworkServiceIds; + NetworkObjectStatistics = managementReport.NetworkObjectStatistics; + ServiceObjectStatistics = managementReport.ServiceObjectStatistics; + UserObjectStatistics = managementReport.UserObjectStatistics; + RuleStatistics = managementReport.RuleStatistics; + Ignore = managementReport.Ignore; + } + + public void AssignRuleNumbers() + { + foreach (var device in Devices) + { + device.AssignRuleNumbers(); + } + } + + public string NameAndDeviceNames(string separator = ", ") + { + return $"{Name} [{string.Join(separator, Array.ConvertAll(Devices, device => device.Name))}]"; + } + } + + public static class ManagementUtility + { + public static bool Merge(this List managementReports, List managementReportsToMerge) + { + bool newObjects = false; + + foreach(var managementReportToMerge in managementReportsToMerge) + { + ManagementReport? mgmtToFill = managementReports.FirstOrDefault(m => m.Id == managementReportToMerge.Id); + if(mgmtToFill!= null) + { + newObjects |= mgmtToFill.Merge(managementReportToMerge); + } + } + return newObjects; + } + + public static bool Merge(this ManagementReport managementReport, ManagementReport managementToMerge) + { + bool newObjects = false; + + if (managementReport.Objects != null && managementToMerge.Objects != null && managementToMerge.Objects.Length > 0) + { + managementReport.Objects = managementReport.Objects.Concat(managementToMerge.Objects).ToArray(); + newObjects = true; + } + + if (managementReport.Services != null && managementToMerge.Services != null && managementToMerge.Services.Length > 0) + { + managementReport.Services = managementReport.Services.Concat(managementToMerge.Services).ToArray(); + newObjects = true; + } + + if (managementReport.Users != null && managementToMerge.Users != null && managementToMerge.Users.Length > 0) + { + managementReport.Users = managementReport.Users.Concat(managementToMerge.Users).ToArray(); + newObjects = true; + } + + if (managementReport.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0) + { + // important: if any management still returns rules, newObjects is set to true + if (managementReport.Devices.Merge(managementToMerge.Devices) == true) + newObjects = true; + } + return newObjects; + } + + public static bool MergeReportObjects(this ManagementReport managementReport, ManagementReport managementReportToMerge) + { + bool newObjects = false; + + if (managementReport.ReportObjects != null && managementReportToMerge.ReportObjects != null && managementReportToMerge.ReportObjects.Length > 0) + { + managementReport.ReportObjects = managementReport.ReportObjects.Concat(managementReportToMerge.ReportObjects).ToArray(); + newObjects = true; + } + + if (managementReport.ReportServices != null && managementReportToMerge.ReportServices != null && managementReportToMerge.ReportServices.Length > 0) + { + managementReport.ReportServices = managementReport.ReportServices.Concat(managementReportToMerge.ReportServices).ToArray(); + newObjects = true; + } + + if (managementReport.ReportUsers != null && managementReportToMerge.ReportUsers != null && managementReportToMerge.ReportUsers.Length > 0) + { + managementReport.ReportUsers = managementReport.ReportUsers.Concat(managementReportToMerge.ReportUsers).ToArray(); + newObjects = true; + } + + if (managementReport.Devices != null && managementReportToMerge.Devices != null && managementReportToMerge.Devices.Length > 0) + { + // important: if any management still returns rules, newObjects is set to true + if (managementReport.Devices.Merge(managementReportToMerge.Devices) == true) + newObjects = true; + } + return newObjects; + } + } +} diff --git a/roles/lib/files/FWO.Report/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs new file mode 100644 index 000000000..3be9b012a --- /dev/null +++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs @@ -0,0 +1,222 @@ +using FWO.Api.Data; + +namespace FWO.Report +{ + public class OwnerReport + { + public string Name = ""; + public List Connections { get; set; } = new (); + public List RegularConnections { get; set; } = new (); + public List Interfaces { get; set; } = new (); + public List CommonServices { get; set; } = new (); + + public List AllObjects = new(); + public List AllServices = new(); + private readonly long DummyARid = -1; + + public OwnerReport() + {} + + public OwnerReport(long dummyARid) + { + DummyARid = dummyARid; + } + + public OwnerReport(OwnerReport report) + { + Name = report.Name; + Connections = report.Connections; + RegularConnections = report.RegularConnections; + Interfaces = report.Interfaces; + CommonServices = report.CommonServices; + AllObjects = report.AllObjects; + AllServices = report.AllServices; + } + + public static void AssignConnectionNumbers(List connections) + { + int connNumber = 1; + foreach (var conn in connections) + { + conn.OrderNumber = connNumber++; + } + } + + public void PrepareObjectData() + { + AllObjects = GetAllNetworkObjects(true); + SetObjectNumbers(ref AllObjects); + AllServices = GetAllServices(true); + SetSvcNumbers(ref AllServices); + } + + public long ResolveObjNumber(ModellingNwObject networkObject) + { + return AllObjects.FirstOrDefault(x => x.Name == networkObject.Name)?.Number ?? 0; + } + + public long ResolveSvcNumber(ModellingSvcObject serviceObject) + { + return AllServices.FirstOrDefault(x => x.Name == serviceObject.Name)?.Number ?? 0; + } + + public List GetAllAppServers() + { + List allAppServers = new(); + foreach(var conn in Connections) + { + allAppServers = allAppServers.Union(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList()).ToList(); + allAppServers = allAppServers.Union(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList()).ToList(); + } + return allAppServers; + } + + public List GetAllNetworkObjects(bool resolved = false) + { + List allObjects = new(); + foreach(var conn in Connections) + { + List objList = new(); + GetObjectsFromAR(conn.SourceAppRoles, ref objList, resolved); + GetObjectsFromAR(conn.DestinationAppRoles, ref objList, resolved); + GetObjectsFromNwGroups(conn.SourceNwGroups, ref objList, resolved); + GetObjectsFromNwGroups(conn.DestinationNwGroups, ref objList, resolved); + allObjects = allObjects.Union(objList).ToList(); + } + allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList(); + return allObjects; + } + + private static void GetObjectsFromNwGroups(List nwGroups, ref List objectList, bool resolved = false) + { + foreach (var nwGrpWrapper in nwGroups) + { + objectList.Add(nwGrpWrapper.Content.ToNetworkObjectGroup()); + if(resolved) + { + foreach(var obj in nwGrpWrapper.Content.ToNetworkObjectGroup().ObjectGroups) + { + if(obj.Object != null) + { + objectList.Add(obj.Object); + } + } + } + } + } + + private void GetObjectsFromAR(List appRoles, ref List objectList, bool resolved = false) + { + foreach (var aRWrapper in appRoles.Where(a => a.Content.Id != DummyARid)) + { + objectList.Add(aRWrapper.Content.ToNetworkObjectGroup()); + if(resolved) + { + foreach(var obj in aRWrapper.Content.ToNetworkObjectGroup().ObjectGroups) + { + if(obj.Object != null) + { + objectList.Add(obj.Object); + } + } + } + } + } + + public List GetAllServices(bool resolved = false) + { + List allServices = new(); + foreach(var conn in Connections) + { + List svcList = new(); + foreach (var svcGrp in conn.ServiceGroups) + { + NetworkService serviceGroup = svcGrp.Content.ToNetworkServiceGroup(); + svcList.Add(svcGrp.Content.ToNetworkServiceGroup()); + if(resolved) + { + foreach(var svc in serviceGroup.ServiceGroups) + { + if(svc.Object != null) + { + svcList.Add(svc.Object); + } + } + } + } + allServices = allServices.Union(svcList).ToList(); + allServices = allServices.Union(ModellingServiceWrapper.ResolveAsNetworkServices(conn.Services).ToList()).ToList(); + } + return allServices; + } + + public static List GetSrcNames(ModellingConnection conn) + { + List names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => s.DisplayHtml()); + names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => s.DisplayHtml())); + names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => s.DisplayHtml())); + return names; + } + + public static List GetDstNames(ModellingConnection conn) + { + List names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => s.DisplayHtml()); + names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => s.DisplayHtml())); + names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => s.DisplayHtml())); + return names; + } + + public static List GetSvcNames(ModellingConnection conn) + { + List names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => s.DisplayHtml()); + names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => s.DisplayHtml())); + return names; + } + + public List GetLinkedSrcNames(ModellingConnection conn) + { + List names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))); + names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)))); + names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)))); + return names; + } + + public List GetLinkedDstNames(ModellingConnection conn) + { + List names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))); + names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)))); + names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)))); + return names; + } + + public List GetLinkedSvcNames(ModellingConnection conn) + { + List names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s))); + names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s)))); + return names; + } + + private static void SetSvcNumbers(ref List svcList) + { + long number = 1; + foreach(var svc in svcList) + { + svc.Number = number++; + } + } + + private static void SetObjectNumbers(ref List objList) + { + long number = 1; + foreach(var obj in objList) + { + obj.Number = number++; + } + } + + private static string ConstructOutput(ModellingObject inputObj, string type, long objNumber) + { + return ReportBase.ConstructLink(type, "", objNumber, inputObj.Display(), OutputLocation.export, $"a{inputObj.AppId}", ""); + } + } +} diff --git a/roles/lib/files/FWO.Report/Data/ReportData.cs b/roles/lib/files/FWO.Report/Data/ReportData.cs new file mode 100644 index 000000000..d41fd6528 --- /dev/null +++ b/roles/lib/files/FWO.Report/Data/ReportData.cs @@ -0,0 +1,24 @@ +using FWO.Api.Data; + +namespace FWO.Report +{ + public class ReportData + { + public List ManagementData = new(); + public List OwnerData = new(); + public List GlobalComSvc = new(); + public ManagementReport GlobalStats = new(); + + + public ReportData() + {} + + public ReportData(ReportData reportData) + { + ManagementData = reportData.ManagementData; + OwnerData = reportData.OwnerData; + GlobalComSvc = reportData.GlobalComSvc; + GlobalStats = reportData.GlobalStats; + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/NatRuleDisplay.cs b/roles/lib/files/FWO.Report/Display/NatRuleDisplay.cs deleted file mode 100644 index 870a21476..000000000 --- a/roles/lib/files/FWO.Report/Display/NatRuleDisplay.cs +++ /dev/null @@ -1,125 +0,0 @@ -using FWO.Api.Data; -using FWO.Config.Api; -using System.Text; - -namespace FWO.Ui.Display -{ - public class NatRuleDisplay : RuleDisplayHtml - { - public NatRuleDisplay(UserConfig userConfig) : base(userConfig) - {} - - public string DisplayTranslatedSource(Rule rule, string style = "", string location = "report") - { - result = new StringBuilder(); - - result.AppendLine("

    "); - - if (rule.NatData.TranslatedSourceNegated) - { - result.AppendLine(userConfig.GetText("anything_but") + "
    "); - } - - string symbol = ""; - foreach (NetworkLocation source in rule.NatData.TranslatedFroms) - { - if (source.Object.Type.Name == "group") - symbol = "oi oi-list-rich"; - else if (source.Object.Type.Name == "network") - symbol = "oi oi-rss"; - else if (source.Object.Type.Name == "ip_range") - symbol = "oi oi-resize-width"; - else - symbol = "oi oi-monitor"; - - string userLink = location == "" ? $"user{source.User?.Id}" - : $"goto-report-m{rule.MgmtId}-user{source.User?.Id}"; - - string nwobjLink = location == "" ? $"nwobj{source.Object.Id}" - : $"goto-report-m{rule.MgmtId}-nwobj{source.Object.Id}"; - - if (source.User != null) - result.AppendLine($" {source.User.Name}@"); - result.Append($" {source.Object.Name}"); - result.Append(" ("); - result.Append(DisplayIpRange(source.Object.IP, source.Object.IpEnd)); - result.Append(")"); - result.AppendLine("
    "); - } - result.AppendLine("

    "); - - return result.ToString(); - } - - public string DisplayTranslatedDestination(Rule rule, string style = "", string location = "report") - { - result = new StringBuilder(); - - result.AppendLine("

    "); - - if (rule.NatData.TranslatedDestinationNegated) - { - result.AppendLine(userConfig.GetText("anything_but") + "
    "); - } - - string symbol = ""; - foreach (NetworkLocation destination in rule.NatData.TranslatedTos) - { - if (destination.Object.Type.Name == "group") - symbol = "oi oi-list-rich"; - else if (destination.Object.Type.Name == "network") - symbol = "oi oi-rss"; - else if (destination.Object.Type.Name == "ip_range") - symbol = "oi oi-resize-width"; - else - symbol = "oi oi-monitor"; - - string link = location == "" ? $"nwobj{destination.Object.Id}" - : $"goto-report-m{rule.MgmtId}-nwobj{destination.Object.Id}"; - - result.Append($" {destination.Object.Name}"); - result.Append(" ("); - result.Append(DisplayIpRange(destination.Object.IP, destination.Object.IpEnd)); - result.Append(")"); - result.AppendLine("
    "); - } - result.AppendLine("

    "); - - return result.ToString(); - } - - public string DisplayTranslatedService(Rule rule, string style = "", string location = "report") - { - result = new StringBuilder(); - - result.AppendLine("

    "); - - if (rule.NatData.TranslatedServiceNegated) - { - result.AppendLine(userConfig.GetText("anything_but") + "
    "); - } - - string symbol = ""; - foreach (ServiceWrapper service in rule.NatData.TranslatedServices) - { - if (service.Content.Type.Name == "group") - symbol = "oi oi-list-rich"; - else - symbol = "oi oi-wrench"; - - string link = location == "" ? $"svc{service.Content.Id}" - : $"goto-report-m{rule.MgmtId}-svc{service.Content.Id}"; - - result.Append($" {service.Content.Name}"); - - if (service.Content.DestinationPort != null) - result.Append(service.Content.DestinationPort == service.Content.DestinationPortEnd ? $" ({service.Content.DestinationPort}/{service.Content.Protocol?.Name})" - : $" ({service.Content.DestinationPort}-{service.Content.DestinationPortEnd}/{service.Content.Protocol?.Name})"); - result.AppendLine("
    "); - } - result.AppendLine("

    "); - - return result.ToString(); - } - } -} diff --git a/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs new file mode 100644 index 000000000..ce38a1f59 --- /dev/null +++ b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs @@ -0,0 +1,47 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using System.Text; +using FWO.Report; +using FWO.Report.Filter; + +namespace FWO.Ui.Display +{ + public class NatRuleDisplayHtml : RuleDisplayHtml + { + public NatRuleDisplayHtml(UserConfig userConfig) : base(userConfig) + {} + + public string DisplayTranslatedSource(Rule rule, OutputLocation location, string style = "") + { + return DisplayTranslatedSourceOrDestination(rule, location, style, true); + } + + public string DisplayTranslatedDestination(Rule rule, OutputLocation location, string style = "") + { + return DisplayTranslatedSourceOrDestination(rule, location, style, false); + } + + public string DisplayTranslatedService(Rule rule, OutputLocation location, string style = "") + { + StringBuilder result = new StringBuilder(); + if (rule.NatData.TranslatedServiceNegated) + { + result.AppendLine(userConfig.GetText("negated") + "
    "); + } + result.AppendJoin("
    ", Array.ConvertAll(rule.NatData.TranslatedServices, service => ServiceToHtml(service.Content, rule.MgmtId, location, style, ReportType.NatRules))); + return result.ToString(); + } + + private string DisplayTranslatedSourceOrDestination(Rule rule, OutputLocation location, string style, bool isSource) + { + StringBuilder result = new StringBuilder(); + if ((isSource && rule.NatData.TranslatedSourceNegated) ||(!isSource && rule.NatData.TranslatedDestinationNegated)) + { + result.AppendLine(userConfig.GetText("negated") + "
    "); + } + result.AppendJoin("
    ", Array.ConvertAll(isSource ? rule.NatData.TranslatedFroms : rule.NatData.TranslatedTos, networkLocation => NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style, ReportType.NatRules))); + return result.ToString(); + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs b/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs new file mode 100644 index 000000000..0b6661463 --- /dev/null +++ b/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs @@ -0,0 +1,18 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Ui.Display +{ + public static class NwObjDisplay + { + public static string DisplayIp(string ip1, string ip2, bool inBrackets = false) + { + return DisplayBase.DisplayIp(ip1, ip2, inBrackets); + } + + public static string DisplayIp(string ip1, string ip2, string nwObjType, bool inBrackets = false) + { + return DisplayBase.DisplayIp(ip1, ip2, nwObjType, inBrackets); + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplay.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplay.cs deleted file mode 100644 index 54e1c0f79..000000000 --- a/roles/lib/files/FWO.Report/Display/RuleChangeDisplay.cs +++ /dev/null @@ -1,246 +0,0 @@ -using FWO.Api.Data; -using FWO.Logging; -using System.Linq; -using System.Collections.Generic; -using System; -using FWO.Config.Api; - -namespace FWO.Ui.Display -{ - public class RuleChangeDisplay - { - // private static StringBuilder result; - - private UserConfig userConfig; - private RuleDisplayHtml ruleDisplay; - - public RuleChangeDisplay(UserConfig userConfig) - { - this.userConfig = userConfig; - ruleDisplay = new RuleDisplayHtml(userConfig); - } - - public string DisplayChangeTime(RuleChange ruleChange) - { - return ruleChange.ChangeImport.Time.ToString(); - } - public string DisplayChangeAction(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'I': return "rule created"; - case 'D': return "rule deleted"; - case 'C': return "rule modified"; - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - public string DisplayName(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayName(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayName(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayName(ruleChange.OldRule), ruleDisplay.DisplayName(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplaySourceZone(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplaySourceZone(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplaySourceZone(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplaySourceZone(ruleChange.OldRule), ruleDisplay.DisplaySourceZone(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - public string DisplaySource(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplaySource(ruleChange.OldRule, DisplayStyle(ruleChange)); - case 'I': return ruleDisplay.DisplaySource(ruleChange.NewRule, DisplayStyle(ruleChange)); - case 'C': return DisplayDiff(ruleDisplay.DisplaySource(ruleChange.OldRule), ruleDisplay.DisplaySource(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - public string DisplayDestinationZone(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayDestinationZone(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayDestinationZone(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayDestinationZone(ruleChange.OldRule), ruleDisplay.DisplayDestinationZone(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - public string DisplayDestination(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayDestination(ruleChange.OldRule, DisplayStyle(ruleChange)); - case 'I': return ruleDisplay.DisplayDestination(ruleChange.NewRule, DisplayStyle(ruleChange)); - case 'C': return DisplayDiff(ruleDisplay.DisplayDestination(ruleChange.OldRule), ruleDisplay.DisplayDestination(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplayService(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayService(ruleChange.OldRule, DisplayStyle(ruleChange)); - case 'I': return ruleDisplay.DisplayService(ruleChange.NewRule, DisplayStyle(ruleChange)); - // case 'C': return ruleDisplay.DisplayService(ruleChange.OldRule, ruleDisplay.DisplayService(ruleChange.NewRule)); - case 'C': return DisplayDiff(ruleDisplay.DisplayService(ruleChange.OldRule), ruleDisplay.DisplayService(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplayAction(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayAction(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayAction(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayAction(ruleChange.OldRule), ruleDisplay.DisplayAction(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplayTrack(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayTrack(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayTrack(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayTrack(ruleChange.OldRule), ruleDisplay.DisplayTrack(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplayEnabled(RuleChange ruleChange, bool export = false) - { - if (export) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayEnabled(ruleChange.OldRule, export: true); - case 'I': return ruleDisplay.DisplayEnabled(ruleChange.NewRule, export: true); - case 'C': return DisplayDiff(ruleDisplay.DisplayEnabled(ruleChange.OldRule, export: true), ruleDisplay.DisplayEnabled(ruleChange.NewRule, export: true)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - else - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayEnabled(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayEnabled(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayEnabled(ruleChange.OldRule), ruleDisplay.DisplayEnabled(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - } - - public string DisplayUid(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayUid(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayUid(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayUid(ruleChange.OldRule), ruleDisplay.DisplayUid(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - public string DisplayComment(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return ruleDisplay.DisplayComment(ruleChange.OldRule); - case 'I': return ruleDisplay.DisplayComment(ruleChange.NewRule); - case 'C': return DisplayDiff(ruleDisplay.DisplayComment(ruleChange.OldRule), ruleDisplay.DisplayComment(ruleChange.NewRule)); - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - public string DisplayStyle(RuleChange ruleChange) - { - switch (ruleChange.ChangeAction) - { - case 'D': return "color: red"; - case 'I': return "color: green"; - case 'C': return ""; - default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; - } - } - - /// - /// displays differences between two string objects - /// - /// the original value of the object - /// the new (changed) value of the object - /// string diff result - private string DisplayDiff(string oldElement, string newElement) - { - if (oldElement == newElement) - return oldElement; - else - { - string[] separatingStrings = { "
    " }; - string[] oldAr = oldElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); - string[] newAr = newElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); - List unchanged = new List(); - List added = new List(); - List deleted = new List(); - - foreach (var item in oldAr) - { - if (newAr.Contains(item)) - { - unchanged.Add(item); - } - else - { - string deletedItem = item; - deletedItem = deletedItem.Replace("

    ", ""); - deleted.Add(deletedItem.Replace("style=\"\"", "style=\"color: red\"")); - } - } - foreach (var item in newAr) - { - if (!oldAr.Contains(item)) - { - string newItem = item; - newItem = newItem.Replace("

    ", ""); - added.Add(newItem.Replace("style=\"\"", "style=\"color: green\"")); - } - } - - return string.Join("
    ", unchanged) - + (deleted.Count > 0 ? $" {userConfig.GetText("deleted")}:

    {string.Join("
    ", deleted)}

    " : "") - + (added.Count > 0 ? $" {userConfig.GetText("added")}:

    {string.Join("
    ", added)}

    " : ""); - } - } - - /// - /// displays differences between two json objects - /// - /// the original value of the object - /// the new (changed) value of the object - /// wrapped in Dictionary serialized to Json. - private string DisplayJsonDiff(string oldJsonObject, string newJsonObject) - { - // todo: implement diff - if (oldJsonObject == newJsonObject) - return oldJsonObject; - else - return $"{oldJsonObject} --> {newJsonObject}"; - } - private void ThrowErrorUnknowChangeAction(char action) - { - Log.WriteError("Unknown Change Action", $"found an unexpected change action [{action}]"); - } - } -} diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs new file mode 100644 index 000000000..76ca29902 --- /dev/null +++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs @@ -0,0 +1,193 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Report.Filter; + +namespace FWO.Ui.Display +{ + public class RuleChangeDisplayCsv : RuleDisplayCsv + { + public RuleChangeDisplayCsv(UserConfig userConfig) : base(userConfig) + { } + + public string DisplayChangeTime(RuleChange ruleChange) + { + return OutputCsv(ruleChange.ChangeImport.Time.ToString()); + } + + public string DisplayChangeAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'I': return OutputCsv(userConfig.GetText("rule_added")); + case 'D': return OutputCsv(userConfig.GetText("rule_deleted")); + case 'C': return OutputCsv(userConfig.GetText("rule_modified")); + default: return ","; + } + } + + public string DisplayName(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayName(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayName(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayName(ruleChange.OldRule), DisplayName(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplaySourceZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplaySourceZone(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplaySourceZone(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplaySourceZone(ruleChange.OldRule), DisplaySourceZone(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplaySource(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplaySource(ruleChange.OldRule, reportType)); + case 'I': return OutputCsv(DisplaySource(ruleChange.NewRule, reportType)); + case 'C': return OutputCsv(DisplayArrayDiff(DisplaySource(ruleChange.OldRule, reportType), DisplaySource(ruleChange.NewRule, reportType), ruleChange.OldRule.SourceNegated, ruleChange.NewRule.SourceNegated)); + default: return ","; + } + } + + public string DisplayDestinationZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayDestinationZone(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayDestinationZone(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayDestinationZone(ruleChange.OldRule), DisplayDestinationZone(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplayDestination(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayDestination(ruleChange.OldRule, reportType)); + case 'I': return OutputCsv(DisplayDestination(ruleChange.NewRule, reportType)); + case 'C': return OutputCsv(DisplayArrayDiff(DisplayDestination(ruleChange.OldRule, reportType), DisplayDestination(ruleChange.NewRule, reportType), ruleChange.OldRule.DestinationNegated, ruleChange.NewRule.DestinationNegated)); + default: return ","; + } + } + + public string DisplayServices(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayServices(ruleChange.OldRule, reportType)); + case 'I': return OutputCsv(DisplayServices(ruleChange.NewRule, reportType)); + case 'C': return OutputCsv(DisplayArrayDiff(DisplayServices(ruleChange.OldRule, reportType), DisplayServices(ruleChange.NewRule, reportType), ruleChange.OldRule.ServiceNegated, ruleChange.NewRule.ServiceNegated)); + default: return ","; + } + } + + public string DisplayAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayAction(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayAction(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayAction(ruleChange.OldRule), DisplayAction(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplayTrack(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayTrack(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayTrack(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayTrack(ruleChange.OldRule), DisplayTrack(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplayEnabled(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayEnabled(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayEnabled(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayEnabled(ruleChange.OldRule), DisplayEnabled(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplayUid(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayUid(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayUid(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayUid(ruleChange.OldRule), DisplayUid(ruleChange.NewRule))); + default: return ","; + } + } + + public string DisplayComment(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputCsv(DisplayComment(ruleChange.OldRule)); + case 'I': return OutputCsv(DisplayComment(ruleChange.NewRule)); + case 'C': return OutputCsv(DisplayDiff(DisplayComment(ruleChange.OldRule), DisplayComment(ruleChange.NewRule))); + default: return ""; + } + } + + private string DisplayDiff(string oldElement, string newElement) + { + if (oldElement == newElement) + { + return oldElement; + } + else + { + return (oldElement.Length > 0 ? $" {userConfig.GetText("deleted")}: {oldElement}" : "") + + (newElement.Length > 0 ? $" {userConfig.GetText("added")}: {newElement}" : ""); + } + } + + private string DisplayArrayDiff(string oldElement, string newElement, bool oldNegated, bool newNegated) + { + if (oldElement == newElement) + { + return oldElement; + } + else + { + List unchanged = new List(); + List added = new List(); + List deleted = new List(); + + oldElement = oldElement.Replace("\"", ""); + newElement = newElement.Replace("\"", ""); + if(oldNegated != newNegated) + { + deleted.Add(oldElement); + added.Add(newElement); + } + else + { + AnalyzeElements(oldElement, newElement, ref unchanged, ref deleted, ref added); + } + + return string.Join(" ", unchanged) + + (deleted.Count > 0 ? $" {userConfig.GetText("deleted")}: {string.Join(",", deleted)}" : "") + + (added.Count > 0 ? $" {userConfig.GetText("added")}: {string.Join(",", added)}" : ""); + } + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs new file mode 100644 index 000000000..3d3154a78 --- /dev/null +++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs @@ -0,0 +1,258 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Logging; +using FWO.Config.Api; +using FWO.Report; +using FWO.Report.Filter; + +namespace FWO.Ui.Display +{ + public class RuleChangeDisplayHtml : RuleDisplayHtml + { + static string addedStyle = "color: green; text-decoration: bold;"; + static string deletedStyle = "color: red; text-decoration: line-through red;"; + + public RuleChangeDisplayHtml(UserConfig userConfig) : base(userConfig) + { } + + public string DisplayChangeTime(RuleChange ruleChange) + { + return ruleChange.ChangeImport.Time.ToString(); + } + + public string DisplayChangeAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'I': return userConfig.GetText("rule_added"); + case 'D': return userConfig.GetText("rule_deleted"); + case 'C': return userConfig.GetText("rule_modified"); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayName(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayName(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayName(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayName(ruleChange.OldRule), DisplayName(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplaySourceZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplaySourceZone(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplaySourceZone(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplaySourceZone(ruleChange.OldRule), DisplaySourceZone(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplaySource(RuleChange ruleChange, OutputLocation location, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplaySource(ruleChange.OldRule, location, reportType, deletedStyle)); + case 'I': return OutputHtmlAdded(DisplaySource(ruleChange.NewRule, location, reportType, addedStyle)); + case 'C': return DisplayArrayDiff(DisplaySource(ruleChange.OldRule, location, reportType), + DisplaySource(ruleChange.NewRule, location, reportType), + ruleChange.OldRule.SourceNegated, ruleChange.NewRule.SourceNegated); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayDestinationZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayDestinationZone(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayDestinationZone(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayDestinationZone(ruleChange.OldRule), DisplayDestinationZone(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayDestination(RuleChange ruleChange, OutputLocation location, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayDestination(ruleChange.OldRule, location, reportType, deletedStyle)); + case 'I': return OutputHtmlAdded(DisplayDestination(ruleChange.NewRule, location, reportType, addedStyle)); + case 'C': return DisplayArrayDiff(DisplayDestination(ruleChange.OldRule, location, reportType), + DisplayDestination(ruleChange.NewRule, location, reportType), + ruleChange.OldRule.DestinationNegated, ruleChange.NewRule.DestinationNegated); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayServices(RuleChange ruleChange, OutputLocation location, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayServices(ruleChange.OldRule, location, reportType, deletedStyle)); + case 'I': return OutputHtmlAdded(DisplayServices(ruleChange.NewRule, location, reportType, addedStyle)); + case 'C': return DisplayArrayDiff(DisplayServices(ruleChange.OldRule, location, reportType), + DisplayServices(ruleChange.NewRule, location, reportType), + ruleChange.OldRule.ServiceNegated, ruleChange.NewRule.ServiceNegated); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayAction(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayAction(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayAction(ruleChange.OldRule), DisplayAction(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayTrack(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayTrack(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayTrack(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayTrack(ruleChange.OldRule), DisplayTrack(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayEnabled(RuleChange ruleChange, OutputLocation location) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayEnabled(ruleChange.OldRule, location)); + case 'I': return OutputHtmlAdded(DisplayEnabled(ruleChange.NewRule, location)); + case 'C': return DisplayDiff(DisplayEnabled(ruleChange.OldRule, location), DisplayEnabled(ruleChange.NewRule, location)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayUid(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayUid(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayUid(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayUid(ruleChange.OldRule), DisplayUid(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayComment(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return OutputHtmlDeleted(DisplayComment(ruleChange.OldRule)); + case 'I': return OutputHtmlAdded(DisplayComment(ruleChange.NewRule)); + case 'C': return DisplayDiff(DisplayComment(ruleChange.OldRule), DisplayComment(ruleChange.NewRule)); + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + public string DisplayStyle(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return deletedStyle; + case 'I': return addedStyle; + case 'C': return ""; + default: ThrowErrorUnknowChangeAction(ruleChange.ChangeAction); return ""; + } + } + + private string DisplayDiff(string oldElement, string newElement) + { + if (oldElement == newElement) + { + return oldElement; + } + else + { + return (oldElement.Length > 0 ? $"{userConfig.GetText("deleted")}:

    {oldElement}

    " : "") + + (newElement.Length > 0 ? $"{userConfig.GetText("added")}:

    {newElement}

    " : ""); + } + } + + private string DisplayArrayDiff(string oldElement, string newElement, bool oldNegated, bool newNegated) + { + if (oldElement == newElement) + return oldElement; + else + { + oldElement = oldElement.Replace("

    ", ""); + oldElement = oldElement.Replace("

    ", ""); + oldElement = oldElement.Replace("\r\n", ""); + newElement = newElement.Replace("

    ", ""); + newElement = newElement.Replace("

    ", ""); + newElement = newElement.Replace("\r\n", ""); + List unchanged = new List(); + List added = new List(); + List deleted = new List(); + + if(oldNegated != newNegated) + { + deleted.Add(setStyle(oldElement, deletedStyle)); + added.Add(setStyle(newElement, addedStyle)); + } + else + { + string[] separatingStrings = { "
    " }; + string[] oldAr = oldElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); + string[] newAr = newElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); + + foreach (var item in oldAr) + { + if (newAr.Contains(item)) + { + unchanged.Add(item); + } + else + { + deleted.Add(setStyle(item, deletedStyle)); + } + } + foreach (var item in newAr) + { + if (!oldAr.Contains(item)) + { + added.Add(setStyle(item, addedStyle)); + } + } + } + + return (unchanged.Count > 0 ? $"

    {string.Join("
    ", unchanged)}

    " : "") + + (deleted.Count > 0 ? $"{userConfig.GetText("deleted")}:

    {string.Join("
    ", deleted)}

    " : "") + + (added.Count > 0 ? $"{userConfig.GetText("added")}:

    {string.Join("
    ", added)}

    " : ""); + } + } + + private string OutputHtmlDeleted(string? input) + { + return input != null && input != "" ? $"

    {input}

    " : ""; + } + + private string OutputHtmlAdded(string? input) + { + return input != null && input != "" ? $"

    {input}

    " : ""; + } + + private string setStyle(string input, string style) + { + return input.Replace("style=\"\"", $"style=\"{style}\""); + } + + private void ThrowErrorUnknowChangeAction(char action) + { + Log.WriteError("Unknown Change Action", $"found an unexpected change action [{action}]"); + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs new file mode 100644 index 000000000..48e84a93b --- /dev/null +++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs @@ -0,0 +1,229 @@ +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Report.Filter; + +namespace FWO.Ui.Display +{ + public class RuleChangeDisplayJson : RuleDisplayJson + { + public RuleChangeDisplayJson(UserConfig userConfig) : base(userConfig) + { } + + public string DisplayChangeTime(RuleChange ruleChange) + { + return DisplayJsonString("change time", ruleChange.ChangeImport.Time.ToString()); + } + + public string DisplayChangeAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'I': return DisplayJsonString("change action", userConfig.GetText("rule_added")); + case 'D': return DisplayJsonString("change action", userConfig.GetText("rule_deleted")); + case 'C': return DisplayJsonString("change action", userConfig.GetText("rule_modified")); + default: return ""; + } + } + + public string DisplayName(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayName(ruleChange.OldRule.Name); + case 'I': return DisplayName(ruleChange.NewRule.Name); + case 'C': return DisplayName(DisplayDiff(ruleChange.OldRule.Name, ruleChange.NewRule.Name)); + default: return ""; + } + } + + public string DisplaySourceZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplaySourceZone(ruleChange.OldRule.SourceZone?.Name); + case 'I': return DisplaySourceZone(ruleChange.NewRule.SourceZone?.Name); + case 'C': return DisplaySourceZone(DisplayDiff(ruleChange.OldRule.SourceZone?.Name, ruleChange.NewRule.SourceZone?.Name)); + default: return ""; + } + } + + public string DisplaySourceNegated(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplaySourceNegated(ruleChange.OldRule.SourceNegated); + case 'I': return DisplaySourceNegated(ruleChange.NewRule.SourceNegated); + case 'C': return ruleChange.OldRule.SourceNegated == ruleChange.NewRule.SourceNegated ? + DisplaySourceNegated(ruleChange.NewRule.SourceNegated) : + DisplayJsonString("source negated", DisplayDiff(ruleChange.OldRule.SourceNegated.ToString().ToLower(), ruleChange.NewRule.SourceNegated.ToString().ToLower())); + default: return ""; + } + } + + public string DisplaySource(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplaySource(ruleChange.OldRule, reportType); + case 'I': return DisplaySource(ruleChange.NewRule, reportType); + case 'C': return DisplayJsonArray("source", DisplayArrayDiff(ListNetworkLocations(ruleChange.OldRule, reportType, true), + ListNetworkLocations(ruleChange.NewRule, reportType, true))); + default: return ""; + } + } + + public string DisplayDestinationZone(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayDestinationZone(ruleChange.OldRule.DestinationZone?.Name); + case 'I': return DisplayDestinationZone(ruleChange.NewRule.DestinationZone?.Name); + case 'C': return DisplayDestinationZone(DisplayDiff(ruleChange.OldRule.DestinationZone?.Name, ruleChange.NewRule.DestinationZone?.Name)); + default: return ""; + } + } + + public string DisplayDestinationNegated(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayDestinationNegated(ruleChange.OldRule.DestinationNegated); + case 'I': return DisplayDestinationNegated(ruleChange.NewRule.DestinationNegated); + case 'C': return ruleChange.OldRule.DestinationNegated == ruleChange.NewRule.DestinationNegated ? + DisplayDestinationNegated(ruleChange.NewRule.DestinationNegated) : + DisplayJsonString("destination negated", DisplayDiff(ruleChange.OldRule.DestinationNegated.ToString().ToLower(), ruleChange.NewRule.DestinationNegated.ToString().ToLower())); + default: return ""; + } + } + + public string DisplayDestination(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayDestination(ruleChange.OldRule, reportType); + case 'I': return DisplayDestination(ruleChange.NewRule, reportType); + case 'C': return DisplayJsonArray("destination", DisplayArrayDiff(ListNetworkLocations(ruleChange.OldRule, reportType, false), + ListNetworkLocations(ruleChange.NewRule, reportType, false))); + default: return ""; + } + } + + public string DisplayServiceNegated(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayServiceNegated(ruleChange.OldRule.ServiceNegated); + case 'I': return DisplayServiceNegated(ruleChange.NewRule.ServiceNegated); + case 'C': return ruleChange.OldRule.ServiceNegated == ruleChange.NewRule.ServiceNegated ? + DisplayServiceNegated(ruleChange.NewRule.ServiceNegated) : + DisplayJsonString("service negated", DisplayDiff(ruleChange.OldRule.ServiceNegated.ToString().ToLower(), ruleChange.NewRule.ServiceNegated.ToString().ToLower())); + default: return ""; + } + } + + public string DisplayServices(RuleChange ruleChange, ReportType reportType) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayServices(ruleChange.OldRule, reportType); + case 'I': return DisplayServices(ruleChange.NewRule, reportType); + case 'C': return DisplayJsonArray("service", DisplayArrayDiff(ListServices(ruleChange.OldRule, reportType), + ListServices(ruleChange.NewRule, reportType))); + default: return ""; + } + } + + public string DisplayAction(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayAction(ruleChange.OldRule.Action); + case 'I': return DisplayAction(ruleChange.NewRule.Action); + case 'C': return DisplayAction(DisplayDiff(ruleChange.OldRule.Action, ruleChange.NewRule.Action)); + default: return ""; + } + } + + public string DisplayTrack(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayTrack(ruleChange.OldRule.Track); + case 'I': return DisplayTrack(ruleChange.NewRule.Track); + case 'C': return DisplayTrack(DisplayDiff(ruleChange.OldRule.Track, ruleChange.NewRule.Track)); + default: return ""; + } + } + + public string DisplayEnabled(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayEnabled(ruleChange.OldRule.Disabled); + case 'I': return DisplayEnabled(ruleChange.NewRule.Disabled); + case 'C': return ruleChange.OldRule.Disabled == ruleChange.NewRule.Disabled ? + DisplayEnabled(ruleChange.NewRule.Disabled) : + DisplayJsonString("disabled", DisplayDiff(ruleChange.OldRule.Disabled.ToString().ToLower(), ruleChange.NewRule.Disabled.ToString().ToLower())); + default: return ""; + } + } + + public string DisplayUid(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayUid(ruleChange.OldRule.Uid); + case 'I': return DisplayUid(ruleChange.NewRule.Uid); + case 'C': return DisplayUid(DisplayDiff(ruleChange.OldRule.Uid, ruleChange.NewRule.Uid)); + default: return ""; + } + } + + public string DisplayComment(RuleChange ruleChange) + { + switch (ruleChange.ChangeAction) + { + case 'D': return DisplayComment(ruleChange.OldRule.Comment); + case 'I': return DisplayComment(ruleChange.NewRule.Comment); + case 'C': return DisplayComment(DisplayDiff(ruleChange.OldRule.Comment, ruleChange.NewRule.Comment)); + default: return ""; + } + } + + private string? DisplayDiff(string? oldElement, string? newElement) + { + if (oldElement == newElement) + { + return oldElement; + } + else + { + return (oldElement != null && oldElement.Length > 0 ? $"{userConfig.GetText("deleted")}: {oldElement}{(newElement != null && newElement.Length > 0 ? ", " : "")}" : "") + + (newElement != null && newElement.Length > 0 ?$"{userConfig.GetText("added")}: {newElement}" : ""); + } + } + + private string DisplayArrayDiff(string oldElement, string newElement) + { + if (oldElement == newElement) + { + return oldElement; + } + else + { + List unchanged = new List(); + List added = new List(); + List deleted = new List(); + + oldElement = oldElement.Replace("\"", ""); + newElement = newElement.Replace("\"", ""); + AnalyzeElements(oldElement, newElement, ref unchanged, ref deleted, ref added); + + return string.Join(",", Array.ConvertAll(unchanged.ToArray(), elem => Quote(elem))) + (unchanged.Count > 0 && (deleted.Count > 0 || added.Count > 0 ) ? "," : "") + + (deleted.Count > 0 ? string.Join(",", Array.ConvertAll(deleted.ToArray(), elem => Quote($"{userConfig.GetText("deleted")}: {elem}"))) : "") + (deleted.Count > 0 && added.Count > 0 ? "," : "") + + (added.Count > 0 ? string.Join(",", Array.ConvertAll(added.ToArray(), elem => Quote($"{userConfig.GetText("added")}: {elem}"))) : ""); + } + } + } +} diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs index 0b96e3a8b..5b209faa8 100644 --- a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs +++ b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs @@ -1,13 +1,13 @@ -using FWO.Api.Data; +using System.Text; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Config.Api; -using System.Text; using FWO.Report.Filter; namespace FWO.Ui.Display { public class RuleDisplayBase { - protected StringBuilder? result; protected UserConfig userConfig; public RuleDisplayBase(UserConfig userConfig) @@ -15,29 +15,24 @@ public RuleDisplayBase(UserConfig userConfig) this.userConfig = userConfig; } - public string DisplayNumber(Rule rule, Rule[] rules) + public string DisplayNumber(Rule rule) { return rule.DisplayOrderNumber.ToString(); } public string DisplayName(Rule rule) { - return (rule.Name != null ? rule.Name : ""); + return rule.Name != null ? rule.Name : ""; } public string DisplaySourceZone(Rule rule) { - return (rule.SourceZone != null ? rule.SourceZone.Name : ""); + return rule.SourceZone != null ? rule.SourceZone.Name : ""; } public string DisplayDestinationZone(Rule rule) { - return (rule.DestinationZone != null ? rule.DestinationZone.Name : ""); - } - - public string DisplayIpRange(string Ip, string IpEnd) - { - return (Ip != null && Ip != "" ? $"{Ip}{(IpEnd != null && IpEnd != "" && IpEnd != Ip ? $"-{IpEnd}" : "")}" : ""); + return rule.DestinationZone != null ? rule.DestinationZone.Name : ""; } public string DisplayAction(Rule rule) @@ -52,12 +47,42 @@ public string DisplayTrack(Rule rule) public string DisplayUid(Rule rule) { - return (rule.Uid != null ? rule.Uid : ""); + return rule.Uid != null ? rule.Uid : ""; } public string DisplayComment(Rule rule) { - return (rule.Comment != null ? rule.Comment : ""); + return rule.Comment != null ? rule.Comment : ""; + } + + public StringBuilder DisplayNetworkLocation(NetworkLocation userNetworkObject, ReportType reportType, string? userName = null, string? objName = null) + { + StringBuilder result = new StringBuilder(); + + if (userNetworkObject.User != null && userNetworkObject.User.Id > 0) + { + result.Append($"{userName ?? userNetworkObject.User.Name}@"); + } + + if (!reportType.IsTechReport()) + { + result.Append($"{objName ?? userNetworkObject.Object.Name}"); + } + if (userNetworkObject.Object.Type.Name != ObjectType.Group) + { + bool showIpinBrackets = !reportType.IsTechReport(); + result.Append(NwObjDisplay.DisplayIp( + userNetworkObject.Object.IP, + userNetworkObject.Object.IpEnd, + userNetworkObject.Object.Type.Name, + showIpinBrackets)); + } + return result; + } + + public static StringBuilder DisplayService(NetworkService service, ReportType reportType, string? serviceName = null) + { + return DisplayBase.DisplayService(service, reportType.IsTechReport(), serviceName); } public StringBuilder RemoveLastChars(StringBuilder s, int count) @@ -67,5 +92,73 @@ public StringBuilder RemoveLastChars(StringBuilder s, int count) return s.Remove(s.ToString().Length - count, count); } + public string Quote(string? input) + { + return $"\"{input ?? ""}\""; + } + + public List getNetworkLocations(NetworkLocation[] locationArray) + { + HashSet collectedUserNetworkObjects = new HashSet(); + foreach (NetworkLocation networkObject in locationArray) + { + foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) + { + if (nwObject.Object != null && nwObject.Object.Type.Name != ObjectType.Group) // leave out group level altogether + { + collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); + } + } + } + List userNwObjectList = collectedUserNetworkObjects.ToList(); + userNwObjectList.Sort(); + return userNwObjectList; + } + + public List GetNetworkServices(ServiceWrapper[] serviceArray) + { + HashSet collectedServices = new HashSet(); + foreach (ServiceWrapper service in serviceArray) + { + foreach (GroupFlat nwService in service.Content.ServiceGroupFlats) + { + if (nwService.Object != null && nwService.Object.Type.Name != ObjectType.Group) + { + collectedServices.Add(nwService.Object); + } + } + } + List serviceList = collectedServices.ToList(); + serviceList.Sort(delegate (NetworkService x, NetworkService y) { return x.Name.CompareTo(y.Name); }); + return serviceList; + } + + protected void AnalyzeElements(string oldElement, string newElement, ref List unchanged, ref List deleted, ref List added) + { + string[] separatingStrings = { "," }; + string[] oldAr = oldElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); + string[] newAr = newElement.Split(separatingStrings, System.StringSplitOptions.RemoveEmptyEntries); + + foreach (var item in oldAr) + { + if (newAr.Contains(item)) + { + unchanged.Add(item); + } + else + { + string deletedItem = item; + deleted.Add(deletedItem); + } + } + foreach (var item in newAr) + { + if (!oldAr.Contains(item)) + { + string newItem = item; + added.Add(newItem); + } + } + } } } diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs index bc64d66b8..acb145f32 100644 --- a/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs +++ b/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs @@ -1,204 +1,163 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Config.Api; using System.Text; -using FWO.Report; using FWO.Report.Filter; +using System.Text.RegularExpressions; namespace FWO.Ui.Display { public class RuleDisplayCsv : RuleDisplayBase { - public RuleDisplayCsv(UserConfig userConfig) : base(userConfig) { } - public string DisplayReportHeader(ReportRules rules) - { - StringBuilder report = new StringBuilder(); - report.AppendLine($"# report type: {userConfig.GetText("resolved_rules_report")}"); - report.AppendLine($"# report generation date: {DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)"); - report.AppendLine($"# date of configuration shown: {DateTime.Parse(rules.Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)"); - report.AppendLine($"# device filter: {string.Join("; ", Array.ConvertAll(rules.Managements, management => management.NameAndDeviceNames()))}"); - report.AppendLine($"# other filters: {rules.Query.RawFilter}"); - report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en"); - report.AppendLine($"# data protection level: For internal use only"); - report.AppendLine($"#"); - report.AppendLine($"# rule CSV field names:"); - report.AppendLine($"# \"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source-negated\",\"source\",\"destination-zone\",\"destination-negated\",\"destination\",\"service-negated\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\""); - return $"{report.ToString()}"; - } - - public new string DisplayNumber(Rule rule, Rule[] rules) - { - return $"{rule.DisplayOrderNumber.ToString()},"; - } - public new string DisplayName(Rule rule) + + public string OutputCsv(string? input) { - return (rule.Name != null ? $"\"{rule.Name}\"," : ","); + return $"\"{input ?? ""}\","; } - public new string DisplaySourceZone(Rule rule) + + public string DisplayNumberCsv(Rule rule) { - return (rule.SourceZone != null ? $"\"{rule.SourceZone.Name}\"," : ","); + return OutputCsv(DisplayNumber(rule)); } - public new string DisplayDestinationZone(Rule rule) + public string DisplayNameCsv(Rule rule) { - return (rule.DestinationZone != null ? $"\"{rule.DestinationZone.Name}\"," : ","); + return OutputCsv(DisplayName(rule)); } - public new string DisplayAction(Rule rule) + public string DisplaySourceZoneCsv(Rule rule) { - return $"\"{rule.Action}\","; + return OutputCsv(DisplaySourceZone(rule)); } - public new string DisplayTrack(Rule rule) + public string DisplaySourceCsv(Rule rule, ReportType reportType) { - return $"\"{rule.Track}\","; + return OutputCsv(DisplaySource(rule, reportType)); } - public new string DisplayUid(Rule rule) + public string DisplayDestinationZoneCsv(Rule rule) { - return (rule.Uid != null ? $"\"{rule.Uid}\"," : ","); + return OutputCsv(DisplayDestinationZone(rule)); } - public new string DisplayComment(Rule rule) + public string DisplayDestinationCsv(Rule rule, ReportType reportType) { - return (rule.Comment != null ? $"\"{rule.Comment}\"," : ","); + return OutputCsv(DisplayDestination(rule, reportType)); } - public string DisplaySourceOrDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules, string side = "source") + public string DisplayServicesCsv(Rule rule, ReportType reportType) { - result = new StringBuilder(""); - if (side == "source") - result.Append($"{((rule.SourceNegated) ? "\"source-negated\"" : "")},"); - else if (side == "destination") - result.Append($"{((rule.DestinationNegated) ? "\"destination-negated\"" : "")},"); + return OutputCsv(DisplayServices(rule, reportType)); + } - if (reportType == ReportType.ResolvedRules || reportType == ReportType.ResolvedRulesTech) - { - HashSet collectedNetworkObjects = new HashSet(); - HashSet collectedUserNetworkObjects = new HashSet(); - if (side == "source") - { - foreach (NetworkLocation networkObject in rule.Froms) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } - else if (side == "destination") - { - foreach (NetworkLocation networkObject in rule.Tos) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } + public string DisplayActionCsv(Rule rule) + { + return OutputCsv(DisplayAction(rule)); + } - List userNwObjectList = collectedUserNetworkObjects.ToList(); - userNwObjectList.Sort(); + public string DisplayTrackCsv(Rule rule) + { + return OutputCsv(DisplayTrack(rule)); + } - StringBuilder cell = new StringBuilder(); - foreach (NetworkLocation networkLocation in userNwObjectList) - { - cell.Append(NetworkLocationToCsv(networkLocation, rule.MgmtId, location, style, reportType = reportType).ToString()); - } - cell.Remove(cell.ToString().Length - 2, 2); // get rid of final line break - result.Append($"\"{cell}\","); - } - return result.ToString(); + public string DisplayEnabledCsv(Rule rule) + { + return OutputCsv(DisplayEnabled(rule)); } - public string DisplaySource(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayUidCsv(Rule rule) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "source"); + return OutputCsv(DisplayUid(rule)); } - public string DisplayDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayCommentCsv(Rule rule) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "destination"); + return OutputCsv(DisplayComment(rule)); } + - private StringBuilder NetworkLocationToCsv(NetworkLocation userNetworkObject, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + public new string DisplayName(Rule rule) { - StringBuilder result = new StringBuilder(); + return (rule.Name != null ? SanitizeComment(rule.Name) : ""); + } - if (userNetworkObject.User?.Id != null) - { - result.Append($"{userNetworkObject.User.Name}@"); - } + public new string DisplayComment(Rule rule) + { + return (rule.Comment != null ? SanitizeComment(rule.Comment) : ""); + } + + public string DisplayEnabled(Rule rule) + { + return (rule.Disabled) ? "disabled" : "enabled"; + } - if (reportType != ReportType.ResolvedRulesTech) - { - result.Append($"{userNetworkObject.Object.Name}"); - result.Append(" ("); - } - result.Append(DisplayIpRange(userNetworkObject.Object.IP, userNetworkObject.Object.IpEnd)); - if (reportType != ReportType.ResolvedRulesTech) - { - result.Append(")"); - } - result.Append("\\n"); - return result; + public string DisplaySource(Rule rule, ReportType reportType) + { + return DisplaySourceOrDestination(rule, reportType, true); } - public string DisplayService(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayDestination(Rule rule, ReportType reportType) { - result = new StringBuilder(); - result.Append($"{((rule.ServiceNegated) ? "\"service-negated\"" : "")},"); + return DisplaySourceOrDestination(rule, reportType, false); + } - switch (reportType) + public string DisplayServices(Rule rule, ReportType reportType) + { + StringBuilder result = new StringBuilder(); + if (reportType.IsResolvedReport()) { - case ReportType.Rules: - case ReportType.Recertification: - break; - case ReportType.ResolvedRules: - case ReportType.ResolvedRulesTech: - HashSet collectedServices = new HashSet(); - foreach (ServiceWrapper service in rule.Services) - foreach (GroupFlat nwService in service.Content.ServiceGroupFlats) - if (nwService.Object != null && nwService.Object.Type.Name != "group") - collectedServices.Add(nwService.Object); - - List serviceList = collectedServices.ToList(); - serviceList.Sort(delegate (NetworkService x, NetworkService y) { return x.Name.CompareTo(y.Name); }); - - StringBuilder cell = new StringBuilder(); - foreach (NetworkService service in serviceList) - cell.Append(ServiceToCsv(service, rule.MgmtId, location, style, reportType = reportType).ToString()); - - cell.Remove(cell.ToString().Length - 2, 2); // get rid of final line break - result.Append($"\"{cell}\","); - break; + List displayedServices = new List(); + foreach (NetworkService service in GetNetworkServices(rule.Services)) + { + displayedServices.Add(DisplayService(service, reportType).ToString()); + } + + if(rule.ServiceNegated) + { + result.Append($"{userConfig.GetText("negated")}("); + } + result.Append(string.Join(",", displayedServices)); + if(rule.ServiceNegated) + { + result.Append(")"); + } } return result.ToString(); } - private StringBuilder ServiceToCsv(NetworkService service, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + + private string SanitizeComment(string inputString) { - StringBuilder result = new StringBuilder(); - if (reportType != ReportType.ResolvedRulesTech) - { - result.Append($"{service.Name}"); - if (service.DestinationPort != null) - result.Append(service.DestinationPort == service.DestinationPortEnd ? $" ({service.DestinationPort}/{service.Protocol?.Name})" - : $" ({service.DestinationPort}-{service.DestinationPortEnd}/{service.Protocol?.Name})"); - } - else - { - if (service.DestinationPort == null) - result.Append($"{service.Name}"); - else - result.Append(service.DestinationPort == service.DestinationPortEnd ? $"{service.DestinationPort}/{service.Protocol?.Name}" - : $"{service.DestinationPort}-{service.DestinationPortEnd}/{service.Protocol?.Name}"); - } - result.Append("\\n"); - return result; + string output = Regex.Replace(inputString, @"[""'']", "").Trim(); + output = Regex.Replace(output, @"[\n]", ", ").Trim(); + return output; } - public string DisplayEnabled(Rule rule, bool export = false) + private string DisplaySourceOrDestination(Rule rule, ReportType reportType , bool isSource) { - return $"\"{((rule.Disabled) ? "disabled" : "enabled")}\","; + StringBuilder result = new StringBuilder(""); + + if (reportType.IsResolvedReport()) + { + List displayedLocations = new List(); + foreach (NetworkLocation networkLocation in getNetworkLocations(isSource ? rule.Froms : rule.Tos)) + { + displayedLocations.Add(DisplayNetworkLocation(networkLocation, reportType).ToString()); + } + + if ((isSource && rule.SourceNegated) || (!isSource && rule.DestinationNegated)) + { + result.Append($"{userConfig.GetText("negated")}("); + } + result.Append(string.Join(",", displayedLocations)); + if ((isSource && rule.SourceNegated) || (!isSource && rule.DestinationNegated)) + { + result.Append(")"); + } + } + + return result.ToString(); } } } diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs index 446af3dea..5f59dbb66 100644 --- a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs +++ b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs @@ -1,209 +1,161 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Config.Api; using System.Text; +using FWO.Report; using FWO.Report.Filter; namespace FWO.Ui.Display { public class RuleDisplayHtml: RuleDisplayBase { - public RuleDisplayHtml(UserConfig userConfig) : base(userConfig) {} - public string DisplaySourceOrDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules, string side = "source") + public string DisplaySource(Rule rule, OutputLocation location, ReportType reportType, string style = "") { - if (location=="certification") - reportType=ReportType.Rules; - result = new StringBuilder(); - result.AppendLine("

    "); - if (side=="source") + return DisplaySourceOrDestination(rule, location, reportType, style, true); + } + + public string DisplayDestination(Rule rule, OutputLocation location, ReportType reportType, string style = "") + { + return DisplaySourceOrDestination(rule, location, reportType, style, false); + } + + public string DisplayServices(Rule rule, OutputLocation location, ReportType reportType, string style = "") + { + StringBuilder result = new StringBuilder(); + if (rule.ServiceNegated) { - if (rule.SourceNegated) - result.AppendLine(userConfig.GetText("anything_but") + "
    "); + result.AppendLine(userConfig.GetText("negated") + "
    "); } - else if (side=="destination") + + if(reportType.IsResolvedReport()) { - if (rule.DestinationNegated) - result.AppendLine(userConfig.GetText("anything_but") + "
    "); + NetworkService[] services = GetNetworkServices(rule.Services).ToArray(); + result.AppendJoin("
    ", Array.ConvertAll(services, service => ServiceToHtml(service, rule.MgmtId, location, style, reportType))); } - - switch (reportType) + else { - case ReportType.Rules: - case ReportType.NatRules: - case ReportType.Recertification: - if (side == "source") - { - foreach (NetworkLocation networkLocation in rule.Froms) - result.Append(NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style)); - } - else if (side == "destination") - { - foreach (NetworkLocation networkLocation in rule.Tos) - result.Append(NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style)); - } - break; - case ReportType.ResolvedRules: - case ReportType.ResolvedRulesTech: - HashSet collectedNetworkObjects = new HashSet(); - HashSet collectedUserNetworkObjects = new HashSet(); - if (side == "source") - { - foreach (NetworkLocation networkObject in rule.Froms) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } - else if (side == "destination") - { - foreach (NetworkLocation networkObject in rule.Tos) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } - - List userNwObjectList = collectedUserNetworkObjects.ToList(); - userNwObjectList.Sort(); - - foreach (NetworkLocation networkLocation in userNwObjectList) - result.Append(NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style, reportType=reportType)); - break; + result.AppendJoin("
    ", Array.ConvertAll(rule.Services, service => ServiceToHtml(service.Content, rule.MgmtId, location, style, reportType))); } - result.AppendLine("

    "); return result.ToString(); } - public string DisplaySource(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayEnabled(Rule rule, OutputLocation location) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "source"); + if (location == OutputLocation.export) + { + return $"{(rule.Disabled ? "N" : "Y")}"; + } + else + { + return $"
    "; + } } - public string DisplayDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayNextRecert(Rule rule) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "destination"); + int count = 0; + return string.Join("", Array.ConvertAll(rule.Metadata.RuleRecertification.ToArray(), recert => getNextRecertDateString(countString(rule.Metadata.RuleRecertification.Count > 1, ++count), recert).ToString())); } - private StringBuilder NetworkLocationToHtml(NetworkLocation userNetworkObject, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + public string DisplayOwner(Rule rule) { - string nwobjLink = ""; - string symbol = "oi oi-wrench"; - StringBuilder result = new StringBuilder(); - if (userNetworkObject.Object.Type.Name == "group") - symbol = "oi oi-list-rich"; - else if (userNetworkObject.Object.Type.Name == "network") - symbol = "oi oi-rss"; - else if (userNetworkObject.Object.Type.Name == "ip_range") - symbol = "oi oi-resize-width"; - else - symbol = "oi oi-monitor"; - - if (userNetworkObject.User?.Id != null) - { - if (reportType==ReportType.ResolvedRulesTech) - result.Append($"{userNetworkObject.User.Name}@"); - else - { - string userLink = location == "" ? $"user{userNetworkObject.User.Id}" : $"goto-report-m{mgmtId}-user{userNetworkObject.User.Id}"; - result.Append($" {userNetworkObject.User.Name}@"); - } - } + int count = 0; + return string.Join("", Array.ConvertAll(rule.Metadata.RuleRecertification.ToArray(), recert => getOwnerDisplayString(countString(rule.Metadata.RuleRecertification.Count > 1, ++count), recert).ToString())); + } - nwobjLink = location == "" ? $"nwobj{userNetworkObject.Object.Id}" : $"goto-report-m{mgmtId}-nwobj{userNetworkObject.Object.Id}"; + public string DisplayRecertIpMatches(Rule rule) + { + int count = 0; + return string.Join("", Array.ConvertAll(rule.Metadata.RuleRecertification.ToArray(), recert => getIpMatchDisplayString(countString(rule.Metadata.RuleRecertification.Count > 1, ++count), recert).ToString())); + } - if (reportType==ReportType.Rules || reportType==ReportType.ResolvedRules || reportType==ReportType.NatRules) - { - result.Append($" {userNetworkObject.Object.Name}"); - if (userNetworkObject.Object.Type.Name != "group") - result.Append(" ("); - } - result.Append(DisplayIpRange(userNetworkObject.Object.IP, userNetworkObject.Object.IpEnd)); - if (userNetworkObject.Object.Type.Name != "group" && (reportType==ReportType.Rules || reportType==ReportType.ResolvedRules || reportType==ReportType.NatRules)) - result.Append(")"); - result.AppendLine("
    "); - return result; + public string DisplayLastHit(Rule rule) + { + if (rule.Metadata.LastHit == null) + return ""; + else + return DateOnly.FromDateTime((DateTime)rule.Metadata.LastHit).ToString("yyyy-MM-dd"); //rule.Metadata.LastHit.ToString("yyyy-MM-dd"); } - public string DisplayService(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayLastRecertifier(Rule rule) { - if (location=="certification") - reportType=ReportType.Rules; - result = new StringBuilder(); - result.AppendLine("

    "); - if (rule.ServiceNegated) - result.AppendLine(userConfig.GetText("anything_but") + "
    "); + int count = 0; + return string.Join("", Array.ConvertAll(rule.Metadata.RuleRecertification.ToArray(), recert => getLastRecertifierDisplayString(countString(rule.Metadata.RuleRecertification.Count > 1, ++count), recert).ToString())); + } - switch (reportType) - { - case ReportType.Rules: - case ReportType.NatRules: - case ReportType.Recertification: - foreach (ServiceWrapper service in rule.Services) - result.Append(ServiceToHtml(service.Content, rule.MgmtId, location, style, reportType=reportType)); - break; - case ReportType.ResolvedRules: - case ReportType.ResolvedRulesTech: - HashSet collectedServices = new HashSet(); - foreach (ServiceWrapper service in rule.Services) - foreach (GroupFlat nwService in service.Content.ServiceGroupFlats) - if (nwService.Object != null && nwService.Object.Type.Name != "group") - collectedServices.Add(nwService.Object); - - List serviceList = collectedServices.ToList(); - serviceList.Sort(delegate (NetworkService x, NetworkService y) { return x.Name.CompareTo(y.Name); }); - - foreach (NetworkService service in serviceList) - result.Append(ServiceToHtml(service, rule.MgmtId, location, style, reportType=reportType)); - break; - } - result.AppendLine("

    "); - return result.ToString(); + protected string NetworkLocationToHtml(NetworkLocation networkLocation, int mgmtId, OutputLocation location, string style, ReportType reportType) + { + return DisplayNetworkLocation(networkLocation, reportType, + reportType.IsResolvedReport() || networkLocation.User == null ? null : + ReportDevicesBase.ConstructLink(ObjCatString.User, ReportBase.GetIconClass(ObjCategory.user, networkLocation.User?.Type.Name), networkLocation.User!.Id, networkLocation.User.Name, location, mgmtId, style), + reportType.IsResolvedReport() ? null : + ReportDevicesBase.ConstructLink(ObjCatString.NwObj, ReportBase.GetIconClass(ObjCategory.nobj, networkLocation.Object.Type.Name), networkLocation.Object.Id, networkLocation.Object.Name, location, mgmtId, style) + ).ToString(); } - private StringBuilder ServiceToHtml(NetworkService service, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + + protected string ServiceToHtml(NetworkService service, int mgmtId, OutputLocation location, string style, ReportType reportType) + { + return DisplayService(service, reportType, reportType.IsResolvedReport() ? null : + ReportDevicesBase.ConstructLink(ObjCatString.Svc, ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style)).ToString(); + } + + private string DisplaySourceOrDestination(Rule rule, OutputLocation location, ReportType reportType, string style, bool isSource) { - string link = ""; - string symbol = "oi oi-wrench"; StringBuilder result = new StringBuilder(); - if (service.Type.Name == "group") - symbol = "oi oi-list-rich"; - else - symbol = "oi oi-wrench"; - link = location == "" ? $"svc{service.Id}" : $"goto-report-m{mgmtId}-svc{service.Id}"; - if (reportType==ReportType.Rules || reportType==ReportType.ResolvedRules || reportType==ReportType.NatRules || reportType==ReportType.Recertification) - result.Append($" {service.Name}"); + if ((isSource && rule.SourceNegated) ||(!isSource && rule.DestinationNegated)) + { + result.AppendLine(userConfig.GetText("negated") + "
    "); + } - if (service.DestinationPort != null) + if(reportType.IsResolvedReport()) { - if (reportType==ReportType.Rules || reportType==ReportType.ResolvedRules || reportType==ReportType.NatRules || reportType==ReportType.Recertification) - result.Append(" ("); - result.Append(service.DestinationPort == service.DestinationPortEnd ? $"{service.DestinationPort}/{service.Protocol?.Name}" - : $" {service.DestinationPort}-{service.DestinationPortEnd}/{service.Protocol?.Name}"); - if (reportType==ReportType.Rules || reportType==ReportType.ResolvedRules) - result.Append(")"); + NetworkLocation[] userNwObjects = getNetworkLocations(isSource ? rule.Froms : rule.Tos).ToArray(); + result.AppendJoin("
    ", Array.ConvertAll(userNwObjects, networkLocation => NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style, reportType))); } - else if (reportType==ReportType.ResolvedRulesTech) + else { - // if no port can be displayed, use the service name as fall-back - result.Append($"{service.Name}"); + result.AppendJoin("
    ", Array.ConvertAll(isSource ? rule.Froms : rule.Tos, networkLocation => NetworkLocationToHtml(networkLocation, rule.MgmtId, location, style, reportType))); } - result.AppendLine("
    "); - return result; + + return result.ToString(); } - public string DisplayEnabled(Rule rule, bool export = false) + private string getNextRecertDateString (string countString, Recertification recert) { - if (export) + string color = ""; + string dateOnly = "-"; + if (recert.NextRecertDate != null) { - return $"{(rule.Disabled ? "N" : "Y")}"; - } - else - { - return $"
    "; + dateOnly = DateOnly.FromDateTime((DateTime)recert.NextRecertDate).ToString("yyyy-MM-dd"); + if(recert.NextRecertDate < DateTime.Now) + { + color = " style=\"color: red;\""; + } } + return "" + countString + dateOnly + "

    "; + } + + private string getOwnerDisplayString (string countString, Recertification recert) + { + return "

    " + countString + (recert.FwoOwner != null && recert.FwoOwner?.Name != null ? recert.FwoOwner.Name : "") + "

    "; + } + + private string getIpMatchDisplayString (string countString, Recertification recert) + { + return "

    " + countString + (recert.IpMatch != null && recert.IpMatch != "" ? recert.IpMatch : "‐") + "

    "; + } + + private string getLastRecertifierDisplayString (string countString, Recertification recert) + { + return "

    " + countString + "

    "; // TODO: fetch last recertifier + } + + private string countString(bool multipleOwners, int ownerCounter) + { + return multipleOwners ? ownerCounter.ToString() + ". " : ""; } } } diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs index 983543f7b..119b82fac 100644 --- a/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs +++ b/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs @@ -1,218 +1,132 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Config.Api; -using System.Text; using FWO.Report.Filter; namespace FWO.Ui.Display { public class RuleDisplayJson : RuleDisplayBase { - public RuleDisplayJson(UserConfig userConfig) : base(userConfig) { } - public new string DisplayNumber(Rule rule, Rule[] rules) + + public string DisplayJsonPlain(string tag, string? value) { - return $"\"number\": {rule.DisplayOrderNumber.ToString()},"; + return (value != null ? $"\"{tag}\": {value}," : ""); } - public new string DisplayName(Rule rule) + + public string DisplayJsonString(string tag, string? value) { - return (rule.Name != null ? $"\"name\": \"{rule.Name}\"," : ""); + return (value != null ? $"\"{tag}\": \"{value}\"," : ""); } - public new string DisplaySourceZone(Rule rule) + + public string DisplayJsonArray(string tag, string? value) { - return (rule.SourceZone != null ? $"\"source zone\": \"{rule.SourceZone.Name}\"," : ""); + return (value != null ? $"\"{tag}\": [{value}]," : ""); } - public new string DisplayDestinationZone(Rule rule) + + public new string DisplayNumber(Rule rule) { - return (rule.DestinationZone != null ? $"\"destination zone\": \"{rule.DestinationZone.Name}\"," : ""); + return DisplayJsonPlain("number", rule.DisplayOrderNumber.ToString()); } - public new string DisplayAction(Rule rule) + public string DisplayName(string? name) { - return $"\"action\": \"{rule.Action}\","; + return DisplayJsonString("name", name); } - public new string DisplayTrack(Rule rule) + public string DisplaySourceZone(string? sourceZone) { - return $"\"tracking\": \"{rule.Track}\","; + return DisplayJsonString("source zone", sourceZone); } - public new string DisplayUid(Rule rule) + public string DisplaySourceNegated(bool sourceNegated) { - return (rule.Uid != null ? $"\"rule uid\": \"{rule.Uid}\"," : ""); + return DisplayJsonPlain("source negated", sourceNegated.ToString().ToLower()); } - public new string DisplayComment(Rule rule) + public string DisplaySource(Rule rule, ReportType reportType) { - return (rule.Comment != null ? $"\"comment\": \"{rule.Comment}\"," : ""); + return DisplayJsonArray("source", ListNetworkLocations(rule, reportType, true)); } - public string DisplaySourceOrDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules, string side = "source") + public string DisplayDestinationZone(string? destinationZone) { - result = new StringBuilder(); - if (side=="source") - { - if (rule.SourceNegated) - result.AppendLine($"\"{side} negated\": {rule.SourceNegated.ToString().ToLower()},"); - } - else if (side=="destination") - { - if (rule.DestinationNegated) - result.AppendLine($"\"{side} negated\": {rule.DestinationNegated.ToString().ToLower()},"); - } - - result.Append($"\"{side}\": ["); + return DisplayJsonString("destination zone", destinationZone); + } - switch (reportType) - { - case ReportType.Rules: - case ReportType.Recertification: - if (side == "source") - { - foreach (NetworkLocation networkLocation in rule.Froms) - result.Append(NetworkLocationToJson(networkLocation, rule.MgmtId, location, style)); - } - else if (side == "destination") - { - foreach (NetworkLocation networkLocation in rule.Tos) - result.Append(NetworkLocationToJson(networkLocation, rule.MgmtId, location, style)); - } - break; - case ReportType.ResolvedRules: - case ReportType.ResolvedRulesTech: - HashSet collectedNetworkObjects = new HashSet(); - HashSet collectedUserNetworkObjects = new HashSet(); - if (side == "source") - { - foreach (NetworkLocation networkObject in rule.Froms) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } - else if (side == "destination") - { - foreach (NetworkLocation networkObject in rule.Tos) - { - foreach (GroupFlat nwObject in networkObject.Object.ObjectGroupFlats) - if (nwObject.Object != null && nwObject.Object.Type.Name != "group") // leave out group level altogether - collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object)); - } - } - - List userNwObjectList = collectedUserNetworkObjects.ToList(); - userNwObjectList.Sort(); - - StringBuilder cell = new StringBuilder(); - foreach (NetworkLocation networkLocation in userNwObjectList) - { - cell.Append(NetworkLocationToJson(networkLocation, rule.MgmtId, location, style, reportType=reportType).ToString()); - } - cell.Remove(cell.ToString().Length - 1, 1); // get rid of final comma - result.Append($"{cell}],"); - break; - } - return result.ToString(); + public string DisplayDestinationNegated(bool destinationNegated) + { + return DisplayJsonPlain("destination negated", destinationNegated.ToString().ToLower()); } - public string DisplaySource(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayDestination(Rule rule, ReportType reportType) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "source"); + return DisplayJsonArray("destination", ListNetworkLocations(rule, reportType, false)); } - public string DisplayDestination(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayServiceNegated(bool serviceNegated) { - return DisplaySourceOrDestination(rule, style, location, reportType, side: "destination"); + return DisplayJsonPlain("service negated", serviceNegated.ToString().ToLower()); } - private StringBuilder NetworkLocationToJson(NetworkLocation userNetworkObject, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + public string DisplayServices(Rule rule, ReportType reportType) { - StringBuilder result = new StringBuilder(); + return DisplayJsonArray("service", ListServices(rule, reportType)); + } - result.Append("\""); - if (userNetworkObject.User?.Id != null) - { - result.Append($"{userNetworkObject.User.Name}@"); - } + public string DisplayAction(string? action) + { + return DisplayJsonString("action", action); + } - if (reportType!=ReportType.ResolvedRulesTech) - { - result.Append($"{userNetworkObject.Object.Name}"); - result.Append(" ("); - } - result.Append(DisplayIpRange(userNetworkObject.Object.IP, userNetworkObject.Object.IpEnd)); - if (reportType!=ReportType.ResolvedRulesTech) - { - result.Append(")"); - } - result.Append("\","); - return result; + public string DisplayTrack(string? track) + { + return DisplayJsonString("tracking", track); } - public string DisplayService(Rule rule, string style = "", string location = "report", ReportType reportType = ReportType.Rules) + public string DisplayUid(string? uid) { - result = new StringBuilder(); - if (rule.ServiceNegated) - result.AppendLine($"\"service negated\": {rule.ServiceNegated.ToString().ToLower()},"); + return DisplayJsonString("rule uid", uid); + } - result.Append($"\"service\": ["); + public string DisplayEnabled(bool disabled) + { + return DisplayJsonPlain("disabled", disabled.ToString().ToLower()); + } - switch (reportType) - { - case ReportType.Rules: - case ReportType.Recertification: - foreach (ServiceWrapper service in rule.Services) - result.Append(ServiceToJson(service.Content, rule.MgmtId, location, style)); - break; - case ReportType.ResolvedRules: - case ReportType.ResolvedRulesTech: - HashSet collectedServices = new HashSet(); - foreach (ServiceWrapper service in rule.Services) - foreach (GroupFlat nwService in service.Content.ServiceGroupFlats) - if (nwService.Object != null && nwService.Object.Type.Name != "group") - collectedServices.Add(nwService.Object); - - List serviceList = collectedServices.ToList(); - serviceList.Sort(delegate (NetworkService x, NetworkService y) { return x.Name.CompareTo(y.Name); }); - - StringBuilder cell = new StringBuilder(); - foreach (NetworkService service in serviceList) - cell.Append(ServiceToJson(service, rule.MgmtId, location, style, reportType=reportType).ToString()); - - cell.Remove(cell.ToString().Length - 1, 1); // get rid of final comma - result.Append($"{cell}],"); - break; - } - return result.ToString(); + public string DisplayComment(string? comment) + { + return DisplayJsonString("comment", comment); } - private StringBuilder ServiceToJson(NetworkService service, int mgmtId, string location = "", string style = "", ReportType reportType = ReportType.Rules) + + protected string ListNetworkLocations(Rule rule, ReportType reportType, bool isSource) { - StringBuilder result = new StringBuilder(); - result.Append("\""); - if (reportType != ReportType.ResolvedRulesTech) + if (reportType.IsResolvedReport()) { - result.Append($"{service.Name}"); - if (service.DestinationPort != null) - result.Append(service.DestinationPort == service.DestinationPortEnd ? $" ({service.DestinationPort}/{service.Protocol?.Name})" - : $" ({service.DestinationPort}-{service.DestinationPortEnd}/{service.Protocol?.Name})"); + List displayedLocations = new List(); + foreach (NetworkLocation networkLocation in getNetworkLocations(isSource ? rule.Froms : rule.Tos)) + { + displayedLocations.Add(Quote(DisplayNetworkLocation(networkLocation, reportType).ToString())); + } + return string.Join(",", displayedLocations); } - else - { - if (service.DestinationPort == null) - result.Append($"{service.Name}"); - else - result.Append(service.DestinationPort == service.DestinationPortEnd ? $"{service.DestinationPort}/{service.Protocol?.Name}" - : $"{service.DestinationPort}-{service.DestinationPortEnd}/{service.Protocol?.Name}"); - } - result.Append("\","); - return result; + return ""; } - public string DisplayEnabled(Rule rule, bool export = false) + protected string ListServices(Rule rule, ReportType reportType) { - return $"\"disabled\": {rule.Disabled.ToString().ToLower()},"; + if (reportType.IsResolvedReport()) + { + List displayedServices = new List(); + foreach (NetworkService service in GetNetworkServices(rule.Services)) + { + displayedServices.Add(Quote(DisplayService(service, reportType).ToString())); + } + return(string.Join(",", displayedServices)); + } + return ""; } } } diff --git a/roles/lib/files/FWO.Report/FWO.Report.csproj b/roles/lib/files/FWO.Report/FWO.Report.csproj index 2c447419c..c2cdf7173 100644 --- a/roles/lib/files/FWO.Report/FWO.Report.csproj +++ b/roles/lib/files/FWO.Report/FWO.Report.csproj @@ -1,18 +1,19 @@  - net6.0 + net8.0 enable enable - + + diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs index 954a99ee9..2cc7eaa28 100644 --- a/roles/lib/files/FWO.Report/ReportBase.cs +++ b/roles/lib/files/FWO.Report/ReportBase.cs @@ -1,17 +1,48 @@ -using FWO.Api.Client; -using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Client; using FWO.Api.Data; using FWO.Report.Filter; using FWO.Config.Api; -using System.Text.Json; using System.Text; using WkHtmlToPdfDotNet; namespace FWO.Report { + public enum RsbTab + { + all = 10, + report = 20, + rule = 30, + + usedObj = 40, + unusedObj = 50 + } + + public enum ObjCategory + { + all = 0, + nobj = 1, + nsrv = 2, + user = 3 + } + + public struct ObjCatString + { + public const string NwObj = "nwobj"; + public const string Svc = "svc"; + public const string User = "user"; + } + + public enum OutputLocation + { + export, + report, + certification + } + public abstract class ReportBase { - protected StringBuilder HtmlTemplate = new StringBuilder($@" + protected StringBuilder HtmlTemplate = new ($@" @@ -41,25 +72,26 @@ public abstract class ReportBase

    ##Title##

    -

    Filter: ##Filter##

    ##Date-of-Config##: ##GeneratedFor## (UTC)

    ##GeneratedOn##: ##Date## (UTC)

    -

    Devices: ##DeviceFilter##

    +

    ##OtherFilters##

    +

    ##Filter##

    ##Body## "); - public Management[] Managements = new Management[] { }; - public readonly DynGraphqlQuery Query; protected UserConfig userConfig; public ReportType ReportType; + public ReportData ReportData = new(); - private string htmlExport = ""; + protected string htmlExport = ""; // Pdf converter - protected static readonly SynchronizedConverter converter = new SynchronizedConverter(new PdfTools()); + protected static readonly SynchronizedConverter converter = new (new PdfTools()); + public bool GotObjectsInReport { get; protected set; } = false; + public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) { @@ -68,57 +100,119 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor ReportType = reportType; } - public abstract Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct); + public abstract Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct); - public bool GotObjectsInReport { get; protected set; } = false; + public abstract Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback); // to be called when exporting - public abstract Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback); // to be called when exporting + public virtual Task GetObjectsForManagementInReport(Dictionary objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) + { + throw new NotImplementedException(); + } - public abstract Task GetObjectsForManagementInReport(Dictionary objQueryVariables, byte objects, int maxFetchCycles, ApiConnection apiConnection, Func callback); + public virtual bool NoRuleFound() + { + return true; + } public abstract string ExportToCsv(); - public virtual string ExportToJson() - { - return JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true }); - } + public abstract string ExportToJson(); public abstract string ExportToHtml(); - public virtual string SetDescription() + public abstract string SetDescription(); + + public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig userConfig) { - int managementCounter = 0; - foreach (var management in Managements.Where(mgt => !mgt.Ignore)) + DynGraphqlQuery query = Compiler.Compile(reportFilter); + ReportType repType = (ReportType)reportFilter.ReportParams.ReportType; + return repType switch { - managementCounter++; - } - return $"{managementCounter} {userConfig.GetText("managements")}"; + ReportType.Statistics => new ReportStatistics(query, userConfig, repType), + ReportType.Rules => new ReportRules(query, userConfig, repType), + ReportType.ResolvedRules => new ReportRules(query, userConfig, repType), + ReportType.ResolvedRulesTech => new ReportRules(query, userConfig, repType), + ReportType.Changes => new ReportChanges(query, userConfig, repType), + ReportType.ResolvedChanges => new ReportChanges(query, userConfig, repType), + ReportType.ResolvedChangesTech => new ReportChanges(query, userConfig, repType), + ReportType.NatRules => new ReportNatRules(query, userConfig, repType), + ReportType.Recertification => new ReportRules(query, userConfig, repType), + ReportType.UnusedRules => new ReportRules(query, userConfig, repType), + ReportType.Connections => new ReportConnections(query, userConfig, repType), + _ => throw new NotSupportedException("Report Type is not supported."), + }; + } + + public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, string reportId, string style) + { + string link = location == OutputLocation.export ? $"#" : $"{location}/generation#goto-report-{reportId}-"; + return $" {name}"; } - protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport) + protected string GenerateHtmlFrameBase(string title, string filter, DateTime date, StringBuilder htmlReport, string? deviceFilter = null, string? ownerFilter = null) { if (string.IsNullOrEmpty(htmlExport)) { HtmlTemplate = HtmlTemplate.Replace("##Title##", title); - HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter); + HtmlTemplate = HtmlTemplate.Replace("##Filter##", userConfig.GetText("filter") + ": " + filter); HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on")); HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")); - HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config")); - HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")); - HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(Managements, management => management.NameAndDeviceNames()))); + if(ReportType.IsChangeReport()) + { + string timeRange = $"{userConfig.GetText("change_time")}: " + + $"{userConfig.GetText("from")}: {ToUtcString(Query.QueryVariables["start"]?.ToString())}, " + + $"{userConfig.GetText("until")}: {ToUtcString(Query.QueryVariables["stop"]?.ToString())}"; + HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##: ##GeneratedFor##", timeRange); + } + else if(ReportType.IsRuleReport() || ReportType == ReportType.Statistics) + { + HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config")); + HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString)); + } + else + { + HtmlTemplate = HtmlTemplate.Replace("

    ##Date-of-Config##: ##GeneratedFor## (UTC)

    ", ""); + } + + if(deviceFilter != null) + { + HtmlTemplate = HtmlTemplate.Replace("##OtherFilters##", userConfig.GetText("devices") + ": " + deviceFilter); + } + else if (ownerFilter != null) + { + HtmlTemplate = HtmlTemplate.Replace("##OtherFilters##", userConfig.GetText("owners") + ": " + ownerFilter); + } + else + { + HtmlTemplate = HtmlTemplate.Replace("

    ##OtherFilters##

    ", ""); + } HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString()); htmlExport = HtmlTemplate.ToString(); } return htmlExport; } + public static string ToUtcString(string? timestring) + { + try + { + return timestring != null ? DateTime.Parse(timestring).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK") : ""; + } + catch(Exception) + { + return timestring ?? ""; + } + } + public virtual byte[] ToPdf(PaperKind paperKind, int width = -1, int height = -1) { // HTML if (string.IsNullOrEmpty(htmlExport)) + { htmlExport = ExportToHtml(); + } - GlobalSettings globalSettings = new GlobalSettings + GlobalSettings globalSettings = new () { ColorMode = ColorMode.Color, Orientation = Orientation.Landscape, @@ -140,7 +234,7 @@ public virtual byte[] ToPdf(PaperKind paperKind, int width = -1, int height = -1 globalSettings.PaperSize = paperKind; } - HtmlToPdfDocument doc = new HtmlToPdfDocument() + HtmlToPdfDocument doc = new () { GlobalSettings = globalSettings, Objects = @@ -158,29 +252,23 @@ public virtual byte[] ToPdf(PaperKind paperKind, int width = -1, int height = -1 return converter.Convert(doc); } - public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig userConfig) + public static string GetIconClass(ObjCategory? objCategory, string? objType) { - DynGraphqlQuery query = Compiler.Compile(reportFilter); - ReportType repType = (ReportType) reportFilter.ReportParams.ReportType; - return repType switch + return objType switch { - ReportType.Statistics => new ReportStatistics(query, userConfig, repType), - ReportType.Rules => new ReportRules(query, userConfig, repType), - ReportType.ResolvedRules => new ReportRules(query, userConfig, repType), - ReportType.ResolvedRulesTech => new ReportRules(query, userConfig, repType), - ReportType.Changes => new ReportChanges(query, userConfig, repType), - ReportType.NatRules => new ReportNatRules(query, userConfig, repType), - ReportType.Recertification => new ReportRules(query, userConfig, repType), - _ => throw new NotSupportedException("Report Type is not supported."), + ObjectType.Group when objCategory == ObjCategory.user => Icons.UserGroup, + ObjectType.Group => Icons.ObjGroup, + ObjectType.Host => Icons.Host, + ObjectType.Network => Icons.Network, + ObjectType.IPRange => Icons.Range, + _ => objCategory switch + { + ObjCategory.nobj => Icons.NwObject, + ObjCategory.nsrv => Icons.Service, + ObjCategory.user => Icons.User, + _ => "", + }, }; } - - public async Task getRelevantImportIds(ApiConnection apiConnection) - { - Dictionary ImpIdQueryVariables = new Dictionary(); - ImpIdQueryVariables["time"] = (Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat)); - ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds; - return await apiConnection.SendQueryAsync(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables); - } } } diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs index 19f5a237e..e042e46a3 100644 --- a/roles/lib/files/FWO.Report/ReportChanges.cs +++ b/roles/lib/files/FWO.Report/ReportChanges.cs @@ -1,39 +1,29 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using System.Text; using FWO.Api.Client; using FWO.Report.Filter; using FWO.Ui.Display; using FWO.Config.Api; using FWO.Logging; +using System.Text.Json; +using Newtonsoft.Json; namespace FWO.Report { - public class ReportChanges : ReportBase + public class ReportChanges : ReportDevicesBase { - public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { } - - public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) - { - await callback(Managements); - // currently no further objects to be fetched - GotObjectsInReport = true; - return true; - } - - public override Task GetObjectsForManagementInReport(Dictionary objQueryVariables, byte objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) - { - throw new NotImplementedException(); - } + private const int ColumnCount = 13; + public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {} - public override async Task Generate(int changesPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct) + public override async Task Generate(int changesPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct) { Query.QueryVariables["limit"] = changesPerFetch; Query.QueryVariables["offset"] = 0; bool gotNewObjects = true; - Managements = Array.Empty(); - Managements = await apiConnection.SendQueryAsync(Query.FullQuery, Query.QueryVariables); + ReportData.ManagementData = await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables); while (gotNewObjects) { @@ -43,24 +33,37 @@ public override async Task Generate(int changesPerFetch, ApiConnection apiConnec ct.ThrowIfCancellationRequested(); } Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + changesPerFetch; - gotNewObjects = Managements.Merge(await apiConnection.SendQueryAsync(Query.FullQuery, Query.QueryVariables)); - await callback(Managements); + gotNewObjects = ReportData.ManagementData.Merge(await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables)); + await callback(ReportData); } } + public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) + { + await callback(ReportData); + // currently no further objects to be fetched + GotObjectsInReport = true; + return true; + } + + public override Task GetObjectsForManagementInReport(Dictionary objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) + { + throw new NotImplementedException(); + } + public override string SetDescription() { int managementCounter = 0; int deviceCounter = 0; int ruleChangeCounter = 0; - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && + foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0))) { managementCounter++; - foreach (Device device in management.Devices.Where(dev => dev.RuleChanges != null && dev.RuleChanges.Length > 0)) + foreach (var device in management.Devices.Where(dev => dev.RuleChanges != null && dev.RuleChanges.Length > 0)) { deviceCounter++; - ruleChangeCounter += device.RuleChanges.Length; + ruleChangeCounter += device.RuleChanges!.Length; } } return $"{managementCounter} {userConfig.GetText("managements")}, {deviceCounter} {userConfig.GetText("gateways")}, {ruleChangeCounter} {userConfig.GetText("changes")}"; @@ -68,33 +71,64 @@ public override string SetDescription() public override string ExportToCsv() { - StringBuilder csvBuilder = new StringBuilder(); - - foreach (Management management in Managements.Where(mgt => !mgt.Ignore)) + if (ReportType.IsResolvedReport()) { - //foreach (var item in collection) - //{ + StringBuilder report = new StringBuilder(); + RuleChangeDisplayCsv ruleChangeDisplayCsv = new RuleChangeDisplayCsv(userConfig); - //} - } + report.Append(DisplayReportHeaderCsv()); + report.AppendLine($"\"management-name\",\"device-name\",\"change-time\",\"change-type\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\""); - throw new NotImplementedException(); + foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && + Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0))) + { + foreach (var gateway in management.Devices) + { + if (gateway.RuleChanges != null && gateway.RuleChanges.Length > 0) + { + foreach (var ruleChange in gateway.RuleChanges) + { + report.Append(ruleChangeDisplayCsv.OutputCsv(management.Name)); + report.Append(ruleChangeDisplayCsv.OutputCsv(gateway.Name)); + report.Append(ruleChangeDisplayCsv.DisplayChangeTime(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayChangeAction(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayName(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplaySourceZone(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplaySource(ruleChange, ReportType)); + report.Append(ruleChangeDisplayCsv.DisplayDestinationZone(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayDestination(ruleChange, ReportType)); + report.Append(ruleChangeDisplayCsv.DisplayServices(ruleChange, ReportType)); + report.Append(ruleChangeDisplayCsv.DisplayAction(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayTrack(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayEnabled(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayUid(ruleChange)); + report.Append(ruleChangeDisplayCsv.DisplayComment(ruleChange)); + report = ruleChangeDisplayCsv.RemoveLastChars(report, 1); // remove last chars (comma) + report.AppendLine(""); + } + } + } + } + return report.ToString(); + } + else + { + throw new NotImplementedException(); + } } - private const int ColumnCount = 13; - public override string ExportToHtml() { StringBuilder report = new StringBuilder(); - RuleChangeDisplay ruleChangeDisplay = new RuleChangeDisplay(userConfig); + RuleChangeDisplayHtml ruleChangeDisplayHtml = new RuleChangeDisplayHtml(userConfig); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && + foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0))) { report.AppendLine($"

    {management.Name}

    "); report.AppendLine("
    "); - foreach (Device device in management.Devices) + foreach (var device in management.Devices) { report.AppendLine($"

    {device.Name}

    "); report.AppendLine("
    "); @@ -118,22 +152,22 @@ public override string ExportToHtml() if (device.RuleChanges != null) { - foreach (RuleChange ruleChange in device.RuleChanges) + foreach (var ruleChange in device.RuleChanges) { report.AppendLine(""); - report.AppendLine($"{ruleChangeDisplay.DisplayChangeTime(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayChangeAction(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayName(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplaySourceZone(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplaySource(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayDestinationZone(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayDestination(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayService(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayAction(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayTrack(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayEnabled(ruleChange, export: true)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayUid(ruleChange)}"); - report.AppendLine($"{ruleChangeDisplay.DisplayComment(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayChangeTime(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayChangeAction(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayName(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplaySourceZone(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplaySource(ruleChange, OutputLocation.export, ReportType)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayDestinationZone(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayDestination(ruleChange, OutputLocation.export, ReportType)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayServices(ruleChange, OutputLocation.export, ReportType)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayAction(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayTrack(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayEnabled(ruleChange, OutputLocation.export)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayUid(ruleChange)}"); + report.AppendLine($"{ruleChangeDisplayHtml.DisplayComment(ruleChange)}"); report.AppendLine(""); } } @@ -148,7 +182,82 @@ public override string ExportToHtml() } } - return GenerateHtmlFrame(title: userConfig.GetText("changes_report"), Query.RawFilter, DateTime.Now, report); + return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report); + } + + public override string ExportToJson() + { + if (ReportType.IsResolvedReport()) + { + return ExportResolvedChangesToJson(); + } + else if (ReportType.IsChangeReport()) + { + return System.Text.Json.JsonSerializer.Serialize(ReportData.ManagementData.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true }); + } + else + { + return ""; + } + } + + private string ExportResolvedChangesToJson() + { + StringBuilder report = new StringBuilder("{"); + report.Append(DisplayReportHeaderJson()); + report.AppendLine("\"managements\": ["); + RuleChangeDisplayJson ruleChangeDisplayJson = new RuleChangeDisplayJson(userConfig); + foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && + Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0))) + { + report.AppendLine($"{{\"{management.Name}\": {{"); + report.AppendLine($"\"gateways\": ["); + foreach (var gateway in management.Devices) + { + if (gateway.RuleChanges != null && gateway.RuleChanges.Length > 0) + { + report.Append($"{{\"{gateway.Name}\": {{\n\"rule changes\": ["); + foreach (var ruleChange in gateway.RuleChanges) + { + report.Append("{"); + report.Append(ruleChangeDisplayJson.DisplayChangeTime(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayChangeAction(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayName(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplaySourceZone(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplaySourceNegated(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplaySource(ruleChange, ReportType)); + report.Append(ruleChangeDisplayJson.DisplayDestinationZone(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayDestinationNegated(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayDestination(ruleChange, ReportType)); + report.Append(ruleChangeDisplayJson.DisplayServiceNegated(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayServices(ruleChange, ReportType)); + report.Append(ruleChangeDisplayJson.DisplayAction(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayTrack(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayEnabled(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayUid(ruleChange)); + report.Append(ruleChangeDisplayJson.DisplayComment(ruleChange)); + report = ruleChangeDisplayJson.RemoveLastChars(report, 1); // remove last chars (comma) + report.Append("},"); // EO ruleChange + } // rules + report = ruleChangeDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO rules + report.Append("}"); // EO gateway internal + report.Append("},"); // EO gateway external + } + } // gateways + report = ruleChangeDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO gateways + report.Append("}"); // EO management internal + report.Append("},"); // EO management external + } // managements + report = ruleChangeDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO managements + report.Append("}"); // EO top + + dynamic? json = JsonConvert.DeserializeObject(report.ToString()); + JsonSerializerSettings settings = new (); + settings.Formatting = Formatting.Indented; + return JsonConvert.SerializeObject(json, settings); } } } diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs new file mode 100644 index 000000000..db6118331 --- /dev/null +++ b/roles/lib/files/FWO.Report/ReportConnections.cs @@ -0,0 +1,247 @@ +using FWO.Api.Data; +using FWO.Api.Client; +using FWO.Report.Filter; +using FWO.Config.Api; +using System.Text; +using FWO.Logging; + +namespace FWO.Report +{ + public class ReportConnections : ReportOwnersBase + { + public ReportConnections(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { } + + public override async Task Generate(int connectionsPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct) + { + // Query.QueryVariables["limit"] = connectionsPerFetch; + // Query.QueryVariables["offset"] = 0; + // bool gotNewObjects = true; + + List conns = await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables); + + // while (gotNewObjects) + // { + // if (ct.IsCancellationRequested) + // { + // Log.WriteDebug("Generate Connections Report", "Task cancelled"); + // ct.ThrowIfCancellationRequested(); + // } + // Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + connectionsPerFetch; + // List newConnections = await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables); + // gotNewObjects = newConnections.Count > 0; + // ReportData.OwnerData.Connections.AddRange(newConnections); + + ReportData reportData = new() { OwnerData = new() { new(){ Connections = conns } } }; + await callback(reportData); + + // } + //ReportData.OwnerData.Add(new(){ Connections = conns }); + } + + public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) + { + await callback (ReportData); + // currently no further objects to be fetched + GotObjectsInReport = true; + return true; + } + + public override string ExportToHtml() + { + StringBuilder report = new (); + foreach (var ownerReport in ReportData.OwnerData) + { + ownerReport.PrepareObjectData(); + report.AppendLine($"

    {ownerReport.Name}

    "); + if(ownerReport.RegularConnections.Count > 0) + { + report.AppendLine($"

    {userConfig.GetText("connections")}

    "); + AppendConnectionsGroupHtml(ownerReport.RegularConnections, ownerReport, ref report); + } + if(ownerReport.Interfaces.Count > 0) + { + report.AppendLine($"

    {userConfig.GetText("interfaces")}

    "); + AppendConnectionsGroupHtml(ownerReport.Interfaces, ownerReport, ref report, true); + } + if(ownerReport.CommonServices.Count > 0) + { + report.AppendLine($"

    {userConfig.GetText("own_common_services")}

    "); + AppendConnectionsGroupHtml(ownerReport.CommonServices, ownerReport, ref report); + } + + AppendNetworkObjectsHtml(ownerReport.AllObjects, ref report); + AppendNetworkServicesHtml(ownerReport.AllServices, ref report); + } + if(ReportData.GlobalComSvc.Count > 0) + { + report.AppendLine($"

    {userConfig.GetText("global_common_services")}

    "); + AppendConnectionsGroupHtml(ReportData.GlobalComSvc, null, ref report); + } + return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report); + } + + private void AppendConnectionsGroupHtml(List connections, OwnerReport? ownerReport, ref StringBuilder report, bool isInterface = false) + { + OwnerReport.AssignConnectionNumbers(connections); + bool IsGlobalComSvc = ownerReport == null; + report.AppendLine(""); + AppendConnectionHeadlineHtml(ref report, IsGlobalComSvc, isInterface); + foreach (var connection in connections) + { + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + if(isInterface) + { + report.AppendLine($""); + } + if(IsGlobalComSvc) + { + report.AppendLine($""); + } + report.AppendLine($""); + report.AppendLine($""); + if(IsGlobalComSvc) + { + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + } + else + { + if((connection.InterfaceIsRequested && connection.SrcFromInterface) || (connection.IsRequested && connection.SourceFilled())) + { + report.AppendLine($""); + } + else + { + report.AppendLine($""); + } + if(connection.InterfaceIsRequested || connection.IsRequested) + { + report.AppendLine($""); + } + else + { + report.AppendLine($""); + } + if((connection.InterfaceIsRequested && connection.DstFromInterface) || (connection.IsRequested && connection.DestinationFilled())) + { + report.AppendLine($""); + } + else + { + report.AppendLine($""); + } + } + } + report.AppendLine("
    {connection.OrderNumber}{connection.Id}{GlobalConfig.ShowBool(connection.IsPublished)}{connection.App.Name}{connection.Name}{connection.Reason}{String.Join("
    ", OwnerReport.GetSrcNames(connection))}    		{String.Join("
    ", OwnerReport.GetSvcNames(connection))}    		{String.Join("
    ", OwnerReport.GetDstNames(connection))}    		{DisplayReqInt(connection.TicketId, connection.InterfaceIsRequested)}{String.Join("
    ", ownerReport.GetLinkedSrcNames(connection))}    		{DisplayReqInt(connection.TicketId, connection.InterfaceIsRequested)}{String.Join("
    ", ownerReport.GetLinkedSvcNames(connection))}    		{DisplayReqInt(connection.TicketId, connection.InterfaceIsRequested)}{String.Join("
    ", ownerReport.GetLinkedDstNames(connection))}
    "); + report.AppendLine("
    "); + } + + private void AppendConnectionHeadlineHtml(ref StringBuilder report, bool showOwnerName, bool isInterface = false) + { + report.AppendLine(""); + report.AppendLine($"{userConfig.GetText("number")}"); + report.AppendLine($"{userConfig.GetText("id")}"); + if(isInterface) + { + report.AppendLine($"{userConfig.GetText("published")}"); + } + if(showOwnerName) + { + report.AppendLine($"{userConfig.GetText("owner")}"); + } + report.AppendLine($"{userConfig.GetText("name")}"); + report.AppendLine($"{(isInterface ? userConfig.GetText("interface_description") : userConfig.GetText("func_reason"))}"); + report.AppendLine($"{userConfig.GetText("source")}"); + report.AppendLine($"{userConfig.GetText("services")}"); + report.AppendLine($"{userConfig.GetText("destination")}"); + report.AppendLine(""); + } + + private void AppendNetworkObjectsHtml(List networkObjects, ref StringBuilder report) + { + report.AppendLine($"

    {userConfig.GetText("network_objects")}

    "); + report.AppendLine(""); + if(networkObjects.Count > 0) + { + AppendNWObjHeadlineHtml(ref report); + } + foreach (var nwObj in networkObjects) + { + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(nwObj.MemberNamesAsHtml()); + } + report.AppendLine("
    {nwObj.Number}{nwObj.Id}{nwObj.Name}{nwObj.IP}
    "); + report.AppendLine("
    "); + } + + private void AppendNWObjHeadlineHtml(ref StringBuilder report) + { + report.AppendLine(""); + report.AppendLine($"{userConfig.GetText("number")}"); + report.AppendLine($"{userConfig.GetText("id")}"); + report.AppendLine($"{userConfig.GetText("name")}"); + report.AppendLine($"{userConfig.GetText("ip")}"); + report.AppendLine($"{userConfig.GetText("members")}"); + report.AppendLine(""); + } + + private void AppendNetworkServicesHtml(List networkServices, ref StringBuilder report) + { + report.AppendLine($"

    {userConfig.GetText("network_services")}

    "); + report.AppendLine(""); + if(networkServices.Count > 0) + { + AppendNWSvcHeadlineHtml(ref report); + } + foreach (var svc in networkServices) + { + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(svc.MemberNamesAsHtml()); + } + report.AppendLine("
    {svc.Number}{svc.Id}{svc.Name}{svc.Protocol.Name}{svc.DestinationPort}
    "); + report.AppendLine("
    "); + } + + private void AppendNWSvcHeadlineHtml(ref StringBuilder report) + { + report.AppendLine(""); + report.AppendLine($"{userConfig.GetText("number")}"); + report.AppendLine($"{userConfig.GetText("id")}"); + report.AppendLine($"{userConfig.GetText("name")}"); + report.AppendLine($"{userConfig.GetText("protocol")}"); + report.AppendLine($"{userConfig.GetText("port")}"); + report.AppendLine($"{userConfig.GetText("members")}"); + report.AppendLine(""); + } + + public override string SetDescription() + { + int counter = 0; + foreach(var owner in ReportData.OwnerData) + { + counter += owner.Connections.Count; + } + return $"{counter} {userConfig.GetText("connections")}"; + } + + private string DisplayReqInt(long? ticketId, bool otherOwner) + { + string tooltip = $"data-toggle=\"tooltip\" title=\"{userConfig.GetText(otherOwner ? "C9007" : "C9008")}\""; + string content = $"{userConfig.GetText("interface_requested")}: ({userConfig.GetText("ticket")} {ticketId?.ToString()})"; + return $"{content}"; + } + + } +} diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs new file mode 100644 index 000000000..6bc941189 --- /dev/null +++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs @@ -0,0 +1,130 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Report.Filter; +using FWO.Config.Api; +using System.Text; + +namespace FWO.Report +{ + public abstract class ReportDevicesBase : ReportBase + { + public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType) + {} + + public async Task> getRelevantImportIds(ApiConnection apiConnection) + { + Dictionary ImpIdQueryVariables = new (); + ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat); + ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds; + return await apiConnection.SendQueryAsync>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables); + } + + public static async Task<(List unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter) + { + List unsupportedList = new (); + DeviceFilter reducedDeviceFilter = new (deviceFilter); + foreach (ManagementSelect management in reducedDeviceFilter.Managements) + { + foreach (DeviceSelect device in management.Devices) + { + if (device.Selected && !await UsageDataAvailable(apiConnection, device.Id)) + { + unsupportedList.Add(device.Name ?? "?"); + device.Selected = false; + } + } + if(!DeviceFilter.IsSelectedManagement(management)) + { + management.Selected = false; + } + } + return (unsupportedList, reducedDeviceFilter); + } + + private static async Task UsageDataAvailable(ApiConnection apiConnection, int devId) + { + try + { + return (await apiConnection.SendQueryAsync(ReportQueries.getUsageDataCount, new {devId = devId})).Aggregate.Count > 0; + } + catch(Exception) + { + return false; + } + } + + public override bool NoRuleFound() + { + foreach(var mgmt in ReportData.ManagementData) + { + foreach(var dev in mgmt.Devices) + { + if(dev.Rules != null && dev.Rules.Count() > 0) + { + return false; + } + if(dev.RuleChanges != null && dev.RuleChanges.Count() > 0) + { + return false; + } + } + } + return true; + } + + public override string SetDescription() + { + int managementCounter = 0; + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore)) + { + managementCounter++; + } + return $"{managementCounter} {userConfig.GetText("managements")}"; + } + + public string DisplayReportHeaderJson() + { + StringBuilder report = new (); + report.AppendLine($"\"report type\": \"{userConfig.GetText(ReportType.ToString())}\","); + report.AppendLine($"\"report generation date\": \"{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\","); + if(!ReportType.IsChangeReport()) + { + report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\","); + } + report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ReportData.ManagementData.ToArray(), m => m.NameAndDeviceNames()))}\","); + report.AppendLine($"\"other filters\": \"{Query.RawFilter}\","); + report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\","); + report.AppendLine($"\"data protection level\": \"For internal use only\","); + return $"{report}"; + } + + public string DisplayReportHeaderCsv() + { + StringBuilder report = new (); + report.AppendLine($"# report type: {userConfig.GetText(ReportType.ToString())}"); + report.AppendLine($"# report generation date: {DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)"); + if(!ReportType.IsChangeReport()) + { + report.AppendLine($"# date of configuration shown: {DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)"); + } + report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(ReportData.ManagementData.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames(" ")))}"); + report.AppendLine($"# other filters: {Query.RawFilter}"); + report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en"); + report.AppendLine($"# data protection level: For internal use only"); + report.AppendLine($"#"); + return $"{report}"; + } + + public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, int mgmtId, string style) + { + return ConstructLink(type, symbol, id, name, location, $"m{mgmtId}", style); + } + + protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport) + { + return GenerateHtmlFrameBase(title, filter, date, htmlReport, string.Join("; ", Array.ConvertAll(ReportData.ManagementData.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames()))); + } + } +} diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs index 30dd9c829..7d2f7938f 100644 --- a/roles/lib/files/FWO.Report/ReportNatRules.cs +++ b/roles/lib/files/FWO.Report/ReportNatRules.cs @@ -1,4 +1,4 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; using System.Text; using FWO.Report.Filter; using FWO.Ui.Display; @@ -14,15 +14,15 @@ public ReportNatRules(DynGraphqlQuery query, UserConfig userConfig, ReportType r public override string ExportToHtml() { - StringBuilder report = new StringBuilder(); - NatRuleDisplay ruleDisplay = new NatRuleDisplay(userConfig); + StringBuilder report = new (); + NatRuleDisplayHtml ruleDisplay = new (userConfig); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore)) + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore)) { - report.AppendLine($"

    {management.Name}

    "); + report.AppendLine($"

    {managementReport.Name}

    "); report.AppendLine("
    "); - foreach (Device device in management.Devices) + foreach (var device in managementReport.Devices) { if (device.Rules != null && device.Rules.Length > 0) { @@ -46,22 +46,22 @@ public override string ExportToHtml() report.AppendLine($"{userConfig.GetText("comment")}"); report.AppendLine(""); - foreach (Rule rule in device.Rules) + foreach (var rule in device.Rules) { if (string.IsNullOrEmpty(rule.SectionHeader)) { report.AppendLine(""); - report.AppendLine($"{ruleDisplay.DisplayNumber(rule, device.Rules)}"); + report.AppendLine($"{ruleDisplay.DisplayNumber(rule)}"); report.AppendLine($"{ruleDisplay.DisplayName(rule)}"); report.AppendLine($"{ruleDisplay.DisplaySourceZone(rule)}"); - report.AppendLine($"{ruleDisplay.DisplaySource(rule, location: "")}"); + report.AppendLine($"{ruleDisplay.DisplaySource(rule, OutputLocation.export, ReportType)}"); report.AppendLine($"{ruleDisplay.DisplayDestinationZone(rule)}"); - report.AppendLine($"{ruleDisplay.DisplayDestination(rule, location: "")}"); - report.AppendLine($"{ruleDisplay.DisplayService(rule, location: "")}"); - report.AppendLine($"{ruleDisplay.DisplayTranslatedSource(rule, location: "")}"); - report.AppendLine($"{ruleDisplay.DisplayTranslatedDestination(rule, location: "")}"); - report.AppendLine($"{ruleDisplay.DisplayTranslatedService(rule, location: "")}"); - report.AppendLine($"{ruleDisplay.DisplayEnabled(rule, export: true)}"); + report.AppendLine($"{ruleDisplay.DisplayDestination(rule, OutputLocation.export, ReportType)}"); + report.AppendLine($"{ruleDisplay.DisplayServices(rule, OutputLocation.export, ReportType)}"); + report.AppendLine($"{ruleDisplay.DisplayTranslatedSource(rule, OutputLocation.export)}"); + report.AppendLine($"{ruleDisplay.DisplayTranslatedDestination(rule, OutputLocation.export)}"); + report.AppendLine($"{ruleDisplay.DisplayTranslatedService(rule, OutputLocation.export)}"); + report.AppendLine($"{ruleDisplay.DisplayEnabled(rule, OutputLocation.export)}"); report.AppendLine($"{ruleDisplay.DisplayUid(rule)}"); report.AppendLine($"{ruleDisplay.DisplayComment(rule)}"); report.AppendLine(""); @@ -81,7 +81,7 @@ public override string ExportToHtml() // show all objects used in this management's rules int objNumber = 1; - if (management.ReportObjects != null) + if (managementReport.ReportObjects != null) { report.AppendLine($"

    {userConfig.GetText("network_objects")}

    "); report.AppendLine("
    "); @@ -95,17 +95,14 @@ public override string ExportToHtml() report.AppendLine($"{userConfig.GetText("uid")}"); report.AppendLine($"{userConfig.GetText("comment")}"); report.AppendLine(""); - foreach (NetworkObject nwobj in management.ReportObjects) + foreach (var nwobj in managementReport.ReportObjects) { report.AppendLine(""); report.AppendLine($"{objNumber++}"); - report.AppendLine($"{nwobj.Name}"); - report.AppendLine($"{nwobj.Type.Name}"); - report.AppendLine($"{nwobj.IP}{(nwobj.IpEnd != null && nwobj.IpEnd != "" && nwobj.IpEnd != nwobj.IP ? $"-{nwobj.IpEnd}" : "")}"); - if (nwobj.MemberNames != null && nwobj.MemberNames.Contains("|")) - report.AppendLine($"{string.Join("
    ", nwobj.MemberNames.Split('|'))}"); - else - report.AppendLine($"{nwobj.MemberNames}"); + report.AppendLine($"{nwobj.Name}"); + report.AppendLine($"{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}"); + report.AppendLine($"{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}"); + report.AppendLine(nwobj.MemberNamesAsHtml()); report.AppendLine($"{nwobj.Uid}"); report.AppendLine($"{nwobj.Comment}"); report.AppendLine(""); @@ -113,7 +110,7 @@ public override string ExportToHtml() report.AppendLine(""); } - if (management.ReportServices != null) + if (managementReport.ReportServices != null) { report.AppendLine($"

    {userConfig.GetText("network_services")}

    "); report.AppendLine("
    "); @@ -129,21 +126,18 @@ public override string ExportToHtml() report.AppendLine($"{userConfig.GetText("comment")}"); report.AppendLine(""); objNumber = 1; - foreach (NetworkService svcobj in management.ReportServices) + foreach (var svcobj in managementReport.ReportServices) { report.AppendLine(""); report.AppendLine($"{objNumber++}"); - report.AppendLine($"{svcobj.Name}"); - report.AppendLine($"{svcobj.Name}"); - report.AppendLine($"{((svcobj.Protocol!=null)?svcobj.Protocol.Name:"")}"); + report.AppendLine($"{svcobj.Name}"); + report.AppendLine($"{(svcobj.Type.Name != "" ? userConfig.GetText(svcobj.Type.Name) : "")}"); + report.AppendLine($"{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol!=null)?svcobj.Protocol.Name:"")}"); if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort) report.AppendLine($"{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}"); else report.AppendLine($"{svcobj.DestinationPort}"); - if (svcobj.MemberNames != null && svcobj.MemberNames.Contains("|")) - report.AppendLine($"{string.Join("
    ", svcobj.MemberNames.Split('|'))}"); - else - report.AppendLine($"{svcobj.MemberNames}"); + report.AppendLine(svcobj.MemberNamesAsHtml()); report.AppendLine($"{svcobj.Uid}"); report.AppendLine($"{svcobj.Comment}"); report.AppendLine(""); @@ -151,7 +145,7 @@ public override string ExportToHtml() report.AppendLine(""); } - if (management.ReportUsers != null) + if (managementReport.ReportUsers != null) { report.AppendLine($"

    {userConfig.GetText("users")}

    "); report.AppendLine("
    "); @@ -165,16 +159,13 @@ public override string ExportToHtml() report.AppendLine($"{userConfig.GetText("comment")}"); report.AppendLine(""); objNumber = 1; - foreach (NetworkUser userobj in management.ReportUsers) + foreach (var userobj in managementReport.ReportUsers) { report.AppendLine(""); report.AppendLine($"{objNumber++}"); - report.AppendLine($"{userobj.Name}"); - report.AppendLine($"{userobj.Name}"); - if (userobj.MemberNames != null && userobj.MemberNames.Contains("|")) - report.AppendLine($"{string.Join("
    ", userobj.MemberNames.Split('|'))}"); - else - report.AppendLine($"{userobj.MemberNames}"); + report.AppendLine($"{userobj.Name}"); + report.AppendLine($"{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}"); + report.AppendLine(userobj.MemberNamesAsHtml()); report.AppendLine($"{userobj.Uid}"); report.AppendLine($"{userobj.Comment}"); report.AppendLine(""); @@ -185,7 +176,7 @@ public override string ExportToHtml() report.AppendLine(""); } - return GenerateHtmlFrame(title: userConfig.GetText("natrules_report"), Query.RawFilter, DateTime.Now, report); + return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report); } } } diff --git a/roles/lib/files/FWO.Report/ReportOwnersBase.cs b/roles/lib/files/FWO.Report/ReportOwnersBase.cs new file mode 100644 index 000000000..925e3104f --- /dev/null +++ b/roles/lib/files/FWO.Report/ReportOwnersBase.cs @@ -0,0 +1,33 @@ +using FWO.Report.Filter; +using FWO.Config.Api; +using System.Text.Json; +using System.Text; + +namespace FWO.Report +{ + public abstract class ReportOwnersBase : ReportBase + { + public ReportOwnersBase(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) + {} + + public override string ExportToJson() + { + return JsonSerializer.Serialize(ReportData.OwnerData, new JsonSerializerOptions { WriteIndented = true }); + } + + public override string ExportToCsv() + { + throw new NotImplementedException(); + } + + public override string SetDescription() + { + return $"{ReportData.OwnerData.Count} {userConfig.GetText("owners")}"; + } + + protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport) + { + return GenerateHtmlFrameBase(title, filter, date, htmlReport, null, string.Join("; ", ReportData.OwnerData.ConvertAll(o => o.Name))); + } + } +} diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs index 53f1fda5f..05ad6e6bf 100644 --- a/roles/lib/files/FWO.Report/ReportRules.cs +++ b/roles/lib/files/FWO.Report/ReportRules.cs @@ -1,4 +1,5 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using System.Text; using FWO.Api.Client; using FWO.Report.Filter; @@ -11,57 +12,80 @@ namespace FWO.Report { - public class ReportRules : ReportBase + public class ReportRules : ReportDevicesBase { - public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { } + private const int ColumnCount = 12; - private const byte all = 0, nobj = 1, nsrv = 2, user = 3; - public bool GotReportedRuleIds { get; protected set; } = false; + public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {} - public async Task GetReportedRuleIds(ApiConnection apiConnection) + public override async Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func callback, CancellationToken ct) { - List relevantDevIds = DeviceFilter.ExtractSelectedDevIds(Managements); - if (relevantDevIds.Count == 0) - relevantDevIds = DeviceFilter.ExtractAllDevIds(Managements); + Query.QueryVariables["limit"] = rulesPerFetch; + Query.QueryVariables["offset"] = 0; + bool gotNewObjects = true; + + List managementsWithRelevantImportId = await getRelevantImportIds(apiConnection); - for (int i = 0; i < Managements.Length; i++) + ReportData.ManagementData = new (); + foreach(var management in managementsWithRelevantImportId) { - Dictionary ruleQueryVariables = new Dictionary(); - if (Managements[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId != null) + Query.QueryVariables["mgmId"] = management.Id; + if (ReportType != ReportType.Recertification) { - ruleQueryVariables["importId"] = Managements[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId!; - ruleQueryVariables["devIds"] = relevantDevIds; - Rule[] rules = await apiConnection.SendQueryAsync(RuleQueries.getRuleIdsOfImport, ruleQueryVariables); - Managements[i].ReportedRuleIds = rules.Select(x => x.Id).Distinct().ToList(); + Query.QueryVariables["relevantImportId"] = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */; } + ManagementReport managementReport = (await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables))[0]; + managementReport.Import = management.Import; + ReportData.ManagementData.Add(managementReport); } - GotReportedRuleIds = true; + + while (gotNewObjects) + { + if (ct.IsCancellationRequested) + { + Log.WriteDebug("Generate Rules Report", "Task cancelled"); + ct.ThrowIfCancellationRequested(); + } + gotNewObjects = false; + Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + rulesPerFetch; + foreach(var management in managementsWithRelevantImportId) + { + Query.QueryVariables["mgmId"] = management.Id; + if (ReportType != ReportType.Recertification) + { + Query.QueryVariables["relevantImportId"] = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */; + } + ManagementReport? mgtToFill = ReportData.ManagementData.FirstOrDefault(m => m.Id == management.Id); + if(mgtToFill != null) + { + gotNewObjects |= mgtToFill.Merge((await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables))[0]); + } + } + await callback(ReportData); + } + SetReportedRuleIds(); } - public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) // to be called when exporting + public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) // to be called when exporting { - // get rule ids per import (= management) - if (!GotReportedRuleIds) - await GetReportedRuleIds(apiConnection); - bool gotAllObjects = true; //whether the fetch count limit was reached during fetching if (!GotObjectsInReport) { - for (int i = 0; i < Managements.Length; i++) + foreach (var managementReport in ReportData.ManagementData) { - if (Managements[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId is not null) + if (managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId is not null) { // set query variables for object query var objQueryVariables = new Dictionary { - { "mgmIds", Managements[i].Id }, + { "mgmIds", managementReport.Id }, { "limit", objectsPerFetch }, { "offset", 0 }, }; // get objects for this management in the current report - gotAllObjects &= await GetObjectsForManagementInReport(objQueryVariables, all, int.MaxValue, apiConnection, callback); + gotAllObjects &= await GetObjectsForManagementInReport(objQueryVariables, ObjCategory.all, int.MaxValue, apiConnection, callback); } } GotObjectsInReport = true; @@ -70,41 +94,38 @@ public override async Task GetObjectsInReport(int objectsPerFetch, ApiConn return gotAllObjects; } - public override async Task GetObjectsForManagementInReport(Dictionary objQueryVariables, byte objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) + public override async Task GetObjectsForManagementInReport(Dictionary objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) { if (!objQueryVariables.ContainsKey("mgmIds") || !objQueryVariables.ContainsKey("limit") || !objQueryVariables.ContainsKey("offset")) throw new ArgumentException("Given objQueryVariables dictionary does not contain variable for management id, limit or offset"); int mid = (int)objQueryVariables.GetValueOrDefault("mgmIds")!; - Management management = Managements.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report"); - - if (!GotReportedRuleIds) - await GetReportedRuleIds(apiConnection); + ManagementReport managementReport = ReportData.ManagementData.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report"); - objQueryVariables.Add("ruleIds", "{" + string.Join(", ", management.ReportedRuleIds) + "}"); - objQueryVariables.Add("importId", management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId!); + objQueryVariables.Add("ruleIds", "{" + string.Join(", ", managementReport.ReportedRuleIds) + "}"); + objQueryVariables.Add("importId", managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId!); string query = ""; switch (objects) { - case all: + case ObjCategory.all: query = ObjectQueries.getReportFilteredObjectDetails; break; - case nobj: + case ObjCategory.nobj: query = ObjectQueries.getReportFilteredNetworkObjectDetails; break; - case nsrv: + case ObjCategory.nsrv: query = ObjectQueries.getReportFilteredNetworkServiceObjectDetails; break; - case user: + case ObjCategory.user: query = ObjectQueries.getReportFilteredUserDetails; break; } bool newObjects = true; int fetchCount = 0; int elementsPerFetch = (int)objQueryVariables.GetValueOrDefault("limit")!; - Management filteredObjects; - Management allFilteredObjects = new Management(); + ManagementReport filteredObjects; + ManagementReport allFilteredObjects = new (); while (newObjects && ++fetchCount <= maxFetchCycles) { - filteredObjects = (await apiConnection.SendQueryAsync(query, objQueryVariables))[0]; + filteredObjects = (await apiConnection.SendQueryAsync>(query, objQueryVariables))[0]; if (fetchCount == 1) { @@ -115,16 +136,16 @@ public override async Task GetObjectsForManagementInReport(Dictionary GetObjectsForManagementInReport(Dictionary callback, CancellationToken ct) - { - Query.QueryVariables["limit"] = rulesPerFetch; - Query.QueryVariables["offset"] = 0; - bool gotNewObjects = true; - - Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection); - - Managements = new Management[managementsWithRelevantImportId.Length]; - int i; - for (i = 0; i < managementsWithRelevantImportId.Length; i++) - { - // setting mgmt and relevantImporId QueryVariables - Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id; - if (ReportType != ReportType.Recertification) - Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */; - Managements[i] = (await apiConnection.SendQueryAsync(Query.FullQuery, Query.QueryVariables))[0]; - Managements[i].Import = managementsWithRelevantImportId[i].Import; - } - - while (gotNewObjects) - { - if (ct.IsCancellationRequested) - { - Log.WriteDebug("Generate Rules Report", "Task cancelled"); - ct.ThrowIfCancellationRequested(); - } - gotNewObjects = false; - Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + rulesPerFetch; - for (i = 0; i < managementsWithRelevantImportId.Length; i++) - { - Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id; - if (ReportType != ReportType.Recertification) - Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */; - gotNewObjects |= Managements[i].Merge((await apiConnection.SendQueryAsync(Query.FullQuery, Query.QueryVariables))[0]); - } - await callback(Managements); - } - } - public override string SetDescription() { int managementCounter = 0; int deviceCounter = 0; int ruleCounter = 0; - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0))) { managementCounter++; - foreach (Device device in management.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0)) + foreach (var device in managementReport.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0)) { deviceCounter++; - ruleCounter += device.Rules.Length; + ruleCounter += device.Rules!.Length; } } return $"{managementCounter} {userConfig.GetText("managements")}, {deviceCounter} {userConfig.GetText("gateways")}, {ruleCounter} {userConfig.GetText("rules")}"; } - public override string ExportToCsv() + private void SetReportedRuleIds() { + foreach (var mgt in ReportData.ManagementData) + { + foreach (var dev in mgt.Devices.Where(d => (d.Rules != null && d.Rules.Length > 0))) + { + foreach (Rule rule in dev.Rules) + { + mgt.ReportedRuleIds.Add(rule.Id); + } + } + mgt.ReportedRuleIds = mgt.ReportedRuleIds.Distinct().ToList(); + } + } - if (ReportType == ReportType.ResolvedRules || ReportType == ReportType.ResolvedRulesTech) + public override string ExportToCsv() + { + if (ReportType.IsResolvedReport()) { - StringBuilder report = new StringBuilder(); - RuleDisplayCsv ruleDisplay = new RuleDisplayCsv(userConfig); + StringBuilder report = new (); + RuleDisplayCsv ruleDisplayCsv = new (userConfig); - report.AppendLine(ruleDisplay.DisplayReportHeader(this)); + report.Append(DisplayReportHeaderCsv()); + report.AppendLine($"\"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\""); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0))) { - foreach (Device gateway in management.Devices) + foreach (var gateway in managementReport.Devices) { if (gateway.Rules != null && gateway.Rules.Length > 0) { - foreach (Rule rule in gateway.Rules) + foreach (var rule in gateway.Rules) { if (string.IsNullOrEmpty(rule.SectionHeader)) { - report.Append($"\"{management.Name}\","); - report.Append($"\"{gateway.Name}\","); - report.Append(ruleDisplay.DisplayNumber(rule, gateway.Rules)); - report.Append(ruleDisplay.DisplayName(rule)); - report.Append(ruleDisplay.DisplaySourceZone(rule)); - report.Append(ruleDisplay.DisplaySource(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayDestinationZone(rule)); - report.Append(ruleDisplay.DisplayDestination(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayService(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayAction(rule)); - report.Append(ruleDisplay.DisplayTrack(rule)); - report.Append(ruleDisplay.DisplayEnabled(rule, export: true)); - report.Append(ruleDisplay.DisplayUid(rule)); - report.Append(ruleDisplay.DisplayComment(rule)); + report.Append(ruleDisplayCsv.OutputCsv(managementReport.Name)); + report.Append(ruleDisplayCsv.OutputCsv(gateway.Name)); + report.Append(ruleDisplayCsv.DisplayNumberCsv(rule)); + report.Append(ruleDisplayCsv.DisplayNameCsv(rule)); + report.Append(ruleDisplayCsv.DisplaySourceZoneCsv(rule)); + report.Append(ruleDisplayCsv.DisplaySourceCsv(rule, ReportType)); + report.Append(ruleDisplayCsv.DisplayDestinationZoneCsv(rule)); + report.Append(ruleDisplayCsv.DisplayDestinationCsv(rule, ReportType)); + report.Append(ruleDisplayCsv.DisplayServicesCsv(rule, ReportType)); + report.Append(ruleDisplayCsv.DisplayActionCsv(rule)); + report.Append(ruleDisplayCsv.DisplayTrackCsv(rule)); + report.Append(ruleDisplayCsv.DisplayEnabledCsv(rule)); + report.Append(ruleDisplayCsv.DisplayUidCsv(rule)); + report.Append(ruleDisplayCsv.DisplayCommentCsv(rule)); + report = ruleDisplayCsv.RemoveLastChars(report, 1); // remove last chars (comma) + report.AppendLine(""); // EO rule } else { // report.AppendLine("\"section header\": \"" + rule.SectionHeader + "\""); } - report.AppendLine(""); // EO rule } // rules } } // gateways @@ -241,270 +238,305 @@ public override string ExportToCsv() else { throw new NotImplementedException(); - return null; } } public override string ExportToJson() { - if (ReportType == ReportType.ResolvedRules || ReportType == ReportType.ResolvedRulesTech) + if (ReportType.IsResolvedReport()) { - StringBuilder report = new StringBuilder("{"); - report.AppendLine($"\"report type\": \"{userConfig.GetText("resolved_rules_report")}\","); - report.AppendLine($"\"report generation date\": \"{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\","); - report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\","); - report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(Managements, management => management.NameAndDeviceNames()))}\","); - report.AppendLine($"\"other filters\": \"{Query.RawFilter}\","); - report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\","); - report.AppendLine($"\"data protection level\": \"For internal use only\","); - report.AppendLine("\"managements\": ["); - RuleDisplayJson ruleDisplay = new RuleDisplayJson(userConfig); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && - Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0))) - { - report.AppendLine($"{{\"{management.Name}\": {{"); - report.AppendLine($"\"gateways\": [{{"); - foreach (Device gateway in management.Devices) - { - if (gateway.Rules != null && gateway.Rules.Length > 0) - { - report.Append($"\"{gateway.Name}\": {{\n\"rules\": ["); - foreach (Rule rule in gateway.Rules) - { - report.Append($"{{"); - if (string.IsNullOrEmpty(rule.SectionHeader)) - { - report.Append(ruleDisplay.DisplayNumber(rule, gateway.Rules)); - report.Append(ruleDisplay.DisplayName(rule)); - report.Append(ruleDisplay.DisplaySourceZone(rule)); - report.Append(ruleDisplay.DisplaySource(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayDestinationZone(rule)); - report.Append(ruleDisplay.DisplayDestination(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayService(rule, location: "", reportType: this.ReportType)); - report.Append(ruleDisplay.DisplayAction(rule)); - report.Append(ruleDisplay.DisplayTrack(rule)); - report.Append(ruleDisplay.DisplayEnabled(rule, export: true)); - report.Append(ruleDisplay.DisplayUid(rule)); - report.Append(ruleDisplay.DisplayComment(rule)); - report = ruleDisplay.RemoveLastChars(report, 1); // remove last chars (comma) - } - else - { - report.AppendLine("\"section header\": \"" + rule.SectionHeader + "\""); - } - report.Append("},"); // EO rule - } // rules - report = ruleDisplay.RemoveLastChars(report, 1); // remove last char (comma) - report.Append("]"); // EO rules - report.Append("}},"); // EO gateway 2x - } - } // gateways - report = ruleDisplay.RemoveLastChars(report, 1); // remove last char (comma) - report.Append("]"); // EO devices - report.Append("}},"); // EO management 2x - } // managements - report = ruleDisplay.RemoveLastChars(report, 1); // remove last char (comma) - report.Append("]"); // EO managements - report.Append("}"); // EO top - - // Debug: - string repStr = report.ToString(); - dynamic json = JsonConvert.DeserializeObject(report.ToString()); - JsonSerializerSettings settings = new JsonSerializerSettings(); - settings.Formatting = Formatting.Indented; - return Newtonsoft.Json.JsonConvert.SerializeObject(json, settings); - } - else if (ReportType == ReportType.Rules) - { - return System.Text.Json.JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true }); + // JSON code for resolved rules is stripped from all unneccessary balast, only containing the resolved rules + // object tables are not needed as the objects within the rules fully describe the rules (no groups) + return ExportResolvedRulesToJson(); } - else if (ReportType == ReportType.NatRules) + else if (ReportType.IsRuleReport()) { - return System.Text.Json.JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true }); + return System.Text.Json.JsonSerializer.Serialize(ReportData.ManagementData.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true }); } else { - return null; + return ""; } } - private const int ColumnCount = 12; - - public override string ExportToHtml() + private string ExportResolvedRulesToJson() { - StringBuilder report = new StringBuilder(); - RuleDisplayHtml ruleDisplay = new RuleDisplayHtml(userConfig); - - foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null && + StringBuilder report = new ("{"); + report.Append(DisplayReportHeaderJson()); + report.AppendLine("\"managements\": ["); + RuleDisplayJson ruleDisplayJson = new (userConfig); + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0))) { - management.AssignRuleNumbers(); - - report.AppendLine($"

    {management.Name}

    "); - report.AppendLine("
    "); - - foreach (Device device in management.Devices) + report.AppendLine($"{{\"{managementReport.Name}\": {{"); + report.AppendLine($"\"gateways\": ["); + foreach (var gateway in managementReport.Devices) { - if (device.Rules != null && device.Rules.Length > 0) + if (gateway.Rules != null && gateway.Rules.Length > 0) { - report.AppendLine($"

    {device.Name}

    "); - report.AppendLine("
    "); - - report.AppendLine(""); - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine(""); - - foreach (Rule rule in device.Rules) + report.Append($"{{\"{gateway.Name}\": {{\n\"rules\": ["); + foreach (var rule in gateway.Rules) { + report.Append("{"); if (string.IsNullOrEmpty(rule.SectionHeader)) { - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine(""); + report.Append(ruleDisplayJson.DisplayNumber(rule)); + report.Append(ruleDisplayJson.DisplayName(rule.Name)); + report.Append(ruleDisplayJson.DisplaySourceZone(rule.SourceZone?.Name)); + report.Append(ruleDisplayJson.DisplaySourceNegated(rule.SourceNegated)); + report.Append(ruleDisplayJson.DisplaySource(rule, ReportType)); + report.Append(ruleDisplayJson.DisplayDestinationZone(rule.DestinationZone?.Name)); + report.Append(ruleDisplayJson.DisplayDestinationNegated(rule.DestinationNegated)); + report.Append(ruleDisplayJson.DisplayDestination(rule, ReportType)); + report.Append(ruleDisplayJson.DisplayServiceNegated(rule.ServiceNegated)); + report.Append(ruleDisplayJson.DisplayServices(rule, ReportType)); + report.Append(ruleDisplayJson.DisplayAction(rule.Action)); + report.Append(ruleDisplayJson.DisplayTrack(rule.Track)); + report.Append(ruleDisplayJson.DisplayEnabled(rule.Disabled)); + report.Append(ruleDisplayJson.DisplayUid(rule.Uid)); + report.Append(ruleDisplayJson.DisplayComment(rule.Comment)); + report = ruleDisplayJson.RemoveLastChars(report, 1); // remove last chars (comma) } else { - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine(""); + report.AppendLine("\"section header\": \"" + rule.SectionHeader + "\""); } - } + report.Append("},"); // EO rule + } // rules + report = ruleDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO rules + report.Append("}"); // EO gateway internal + report.Append("},"); // EO gateway external + } + } // gateways + report = ruleDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO gateways + report.Append("}"); // EO management internal + report.Append("},"); // EO management external + } // managements + report = ruleDisplayJson.RemoveLastChars(report, 1); // remove last char (comma) + report.Append("]"); // EO managements + report.Append("}"); // EO top + + dynamic? json = JsonConvert.DeserializeObject(report.ToString()); + JsonSerializerSettings settings = new (); + settings.Formatting = Formatting.Indented; + return JsonConvert.SerializeObject(json, settings); + } + + public override string ExportToHtml() + { + StringBuilder report = new (); + RuleDisplayHtml ruleDisplayHtml = new (userConfig); + + foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null && + Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0))) + { + managementReport.AssignRuleNumbers(); + + report.AppendLine($"

    {managementReport.Name}

    "); + report.AppendLine("
    "); - report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("source_zone")}{userConfig.GetText("source")}{userConfig.GetText("destination_zone")}{userConfig.GetText("destination")}{userConfig.GetText("services")}{userConfig.GetText("action")}{userConfig.GetText("track")}{userConfig.GetText("enabled")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    {ruleDisplay.DisplayNumber(rule, device.Rules)}{ruleDisplay.DisplayName(rule)}{ruleDisplay.DisplaySourceZone(rule)}{ruleDisplay.DisplaySource(rule, location: "", reportType: this.ReportType)}{ruleDisplay.DisplayDestinationZone(rule)}{ruleDisplay.DisplayDestination(rule, location: "", reportType: this.ReportType)}{ruleDisplay.DisplayService(rule, location: "", reportType: this.ReportType)}{ruleDisplay.DisplayAction(rule)}{ruleDisplay.DisplayTrack(rule)}{ruleDisplay.DisplayEnabled(rule, export: true)}{ruleDisplay.DisplayUid(rule)}{ruleDisplay.DisplayComment(rule)}
    {rule.SectionHeader}
    "); + foreach (var device in managementReport.Devices) + { + if (device.Rules != null && device.Rules.Length > 0) + { + appendRulesForDeviceHtml(ref report, device, ruleDisplayHtml); } } // show all objects used in this management's rules + appendObjectsForManagementHtml(ref report, managementReport); + } + + return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report); + } + + private void appendRuleHeadlineHtml(ref StringBuilder report) + { + report.AppendLine(""); + report.AppendLine($"{userConfig.GetText("number")}"); + if(ReportType == ReportType.Recertification) + { + report.AppendLine($"{userConfig.GetText("next_recert")}"); + report.AppendLine($"{userConfig.GetText("owner")}"); + report.AppendLine($"{userConfig.GetText("ip_matches")}"); + report.AppendLine($"{userConfig.GetText("last_hit")}"); + } + if(ReportType == ReportType.UnusedRules) + { + report.AppendLine($"{userConfig.GetText("last_hit")}"); + } + report.AppendLine($"{userConfig.GetText("name")}"); + report.AppendLine($"{userConfig.GetText("source_zone")}"); + report.AppendLine($"{userConfig.GetText("source")}"); + report.AppendLine($"{userConfig.GetText("destination_zone")}"); + report.AppendLine($"{userConfig.GetText("destination")}"); + report.AppendLine($"{userConfig.GetText("services")}"); + report.AppendLine($"{userConfig.GetText("action")}"); + report.AppendLine($"{userConfig.GetText("track")}"); + report.AppendLine($"{userConfig.GetText("enabled")}"); + report.AppendLine($"{userConfig.GetText("uid")}"); + report.AppendLine($"{userConfig.GetText("comment")}"); + report.AppendLine(""); + } - int objNumber = 1; - if (management.ReportObjects != null && ReportType == ReportType.Rules) + private void appendRulesForDeviceHtml(ref StringBuilder report, DeviceReport device, RuleDisplayHtml ruleDisplayHtml) + { + if (device.ContainsRules()) + { + report.AppendLine($"

    {device.Name}

    "); + report.AppendLine("
    "); + report.AppendLine(""); + appendRuleHeadlineHtml(ref report); + foreach (var rule in device.Rules!) { - report.AppendLine($"

    {userConfig.GetText("network_objects")}

    "); - report.AppendLine("
    "); - report.AppendLine("
    "); - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine(""); - foreach (NetworkObject nwobj in management.ReportObjects) + if (string.IsNullOrEmpty(rule.SectionHeader)) { report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - if (nwobj.MemberNames != null && nwobj.MemberNames.Contains('|')) - report.AppendLine($""); - else - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); + report.AppendLine($""); + if(ReportType == ReportType.Recertification) + { + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + } + if(ReportType == ReportType.UnusedRules) + { + report.AppendLine($""); + } + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); report.AppendLine(""); } - report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("ip_address")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    {objNumber++}{nwobj.Name}{nwobj.Type.Name}{nwobj.IP}{(nwobj.IpEnd != null && nwobj.IpEnd != "" && nwobj.IpEnd != nwobj.IP ? $"-{nwobj.IpEnd}" : "")}{string.Join("
    ", nwobj.MemberNames.Split('|'))}    		{nwobj.MemberNames}{nwobj.Uid}{nwobj.Comment}{ruleDisplayHtml.DisplayNumber(rule)}{ruleDisplayHtml.DisplayNextRecert(rule)}{ruleDisplayHtml.DisplayOwner(rule)}{ruleDisplayHtml.DisplayRecertIpMatches(rule)}{ruleDisplayHtml.DisplayLastHit(rule)}{ruleDisplayHtml.DisplayLastHit(rule)}{ruleDisplayHtml.DisplayName(rule)}{ruleDisplayHtml.DisplaySourceZone(rule)}{ruleDisplayHtml.DisplaySource(rule, OutputLocation.export, ReportType)}{ruleDisplayHtml.DisplayDestinationZone(rule)}{ruleDisplayHtml.DisplayDestination(rule, OutputLocation.export, ReportType)}{ruleDisplayHtml.DisplayServices(rule, OutputLocation.export, ReportType)}{ruleDisplayHtml.DisplayAction(rule)}{ruleDisplayHtml.DisplayTrack(rule)}{ruleDisplayHtml.DisplayEnabled(rule, OutputLocation.export)}{ruleDisplayHtml.DisplayUid(rule)}{ruleDisplayHtml.DisplayComment(rule)}
    "); - } - - if (management.ReportServices != null && ReportType == ReportType.Rules) - { - report.AppendLine($"

    {userConfig.GetText("network_services")}

    "); - report.AppendLine("
    "); - report.AppendLine(""); - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine(""); - objNumber = 1; - foreach (NetworkService svcobj in management.ReportServices) + else { report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort) - report.AppendLine($""); - else - report.AppendLine($""); - if (svcobj.MemberNames != null && svcobj.MemberNames.Contains("|")) - report.AppendLine($""); - else - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); + report.AppendLine($""); report.AppendLine(""); } - report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("protocol")}{userConfig.GetText("port")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    {objNumber++}{svcobj.Name}{svcobj.Name}{((svcobj.Protocol != null) ? svcobj.Protocol.Name : "")}{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}{svcobj.DestinationPort}{string.Join("
    ", svcobj.MemberNames.Split('|'))}    		{svcobj.MemberNames}{svcobj.Uid}{svcobj.Comment}{rule.SectionHeader}
    "); } + report.AppendLine(""); + } + } - if (management.ReportUsers != null && ReportType == ReportType.Rules) + private void appendObjectsForManagementHtml(ref StringBuilder report, ManagementReport managementReport) + { + int objNumber = 1; + appendNetworkObjectsForManagementHtml(ref report, ref objNumber, managementReport); + appendNetworkServicesForManagementHtml(ref report, ref objNumber, managementReport); + appendUsersForManagementHtml(ref report, ref objNumber, managementReport); + } + + private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport) + { + if (managementReport.ReportObjects != null && !ReportType.IsResolvedReport()) + { + report.AppendLine($"

    {userConfig.GetText("network_objects")}

    "); + report.AppendLine("
    "); + report.AppendLine(""); + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(""); + foreach (var nwobj in managementReport.ReportObjects) { - report.AppendLine($"

    {userConfig.GetText("users")}

    "); - report.AppendLine("
    "); - report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("ip_address")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    "); report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(nwobj.MemberNamesAsHtml()); + report.AppendLine($""); + report.AppendLine($""); report.AppendLine(""); - objNumber = 1; - foreach (NetworkUser userobj in management.ReportUsers) - { - report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - if (userobj.MemberNames != null && userobj.MemberNames.Contains("|")) - report.AppendLine($""); - else - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine(""); - } - report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}{objNumber++}{nwobj.Name}{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}{nwobj.Uid}{nwobj.Comment}
    {objNumber++}{userobj.Name}{userobj.Name}{string.Join("
    ", userobj.MemberNames.Split('|'))}    		{userobj.MemberNames}{userobj.Uid}{userobj.Comment}
    "); } + report.AppendLine(""); + } + } + private void appendNetworkServicesForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport) + { + if (managementReport.ReportServices != null && !ReportType.IsResolvedReport()) + { + report.AppendLine($"

    {userConfig.GetText("network_services")}

    "); + report.AppendLine("
    "); + report.AppendLine(""); + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(""); + objNumber = 1; + foreach (var svcobj in managementReport.ReportServices) + { + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort) + report.AppendLine($""); + else + report.AppendLine($""); + report.AppendLine(svcobj.MemberNamesAsHtml()); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(""); + } report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("protocol")}{userConfig.GetText("port")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    {objNumber++}{svcobj.Name}{(svcobj.Type.Name != "" ? userConfig.GetText(svcobj.Type.Name) : "")}{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol != null) ? svcobj.Protocol.Name : "")}{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}{svcobj.DestinationPort}{svcobj.Uid}{svcobj.Comment}
    "); } + } - return GenerateHtmlFrame(title: userConfig.GetText("rules_report"), Query.RawFilter, DateTime.Now, report); + private void appendUsersForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport) + { + if (managementReport.ReportUsers != null && !ReportType.IsResolvedReport()) + { + report.AppendLine($"

    {userConfig.GetText("users")}

    "); + report.AppendLine("
    "); + report.AppendLine(""); + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(""); + objNumber = 1; + foreach (var userobj in managementReport.ReportUsers) + { + report.AppendLine(""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(userobj.MemberNamesAsHtml()); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine(""); + } + report.AppendLine("
    {userConfig.GetText("number")}{userConfig.GetText("name")}{userConfig.GetText("type")}{userConfig.GetText("members")}{userConfig.GetText("uid")}{userConfig.GetText("comment")}
    {objNumber++}{userobj.Name}{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}{userobj.Uid}{userobj.Comment}
    "); + } } } } diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs index 1b9caded7..f1315231c 100644 --- a/roles/lib/files/FWO.Report/ReportStatistics.cs +++ b/roles/lib/files/FWO.Report/ReportStatistics.cs @@ -1,41 +1,29 @@ +using FWO.GlobalConstants; using FWO.Api.Data; using System.Text; using FWO.Api.Client; using FWO.Report.Filter; -using FWO.Api.Client.Queries; using System.Text.Json; using FWO.Config.Api; using FWO.Logging; namespace FWO.Report { - public class ReportStatistics : ReportBase + public class ReportStatistics : ReportDevicesBase { // TODO: Currently generated in Report.razor as well as here, because of export. Remove dupliacte. - private Management globalStatisticsManagement = new Management(); + private ManagementReport globalStatisticsManagement = new (); - public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { } + public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {} - public override async Task GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) - { - await callback(Managements); - // currently no further objects to be fetched - GotObjectsInReport = true; - return true; - } - public override Task GetObjectsForManagementInReport(Dictionary objQueryVariables, byte objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) + public override async Task Generate(int _, ApiConnection apiConnection, Func callback, CancellationToken ct) { - return Task.FromResult(true); - } + List managementsWithRelevantImportId = await getRelevantImportIds(apiConnection); - public override async Task Generate(int _, ApiConnection apiConnection, Func callback, CancellationToken ct) - { - Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection); + ReportData.ManagementData = new (); - List resultList = new List(); - - foreach (Management relevantMgmt in managementsWithRelevantImportId) + foreach (var relevantMgmt in managementsWithRelevantImportId) { if (ct.IsCancellationRequested) { @@ -46,12 +34,11 @@ public override async Task Generate(int _, ApiConnection apiConnection, Func(Query.FullQuery, Query.QueryVariables))[0]); + ReportData.ManagementData.Add((await apiConnection.SendQueryAsync>(Query.FullQuery, Query.QueryVariables))[0]); } - Managements = resultList.ToArray(); - await callback(Managements); + await callback(ReportData); - foreach (Management mgm in Managements.Where(mgt => !mgt.Ignore)) + foreach (ManagementReport mgm in ReportData.ManagementData.Where(mgt => !mgt.Ignore)) { globalStatisticsManagement.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount; globalStatisticsManagement.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount; @@ -60,18 +47,32 @@ public override async Task Generate(int _, ApiConnection apiConnection, Func GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func callback) + { + await callback(ReportData); + // currently no further objects to be fetched + GotObjectsInReport = true; + return true; + } + + public override Task GetObjectsForManagementInReport(Dictionary objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func callback) + { + return Task.FromResult(true); + } + public override string ExportToJson() { globalStatisticsManagement.Name = "global statistics"; - Management[] combinedManagements = (new Management[] { globalStatisticsManagement }).Concat(Managements.Where(mgt => !mgt.Ignore)).ToArray(); + List combinedManagements = new (){ globalStatisticsManagement }; + combinedManagements.AddRange(ReportData.ManagementData.Where(mgt => !mgt.Ignore)); return JsonSerializer.Serialize(combinedManagements, new JsonSerializerOptions { WriteIndented = true }); } public override string ExportToCsv() { - StringBuilder csvBuilder = new StringBuilder(); + StringBuilder csvBuilder = new (); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore)) + foreach (ManagementReport managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore)) { //foreach (var item in collection) //{ @@ -84,7 +85,7 @@ public override string ExportToCsv() public override string ExportToHtml() { - StringBuilder report = new StringBuilder(); + StringBuilder report = new (); report.AppendLine($"

    {userConfig.GetText("glob_no_obj")}

    "); report.AppendLine(""); @@ -103,9 +104,9 @@ public override string ExportToHtml() report.AppendLine("
    "); report.AppendLine("
    "); - foreach (Management management in Managements.Where(mgt => !mgt.Ignore)) + foreach (ManagementReport managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore)) { - report.AppendLine($"

    {userConfig.GetText("no_of_obj")} - {management.Name}

    "); + report.AppendLine($"

    {userConfig.GetText("no_of_obj")} - {managementReport.Name}

    "); report.AppendLine(""); report.AppendLine(""); report.AppendLine($""); @@ -114,10 +115,10 @@ public override string ExportToHtml() report.AppendLine($""); report.AppendLine(""); report.AppendLine(""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); - report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); + report.AppendLine($""); report.AppendLine(""); report.AppendLine("
    {userConfig.GetText("network_objects")}{userConfig.GetText("rules")}
    {management.NetworkObjectStatistics.ObjectAggregate.ObjectCount}{management.ServiceObjectStatistics.ObjectAggregate.ObjectCount}{management.UserObjectStatistics.ObjectAggregate.ObjectCount}{management.RuleStatistics.ObjectAggregate.ObjectCount }{managementReport.NetworkObjectStatistics.ObjectAggregate.ObjectCount}{managementReport.ServiceObjectStatistics.ObjectAggregate.ObjectCount}{managementReport.UserObjectStatistics.ObjectAggregate.ObjectCount}{managementReport.RuleStatistics.ObjectAggregate.ObjectCount }
    "); report.AppendLine("
    "); @@ -128,18 +129,20 @@ public override string ExportToHtml() report.AppendLine($"{userConfig.GetText("gateway")}"); report.AppendLine($"{userConfig.GetText("rules")}"); report.AppendLine(""); - foreach (Device device in management.Devices) + foreach (var device in managementReport.Devices) { - report.AppendLine(""); - report.AppendLine($"{device.Name}"); - if (device.RuleStatistics != null) + if (device.RuleStatistics != null) + { + report.AppendLine(""); + report.AppendLine($"{device.Name}"); report.AppendLine($"{device.RuleStatistics.ObjectAggregate.ObjectCount}"); - report.AppendLine(""); + report.AppendLine(""); + } } report.AppendLine(""); report.AppendLine("
    "); } - return GenerateHtmlFrame(title: userConfig.GetText("statistics_report"), Query.RawFilter, DateTime.Now, report); + return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report); } } } diff --git a/roles/lib/handlers/main.yml b/roles/lib/handlers/main.yml index c28bc46c6..1160a3436 100644 --- a/roles/lib/handlers/main.yml +++ b/roles/lib/handlers/main.yml @@ -7,14 +7,14 @@ delegate_to: "{{ inventory_hostname }}" listen: "lib handler" when: lib_handler_guard == "start" - become: yes + become: true - name: delete backup file: state: absent path: "{{ fworch_home }}/backup_lib" listen: "lib handler" - become: yes + become: true - name: fail message debug: diff --git a/roles/lib/tasks/install_dot_net.yml b/roles/lib/tasks/install_dot_net.yml index 2cc2d741e..615a875d7 100644 --- a/roles/lib/tasks/install_dot_net.yml +++ b/roles/lib/tasks/install_dot_net.yml @@ -6,8 +6,8 @@ - set_fact: distribution_version="{{ ansible_facts['distribution_version'] }}" when: ansible_facts['distribution']|lower == 'ubuntu' - - set_fact: distribution_version="11" - when: ansible_facts['distribution_release']|lower == 'bookworm' + - set_fact: distribution_version="{{ debian_testing_version }}" + when: ansible_facts['distribution_release']|lower == debian_testing_release_name # for all distros except ubuntu >=22.04 we need to include a package source - block: @@ -30,17 +30,17 @@ - name: apt update apt: update_cache=true - # when: ansible_facts['distribution']|lower != 'ubuntu' or - # (ansible_facts['distribution']|lower == 'ubuntu' and ansible_facts['distribution_major_version'] is version('22', '<')) + when: ansible_facts['distribution']|lower != 'ubuntu' or + (ansible_facts['distribution']|lower == 'ubuntu' and ansible_facts['distribution_major_version'] is version('22', '<')) # - name: update /etc/apt/preferences for ubuntu >=22 (https://github.com/dotnet/sdk/issues/27129) # blockinfile: # path: /etc/apt/preferences - # create: yes + # create: true # block: | - # Package: *net* + # Package: dotnet-* aspnetcore-* netstandard-* # Pin: origin packages.microsoft.com - # Pin-Priority: 1001 + # Pin-Priority: 999 # when: ansible_facts['distribution'] == "Ubuntu" and ansible_facts['distribution_major_version'] is version('22', '>=') # - name: make sure to use the ubuntu version of dotnet sdk on ubuntu >=22 @@ -61,5 +61,5 @@ - name: Install dotnet-sdk-{{ dotnet_version }} package: "name=dotnet-sdk-{{ dotnet_version }} state=present" - become: yes + become: true environment: "{{ proxy_env }}" \ No newline at end of file diff --git a/roles/lib/tasks/install_wkhtml_pdf.yml b/roles/lib/tasks/install_wkhtml_pdf.yml index cae670349..703c367a8 100644 --- a/roles/lib/tasks/install_wkhtml_pdf.yml +++ b/roles/lib/tasks/install_wkhtml_pdf.yml @@ -1,7 +1,24 @@ +# - name: show ansible_facts +# debug: +# msg: +# - "ansible_fact {{ item.key }} = {{ item.value }}" +# loop: "{{ ansible_facts|dict2items }}" + + +- set_fact: + os_codename: undefined + +- set_fact: + os_codename: bookworm + when: ansible_facts['distribution']|lower == "debian" and (ansible_facts['distribution_release'] == "bookworm" or ansible_facts['distribution_release'] == "trixie") + +- set_fact: + os_codename: jammy + when: ansible_facts['distribution']|lower == "ubuntu" and ansible_facts['distribution_version']|string is version('22', '>=') and ansible_facts['distribution_version']|string is version('22.10', '<') - block: - - name: install libs needed for pdf creator nuget packet HakanL/WkHtmlToPdf-DotNet + - name: install libs needed for pdf creator nuget package HakanL/WkHtmlToPdf-DotNet package: name: "{{ item }}" state: present @@ -14,26 +31,31 @@ - xfonts-75dpi - libssl-dev + + # install latest wkhtml package in addtion for newer OSes - block: - - name: download wkhtmltox for ubuntu 22.04 only + + - name: download wkhtmltox for {{ os_codename }} get_url: - url: https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox_0.12.6.1-2.jammy_amd64.deb - dest: "{{ lib_tmp_dir }}/wkhtmltox_0.12.6.1-2.jammy_amd64.deb" - force: yes + url: https://github.com/wkhtmltopdf/packaging/releases/download/{{ wkhtmltopdf_version }}/wkhtmltox_{{ wkhtmltopdf_version }}.{{ os_codename }}_amd64.deb + dest: "{{ lib_tmp_dir }}/{{ wkhtmltopdf_version }}.{{ os_codename }}_amd64.deb" + force: true mode: "0644" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" environment: "{{ proxy_env }}" - - name: install wkhtmltox for ubuntu 22.04 only - command: dpkg -i {{ lib_tmp_dir }}/wkhtmltox_0.12.6.1-2.jammy_amd64.deb + - name: install wkhtmltox for {{ os_codename }} + command: dpkg -i {{ lib_tmp_dir }}/{{ wkhtmltopdf_version }}.{{ os_codename }}_amd64.deb - - name: remove wkhtmltox package file after installation (for ubuntu 22.04 only) + - name: remove wkhtmltox package file after installation (for {{ os_codename }}) file: - path: "{{ lib_tmp_dir }}/wkhtmltox_0.12.6.1-2.jammy_amd64.deb" + path: "{{ lib_tmp_dir }}/wkhtmltox_{{ wkhtmltopdf_version }}.{{ os_codename }}_amd64.deb" state: absent - when: ansible_facts['distribution'] == "Ubuntu" and ansible_facts['distribution_version'] == '22.04' - become: yes + when: | + os_codename == "jammy" or os_codename == "bookworm" + + become: true environment: "{{ proxy_env }}" \ No newline at end of file diff --git a/roles/lib/tasks/main.yml b/roles/lib/tasks/main.yml index 78dcd4cc0..b20c7445f 100644 --- a/roles/lib/tasks/main.yml +++ b/roles/lib/tasks/main.yml @@ -41,21 +41,12 @@ include_tasks: install_wkhtml_pdf.yml - name: copy {{ product_name }} dotnet lib files to lib target - copy: - src: "{{ item }}" + synchronize: + src: "./" dest: "{{ lib_dir }}" - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - loop: - - FWO.Api.Client - - FWO.Middleware - - FWO.Middleware.Client - - FWO.Logging - - FWO.Config.Api - - FWO.Config.File - - FWO.Report - - FWO.Report.Filter - - FWO.DeviceAutoDiscovery + rsync_opts: + - "--chown={{ fworch_user }}:{{ fworch_group }}" + tags: [ 'test' ] - name: finalize handler for datarecovery set_fact: @@ -68,6 +59,6 @@ set_fact: lib_role_has_run: true - become: yes + become: true when: not lib_role_has_run|bool # make sure lib role is only run once per host to save time diff --git a/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs new file mode 100644 index 000000000..38bd17291 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs @@ -0,0 +1,564 @@ +using FWO.Logging; +using NetTools; +using FWO.Api.Client; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using System.Text.Json; +using FWO.Middleware.RequestParameters; +using FWO.Api.Client.Queries; +using Novell.Directory.Ldap; +using System.Data; +using Microsoft.IdentityModel.Tokens; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the App Data Import + /// + public class AppDataImport : DataImportBase + { + private List importedApps = new(); + private List existingApps = new(); + private List existingAppServers = new(); + + private Ldap internalLdap = new(); + + private List connectedLdaps = new(); + private string modellerRoleDn = ""; + private string requesterRoleDn = ""; + private string implementerRoleDn = ""; + private string reviewerRoleDn = ""; + List allGroups = new(); + + + /// + /// Constructor for App Data Import + /// + public AppDataImport(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig) + { } + + /// + /// Run the App Data Import + /// + public async Task Run() + { + try + { + List importfilePathAndNames = JsonSerializer.Deserialize>(globalConfig.ImportAppDataPath) ?? throw new Exception("Config Data could not be deserialized."); + await InitLdap(); + foreach (var importfilePathAndName in importfilePathAndNames) + { + if (!RunImportScript(importfilePathAndName + ".py")) + { + Log.WriteInfo("Import App Data", $"Script {importfilePathAndName}.py failed but trying to import from existing file."); + } + await ImportSingleSource(importfilePathAndName + ".json"); + } + } + catch (Exception exc) + { + Log.WriteError("Import App Data", $"Import could not be processed.", exc); + return false; + } + return true; + } + + private async Task InitLdap() + { + connectedLdaps = await apiConnection.SendQueryAsync>(AuthQueries.getLdapConnections); + internalLdap = connectedLdaps.FirstOrDefault(x => x.IsInternal() && x.HasGroupHandling()) ?? throw new Exception("No internal Ldap with group handling found."); + modellerRoleDn = $"cn=modeller,{internalLdap.RoleSearchPath}"; + requesterRoleDn = $"cn=requester,{internalLdap.RoleSearchPath}"; + implementerRoleDn = $"cn=implementer,{internalLdap.RoleSearchPath}"; + reviewerRoleDn = $"cn=reviewer,{internalLdap.RoleSearchPath}"; + allGroups = internalLdap.GetAllInternalGroups(); + } + + private async Task ImportSingleSource(string importfileName) + { + try + { + ReadFile(importfileName); + ModellingImportOwnerData? importedOwnerData = JsonSerializer.Deserialize(importFile) ?? throw new Exception("File could not be parsed."); + if (importedOwnerData != null && importedOwnerData.Owners != null) + { + importedApps = importedOwnerData.Owners; + await ImportApps(importfileName); + } + } + catch (Exception exc) + { + Log.WriteError("Import App Data", $"File {importfileName} could not be processed.", exc); + return false; + } + return true; + } + + private async Task ImportApps(string importfileName) + { + int successCounter = 0; + int failCounter = 0; + int deleteCounter = 0; + int deleteFailCounter = 0; + + existingApps = await apiConnection.SendQueryAsync>(Api.Client.Queries.OwnerQueries.getOwners); + foreach (var incomingApp in importedApps) + { + if (await SaveApp(incomingApp)) + { + ++successCounter; + } + else + { + ++failCounter; + } + foreach (var existingApp in existingApps.Where(x => x.ImportSource == incomingApp.ImportSource && x.Active)) + { + if (importedApps.FirstOrDefault(x => x.Name == existingApp.Name) == null) + { + if (await DeactivateApp(existingApp)) + { + ++deleteCounter; + } + else + { + ++deleteFailCounter; + } + } + } + } + Log.WriteInfo("Import App Data", $"Imported from {importfileName}: {successCounter} apps, {failCounter} failed. Deactivated {deleteCounter} apps, {deleteFailCounter} failed."); + } + + private async Task SaveApp(ModellingImportAppData incomingApp) + { + try + { + string userGroupDn; + FwoOwner? existingApp = existingApps.FirstOrDefault(x => x.ExtAppId == incomingApp.ExtAppId); + if (existingApp == null) + { + userGroupDn = await NewApp(incomingApp); + } + else + { + userGroupDn = await UpdateApp(incomingApp, existingApp); + } + + // in order to store email addresses of users in the group in UiUser for email notification: + await AddAllGroupMembersToUiUser(userGroupDn); + + } + catch (Exception exc) + { + Log.WriteError("Import App Data", $"App {incomingApp.Name} could not be processed.", exc); + return false; + } + return true; + } + + private async Task NewApp(ModellingImportAppData incomingApp) + { + string userGroupDn; + if (true) + { + userGroupDn = CreateUserGroup(incomingApp); + } + else + { + // alternatively: simply use an existing usergroup from external LDAP + // TODO: needs to be implemented + // userGroupDn = incomingApp.Name + "external-ldap-path"; + } + + var Variables = new + { + name = incomingApp.Name, + dn = incomingApp.MainUser ?? "", + groupDn = userGroupDn, + appIdExternal = incomingApp.ExtAppId, + criticality = incomingApp.Criticality, + importSource = incomingApp.ImportSource, + commSvcPossible = false + }; + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(OwnerQueries.newOwner, Variables)).ReturnIds; + if (returnIds != null) + { + int appId = returnIds[0].NewId; + foreach (var appServer in incomingApp.AppServers) + { + await NewAppServer(appServer, appId, incomingApp.ImportSource); + } + } + return userGroupDn; + } + + private async Task UpdateApp(ModellingImportAppData incomingApp, FwoOwner existingApp) + { + string userGroupDn = existingApp.GroupDn; + if (existingApp.GroupDn == null || existingApp.GroupDn == "") + { + GroupGetReturnParameters? groupWithSameName = allGroups.FirstOrDefault(x => new DistName(x.GroupDn).Group == GroupName(incomingApp.ExtAppId)); + if (groupWithSameName != null) + { + if (userGroupDn == "") + { + userGroupDn = groupWithSameName.GroupDn; + } + UpdateUserGroup(incomingApp, groupWithSameName.GroupDn); + } + else + { + userGroupDn = CreateUserGroup(incomingApp); + } + } + else + { + UpdateUserGroup(incomingApp, userGroupDn); + } + + var Variables = new + { + id = existingApp.Id, + name = incomingApp.Name, + dn = incomingApp.MainUser ?? "", + groupDn = userGroupDn, + appIdExternal = incomingApp.ExtAppId, + criticality = incomingApp.Criticality, + commSvcPossible = existingApp.CommSvcPossible + }; + await apiConnection.SendQueryAsync(OwnerQueries.updateOwner, Variables); + await ImportAppServers(incomingApp, existingApp.Id); + return userGroupDn; + } + + private async Task DeactivateApp(FwoOwner app) + { + try + { + await apiConnection.SendQueryAsync(Api.Client.Queries.OwnerQueries.deactivateOwner, new { id = app.Id }); + } + catch (Exception exc) + { + Log.WriteError("Import App Data", $"Outdated App {app.Name} could not be deactivated.", exc); + return false; + } + return true; + } + + private static string GroupName(string appName) + { + return GlobalConst.kModellerGroup + appName; + } + + /// + /// for each user of a remote ldap group create a user in uiuser + /// this is necessary in order to get details like email address for users + /// which have never logged in but who need to be notified via email + /// + private async Task AddAllGroupMembersToUiUser(string userGroupDn) + { + foreach (Ldap ldap in connectedLdaps) + { + foreach (string memberDn in ldap.GetGroupMembers(userGroupDn)) + { + await UiUserHandler.UpsertUiUser(apiConnection, await ConvertLdapToUiUser(apiConnection, memberDn), false); + } + } + } + + private async Task ConvertLdapToUiUser(ApiConnection apiConnection, string userDn) + { + // add the modelling user to local uiuser table for later ref to email address + UiUser uiUser = new(); + + // find the user in all connected ldaps + foreach (Ldap ldap in connectedLdaps) + { + if (!ldap.UserSearchPath.IsNullOrEmpty() && userDn.ToLower().Contains(ldap.UserSearchPath.ToLower())) + { + LdapEntry ldapUser = ldap.GetUserDetailsFromLdap(userDn); + + if (ldapUser != null) + { + // add data from ldap entry to uiUser + uiUser = new() + { + LdapConnection = new UiLdapConnection(), + Dn = ldapUser.Dn, + Name = ldap.GetName(ldapUser), + Firstname = ldap.GetFirstName(ldapUser), + Lastname = ldap.GetLastName(ldapUser), + Email = ldap.GetEmail(ldapUser), + Tenant = await DeriveTenantFromLdap(ldap, ldapUser) + }; + uiUser.LdapConnection.Id = ldap.Id; + return uiUser; + } + } + } + return uiUser; + + } + + private async Task DeriveTenantFromLdap(Ldap ldap, LdapEntry ldapUser) + { + // try to derive the the user's tenant from the ldap settings + + Tenant tenant = new() + { + Id = GlobalConst.kTenant0Id // default: tenant0 (id=1) + }; + + string tenantName = ""; + + // can we derive the users tenant purely from its ldap? + if (!ldap.GlobalTenantName.IsNullOrEmpty() || ldap.TenantLevel > 0) + { + if (ldap.TenantLevel > 0) + { + // getting tenant via tenant level setting from distinguished name + tenantName = ldap.GetTenantName(ldapUser); + } + else + { + if (!ldap.GlobalTenantName.IsNullOrEmpty()) + { + tenantName = ldap.GlobalTenantName; + } + } + + var variables = new { tenant_name = tenantName }; + Tenant[] tenants = await apiConnection.SendQueryAsync(AuthQueries.getTenantId, variables, "getTenantId"); + if (tenants.Length == 1) + { + tenant.Id = tenants[0].Id; + } + } + + return tenant; + + } + + private string CreateUserGroup(ModellingImportAppData incomingApp) + { + string groupDn = ""; + if (incomingApp.Modellers != null && incomingApp.Modellers.Count > 0 + || incomingApp.ModellerGroups != null && incomingApp.ModellerGroups.Count > 0) + { + string groupName = GroupName(incomingApp.ExtAppId); + groupDn = internalLdap.AddGroup(groupName, true); + if (incomingApp.Modellers != null) + { + foreach (var modeller in incomingApp.Modellers) + { + // add user to internal group: + internalLdap.AddUserToEntry(modeller, groupDn); + } + } + if (incomingApp.ModellerGroups != null) + { + foreach (var modellerGrp in incomingApp.ModellerGroups) + { + internalLdap.AddUserToEntry(modellerGrp, groupDn); + } + } + internalLdap.AddUserToEntry(groupDn, modellerRoleDn); + internalLdap.AddUserToEntry(groupDn, requesterRoleDn); + internalLdap.AddUserToEntry(groupDn, implementerRoleDn); + internalLdap.AddUserToEntry(groupDn, reviewerRoleDn); + } + return groupDn; + } + + private string UpdateUserGroup(ModellingImportAppData incomingApp, string groupDn) + { + List existingMembers = (allGroups.FirstOrDefault(x => x.GroupDn == groupDn) ?? throw new Exception("Group could not be found.")).Members; + if (incomingApp.Modellers != null) + { + foreach (var modeller in incomingApp.Modellers) + { + if (existingMembers.FirstOrDefault(x => x.ToLower() == modeller.ToLower()) == null) + { + internalLdap.AddUserToEntry(modeller, groupDn); + } + } + } + if (incomingApp.ModellerGroups != null) + { + foreach (var modellerGrp in incomingApp.ModellerGroups) + { + if (existingMembers.FirstOrDefault(x => x.ToLower() == modellerGrp.ToLower()) == null) + { + internalLdap.AddUserToEntry(modellerGrp, groupDn); + } + } + } + foreach (var member in existingMembers) + { + if ((incomingApp.Modellers == null || incomingApp.Modellers.FirstOrDefault(x => x.ToLower() == member.ToLower()) == null) + && (incomingApp.ModellerGroups == null || incomingApp.ModellerGroups.FirstOrDefault(x => x.ToLower() == member.ToLower()) == null)) + { + internalLdap.RemoveUserFromEntry(member, groupDn); + } + } + return groupDn; + } + + private async Task ImportAppServers(ModellingImportAppData incomingApp, int applId) + { + int successCounter = 0; + int failCounter = 0; + int deleteCounter = 0; + int deleteFailCounter = 0; + + var Variables = new + { + importSource = incomingApp.ImportSource, + appId = applId + }; + existingAppServers = await apiConnection.SendQueryAsync>(Api.Client.Queries.ModellingQueries.getImportedAppServers, Variables); + foreach (var incomingAppServer in incomingApp.AppServers) + { + if (await SaveAppServer(incomingAppServer, applId, incomingApp.ImportSource)) + { + ++successCounter; + } + else + { + ++failCounter; + } + } + foreach (var existingAppServer in existingAppServers) + { + if (incomingApp.AppServers.FirstOrDefault(x => IpAsCidr(x.Ip) == IpAsCidr(existingAppServer.Ip)) == null) + { + if (await MarkDeletedAppServer(existingAppServer)) + { + ++deleteCounter; + } + else + { + ++deleteFailCounter; + } + } + } + Log.WriteDebug($"Import App Server Data for App {incomingApp.Name}", $"Imported {successCounter} app servers, {failCounter} failed. {deleteCounter} app servers marked as deleted, {deleteFailCounter} failed."); + } + + private async Task SaveAppServer(ModellingImportAppServer incomingAppServer, int appID, string impSource) + { + try + { + ModellingAppServer? existingAppServer = existingAppServers.FirstOrDefault(x => IpAsCidr(x.Ip) == IpAsCidr(incomingAppServer.Ip)); + if (existingAppServer == null) + { + return await NewAppServer(incomingAppServer, appID, impSource); + } + else + { + if (existingAppServer.IsDeleted) + { + return await ReactivateAppServer(existingAppServer); + } + if (existingAppServer.CustomType == null) + { + return await UpdateAppServerType(existingAppServer); + } + } + return true; + } + catch (Exception exc) + { + Log.WriteError("Import App Server Data", $"App Server {incomingAppServer.Name} could not be processed.", exc); + return false; + } + } + + private async Task NewAppServer(ModellingImportAppServer incomingAppServer, int appID, string impSource) + { + try + { + var Variables = new + { + name = incomingAppServer.Name, + appId = appID, + ip = IpAsCidr(incomingAppServer.Ip), + ipEnd = incomingAppServer.IpEnd != "" ? IpAsCidr(incomingAppServer.IpEnd) : IpAsCidr(incomingAppServer.Ip), + importSource = impSource, + customType = 0 + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.newAppServer, Variables); + } + catch (Exception exc) + { + Log.WriteError("Import App Server Data", $"App Server {incomingAppServer.Name} could not be processed.", exc); + return false; + } + return true; + } + + private async Task ReactivateAppServer(ModellingAppServer appServer) + { + try + { + var Variables = new + { + id = appServer.Id, + deleted = false + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.setAppServerDeletedState, Variables); + } + catch (Exception exc) + { + Log.WriteError("Import App Server Data", $"App Server {appServer.Name} could not be reactivated.", exc); + return false; + } + return true; + } + + private async Task UpdateAppServerType(ModellingAppServer appServer) + { + try + { + var Variables = new + { + id = appServer.Id, + customType = 0 + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.setAppServerType, Variables); + } + catch (Exception exc) + { + Log.WriteError("Import App Server Data", $"Type of App Server {appServer.Name} could not be set.", exc); + return false; + } + return true; + } + + private async Task MarkDeletedAppServer(ModellingAppServer appServer) + { + try + { + var Variables = new + { + id = appServer.Id, + deleted = true + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.setAppServerDeletedState, Variables); + } + catch (Exception exc) + { + Log.WriteError("Import AppServer Data", $"Outdated AppServer {appServer.Name} could not be marked as deleted.", exc); + return false; + } + return true; + } + + private static string IpAsCidr(string ip) + { + return IPAddressRange.Parse(ip).ToCidrString(); + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs b/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs new file mode 100644 index 000000000..f91484c5c --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs @@ -0,0 +1,229 @@ +using FWO.Logging; +using FWO.Api.Client; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using System.Text.Json; + + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the Area Subnet Data Import + /// + public class AreaSubnetDataImport : DataImportBase + { + private List importedAreas = new(); + private List existingAreas = new(); + + + /// + /// Constructor for Area Subnet Data Import + /// + public AreaSubnetDataImport(ApiConnection apiConnection, GlobalConfig globalConfig) : base (apiConnection, globalConfig) + {} + + /// + /// Run the Area Subnet Data Import + /// + public async Task Run() + { + if(!RunImportScript(globalConfig.ImportSubnetDataPath + ".py")) + { + Log.WriteInfo("Import Area Subnet Data", $"Script {globalConfig.ImportSubnetDataPath}.py failed but trying to import from existing file."); + } + ReadFile(globalConfig.ImportSubnetDataPath + ".json"); + + int successCounter = 0; + int failCounter = 0; + int deleteCounter = 0; + int deleteFailCounter = 0; + try + { + ModellingImportNwData? importedNwData = JsonSerializer.Deserialize(importFile) ?? throw new Exception("File could not be parsed."); + if(importedNwData != null && importedNwData.Areas != null) + { + importedAreas = importedNwData.Areas; + existingAreas = await apiConnection.SendQueryAsync>(Api.Client.Queries.ModellingQueries.getAreas); + foreach(var incomingArea in importedAreas) + { + if(await SaveArea(incomingArea)) + { + ++successCounter; + } + else + { + ++failCounter; + } + } + foreach(var existingArea in existingAreas) + { + if(importedAreas.FirstOrDefault(x => x.Name == existingArea.Name) == null) + { + if(await DeleteArea(existingArea)) + { + ++deleteCounter; + } + else + { + ++deleteFailCounter; + } + } + } + } + else + { + Log.WriteInfo("Import Area Subnet Data", $"No Area Data found in {importFile} No changes done. "); + } + } + catch (Exception exc) + { + Log.WriteError("Import Area Subnet Data", $"File could not be processed.", exc); + return false; + } + Log.WriteInfo("Import Area Subnet Data", $"Imported {successCounter} areas, {failCounter} failed. Deleted {deleteCounter} areas, {deleteFailCounter} failed."); + return true; + } + + private async Task SaveArea(ModellingImportAreaData incomingArea) + { + try + { + ModellingNetworkArea? existingArea = existingAreas.FirstOrDefault(x => x.Name == incomingArea.Name); + if(existingArea == null) + { + await NewArea(incomingArea); + } + else + { + await UpdateArea(incomingArea, existingArea); + } + } + catch (Exception exc) + { + Log.WriteError("Import Area Subnet Data", $"Area {incomingArea.Name}({incomingArea.IdString}) could not be processed.", exc); + return false; + } + return true; + } + + private async Task NewArea(ModellingImportAreaData incomingArea) + { + var AreaVar = new + { + name = incomingArea.Name, + idString = incomingArea.IdString, + creator = GlobalConst.kImportAreaSubnetData + }; + ReturnId[]? areaIds = (await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.newArea, AreaVar)).ReturnIds; + if (areaIds != null) + { + foreach(var subnet in incomingArea.Subnets) + { + var SubnetVar = new + { + name = subnet.Name, + ip = subnet.Ip, + ipEnd = subnet.IpEnd != "" ? subnet.IpEnd : subnet.Ip, + importSource = GlobalConst.kImportAreaSubnetData + }; + ReturnId[]? subnetIds= (await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.newAreaSubnet, SubnetVar)).ReturnIds; + if (subnetIds != null) + { + var Vars = new + { + nwObjectId = subnetIds[0].NewId, + nwGroupId = areaIds[0].NewId + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.addNwObjectToNwGroup, Vars); + } + } + } + } + + private async Task UpdateArea(ModellingImportAreaData incomingArea, ModellingNetworkArea existingArea) + { + List subnetsToAdd = new (incomingArea.Subnets); + List subnetsToDelete = new (existingArea.Subnets); + foreach(var existingSubnet in existingArea.Subnets) + { + foreach(var incomingSubnet in incomingArea.Subnets) + { + if(incomingSubnet.Name == existingSubnet.Content.Name && incomingSubnet.Ip == existingSubnet.Content.Ip && + (incomingSubnet.IpEnd == existingSubnet.Content.IpEnd) || (incomingSubnet.IpEnd == "" && existingSubnet.Content.Ip == existingSubnet.Content.IpEnd)) + { + subnetsToAdd.Remove(incomingSubnet); + subnetsToDelete.Remove(existingSubnet); + } + } + } + foreach(var subnet in subnetsToDelete) + { + await apiConnection.SendQueryAsync(Api.Client.Queries.OwnerQueries.deleteAreaSubnet, new { id = subnet.Content.Id }); + } + foreach(var subnet in subnetsToAdd) + { + var SubnetVar = new + { + name = subnet.Name, + ip = subnet.Ip, + ipEnd = subnet.IpEnd != "" ? subnet.IpEnd : subnet.Ip, + importSource = GlobalConst.kImportAreaSubnetData + }; + ReturnId[]? subnetIds= (await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.newAreaSubnet, SubnetVar)).ReturnIds; + if (subnetIds != null) + { + var Vars = new + { + nwObjectId = subnetIds[0].NewId, + nwGroupId = existingArea.Id, + }; + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.addNwObjectToNwGroup, Vars); + } + } + } + + private async Task DeleteArea(ModellingNetworkArea area) + { + try + { + // if(await CheckAreaInUse(area)) + // { + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.setAreaDeletedState, new { id = area.Id , deleted = true}); + await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.removeSelectedNwGroupObjectFromAllApps, new { nwGroupId = area.Id }); + // } + // else + // { + // await apiConnection.SendQueryAsync(Api.Client.Queries.ModellingQueries.deleteNwGroup, new { id = area.Id }); + // } + } + catch (Exception exc) + { + Log.WriteError("Import Area Subnet Data", $"Outdated Area {area.Name} could not be deleted.", exc); + return false; + } + return true; + } + + // private async Task CheckAreaInUse(ModellingNetworkArea area) + // { + // try + // { + // // List foundConnections = await apiConnection.SendQueryAsync>(ModellingQueries.getConnectionIdsForNwGroup, new { id = area.Id }); + // // if (foundConnections.Count == 0) + // // { + // // // Todo: further checks: appServer in area ? in any selection list ?? + // // if () + // // { + // // return false; + // // } + // // } + // return true; + // } + // catch (Exception) + // { + // return true; + // } + // } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs index b3d33351d..a98655e1a 100644 --- a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs @@ -1,5 +1,6 @@ using FWO.Api.Client; using FWO.Api.Client.Queries; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Config.Api; using FWO.Config.Api.Data; @@ -9,16 +10,19 @@ namespace FWO.Middleware.Server { - public class AutoDiscoverScheduler + /// + /// Class handling the scheduler for the autodiscovery + /// + public class AutoDiscoverScheduler : SchedulerBase { - private readonly ApiConnection apiConnection; - private GlobalConfig globalConfig; private long? lastMgmtAlertId; - private List openAlerts = new List(); private System.Timers.Timer ScheduleTimer = new(); private System.Timers.Timer AutoDiscoverTimer = new(); + /// + /// Async Constructor needing the connection + /// public static async Task CreateAsync(ApiConnection apiConnection) { GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(apiConnection, true); @@ -26,21 +30,24 @@ public static async Task CreateAsync(ApiConnection apiCon } private AutoDiscoverScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) - { - this.apiConnection = apiConnection; - this.globalConfig = globalConfig; - globalConfig.OnChange += GlobalConfig_OnChange; - startScheduleTimer(); - } + : base(apiConnection, globalConfig, ConfigQueries.subscribeAutodiscoveryConfigChanges) + {} - private void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _) + /// + /// set scheduling timer from config values + /// + protected override void OnGlobalConfigChange(List config) { - AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * 3600000; // convert hours to milliseconds ScheduleTimer.Stop(); - startScheduleTimer(); + globalConfig.SubscriptionPartialUpdateHandler(config.ToArray()); + AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * GlobalConst.kHoursToMilliseconds; + StartScheduleTimer(); } - public void startScheduleTimer() + /// + /// start the scheduling timer + /// + protected override void StartScheduleTimer() { if (globalConfig.AutoDiscoverSleepTime > 0) { @@ -74,7 +81,7 @@ private void StartAutoDiscoverTimer(object? _, ElapsedEventArgs __) AutoDiscoverTimer.Stop(); AutoDiscoverTimer = new(); AutoDiscoverTimer.Elapsed += AutoDiscover; - AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * 3600000; // convert hours to milliseconds + AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * GlobalConst.kHoursToMilliseconds; AutoDiscoverTimer.AutoReset = true; AutoDiscoverTimer.Start(); Log.WriteDebug("Autodiscover scheduler", "AutoDiscoverTimer started."); @@ -84,7 +91,6 @@ private async void AutoDiscover(object? _, ElapsedEventArgs __) { try { - openAlerts = await apiConnection.SendQueryAsync>(MonitorQueries.getOpenAlerts); List managements = await apiConnection.SendQueryAsync>(DeviceQueries.getManagementsDetails); foreach (Management superManagement in managements.Where(x => x.DeviceType.CanBeSupermanager() || x.DeviceType.CanBeAutodiscovered(x))) { @@ -104,123 +110,46 @@ private async void AutoDiscover(object? _, ElapsedEventArgs __) { action.RefAlertId = lastMgmtAlertId; } - action.AlertId = await setAlert(action); + action.AlertId = await SetAlert(action); ChangeCounter++; } - await AddAutoDiscoverLogEntry(0, globalConfig.GetText("scheduled_autodiscovery"), (ChangeCounter > 0 ? ChangeCounter + globalConfig.GetText("changes_found") : globalConfig.GetText("found_no_changes")), superManagement.Id); + await AddLogEntry(0, globalConfig.GetText("scheduled_autodiscovery"), + ChangeCounter > 0 ? ChangeCounter + globalConfig.GetText("changes_found") : globalConfig.GetText("found_no_changes"), + GlobalConst.kAutodiscovery, superManagement.Id); } catch (Exception excMgm) { Log.WriteError("Autodiscovery", $"Ran into exception while auto-discovering management {superManagement.Name} (id: {superManagement.Id}) ", excMgm); - ActionItem actionException = new ActionItem(); - actionException.Number = 0; - actionException.ActionType = ActionCode.WaitForTempLoginFailureToPass.ToString(); - actionException.ManagementId = superManagement.Id; - actionException.Supermanager = superManagement.Name; - actionException.JsonData = excMgm.Message; - await setAlert(actionException); - await AddAutoDiscoverLogEntry(1, globalConfig.GetText("scheduled_autodiscovery"), $"Ran into exception while handling management {superManagement.Name} (id: {superManagement.Id}): " + excMgm.Message, superManagement.Id); + ActionItem actionException = new() + { + Number = 0, + ActionType = ActionCode.WaitForTempLoginFailureToPass.ToString(), + ManagementId = superManagement.Id, + Supermanager = superManagement.Name, + JsonData = excMgm.Message + }; + await SetAlert(actionException); + await AddLogEntry(1, globalConfig.GetText("scheduled_autodiscovery"), + $"Ran into exception while handling management {superManagement.Name} (id: {superManagement.Id}): " + excMgm.Message, + GlobalConst.kAutodiscovery, superManagement.Id); } } } catch (Exception exc) { Log.WriteError("Autodiscovery", $"Ran into exception: ", exc); - Log.WriteAlert($"source: \"{GlobalConfig.kAutodiscovery}\"", + Log.WriteAlert($"source: \"{GlobalConst.kAutodiscovery}\"", $"userId: \"0\", title: \"Error encountered while trying to autodiscover\", description: \"{exc}\", alertCode: \"{AlertCode.Autodiscovery}\""); - await AddAutoDiscoverLogEntry(1, globalConfig.GetText("scheduled_autodiscovery"), globalConfig.GetText("ran_into_exception") + exc.Message); + await AddLogEntry(1, globalConfig.GetText("scheduled_autodiscovery"), globalConfig.GetText("ran_into_exception") + exc.Message, GlobalConst.kAutodiscovery); } } - public async Task setAlert(ActionItem action) + private async Task SetAlert(ActionItem action) { - long? alertId = null; - try - { - string title = "Supermanagement: " + action.Supermanager; - Log.WriteAlert($"source: \"{GlobalConfig.kAutodiscovery}\"", - $"userId: \"0\", title: \"{title}\", type: \"{action.ActionType}\", " + - $"mgmId: \"{action.ManagementId}\", devId: \"{action.DeviceId}\", jsonData: \"{action.JsonData?.ToString()}\", refAlert: \"{action.RefAlertId}\", alertCode: \"{AlertCode.Autodiscovery}\""); - var Variables = new - { - source = GlobalConfig.kAutodiscovery, - userId = 0, - title = title, - description = action.ActionType, - mgmId = action.ManagementId, - devId = action.DeviceId, - jsonData = action.JsonData, - refAlert = action.RefAlertId, - alertCode = (int)AlertCode.Autodiscovery - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addAlert, Variables)).ReturnIds; - if (returnIds != null) - { - alertId = returnIds[0].NewId; - if (action.ActionType == ActionCode.AddManagement.ToString()) - { - lastMgmtAlertId = alertId; - } - // Acknowledge older alert for same problem - Alert? existingAlert = openAlerts.FirstOrDefault(x => x.AlertCode == AlertCode.Autodiscovery - && x.Description == action.ActionType && x.ManagementId == action.ManagementId); - if (existingAlert != null) - { - await AcknowledgeAlert(existingAlert.Id); - } - } - else - { - Log.WriteError("Write Alert", "Log could not be written to database"); - } - } - catch (Exception exc) - { - Log.WriteError("Write Alert", $"Could not write Alert for autodiscovery: ", exc); - } - return alertId; - } - - public async Task AcknowledgeAlert(long alertId) - { - try - { - var Variables = new - { - id = alertId, - ackUser = 0, - ackTime = DateTime.Now - }; - await apiConnection.SendQueryAsync(MonitorQueries.acknowledgeAlert, Variables); - } - catch (Exception exception) - { - Log.WriteError("Acknowledge Alert", $"Could not acknowledge alert for autodiscovery: ", exception); - } - } - - public async Task AddAutoDiscoverLogEntry(int severity, string cause, string description, int? mgmtId = null) - { - try - { - var Variables = new - { - discoverUser = 0, - severity = severity, - suspectedCause = cause, - description = description, - mgmId = mgmtId - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addAutodiscoveryLogEntry, Variables)).ReturnIds; - if (returnIds == null) - { - Log.WriteError("Write Log", "Log could not be written to database"); - } - } - catch (Exception exc) - { - Log.WriteError("Write Log", $"Could not write log: ", exc); - } + string title = "Supermanagement: " + action.Supermanager; + lastMgmtAlertId = await SetAlert(title, action.ActionType ?? "", GlobalConst.kAutodiscovery, AlertCode.Autodiscovery, + action.ManagementId, action.JsonData?.ToString(), action.DeviceId, action.RefAlertId, true); + return lastMgmtAlertId; } } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs index f09dd335c..193ad7b0b 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs @@ -11,6 +11,9 @@ namespace FWO.Middleware.Controllers { + /// + /// Controller for Ldap administration + /// // [Authorize] [Route("api/[controller]")] [ApiController] @@ -19,6 +22,9 @@ public class AuthenticationServerController : ControllerBase private List ldaps; private readonly ApiConnection apiConnection; + /// + /// Constructor needing connection and ldap list + /// public AuthenticationServerController(ApiConnection apiConnection, List ldaps) { this.apiConnection = apiConnection; @@ -37,7 +43,7 @@ public AuthenticationServerController(ApiConnection apiConnection, List ld /// Ldap connection parameters /// [HttpGet("TestConnection")] - [Authorize(Roles = "admin, auditor")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] public ActionResult TestConnection([FromBody] LdapGetUpdateParameters parameters) { try @@ -47,14 +53,18 @@ public ActionResult TestConnection([FromBody] LdapGetUpdateParameters pa } catch (Exception e) { - Problem("Connection test failed: " + e.Message); + return Problem("Connection test failed: " + e.Message); } return Ok("Connection tested successfully"); } // GET: api/ + /// + /// Get all connected Ldaps. + /// + /// List of all connected Ldaps [HttpGet] - [Authorize(Roles = "admin, auditor")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] public async Task> Get() { UiLdapConnection[] ldapConnections = (await apiConnection.SendQueryAsync(AuthQueries.getAllLdapConnections)); @@ -67,8 +77,32 @@ public async Task> Get() } // POST api//5 + /// + /// Add Ldap connection + /// + /// + /// Name (optional) + /// Address (required) + /// Port (required) + /// Type (required) + /// PatternLength (required) + /// SearchUser (required) + /// Tls (required) + /// TenantLevel (required) + /// SearchUserPwd (required) + /// SearchpathForUsers (required) + /// SearchpathForRoles (optional) + /// SearchpathForGroups (optional) + /// WriteUser (optional) + /// WriteUserPwd (optional) + /// TenantId (optional) + /// GlobalTenantName (optional) + /// Active (required) + /// + /// LdapAddParameters + /// Id of new ldap, 0 if no ldap could be added [HttpPost] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task PostAsync([FromBody] LdapAddParameters ldapData)//, [FromHeader] string bearer) { // Add ldap to DB and to middleware ldap list @@ -86,8 +120,33 @@ public async Task PostAsync([FromBody] LdapAddParameters ldapData)//, [From } // PUT api//Update/5 + /// + /// Update Ldap connection + /// + /// + /// Id (required) + /// Name (optional) + /// Address (required) + /// Port (required) + /// Type (required) + /// PatternLength (required) + /// SearchUser (required) + /// Tls (required) + /// TenantLevel (required) + /// SearchUserPwd (required) + /// SearchpathForUsers (required) + /// SearchpathForRoles (optional) + /// SearchpathForGroups (optional) + /// WriteUser (optional) + /// WriteUserPwd (optional) + /// TenantId (optional) + /// GlobalTenantName (optional) + /// Active (required) + /// + /// LdapGetUpdateParameters + /// Id of updated ldap [HttpPut] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Update([FromBody] LdapGetUpdateParameters ldapData) { // Update ldap in DB and in middleware ldap list @@ -103,8 +162,16 @@ public async Task Update([FromBody] LdapGetUpdateParameters ldapData) } // DELETE api//5 + /// + /// Delete Ldap connection + /// + /// + /// Id (required) + /// + /// LdapDeleteParameters + /// Id of deleted ldap connection [HttpDelete] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Delete([FromBody] LdapDeleteParameters ldapData) { // Delete ldap in DB and in middleware ldap list diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs index 90642689c..f7fcb3c16 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs @@ -2,361 +2,397 @@ using FWO.Api.Client; using FWO.Api.Client.Queries; using FWO.Logging; +using FWO.GlobalConstants; using FWO.Middleware.Server; using Microsoft.AspNetCore.Mvc; using FWO.Middleware.RequestParameters; using System.Security.Authentication; -using Microsoft.AspNetCore.Authentication.OAuth; using Novell.Directory.Ldap; -using Microsoft.IdentityModel.Tokens; -using Microsoft.AspNetCore.Authorization; using System.Data; namespace FWO.Middleware.Controllers { - /// - /// Authentication token generation. Token is of type JSON web token (JWT). - /// - [ApiController] - [Route("api/[controller]")] - public class AuthenticationTokenController : ControllerBase - { - private readonly JwtWriter jwtWriter; - private readonly List ldaps; - private readonly ApiConnection apiConnection; - - public AuthenticationTokenController(JwtWriter jwtWriter, List ldaps, ApiConnection apiConnection) - { - this.jwtWriter = jwtWriter; - this.ldaps = ldaps; - this.apiConnection = apiConnection; - } - - /// - /// Generates an authentication token (jwt) given valid credentials. - /// - /// - /// Username (required) - /// Password (required) - /// - /// Credentials - /// Jwt, if credentials are vaild. - [HttpPost("Get")] - public async Task> GetAsync([FromBody] AuthenticationTokenGetParameters parameters) - { - try - { - UiUser? user = null; - - if (parameters != null) - { - string? username = parameters.Username; - string? password = parameters.Password; - - // Create User from given parameters / If user does not provide login data => anonymous login - if (username != null && password != null) - user = new UiUser { Name = username, Password = password }; - } - - AuthManager authManager = new AuthManager(jwtWriter, ldaps, apiConnection); - - // Authenticate user - string jwt = await authManager.AuthorizeUserAsync(user, validatePassword: true); - - return Ok(jwt); - } - catch (Exception e) - { - return BadRequest(e.Message); - } - } - - /// - /// Generates an authentication token (jwt) for the specified user given valid admin credentials. - /// - /// - /// AdminUsername (required) - Example: "admin" - /// AdminPassword (required) - Example: "password" - /// Lifetime (optional) - Example: "365.12:02:00" ("days.hours:minutes:seconds") - /// TargetUserDn OR TargetUserName (required) - Example: "uid=demo_user,ou=tenant0,ou=operator,ou=user,dc=fworch,dc=internal" OR "demo_user" - /// - /// Admin Credentials, Lifetime, User - /// User jwt, if credentials are vaild. - [HttpPost("GetForUser")] - public async Task> GetAsyncForUser([FromBody] AuthenticationTokenGetForUserParameters parameters) - { - try - { - string adminUsername = parameters.AdminUsername; - string adminPassword = parameters.AdminPassword; - TimeSpan lifetime = parameters.Lifetime; - string targetUserName = parameters.TargetUserName; - string targetUserDn = parameters.TargetUserDn; - - AuthManager authManager = new AuthManager(jwtWriter, ldaps, apiConnection); - UiUser adminUser = new UiUser() { Name = adminUsername, Password = adminPassword }; - // Check if admin valids are valid - try - { - await authManager.AuthorizeUserAsync(adminUser, validatePassword: true); - if (!adminUser.Roles.Contains("admin")) - { - throw new AuthenticationException("Provided credentials do not belong to a user with role admin."); - } - } - catch (Exception e) - { - throw new AuthenticationException("Error while validating admin credentials: " + e.Message); - } - // Check if username is valid and generate jwt - try - { - UiUser targetUser = new UiUser { Name = targetUserName, Dn = targetUserDn }; - string jwt = await authManager.AuthorizeUserAsync(targetUser, validatePassword: false, lifetime); - return Ok(jwt); - } - catch (Exception e) - { - throw new AuthenticationException("Error while validating user credentials (user name): " + e.Message); - } - } - catch (Exception e) - { - return BadRequest(e.Message); - } - } - } - - class AuthManager - { - private readonly JwtWriter jwtWriter; - private readonly List ldaps; - private readonly ApiConnection apiConnection; - - public AuthManager(JwtWriter jwtWriter, List ldaps, ApiConnection apiConnection) - { - this.jwtWriter = jwtWriter; - this.ldaps = ldaps; - this.apiConnection = apiConnection; - } - - /// - /// Validates user credentials and retrieves user information. Returns a jwt containing it. - /// - /// User to validate. Must contain username / dn and password if == true. - /// Check password if true. - /// Jwt, User infos (dn, email, groups, roles, tenant), if credentials are valid. - public async Task AuthorizeUserAsync(UiUser? user, bool validatePassword, TimeSpan? lifetime = null) - { - // Case: anonymous user - if (user == null) - return await jwtWriter.CreateJWT(); - - // Retrieve ldap entry for user (throws exception if credentials are invalid) - (LdapEntry ldapUser, Ldap ldap) = await GetLdapEntry(user, validatePassword); - - // Get dn of user - user.Dn = ldapUser.Dn; - - // Get email of user - user.Email = ldap.GetEmail(ldapUser); - - // Get groups of user - user.Groups = ldap.GetGroups(ldapUser); - - // Get roles of user - user.Roles = await GetRoles(user); - - // Get tenant of user - user.Tenant = await GetTenantAsync(ldapUser, ldap); - - // Remember the hosting ldap - user.LdapConnection.Id = ldap.Id; - - // Create JWT for validated user with roles and tenant - return await jwtWriter.CreateJWT(user, lifetime); - } - - public async Task<(LdapEntry, Ldap)> GetLdapEntry(UiUser user, bool validatePassword) - { - Log.WriteDebug("User Authentication", $"Trying to ldap entry for user: {user.Name + " " + user.Dn}..."); - - if (user.Dn == "" && user.Name == "") - { - throw new Exception("A0001 Invalid credentials. Username / User DN must not be empty."); - } - - else - { - LdapEntry? ldapEntry = null; - Ldap? ldap = null; - List ldapValidationRequests = new List(); - object dnLock = new object(); - bool ldapFound = false; - - foreach (Ldap currentLdap in ldaps.Where(x => x.Active)) - { - ldapValidationRequests.Add(Task.Run(() => - { - Log.WriteDebug("User Authentication", $"Trying to authenticate {user.Name + " " + user.Dn} against LDAP {currentLdap.Address}:{currentLdap.Port} ..."); - - try - { - LdapEntry? currentLdapEntry = currentLdap.GetLdapEntry(user, validatePassword); - - if (currentLdapEntry != null) - { - // User was successfully authenticated via this LDAP - Log.WriteInfo("User Authentication", $"User {user.Name + " " + currentLdapEntry.Dn} found."); - - lock (dnLock) - { - if (!ldapFound) - { - ldapEntry = currentLdapEntry; - ldap = currentLdap; - ldapFound = true; - } - } - } - } - catch - { - // this Ldap can't validate user, but maybe another one can - } - })); - } - - while (ldapValidationRequests.Count > 0) - { - Task finishedDnRequest = await Task.WhenAny(ldapValidationRequests); - - if (ldapEntry != null && ldap != null) - { - return (ldapEntry, ldap); - } - - ldapValidationRequests.Remove(finishedDnRequest); - } - } - - // Invalid User Credentials - throw new Exception("A0002 Invalid credentials"); - } - - public async Task> GetRoles(UiUser user) - { - List dnList = new() { user.Dn }; - // search all groups where user is member for group associated roles - dnList.AddRange(user.Groups); - - List userRoles = new List(); - object rolesLock = new object(); - - List ldapRoleRequests = new List(); - - foreach (Ldap currentLdap in ldaps) - { - // if current Ldap has roles stored - if (currentLdap.HasRoleHandling()) - { - ldapRoleRequests.Add(Task.Run(() => - { - // Get roles from current Ldap - List currentRoles = currentLdap.GetRoles(dnList); - - lock (rolesLock) - { - userRoles.AddRange(currentRoles); - } - })); - } - } - - await Task.WhenAll(ldapRoleRequests); - - // If no roles found - if (userRoles.Count == 0) - { - // Use anonymous role - Log.WriteWarning("Missing roles", $"No roles for user \"{user.Dn}\" could be found. Using anonymous role."); - userRoles.Add("anonymous"); - } - - return userRoles; - } - - public async Task GetTenantAsync(LdapEntry user, Ldap ldap) - { - Tenant tenant = new Tenant(); - if (ldap.TenantId != null) - { - Log.WriteDebug("Get Tenant", $"This LDAP has the fixed tenant {ldap.TenantId.Value}"); - tenant.Id = ldap.TenantId.Value; - } - else - { - tenant.Name = new DistName(user.Dn).getTenant(ldap.TenantLevel); - if (tenant.Name == "") - { - return null; - } - Log.WriteDebug("Get Tenant", $"extracting TenantName as: {tenant.Name} from {user.Dn}"); - if (tenant.Name == ldap.GlobalTenantName) - { - tenant.Id = 1; - } - else - { - var tenNameObj = new { tenant_name = tenant.Name }; - Tenant[] tenants = await apiConnection.SendQueryAsync(AuthQueries.getTenantId, tenNameObj, "getTenantId"); - if (tenants.Length > 0) - { - tenant.Id = tenants[0].Id; - } - else - { - // tenant unknown: create in db. This should only happen for users from external Ldaps - try - { - var Variables = new - { - name = tenant.Name, - project = "", - comment = "", - viewAllDevices = false, - create = DateTime.Now - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(AuthQueries.addTenant, Variables)).ReturnIds; - if (returnIds != null) - { - tenant.Id = returnIds[0].NewId; - // no further search for devices etc necessary - return tenant; - } - else - { - return null; - } - } - catch (Exception exception) - { - Log.WriteError("AddTenant", $"Adding Tenant {tenant.Name} locally failed: {exception.Message}"); - return null; - } - } - } - } - - var tenIdObj = new { tenantId = tenant.Id }; - - Device[] deviceIds = await apiConnection.SendQueryAsync(AuthQueries.getVisibleDeviceIdsPerTenant, tenIdObj, "getVisibleDeviceIdsPerTenant"); - tenant.VisibleDevices = Array.ConvertAll(deviceIds, device => device.Id); - - Management[] managementIds = await apiConnection.SendQueryAsync(AuthQueries.getVisibleManagementIdsPerTenant, tenIdObj, "getVisibleManagementIdsPerTenant"); - tenant.VisibleManagements = Array.ConvertAll(managementIds, management => management.Id); - - return tenant; - } - } + /// + /// Authentication token generation. Token is of type JSON web token (JWT). + /// + [ApiController] + [Route("api/[controller]")] + public class AuthenticationTokenController : ControllerBase + { + private readonly JwtWriter jwtWriter; + private readonly List ldaps; + private readonly ApiConnection apiConnection; + + /// + /// Constructor needing jwt writer, ldap list and connection + /// + public AuthenticationTokenController(JwtWriter jwtWriter, List ldaps, ApiConnection apiConnection) + { + this.jwtWriter = jwtWriter; + this.ldaps = ldaps; + this.apiConnection = apiConnection; + } + + /// + /// Generates an authentication token (jwt) given valid credentials. + /// + /// + /// Username (required) + /// Password (required) + /// + /// Credentials + /// Jwt, if credentials are vaild. + [HttpPost("Get")] + public async Task> GetAsync([FromBody] AuthenticationTokenGetParameters parameters) + { + try + { + UiUser? user = null; + + if (parameters != null) + { + string? username = parameters.Username; + string? password = parameters.Password; + + // Create User from given parameters / If user does not provide login data => anonymous login + if (username != null && password != null) + user = new UiUser { Name = username, Password = password }; + } + + AuthManager authManager = new AuthManager(jwtWriter, ldaps, apiConnection); + + // Authenticate user + string jwt = await authManager.AuthorizeUserAsync(user, validatePassword: true); + + return Ok(jwt); + } + catch (Exception e) + { + return BadRequest(e.Message); + } + } + + /// + /// Generates an authentication token (jwt) for the specified user given valid admin credentials. + /// + /// + /// AdminUsername (required) - Example: "admin" + /// AdminPassword (required) - Example: "password" + /// Lifetime (optional) - Example: "365.12:02:00" ("days.hours:minutes:seconds") + /// TargetUserDn OR TargetUserName (required) - Example: "uid=demo_user,ou=tenant0,ou=operator,ou=user,dc=fworch,dc=internal" OR "demo_user" + /// + /// Admin Credentials, Lifetime, User + /// User jwt, if credentials are vaild. + [HttpPost("GetForUser")] + public async Task> GetAsyncForUser([FromBody] AuthenticationTokenGetForUserParameters parameters) + { + try + { + string adminUsername = parameters.AdminUsername; + string adminPassword = parameters.AdminPassword; + TimeSpan lifetime = parameters.Lifetime; + string targetUserName = parameters.TargetUserName; + string targetUserDn = parameters.TargetUserDn; + + AuthManager authManager = new AuthManager(jwtWriter, ldaps, apiConnection); + UiUser adminUser = new UiUser() { Name = adminUsername, Password = adminPassword }; + // Check if admin valids are valid + try + { + await authManager.AuthorizeUserAsync(adminUser, validatePassword: true); + if (!adminUser.Roles.Contains(Roles.Admin)) + { + throw new AuthenticationException("Provided credentials do not belong to a user with role admin."); + } + } + catch (Exception e) + { + throw new AuthenticationException("Error while validating admin credentials: " + e.Message); + } + // Check if username is valid and generate jwt + try + { + UiUser targetUser = new UiUser { Name = targetUserName, Dn = targetUserDn }; + string jwt = await authManager.AuthorizeUserAsync(targetUser, validatePassword: false, lifetime); + return Ok(jwt); + } + catch (Exception e) + { + throw new AuthenticationException("Error while validating user credentials (user name): " + e.Message); + } + } + catch (Exception e) + { + return BadRequest(e.Message); + } + } + } + + class AuthManager + { + private readonly JwtWriter jwtWriter; + private readonly List ldaps; + private readonly ApiConnection apiConnection; + + public AuthManager(JwtWriter jwtWriter, List ldaps, ApiConnection apiConnection) + { + this.jwtWriter = jwtWriter; + this.ldaps = ldaps; + this.apiConnection = apiConnection; + } + + /// + /// Validates user credentials and retrieves user information. Returns a jwt containing it. + /// + /// User to validate. Must contain username / dn and password if == true. + /// Check password if true. + /// Set the lifetime of the jwt (optional) + /// Jwt, User infos (dn, email, groups, roles, tenant), if credentials are valid. + public async Task AuthorizeUserAsync(UiUser? user, bool validatePassword, TimeSpan? lifetime = null) + { + // Case: anonymous user + if (user == null) + return await jwtWriter.CreateJWT(); + + // Retrieve ldap entry for user (throws exception if credentials are invalid) + (LdapEntry ldapUser, Ldap ldap) = await GetLdapEntry(user, validatePassword); + + // Get dn of user + user.Dn = ldapUser.Dn; + + // Get email of user + user.Email = ldap.GetEmail(ldapUser); + user.Firstname = ldap.GetFirstName(ldapUser); + user.Lastname = ldap.GetLastName(ldapUser); + + // Get groups of user + user.Groups = await GetGroups(ldapUser, ldap); + Log.WriteDebug("Get Groups", $"Found groups for user: {string.Join("; ", user.Groups)}"); + + // Get roles of user + user.Roles = await GetRoles(user); + + // Get tenant of user + user.Tenant = await GetTenantAsync(ldapUser, ldap); + Log.WriteDebug("Get Tenants", $"Found tenant for user: {user.Tenant?.Name ?? ""}"); + + // Remember the hosting ldap + user.LdapConnection.Id = ldap.Id; + + // Create JWT for validated user with roles and tenant + return await jwtWriter.CreateJWT(user, lifetime); + } + + public async Task> GetGroups(LdapEntry ldapUser, Ldap ldap) + { + List userGroups = ldap.GetGroups(ldapUser); + if (!ldap.IsInternal()) + { + object groupsLock = new object(); + List ldapRoleRequests = new List(); + + foreach (Ldap currentLdap in ldaps) + { + if (currentLdap.IsInternal()) + { + ldapRoleRequests.Add(Task.Run(() => + { + // Get groups from current Ldap + List currentGroups = currentLdap.GetGroups(new List() {ldapUser.Dn}); + lock (groupsLock) + { + currentGroups = Array.ConvertAll(currentGroups.ToArray(), x => "cn=" + x + "," + currentLdap.GroupSearchPath).ToList(); + userGroups.AddRange(currentGroups); + } + })); + } + } + await Task.WhenAll(ldapRoleRequests); + } + return userGroups; + } + + // why do we have a local GetLdapEntry method here? + public async Task<(LdapEntry, Ldap)> GetLdapEntry(UiUser user, bool validatePassword) + { + Log.WriteDebug("User Authentication", $"Trying to get ldap entry for user: {user.Name + " " + user.Dn}..."); + + if (user.Dn == "" && user.Name == "") + { + throw new Exception("A0001 Invalid credentials. Username / User DN must not be empty."); + } + else + { + LdapEntry? ldapEntry = null; + Ldap? ldap = null; + List ldapValidationRequests = new List(); + object dnLock = new object(); + bool ldapFound = false; + + foreach (Ldap currentLdap in ldaps.Where(x => x.Active)) + { + ldapValidationRequests.Add(Task.Run(() => + { + Log.WriteDebug("User Authentication", $"Trying to authenticate {user.Name + " " + user.Dn} against LDAP {currentLdap.Address}:{currentLdap.Port} ..."); + + try + { + LdapEntry? currentLdapEntry = currentLdap.GetLdapEntry(user, validatePassword); + + if (currentLdapEntry != null) + { + // User was successfully authenticated via this LDAP + if(user.Name == Roles.Importer) + { + Log.WriteDebug("User Authentication", $"User {user.Name + " " + currentLdapEntry.Dn} found."); + } + else + { + Log.WriteInfo("User Authentication", $"User {user.Name + " " + currentLdapEntry.Dn} found."); + } + + lock (dnLock) + { + if (!ldapFound) + { + ldapEntry = currentLdapEntry; + ldap = currentLdap; + ldapFound = true; + } + } + } + } + catch + { + // this Ldap can't validate user, but maybe another one can + } + })); + } + + while (ldapValidationRequests.Count > 0) + { + Task finishedDnRequest = await Task.WhenAny(ldapValidationRequests); + + if (ldapEntry != null && ldap != null) + { + return (ldapEntry, ldap); + } + + ldapValidationRequests.Remove(finishedDnRequest); + } + Log.WriteInfo("User Authentication", $"User {user.Name} not found in any connected LDAP."); + } + + // Invalid User Credentials + throw new Exception("A0002 Invalid credentials"); + } + + public async Task> GetRoles(UiUser user) + { + List dnList = new() { user.Dn }; + // search all groups where user is member for group associated roles + dnList.AddRange(user.Groups); + + List userRoles = new List(); + object rolesLock = new object(); + + List ldapRoleRequests = new List(); + + foreach (Ldap currentLdap in ldaps) + { + // if current Ldap has roles stored + if (currentLdap.HasRoleHandling()) + { + ldapRoleRequests.Add(Task.Run(() => + { + // Get roles from current Ldap + List currentRoles = currentLdap.GetRoles(dnList); + + lock (rolesLock) + { + userRoles.AddRange(currentRoles); + } + })); + } + } + + await Task.WhenAll(ldapRoleRequests); + + // If no roles found + if (userRoles.Count == 0) + { + // Use anonymous role + Log.WriteWarning("Missing roles", $"No roles for user \"{user.Dn}\" could be found. Using anonymous role."); + userRoles.Add(Roles.Anonymous); + } + + return userRoles; + } + + public async Task GetTenantAsync(LdapEntry user, Ldap ldap) + { + Tenant tenant = new Tenant(); + if (ldap.TenantId != null) + { + Log.WriteDebug("Get Tenant", $"This LDAP has the fixed tenant {ldap.TenantId.Value}"); + tenant.Id = ldap.TenantId.Value; + } + else + { + tenant.Name = new DistName(user.Dn).GetTenantNameViaLdapTenantLevel(ldap.TenantLevel); + if (tenant.Name == "") + { + return null; + } + Log.WriteDebug("Get Tenant", $"extracting TenantName as: {tenant.Name} from {user.Dn}"); + if (tenant.Name == ldap.GlobalTenantName) + { + tenant.Id = GlobalConst.kTenant0Id; + } + else + { + var tenNameObj = new { tenant_name = tenant.Name }; + Tenant[] tenants = await apiConnection.SendQueryAsync(AuthQueries.getTenantId, tenNameObj, "getTenantId"); + if (tenants.Length > 0) + { + tenant.Id = tenants[0].Id; + } + else + { + // tenant unknown: create in db. This should only happen for users from external Ldaps + try + { + var Variables = new + { + name = tenant.Name, + project = "", + comment = "", + viewAllDevices = false, + create = DateTime.Now + }; + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(AuthQueries.addTenant, Variables)).ReturnIds; + if (returnIds != null) + { + tenant.Id = returnIds[0].NewId; + // no further search for devices etc necessary + return tenant; + } + else + { + return null; + } + } + catch (Exception exception) + { + Log.WriteError("AddTenant", $"Adding Tenant {tenant.Name} locally failed: {exception.Message}"); + return null; + } + } + } + } + await tenant.AddDevices(apiConnection); + + return tenant; + } + } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs index 7090af6a7..b78efab5c 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs @@ -1,4 +1,5 @@ -using FWO.Logging; +using FWO.Api.Data; +using FWO.Logging; using FWO.Middleware.RequestParameters; using FWO.Middleware.Server; using Microsoft.AspNetCore.Authorization; @@ -7,6 +8,9 @@ namespace FWO.Middleware.Controllers { + /// + /// Controller class for tenant api + /// [Authorize] [ApiController] [Route("api/[controller]")] @@ -14,16 +18,22 @@ public class GroupController : ControllerBase { private readonly List ldaps; + /// + /// Constructor needing ldap list + /// public GroupController(List ldaps) { this.ldaps = ldaps; } + /// + /// Get all groups + /// + /// List of groups [HttpGet] - [Authorize(Roles = "admin, auditor, recertifier")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Recertifier}, {Roles.Modeller}")] public async Task>> Get() { - bool admin = User.IsInRole("admin"); try { ConcurrentBag allGroups = new ConcurrentBag(); @@ -54,8 +64,17 @@ public async Task>> Get() } // GET: GroupController/Create + /// + /// Add group to internal Ldap + /// + /// + /// GroupName (required) + /// OwnerGroup (optional) + /// + /// GroupAddDeleteParameters + /// Dn of new group, empty string if no group could be created [HttpPost] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Create([FromBody] GroupAddDeleteParameters parameters) { string groupDn = ""; @@ -84,8 +103,17 @@ public async Task Create([FromBody] GroupAddDeleteParameters parameters) } // POST: GroupController/Delete/5 + /// + /// Delete group in internal Ldap + /// + /// + /// GroupName (required) + /// OwnerGroup (optional) + /// + /// GroupAddDeleteParameters + /// true if group deleted [HttpDelete] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Delete([FromBody] GroupAddDeleteParameters parameters) { bool groupDeleted = false; @@ -113,8 +141,17 @@ public async Task Delete([FromBody] GroupAddDeleteParameters parameters) } // POST: GroupController/Edit/5 + /// + /// Update group (name) in internal Ldap + /// + /// + /// OldGroupName (required) + /// NewGroupName (required) + /// + /// GroupEditParameters + /// Dn of updated group [HttpPut] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Edit([FromBody] GroupEditParameters parameters) { string groupUpdatedDn = ""; @@ -142,8 +179,17 @@ public async Task Edit([FromBody] GroupEditParameters parameters) return groupUpdatedDn; } + /// + /// Search group in specified Ldap + /// + /// + /// LdapId (required) + /// SearchPattern (optional) + /// + /// GroupGetParameters + /// List of groups [HttpPost("Get")] - [Authorize(Roles = "admin, auditor")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] public async Task> Get([FromBody] GroupGetParameters parameters) { List allGroups = new List(); @@ -165,8 +211,17 @@ await Task.Run(() => } // GET: GroupController/ + /// + /// Add user to group + /// + /// + /// UserDn (required) + /// GroupDn (required) + /// + /// GroupAddDeleteUserParameters + /// true if user could be added to group [HttpPost("User")] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task AddUser([FromBody] GroupAddDeleteUserParameters parameters) { bool userAdded = false; @@ -194,8 +249,17 @@ public async Task AddUser([FromBody] GroupAddDeleteUserParameters paramete } // GET: GroupController/Details/5 + /// + /// Remove user from group + /// + /// + /// UserDn (required) + /// GroupDn (required) + /// + /// GroupAddDeleteUserParameters + /// true if user could be removed from group [HttpDelete("User")] [HttpDelete("User")] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task RemoveUser([FromBody] GroupAddDeleteUserParameters parameters) { bool userRemoved = false; diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs index 86bbac665..5f8ee041c 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs @@ -1,4 +1,6 @@ -using FWO.Logging; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Logging; using FWO.Middleware.RequestParameters; using FWO.Middleware.Server; using Microsoft.AspNetCore.Authorization; @@ -7,6 +9,9 @@ namespace FWO.Middleware.Controllers { + /// + /// Controller class for role api + /// [Authorize] [ApiController] [Route("api/[controller]")] @@ -14,14 +19,21 @@ public class RoleController : ControllerBase { private readonly List ldaps; + /// + /// Constructor needing ldap list + /// public RoleController(List ldaps) { this.ldaps = ldaps; } // GET: api/ + /// + /// Get all roles + /// + /// List of roles [HttpGet] - [Authorize(Roles = "admin, auditor, fw-admin, requester, approver, planner, implementer, reviewer")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")] public async Task> Get() { // No parameters @@ -48,8 +60,17 @@ public async Task> Get() return allRoles.ToList(); } + /// + /// Add user to role + /// + /// + /// Role (required) + /// UserDn (required) + /// + /// RoleAddDeleteUserParameters + /// true if user could be added to role [HttpPost("User")] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task AddUser([FromBody] RoleAddDeleteUserParameters parameters) { bool userAdded = false; @@ -77,8 +98,17 @@ public async Task AddUser([FromBody] RoleAddDeleteUserParameters parameter return userAdded; } + /// + /// Remove user from role + /// + /// + /// Role (required) + /// UserDn (required) + /// + /// RoleAddDeleteUserParameters + /// true if user could be removed from role [HttpDelete("User")] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task RemoveUser([FromBody] RoleAddDeleteUserParameters parameters) { bool userRemoved = false; diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs index d4674859e..19359f084 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs @@ -1,4 +1,6 @@ -using FWO.Api.Data; +using FWO.Config.Api; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Api.Client; using FWO.Logging; using FWO.Middleware.RequestParameters; @@ -10,6 +12,9 @@ namespace FWO.Middleware.Controllers { + /// + /// Controller class for tenant api + /// [Route("api/[controller]")] [ApiController] public class TenantController : ControllerBase @@ -17,6 +22,9 @@ public class TenantController : ControllerBase private readonly List ldaps; private readonly ApiConnection apiConnection; + /// + /// Constructor needing ldap list and connection + /// public TenantController(List ldaps, ApiConnection apiConnection) { this.ldaps = ldaps; @@ -24,11 +32,15 @@ public TenantController(List ldaps, ApiConnection apiConnection) } // GET: api/ + /// + /// Get all tenants + /// + /// List of tenants [HttpGet] - [Authorize(Roles = "admin, auditor")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")] public async Task> Get() { - Tenant[] tenants = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.getTenants)); + Tenant[] tenants = await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.getTenants); List tenantList = new List(); foreach (Tenant tenant in tenants) { @@ -38,8 +50,19 @@ public async Task> Get() } // POST api/ + /// + /// Add tenant to internal Ldap + /// + /// + /// Name (required) + /// Comment (optional) + /// Project (optional) + /// ViewAllDevices (required) + /// + /// TenantAddParameters + /// Id of new tenant, 0 if no tenant could be created [HttpPost] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Post([FromBody] TenantAddParameters tenant) { bool tenantAdded = false; @@ -73,7 +96,6 @@ await Task.Run(() => project = tenant.Project, comment = tenant.Comment, viewAllDevices = tenant.ViewAllDevices, - // superAdmin = tenant.Superadmin, create = DateTime.Now }; ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.addTenant, Variables)).ReturnIds; @@ -95,8 +117,19 @@ await Task.Run(() => } // PUT api//5 + /// + /// Update tenant in internal Ldap + /// + /// + /// Id (required) + /// Comment (optional) + /// Project (optional) + /// ViewAllDevices (required) + /// + /// TenantEditParameters + /// true if updated [HttpPut] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}")] public async Task Change([FromBody] TenantEditParameters parameters) { bool tenantUpdated = false; @@ -126,8 +159,17 @@ public async Task Change([FromBody] TenantEditParameters parameters) } // DELETE api//5 + /// + /// Delete tenant from internal Ldap + /// + /// + /// Id (required) + /// Name (required) + /// + /// TenantDeleteParameters + /// true if tenant deleted [HttpDelete] - [Authorize(Roles = "admin")] + [Authorize(Roles = $"{Roles.Admin}")] public async Task Delete([FromBody] TenantDeleteParameters tenant) { bool tenantDeleted = false; diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs index ea1fadbbb..be879c680 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs @@ -1,4 +1,6 @@ -using FWO.Api.Data; +using FWO.Config.Api; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Api.Client; using FWO.Api.Client.Queries; using FWO.Logging; @@ -9,316 +11,399 @@ namespace FWO.Middleware.Controllers { - //[Authorize] - [ApiController] - [Route("api/[controller]")] - public class UserController : ControllerBase - { - private readonly List ldaps; - private readonly ApiConnection apiConnection; + /// + /// Controller class for user api + /// - public UserController(List ldaps, ApiConnection apiConnection) - { - this.ldaps = ldaps; - this.apiConnection = apiConnection; - } + //[Authorize] + [ApiController] + [Route("api/[controller]")] + public class UserController : ControllerBase + { + private readonly List ldaps; + private readonly ApiConnection apiConnection; - // GET: api/ - [HttpGet] - [Authorize(Roles = "admin, auditor")] - public async Task> Get() - { - List users = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.getUsers)).ToList(); - List userList = new List(); - foreach (UiUser user in users) - { - if (user.DbId != 0) - { - userList.Add(user.ToApiParams()); - } - } - return userList; - } + /// + /// Constructor needing ldap list and connection + /// + public UserController(List ldaps, ApiConnection apiConnection) + { + this.ldaps = ldaps; + this.apiConnection = apiConnection; + } - // GET api//5 - [HttpPost("Get")] - [Authorize(Roles = "admin, auditor")] - public async Task> Get([FromBody] LdapUserGetParameters parameters) - { - List allUsers = new List(); + // GET: api/ + /// + /// Get all locally known users. + /// + /// List of all locally known users + [HttpGet] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] + public async Task> Get() + { + List users = (await apiConnection.SendQueryAsync(AuthQueries.getUsers)).ToList(); + List userList = new List(); + foreach (UiUser user in users) + { + if (user.DbId != 0) + { + userList.Add(user.ToApiParams()); + } + } + return userList; + } - foreach (Ldap currentLdap in ldaps) - { - if (currentLdap.Id == parameters.LdapId) - { - await Task.Run(() => - { - // Get all users from current Ldap - allUsers = currentLdap.GetAllUsers(parameters.SearchPattern); - }); - } - } + // GET api//5 + /// + /// Search user in specified Ldap + /// + /// + /// LdapId (required) + /// SearchPattern (optional) + /// + /// LdapUserGetParameters + /// List of users + [HttpPost("Get")] + [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] + public async Task> Get([FromBody] LdapUserGetParameters parameters) + { + List allUsers = new List(); - // Return status and result - return allUsers; - } + foreach (Ldap currentLdap in ldaps) + { + if (currentLdap.Id == parameters.LdapId) + { + await Task.Run(() => + { + // Get all users from current Ldap + allUsers = currentLdap.GetAllUsers(parameters.SearchPattern); + }); + } + } - // POST api/ - [HttpPost] - [Authorize(Roles = "admin")] - public async Task Add([FromBody] UserAddParameters parameters) - { - string email = parameters.Email ?? ""; + // Return status and result + return allUsers; + } - bool userAdded = false; - int userId = 0; + // POST api/ + /// + /// Add user to specified Ldap + /// + /// + /// LdapId (required) + /// UserDn (required) + /// Password (required) + /// Email (optional) + /// TenantId (required) + /// PwChangeRequired (required) + /// + /// UserAddParameters + /// Id of new user, 0 if no user could be created + [HttpPost] + [Authorize(Roles = $"{Roles.Admin}")] + public async Task Add([FromBody] UserAddParameters parameters) + { + string email = parameters.Email ?? ""; - foreach (Ldap currentLdap in ldaps) - { - // Try to add user to current Ldap - if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) - { - await Task.Run(() => - { - if(currentLdap.AddUser(parameters.UserDn, parameters.Password, email)) - { - userAdded = true; - Log.WriteAudit("AddUser", $"user {parameters.UserDn} successfully added to Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); - } - }); - } - } - if(userAdded) - { - // Try to add user to local db - try - { - var Variables = new - { - uuid = parameters.UserDn, - uiuser_username = (new FWO.Api.Data.DistName(parameters.UserDn)).UserName, - email = email, - tenant = parameters.TenantId, - passwordMustBeChanged = parameters.PwChangeRequired, - ldapConnectionId = (parameters.LdapId != 0 ? parameters.LdapId : (int?)null) - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.addUser, Variables)).ReturnIds; - if(returnIds != null) - { - userId = returnIds[0].NewId; - } - } - catch (Exception exception) - { - userId = 0; - Log.WriteAudit("AddUser", $"Adding User {parameters.UserDn} locally failed: {exception.Message}"); - } - } - return userId; - } + bool userAdded = false; + int userId = 0; - // PUT api//5 - [HttpPut] - [Authorize(Roles = "admin")] - public async Task Change([FromBody] UserEditParameters parameters) - { - string email = parameters.Email ?? ""; - UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); - bool userUpdated = false; + foreach (Ldap currentLdap in ldaps) + { + // Try to add user to current Ldap + if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) + { + await Task.Run(() => + { + if (currentLdap.AddUser(parameters.UserDn, parameters.Password, email)) + { + userAdded = true; + Log.WriteAudit("AddUser", $"user {parameters.UserDn} successfully added to Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); + } + }); + } + } + if (userAdded) + { + // Try to add user to local db + try + { + var Variables = new + { + uuid = parameters.UserDn, + uiuser_username = (new FWO.Api.Data.DistName(parameters.UserDn)).UserName, + email = email, + uiuser_first_name = parameters.Firstname, + uiuser_last_name = parameters.Lastname, + tenant = parameters.TenantId, + passwordMustBeChanged = parameters.PwChangeRequired, + ldapConnectionId = parameters.LdapId != 0 ? parameters.LdapId : (int?)null + }; + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(AuthQueries.upsertUiUser, Variables)).ReturnIds; + if (returnIds != null) + { + userId = returnIds[0].NewId; + } + } + catch (Exception exception) + { + userId = 0; + Log.WriteAudit("AddUser", $"Adding User {parameters.UserDn} locally failed: {exception.Message}"); + } + } + return userId; + } - foreach (Ldap currentLdap in ldaps) - { - // Try to update user in current Ldap - if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) - { - await Task.Run(() => - { - if(currentLdap.UpdateUser(user.Dn, email)) - { - userUpdated = true; - Log.WriteAudit("UpdateUser", $"User {user.Dn} updated in Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); - } - }); - } - } - if (userUpdated) - { - // Try to update user in local db - try - { - var Variables = new - { - id = parameters.UserId, - email = email - }; - await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.updateUserEmail, Variables); - } - catch (Exception exception) - { - userUpdated = false; - Log.WriteAudit("UpdateUser", $"Updating User Id: {parameters.UserId} Dn: {user.Dn} locally failed: {exception.Message}"); - } - } - return userUpdated; - } + // PUT api//5 + /// + /// Update user (email) in specified Ldap + /// + /// + /// LdapId (required) + /// UserId (required) + /// Email (optional) + /// + /// UserEditParameters + /// true, if user could be updated + [HttpPut] + [Authorize(Roles = $"{Roles.Admin}")] + public async Task Change([FromBody] UserEditParameters parameters) + { + string email = parameters.Email ?? ""; + UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); + bool userUpdated = false; - // GET: api/ - [HttpPatch("EditPassword")] - public async Task> ChangePassword([FromBody] UserChangePasswordParameters parameters) - { - // the demo user (currently auditor) can't change his password - if (User.IsInRole("auditor")) - return Unauthorized(); + foreach (Ldap currentLdap in ldaps) + { + // Try to update user in current Ldap + if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) + { + await Task.Run(() => + { + if (currentLdap.UpdateUser(user.Dn, email)) + { + userUpdated = true; + Log.WriteAudit("UpdateUser", $"User {user.Dn} updated in Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); + } + }); + } + } + if (userUpdated) + { + // Try to update user in local db + try + { + var Variables = new + { + id = parameters.UserId, + email = email + }; + await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.updateUserEmail, Variables); + } + catch (Exception exception) + { + userUpdated = false; + Log.WriteAudit("UpdateUser", $"Updating User Id: {parameters.UserId} Dn: {user.Dn} locally failed: {exception.Message}"); + } + } + return userUpdated; + } - UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); + // GET: api/ + /// + /// Change user password in specified Ldap + /// + /// + /// LdapId (required) + /// UserId (required) + /// OldPassword (required) + /// NewPassword (required) + /// + /// UserChangePasswordParameters + /// error message, empty if Ok + [HttpPatch("EditPassword")] + public async Task> ChangePassword([FromBody] UserChangePasswordParameters parameters) + { + // the demo user (currently auditor) can't change his password + if (User.IsInRole(Roles.Auditor)) + return Unauthorized(); - string errorMsg = ""; + UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); - foreach (Ldap currentLdap in ldaps) - { - // if current Ldap is writable: Try to change password in current Ldap - if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) - { - bool passwordMustBeChanged = (await apiConnection.SendQueryAsync(AuthQueries.getUserByDn, new { dn = user.Dn }))[0].PasswordMustBeChanged; + string errorMsg = ""; - await Task.Run(async () => - { - errorMsg = currentLdap.ChangePassword(user.Dn, parameters.OldPassword, parameters.NewPassword); - if (errorMsg == "") - { - await UiUserHandler.UpdateUserPasswordChanged(apiConnection, user.Dn); - } - }); - } - } + foreach (Ldap currentLdap in ldaps) + { + // if current Ldap is writable: Try to change password in current Ldap + if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) + { + bool passwordMustBeChanged = (await apiConnection.SendQueryAsync(AuthQueries.getUserByDn, new { dn = user.Dn }))[0].PasswordMustBeChanged; - // Return status and result - return errorMsg; - } + await Task.Run(async () => + { + errorMsg = currentLdap.ChangePassword(user.Dn, parameters.OldPassword, parameters.NewPassword); + if (errorMsg == "") + { + await UiUserHandler.UpdateUserPasswordChanged(apiConnection, user.Dn); + } + }); + } + } - // GET: api/ - [HttpPatch("ResetPassword")] - [Authorize(Roles = "admin")] - public async Task> ResetPassword([FromBody] UserResetPasswordParameters parameters) - { - UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); - string errorMsg = ""; + // Return status and result + return errorMsg; + } - foreach (Ldap currentLdap in ldaps) - { - // if current Ldap is internal: Try to update user password in current Ldap - if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) - { - await Task.Run(async () => - { - errorMsg = currentLdap.SetPassword(user.Dn, parameters.NewPassword); - if (errorMsg == "") - { - List roles = currentLdap.GetRoles(new List() { user.Dn }).ToList(); // TODO: Group roles are not included - // the demo user (currently auditor) can't be forced to change password as he is not allowed to do it. Everyone else has to change it though - bool passwordMustBeChanged = !roles.Contains("auditor"); - await UiUserHandler.UpdateUserPasswordChanged(apiConnection, user.Dn, passwordMustBeChanged); - } - }); - } - } + // GET: api/ + /// + /// Reset user password in specified Ldap + /// + /// + /// LdapId (required) + /// UserId (required) + /// NewPassword (required) + /// + /// UserResetPasswordParameters + /// error message or Ok + [HttpPatch("ResetPassword")] + [Authorize(Roles = $"{Roles.Admin}")] + public async Task> ResetPassword([FromBody] UserResetPasswordParameters parameters) + { + UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); + string errorMsg = ""; - // Return status and result - return errorMsg == "" ? Ok() : Problem(errorMsg); - } + foreach (Ldap currentLdap in ldaps) + { + // if current Ldap is internal: Try to update user password in current Ldap + if ((currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) && currentLdap.IsWritable()) + { + await Task.Run(async () => + { + errorMsg = currentLdap.SetPassword(user.Dn, parameters.NewPassword); + if (errorMsg == "") + { + List roles = currentLdap.GetRoles(new List() { user.Dn }).ToList(); // TODO: Group roles are not included + // the demo user (currently auditor) can't be forced to change password as he is not allowed to do it. Everyone else has to change it though + bool passwordMustBeChanged = !roles.Contains(Roles.Auditor); + await UiUserHandler.UpdateUserPasswordChanged(apiConnection, user.Dn, passwordMustBeChanged); + } + }); + } + } - // DELETE api//5 - [HttpDelete("AllGroupsAndRoles")] - [Authorize(Roles = "admin")] - public async Task DeleteAllGroupsAndRoles([FromBody] UserDeleteAllEntriesParameters parameters) - { - UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); + // Return status and result + return errorMsg == "" ? Ok() : Problem(errorMsg); + } - bool userRemoved = false; - List ldapRoleRequests = new List(); + // DELETE api//5 + /// + /// Remove user from all entries (groups, roles) + /// + /// + /// UserId (required) + /// + /// UserDeleteAllEntriesParameters + /// true if user removed from all entries + [HttpDelete("AllGroupsAndRoles")] + [Authorize(Roles = $"{Roles.Admin}")] + public async Task DeleteAllGroupsAndRoles([FromBody] UserDeleteAllEntriesParameters parameters) + { + UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); - foreach (Ldap currentLdap in ldaps) - { - // Try to remove user from all roles and groups in current Ldap - if (currentLdap.IsWritable() && (currentLdap.HasRoleHandling() || currentLdap.HasGroupHandling())) - { - ldapRoleRequests.Add(Task.Run(() => - { - if (currentLdap.RemoveUserFromAllEntries(user.Dn)) - { - userRemoved = true; - } - })); - } - } + bool userRemoved = false; + List ldapRoleRequests = new List(); - await Task.WhenAll(ldapRoleRequests); + foreach (Ldap currentLdap in ldaps) + { + // Try to remove user from all roles and groups in current Ldap + if (currentLdap.IsWritable() && (currentLdap.HasRoleHandling() || currentLdap.HasGroupHandling())) + { + ldapRoleRequests.Add(Task.Run(() => + { + if (currentLdap.RemoveUserFromAllEntries(user.Dn)) + { + userRemoved = true; + } + })); + } + } - // Return status and result - return userRemoved; - } + await Task.WhenAll(ldapRoleRequests); - // DELETE api//5 - [HttpDelete] - [Authorize(Roles = "admin")] - public async Task Delete([FromBody] UserDeleteParameters parameters) - { - UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); - bool userDeleted = false; + // Return status and result + return userRemoved; + } - foreach (Ldap currentLdap in ldaps) - { - // Try to delete user in current Ldap - if (currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) - { - if (currentLdap.IsWritable()) - { - await Task.Run(() => - { - if(currentLdap.DeleteUser(user.Dn)) - { - userDeleted = true; - Log.WriteAudit("DeleteUser", $"User {user.Dn} deleted from Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); - } - }); - } - else - { - // not allowed to delete user in Ldap - userDeleted = true; - } - } - } - if (userDeleted) - { - // Try to delete user in local db - try - { - var Variables = new { id = user.DbId }; - await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.deleteUser, Variables); - } - catch (Exception exception) - { - userDeleted = false; - Log.WriteAudit("DeleteUser", $"Deleting User Id: {parameters.UserId} Dn: {user.Dn} locally failed: {exception.Message}"); - } - } - return userDeleted; - } + // DELETE api//5 + /// + /// Delete user from specified Ldap + /// + /// + /// LdapId (required) + /// UserId (required) + /// + /// UserDeleteParameters + /// true if user deleted + [HttpDelete] + [Authorize(Roles = $"{Roles.Admin}")] + public async Task Delete([FromBody] UserDeleteParameters parameters) + { + UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId"); + bool userDeleted = false; - private async Task resolveUser(int id) - { - List uiUsers; - try - { - uiUsers = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.getUsers)).ToList(); - return uiUsers.FirstOrDefault(x => x.DbId == id); - } - catch (Exception exception) - { - Log.WriteAudit("UpdateUser", $"Could not get users: {exception.Message}"); - return null; - } - } - } + foreach (Ldap currentLdap in ldaps) + { + // Try to delete user in current Ldap + if (currentLdap.Id == parameters.LdapId || parameters.LdapId == 0) + { + if (currentLdap.IsWritable()) + { + await Task.Run(() => + { + if (currentLdap.DeleteUser(user.Dn)) + { + userDeleted = true; + Log.WriteAudit("DeleteUser", $"User {user.Dn} deleted from Ldap Id: {parameters.LdapId} Name: {currentLdap.Host()}"); + } + }); + } + else + { + // not allowed to delete user in Ldap + userDeleted = true; + } + } + } + if (userDeleted) + { + // Try to delete user in local db + try + { + var Variables = new { id = user.DbId }; + await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.AuthQueries.deleteUser, Variables); + } + catch (Exception exception) + { + userDeleted = false; + Log.WriteAudit("DeleteUser", $"Deleting User Id: {parameters.UserId} Dn: {user.Dn} locally failed: {exception.Message}"); + } + } + return userDeleted; + } + + private async Task resolveUser(int id) + { + List uiUsers; + try + { + uiUsers = (await apiConnection.SendQueryAsync(AuthQueries.getUsers)).ToList(); + return uiUsers.FirstOrDefault(x => x.DbId == id); + } + catch (Exception exception) + { + Log.WriteAudit("UpdateUser", $"Could not get users: {exception.Message}"); + return null; + } + } + } } diff --git a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs index 1ddc3a8e0..e43665141 100644 --- a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs @@ -1,26 +1,30 @@ using FWO.Api.Client; using FWO.Api.Client.Queries; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Config.Api; using FWO.Config.Api.Data; using FWO.Logging; using System.Timers; -using System.Text.Json; using FWO.Middleware.RequestParameters; +using FWO.Recert; namespace FWO.Middleware.Server { - public class DailyCheckScheduler + /// + /// Class handling the scheduler for the daily checks + /// + public class DailyCheckScheduler : SchedulerBase { - private readonly ApiConnection apiConnection; - private GlobalConfig globalConfig; private int DailyCheckSleepTime = 86400000; // 24 hours in milliseconds private System.Timers.Timer DailyCheckScheduleTimer = new(); private System.Timers.Timer DailyCheckTimer = new(); - private List openAlerts = new List(); + /// + /// Async Constructor needing the connection + /// public static async Task CreateAsync(ApiConnection apiConnection) { GlobalConfig config = await GlobalConfig.ConstructAsync(apiConnection, true); @@ -28,22 +32,31 @@ public static async Task CreateAsync(ApiConnection apiConne } private DailyCheckScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) + : base(apiConnection, globalConfig, ConfigQueries.subscribeDailyCheckConfigChanges) { - this.apiConnection = apiConnection; - this.globalConfig = globalConfig; - globalConfig.OnChange += GlobalConfig_OnChange; - - startDailyCheckScheduleTimer(); + if(globalConfig.RecRefreshStartup) + { + #pragma warning disable CS4014 + RefreshRecert(); // no need to wait + #pragma warning restore CS4014 + } } - private void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _) + /// + /// set scheduling timer from fixed value + /// + protected override void OnGlobalConfigChange(List config) { - DailyCheckTimer.Interval = DailyCheckSleepTime; DailyCheckScheduleTimer.Stop(); - startDailyCheckScheduleTimer(); + globalConfig.SubscriptionPartialUpdateHandler(config.ToArray()); + DailyCheckTimer.Interval = DailyCheckSleepTime; + StartScheduleTimer(); } - public void startDailyCheckScheduleTimer() + /// + /// start the scheduling timer + /// + protected override void StartScheduleTimer() { DateTime? startTime = null; try @@ -84,21 +97,42 @@ private async void DailyCheck(object? _, ElapsedEventArgs __) { try { - openAlerts = await apiConnection.SendQueryAsync>(MonitorQueries.getOpenAlerts); await CheckDemoData(); await CheckImports(); + if(globalConfig.RecRefreshDaily) + { + await RefreshRecert(); + } + await CheckRecerts(); } catch(Exception exc) { Log.WriteError("DailyCheck", $"Ran into exception: ", exc); - await AddDailyCheckLogEntry(2, globalConfig.GetText("daily_checks"), globalConfig.GetText("ran_into_exception") + exc.Message); - await setAlert(GlobalConfig.kDailyCheck, AlertCode.DailyCheckError, globalConfig.GetText("daily_checks"), globalConfig.GetText("ran_into_exception") + exc.Message); + await AddLogEntry(2, globalConfig.GetText("daily_checks"), globalConfig.GetText("ran_into_exception") + exc.Message, GlobalConst.kDailyCheck); + await SetAlert(globalConfig.GetText("daily_checks"), globalConfig.GetText("ran_into_exception") + exc.Message,GlobalConst.kDailyCheck, AlertCode.DailyCheckError); + } + } + + private async Task RefreshRecert() + { + Log.WriteDebug("DailyCheck scheduler", "Refresh recert ownerships"); + RecertRefresh recertRefresh = new RecertRefresh(apiConnection); + await recertRefresh.RecalcRecerts(); + } + + private async Task CheckRecerts() + { + if(globalConfig.RecCheckActive) + { + RecertCheck recertCheck = new RecertCheck(apiConnection, globalConfig); + int emailsSent = await recertCheck.CheckRecertifications(); + await AddLogEntry(0, globalConfig.GetText("daily_recert_check"), emailsSent + globalConfig.GetText("emails_sent"), GlobalConst.kDailyCheck); } } private async Task CheckDemoData() { - List managements = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails); + List managements = await apiConnection.SendQueryAsync>(DeviceQueries.getManagementsDetails); bool sampleManagementExisting = false; foreach (var management in managements) { @@ -108,7 +142,7 @@ private async Task CheckDemoData() } } - List credentials = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getCredentials); + List credentials = await apiConnection.SendQueryAsync>(DeviceQueries.getCredentialsWithoutSecrets); bool sampleCredentialExisting = false; foreach (var credential in credentials) { @@ -118,7 +152,7 @@ private async Task CheckDemoData() } } - List users = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.AuthQueries.getUsers); + List users = await apiConnection.SendQueryAsync>(AuthQueries.getUsers); bool sampleUserExisting = false; foreach (var user in users) { @@ -128,7 +162,7 @@ private async Task CheckDemoData() } } - List tenants = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.AuthQueries.getTenants); + List tenants = await apiConnection.SendQueryAsync>(AuthQueries.getTenants); bool sampleTenantExisting = false; foreach (var tenant in tenants) { @@ -155,22 +189,33 @@ private async Task CheckDemoData() } } + List owners = await apiConnection.SendQueryAsync>(OwnerQueries.getOwners); + bool sampleOwnerExisting = false; + foreach (var owner in owners) + { + if (owner.Name.EndsWith("_demo")) + { + sampleOwnerExisting = true; + } + } + string description = ""; - if(sampleManagementExisting || sampleCredentialExisting || sampleUserExisting || sampleTenantExisting || sampleGroupExisting) + if(sampleManagementExisting || sampleCredentialExisting || sampleUserExisting || sampleTenantExisting || sampleGroupExisting || sampleOwnerExisting) { description = globalConfig.GetText("sample_data_found_in") + (sampleManagementExisting ? globalConfig.GetText("managements") + " " : "") + (sampleCredentialExisting ? globalConfig.GetText("import_credential") + " " : "") + (sampleUserExisting ? globalConfig.GetText("users") + " " : "") + (sampleTenantExisting ? globalConfig.GetText("tenants") + " " : "") + - (sampleGroupExisting ? globalConfig.GetText("groups") : ""); - await setAlert(GlobalConfig.kDailyCheck, AlertCode.SampleDataExisting, globalConfig.GetText("sample_data"), description); + (sampleGroupExisting ? globalConfig.GetText("groups") + " " : "") + + (sampleOwnerExisting ? globalConfig.GetText("owners") : ""); + await SetAlert(globalConfig.GetText("sample_data"), description, GlobalConst.kDailyCheck, AlertCode.SampleDataExisting); } - await AddDailyCheckLogEntry((description != "" ? 1 : 0), globalConfig.GetText("daily_sample_data_check"), (description != "" ? description : globalConfig.GetText("no_sample_data_found"))); + await AddLogEntry(description != "" ? 1 : 0, globalConfig.GetText("daily_sample_data_check"), description != "" ? description : globalConfig.GetText("no_sample_data_found"), GlobalConst.kDailyCheck); } private async Task CheckImports() { - List importStati = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getImportStatus); + List importStati = await apiConnection.SendQueryAsync>(MonitorQueries.getImportStatus); int importIssues = 0; object jsonData; foreach(ImportStatus imp in importStati.Where(x => !x.ImportDisabled)) @@ -180,126 +225,26 @@ private async Task CheckImports() if (imp.LastIncompleteImport[0].StartTime < DateTime.Now.AddHours(-globalConfig.MaxImportDuration)) // too long { jsonData = imp.LastIncompleteImport; - await setAlert(GlobalConfig.kDailyCheck, AlertCode.ImportRunningTooLong, globalConfig.GetText("import"), globalConfig.GetText("E7011"), imp.MgmId, jsonData); + await SetAlert(globalConfig.GetText("import"), globalConfig.GetText("E7011"),GlobalConst.kDailyCheck, AlertCode.ImportRunningTooLong, imp.MgmId, jsonData); importIssues++; } } else if (imp.LastImport == null || imp.LastImport.Length == 0) // no import at all { jsonData = imp; - await setAlert(GlobalConfig.kDailyCheck, AlertCode.NoImport, globalConfig.GetText("import"), globalConfig.GetText("E7012"), imp.MgmId, jsonData); + await SetAlert(globalConfig.GetText("import"), globalConfig.GetText("E7012"), GlobalConst.kDailyCheck, AlertCode.NoImport, imp.MgmId, jsonData); importIssues++; } - else if (imp.LastImportAttempt != null && imp.LastImportAttempt < DateTime.Now.AddHours(-globalConfig.MaxImportInterval)) // too long ago (not working for legacy devices as LastImportAttempt is not written) + else if (imp.LastImportAttempt != null && imp.LastImportAttempt < DateTime.Now.AddHours(-globalConfig.MaxImportInterval)) + // too long ago (not working for legacy devices as LastImportAttempt is not written) { jsonData = imp; - await setAlert(GlobalConfig.kDailyCheck, AlertCode.SuccessfulImportOverdue, globalConfig.GetText("import"), globalConfig.GetText("E7013"), imp.MgmId, jsonData); + await SetAlert(globalConfig.GetText("import"), globalConfig.GetText("E7013"), GlobalConst.kDailyCheck, AlertCode.SuccessfulImportOverdue, imp.MgmId, jsonData); importIssues++; } } - await AddDailyCheckLogEntry((importIssues != 0 ? 1 : 0), globalConfig.GetText("daily_importer_check"), (importIssues != 0 ? importIssues + globalConfig.GetText("import_issues_found") : globalConfig.GetText("no_import_issues_found"))); - } - - public async Task setAlert(string source, AlertCode alertCode, string title, string description, int? mgmtId = null, object? JsonData = null, int? devId = null) - { - try - { - var Variables = new - { - source = source, - userId = 0, - title = title, - description = description, - mgmId = mgmtId, - devId = devId, - alertCode = (int)alertCode, - jsonData = JsonData, - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addAlert, Variables)).ReturnIds; - if (returnIds != null) - { - // Acknowledge older alert for same problem - Alert? existingAlert = openAlerts.FirstOrDefault(x => x.AlertCode == alertCode && x.ManagementId == mgmtId); - if(existingAlert != null) - { - await AcknowledgeAlert(existingAlert.Id); - } - } - else - { - Log.WriteError("Write Alert", "Log could not be written to database"); - } - string? mgmtIdString = ""; - if (mgmtId != null) - { - mgmtIdString = mgmtId.ToString(); - } - string? devIdString = ""; - if (devId != null) - { - devIdString = devId.ToString(); - } - string jsonString = ""; - if (JsonData != null) - jsonString = JsonSerializer.Serialize(JsonData); - Log.WriteAlert ($"source: \"{source}\"", - $"userId: \"0\", title: \"{title}\", description: \"{description}\", " + - $"mgmId: \"{mgmtIdString}\", devId: \"{devIdString}\", jsonData: \"{jsonString}\", alertCode: \"{alertCode.ToString()}\""); - } - catch(Exception exc) - { - Log.WriteError("Write Alert", $"Could not write Alert for Daily Check: ", exc); - } - } - - public async Task AcknowledgeAlert(long alertId) - { - try - { - var Variables = new - { - id = alertId, - ackUser = 0, - ackTime = DateTime.Now - }; - await apiConnection.SendQueryAsync(MonitorQueries.acknowledgeAlert, Variables); - } - catch (Exception exception) - { - Log.WriteError("Acknowledge Alert", $"Could not acknowledge alert for Daily Check: ", exception); - } - } - - public async Task AddDailyCheckLogEntry(int severity, string cause, string description) - { - try - { - var Variables = new - { - source = GlobalConfig.kDailyCheck, - discoverUser = 0, - severity = severity, - suspectedCause = cause, - description = description, - mgmId = (int?)null, - devId = (int?)null, - importId = (long?)null, - objectType = (string?)null, - objectName = (string?)null, - objectUid = (string?)null, - ruleUid = (string?)null, - ruleId = (long?)null - }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addLogEntry, Variables)).ReturnIds; - if (returnIds == null) - { - Log.WriteError("Write Log", "Log could not be written to database"); - } - } - catch(Exception exc) - { - Log.WriteError("Write Log", $"Could not write daily check log to db: ", exc); - } + await AddLogEntry(importIssues != 0 ? 1 : 0, globalConfig.GetText("daily_importer_check"), + importIssues != 0 ? importIssues + globalConfig.GetText("import_issues_found") : globalConfig.GetText("no_import_issues_found"), GlobalConst.kDailyCheck); } } } diff --git a/roles/middleware/files/FWO.Middleware.Server/DataImportBase.cs b/roles/middleware/files/FWO.Middleware.Server/DataImportBase.cs new file mode 100644 index 000000000..d60b17dee --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/DataImportBase.cs @@ -0,0 +1,86 @@ +using FWO.Logging; +using FWO.Api.Client; +using FWO.Config.Api; +using System.Diagnostics; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the Data Import + /// + public class DataImportBase + { + /// + /// Api Connection + /// + protected readonly ApiConnection apiConnection; + + /// + /// Global Config + /// + protected GlobalConfig globalConfig; + + /// + /// Import File + /// + protected string importFile { get; set; } = ""; + + + /// + /// Constructor for Data Import + /// + public DataImportBase(ApiConnection apiConnection, GlobalConfig globalConfig) + { + this.apiConnection = apiConnection; + this.globalConfig = globalConfig; + } + + /// + /// Read the Import Data File + /// + protected void ReadFile(string filepath) + { + try + { + importFile = File.ReadAllText(filepath).Trim(); + } + catch (Exception) + { + Log.WriteError("Read file", $"File could not be read from {filepath}."); + throw; + } + } + + /// + /// Execute the Data Import Script + /// + protected bool RunImportScript(string importScriptFile) + { + try + { + if(File.Exists(importScriptFile)) + { + ProcessStartInfo start = new () + { + FileName = importScriptFile, + Arguments = "", // args, + UseShellExecute = false, + RedirectStandardOutput = true + }; + Process? process = Process.Start(start); + StreamReader? reader = process?.StandardOutput; + string? result = reader?.ReadToEnd(); + process?.WaitForExit(); + process?.Close(); + Log.WriteInfo("Run Import Script", $"Executed Import Script {importScriptFile}. Result: {result ?? ""}"); + return true; + } + } + catch (Exception Exception) + { + Log.WriteError("Run Import Script", $"File {importScriptFile} could not be executed.", Exception); + } + return false; + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj index c872866d3..74cacf626 100644 --- a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj +++ b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj @@ -1,14 +1,14 @@  - net6.0 + net8.0 enable enable True - + @@ -20,6 +20,8 @@ + +     diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs new file mode 100644 index 000000000..129b65357 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs @@ -0,0 +1,111 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Config.Api.Data; +using FWO.Logging; +using System.Timers; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the scheduler for the import of app data + /// + public class ImportAppDataScheduler : SchedulerBase + { + private System.Timers.Timer ScheduleTimer = new(); + private System.Timers.Timer ImportAppDataTimer = new(); + + /// + /// Async Constructor needing the connection + /// + public static async Task CreateAsync(ApiConnection apiConnection) + { + GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(apiConnection, true); + return new ImportAppDataScheduler(apiConnection, globalConfig); + } + + private ImportAppDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) + : base(apiConnection, globalConfig, ConfigQueries.subscribeImportAppDataConfigChanges) + {} + + /// + /// set scheduling timer from config values + /// + protected override void OnGlobalConfigChange(List config) + { + ScheduleTimer.Stop(); + globalConfig.SubscriptionPartialUpdateHandler(config.ToArray()); + if(globalConfig.ImportAppDataSleepTime > 0) + { + ImportAppDataTimer.Interval = globalConfig.ImportAppDataSleepTime * GlobalConst.kHoursToMilliseconds; + StartScheduleTimer(); + } + } + + /// + /// start the scheduling timer + /// + protected override void StartScheduleTimer() + { + if (globalConfig.ImportAppDataSleepTime > 0) + { + DateTime startTime = DateTime.Now; + try + { + startTime = globalConfig.ImportAppDataStartAt; + while (startTime < DateTime.Now) + { + startTime = startTime.AddHours(globalConfig.ImportAppDataSleepTime); + } + } + catch (Exception exception) + { + Log.WriteError("Import App Data scheduler", "Could not calculate start time.", exception); + } + TimeSpan interval = startTime - DateTime.Now; + + ScheduleTimer = new(); + ScheduleTimer.Elapsed += ImportAppData; + ScheduleTimer.Elapsed += StartImportAppDataTimer; + ScheduleTimer.Interval = interval.TotalMilliseconds; + ScheduleTimer.AutoReset = false; + ScheduleTimer.Start(); + Log.WriteDebug("Import App Data scheduler", "ImportAppDataScheduleTimer started."); + } + } + + private void StartImportAppDataTimer(object? _, ElapsedEventArgs __) + { + ImportAppDataTimer.Stop(); + ImportAppDataTimer = new(); + ImportAppDataTimer.Elapsed += ImportAppData; + ImportAppDataTimer.Interval = globalConfig.ImportAppDataSleepTime * GlobalConst.kHoursToMilliseconds; + ImportAppDataTimer.AutoReset = true; + ImportAppDataTimer.Start(); + Log.WriteDebug("Import App Data scheduler", "ImportAppDataTimer started."); + } + + private async void ImportAppData(object? _, ElapsedEventArgs __) + { + try + { + AppDataImport import = new AppDataImport(apiConnection, globalConfig); + if(!await import.Run()) + { + throw new Exception("Import App Data failed."); + } + } + catch (Exception exc) + { + Log.WriteError("Import App Data", $"Ran into exception: ", exc); + string titletext = "Error encountered while trying to import App Data"; + Log.WriteAlert($"source: \"{GlobalConst.kImportAppData}\"", + $"userId: \"0\", title: \"{titletext}\", description: \"{exc}\", alertCode: \"{AlertCode.ImportAppData}\""); + await AddLogEntry(1, globalConfig.GetText("scheduled_app_import"), globalConfig.GetText("ran_into_exception") + exc.Message, GlobalConst.kImportAppData); + await SetAlert(globalConfig.GetText("scheduled_app_import"), titletext, GlobalConst.kImportAppData, AlertCode.ImportAppData); + } + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs new file mode 100644 index 000000000..8ac36cfe4 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs @@ -0,0 +1,272 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Logging; +using FWO.Mail; +using FWO.Encryption; +using FWO.Report; +using FWO.Report.Filter; +using Newtonsoft.Json; +using System.Text.Json.Serialization; +using System.Text.RegularExpressions; +using WkHtmlToPdfDotNet; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the Import Change Notification + /// + public class ImportChangeNotifier + { + /// + /// Api Connection + /// + protected readonly ApiConnection apiConnection; + + /// + /// Global Config + /// + protected GlobalConfig globalConfig; + + private ReportBase? changeReport; + + private struct ImportToNotify + { + [JsonProperty("control_id"), JsonPropertyName("control_id")] + public long ControlId { get; set; } + + [JsonProperty("mgm_id"), JsonPropertyName("mgm_id")] + public int MgmtId { get; set; } + + [JsonProperty("management"), JsonPropertyName("management")] + public ImportManagement Mgmt { get; set; } + + [JsonProperty("stop_time"), JsonPropertyName("stop_time")] + public DateTime StopTime { get; set; } + + [JsonProperty("security_relevant_changes_counter"), JsonPropertyName("security_relevant_changes_counter")] + public int RelevantChanges { get; set; } + }; + private struct ImportManagement + { + [JsonProperty("mgm_name"), JsonPropertyName("mgm_name")] + public string MgmtName { get; set; } + } + + private List importsToNotify = new(); + + private bool WorkInProgress = false; + private DeviceFilter deviceFilter = new(); + private List importedManagements = new(); + private UserConfig userConfig; + + + /// + /// Constructor for Import Change Notifier + /// + public ImportChangeNotifier(ApiConnection apiConnection, GlobalConfig globalConfig) + { + this.apiConnection = apiConnection; + this.globalConfig = globalConfig; + userConfig = new(globalConfig); + } + + /// + /// Run the Import Change Notifier + /// + public async Task Run() + { + try + { + if(!WorkInProgress) + { + WorkInProgress = true; + if(await NewImportFound()) + { + if(globalConfig.ImpChangeNotifyType != (int)ImpChangeNotificationType.SimpleText) + { + await GenerateChangeReport(); + } + await SendEmail(); + await SetImportsNotified(); + } + WorkInProgress = false; + } + } + catch(Exception exception) + { + Log.WriteError("Import Change Notification", $"Runs into exception: ", exception); + WorkInProgress = false; + return false; + } + return true; + } + + private async Task NewImportFound() + { + importsToNotify = await apiConnection.SendQueryAsync>(ReportQueries.getImportsToNotify); + importedManagements = new(); + foreach(var imp in importsToNotify) + { + if(!importedManagements.Contains(imp.MgmtId)) + { + importedManagements.Add(imp.MgmtId); + } + } + return importsToNotify.Count > 0; + } + + private async Task GenerateChangeReport() + { + try + { + CancellationToken token = new(); + UserConfig userConfig = new(globalConfig); + + changeReport = ReportBase.ConstructReport(new ReportTemplate("", await SetFilters()), userConfig); + ReportData reportData = new(); + await changeReport.Generate(int.MaxValue, apiConnection, + rep => + { + reportData.ManagementData = rep.ManagementData; + foreach (var mgm in reportData.ManagementData) + { + mgm.Ignore = !deviceFilter.getSelectedManagements().Contains(mgm.Id); + } + return Task.CompletedTask; + }, token); + } + catch (Exception exception) + { + Log.WriteError("Import Change Notifier", $"Report generation leads to exception.", exception); + } + } + + private async Task SetFilters() + { + deviceFilter.Managements = (await apiConnection.SendQueryAsync>(DeviceQueries.getDevicesByManagement)) + .Where(x => importedManagements.Contains(x.Id)).ToList(); + deviceFilter.applyFullDeviceSelection(true); + + return new((int)ReportType.Changes, deviceFilter) + { + TimeFilter = new() + { + TimeRangeType = TimeRangeType.Fixeddates, + StartTime = importsToNotify.First().StopTime, + EndTime = importsToNotify.Last().StopTime.AddSeconds(1) + } + }; + } + + private async Task SendEmail() + { + string decryptedSecret = ""; + try + { + string mainKey = AesEnc.GetMainKey(); + decryptedSecret = AesEnc.Decrypt(globalConfig.EmailPassword, mainKey); + } + catch (Exception exception) + { + Log.WriteError("Import Change Notifier", $"Could not decrypt mailserver password.", exception); + } + + EmailConnection emailConnection = new EmailConnection(globalConfig.EmailServerAddress, globalConfig.EmailPort, + globalConfig.EmailTls, globalConfig.EmailUser, decryptedSecret, globalConfig.EmailSenderAddress); + MailKitMailer mailer = new(emailConnection); + await mailer.SendAsync(PrepareEmail(), emailConnection, new CancellationToken(), + globalConfig.ImpChangeNotifyType == (int)ImpChangeNotificationType.HtmlInBody); + } + + private MailData PrepareEmail() + { + string subject = globalConfig.ImpChangeNotifySubject; + string body = CreateBody(); + FormFile? attachment = null; + if(changeReport != null) + { + switch(globalConfig.ImpChangeNotifyType) + { + case (int)ImpChangeNotificationType.HtmlInBody: + body += changeReport?.ExportToHtml(); + break; + case (int)ImpChangeNotificationType.PdfAsAttachment: + attachment = CreateAttachment(Convert.ToBase64String(changeReport?.ToPdf(PaperKind.A4) ?? throw new Exception("No Pdf generated.")), GlobalConst.kPdf); + break; + case (int)ImpChangeNotificationType.HtmlAsAttachment: + attachment = CreateAttachment(changeReport?.ExportToHtml(), GlobalConst.kHtml); + break; + // case (int)ImpChangeNotificationType.CsvAsAttachment: // Currently not implemented + // attachment = CreateAttachment(changeReport?.ExportToCsv(), GlobalConst.kCsv); + // break; + case (int)ImpChangeNotificationType.JsonAsAttachment: + attachment = CreateAttachment(changeReport?.ExportToJson(), GlobalConst.kJson); + break; + default: + break; + } + } + MailData mailData = new(CollectRecipients(), subject, body); + if(attachment != null) + { + mailData.Attachments = new FormFileCollection() { attachment }; + } + return mailData; + } + + private string CreateBody() + { + string body = globalConfig.ImpChangeNotifyBody; + foreach(var mgmtId in importedManagements) + { + int mgmtCounter = 0; + foreach(var imp in importsToNotify.Where(x => x.MgmtId == mgmtId)) + { + mgmtCounter += imp.RelevantChanges; + } + body += globalConfig.ImpChangeNotifyType == (int)ImpChangeNotificationType.HtmlInBody ? "
    " : "\r\n\r\n"; + body += $"{importsToNotify.FirstOrDefault(x => x.MgmtId == mgmtId).Mgmt.MgmtName} (id={mgmtId}): {mgmtCounter} {userConfig.GetText("changes")}"; + } + return body; + } + + private FormFile? CreateAttachment(string? content, string fileFormat) + { + if(content != null) + { + MemoryStream memoryStream = new(System.Text.Encoding.UTF8.GetBytes(content)); + string fileName = $"{Regex.Replace(globalConfig.ImpChangeNotifySubject, @"\s", "")}_{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH-mm-ssK")}.{fileFormat}"; + return new(memoryStream, 0, memoryStream.Length, "FWO-Report-Attachment", fileName) + { + Headers = new HeaderDictionary(), + ContentType = $"application/{fileFormat}" + }; + } + return null; + } + private List CollectRecipients() + { + if(globalConfig.UseDummyEmailAddress) + { + return new() { globalConfig.DummyEmailAddress }; + } + string[] separatingStrings = { ",", ";", "|" }; + return globalConfig.ImpChangeNotifyRecipients.Split(separatingStrings, StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries).ToList(); + } + + private async Task SetImportsNotified() + { + try + { + await apiConnection.SendQueryAsync(ReportQueries.setImportsNotified, new { ids = importsToNotify.ConvertAll(x => x.ControlId) }); + } + catch (Exception exception) + { + Log.WriteError("Import Change Notifier", $"Could not mark imports as notified.", exception); + } + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs new file mode 100644 index 000000000..8d4d7a9df --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs @@ -0,0 +1,111 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Config.Api.Data; +using FWO.Logging; +using System.Timers; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the scheduler for the import change notifications + /// + public class ImportChangeNotifyScheduler : SchedulerBase + { + private System.Timers.Timer ScheduleTimer = new(); + private System.Timers.Timer ImportChangeNotifyTimer = new(); + + /// + /// Async Constructor needing the connection + /// + public static async Task CreateAsync(ApiConnection apiConnection) + { + GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(apiConnection, true); + return new ImportChangeNotifyScheduler(apiConnection, globalConfig); + } + + private ImportChangeNotifyScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) + : base(apiConnection, globalConfig, ConfigQueries.subscribeImportNotifyConfigChanges) + {} + + /// + /// set scheduling timer from config values + /// + protected override void OnGlobalConfigChange(List config) + { + ScheduleTimer.Stop(); + globalConfig.SubscriptionPartialUpdateHandler(config.ToArray()); + if(globalConfig.ImpChangeNotifyActive && globalConfig.ImpChangeNotifySleepTime > 0) + { + ImportChangeNotifyTimer.Interval = globalConfig.ImpChangeNotifySleepTime * 1000; // convert seconds to milliseconds + StartScheduleTimer(); + } + } + + /// + /// start the scheduling timer + /// + protected override void StartScheduleTimer() + { + if (globalConfig.ImpChangeNotifyActive && globalConfig.ImpChangeNotifySleepTime > 0) + { + DateTime startTime = DateTime.Now; + try + { + startTime = globalConfig.ImpChangeNotifyStartAt; + while (startTime < DateTime.Now) + { + startTime = startTime.AddSeconds(globalConfig.ImpChangeNotifySleepTime); + } + } + catch (Exception exception) + { + Log.WriteError("Import Change Notify scheduler", "Could not calculate start time.", exception); + } + TimeSpan interval = startTime - DateTime.Now; + + ScheduleTimer = new(); + ScheduleTimer.Elapsed += ImportChangeNotify; + ScheduleTimer.Elapsed += StartImportChangeNotifyTimer; + ScheduleTimer.Interval = interval.TotalMilliseconds; + ScheduleTimer.AutoReset = false; + ScheduleTimer.Start(); + Log.WriteDebug("Import Change Notify scheduler", "ImportChangeNotify ScheduleTimer started."); + } + } + + private void StartImportChangeNotifyTimer(object? _, ElapsedEventArgs __) + { + ImportChangeNotifyTimer.Stop(); + ImportChangeNotifyTimer = new(); + ImportChangeNotifyTimer.Elapsed += ImportChangeNotify; + ImportChangeNotifyTimer.Interval = globalConfig.ImpChangeNotifySleepTime * 1000; // convert seconds to milliseconds + ImportChangeNotifyTimer.AutoReset = true; + ImportChangeNotifyTimer.Start(); + Log.WriteDebug("Import Change Notify scheduler", "ImportChangeNotifyTimer started."); + } + + private async void ImportChangeNotify(object? _, ElapsedEventArgs __) + { + try + { + ImportChangeNotifier notifyImportChanges = new ImportChangeNotifier(apiConnection, globalConfig); + if(!await notifyImportChanges.Run()) + { + throw new Exception("Import Change Notify failed."); + } + } + catch (Exception exc) + { + Log.WriteError("Import Change Notify", $"Ran into exception: ", exc); + string titletext = "Error encountered while trying to Notify import Change"; + Log.WriteAlert($"source: \"{GlobalConst.kImportChangeNotify}\"", + $"userId: \"0\", title: \"{titletext}\", description: \"{exc}\", alertCode: \"{AlertCode.ImportChangeNotify}\""); + await AddLogEntry(1, globalConfig.GetText("imp_change_notification"), globalConfig.GetText("ran_into_exception") + exc.Message, GlobalConst.kImportChangeNotify); + await SetAlert(globalConfig.GetText("imp_change_notification"), titletext, GlobalConst.kImportChangeNotify, AlertCode.ImportChangeNotify); + } + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs new file mode 100644 index 000000000..7d6299938 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs @@ -0,0 +1,110 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Config.Api.Data; +using FWO.Logging; +using System.Timers; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the scheduler for the import of subnet data + /// + public class ImportSubnetDataScheduler : SchedulerBase + { + private System.Timers.Timer ScheduleTimer = new(); + private System.Timers.Timer ImportSubnetDataTimer = new(); + + /// + /// Async Constructor needing the connection + /// + public static async Task CreateAsync(ApiConnection apiConnection) + { + GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(apiConnection, true); + return new ImportSubnetDataScheduler(apiConnection, globalConfig); + } + + private ImportSubnetDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) + : base(apiConnection, globalConfig, ConfigQueries.subscribeImportSubnetDataConfigChanges) + {} + + /// + /// set scheduling timer from config values + /// + protected override void OnGlobalConfigChange(List config) + { + ScheduleTimer.Stop(); + globalConfig.SubscriptionPartialUpdateHandler(config.ToArray()); + if (globalConfig.ImportSubnetDataSleepTime > 0) + { + ImportSubnetDataTimer.Interval = globalConfig.ImportSubnetDataSleepTime * GlobalConst.kHoursToMilliseconds; + StartScheduleTimer(); + } + } + + /// + /// start the scheduling timer + /// + protected override void StartScheduleTimer() + { + if (globalConfig.ImportSubnetDataSleepTime > 0) + { + DateTime startTime = DateTime.Now; + try + { + startTime = globalConfig.ImportSubnetDataStartAt; + while (startTime < DateTime.Now) + { + startTime = startTime.AddHours(globalConfig.ImportSubnetDataSleepTime); + } + } + catch (Exception exception) + { + Log.WriteError("Import Area Subnet Data scheduler", "Could not calculate start time.", exception); + } + TimeSpan interval = startTime - DateTime.Now; + + ScheduleTimer = new(); + ScheduleTimer.Elapsed += ImportAreaSubnetData; + ScheduleTimer.Elapsed += StartImportSubnetDataTimer; + ScheduleTimer.Interval = interval.TotalMilliseconds; + ScheduleTimer.AutoReset = false; + ScheduleTimer.Start(); + Log.WriteDebug("Import Area Subnet Data scheduler", "ImportSubnetDataScheduleTimer started."); + } + } + + private void StartImportSubnetDataTimer(object? _, ElapsedEventArgs __) + { + ImportSubnetDataTimer.Stop(); + ImportSubnetDataTimer = new(); + ImportSubnetDataTimer.Elapsed += ImportAreaSubnetData; + ImportSubnetDataTimer.Interval = globalConfig.ImportSubnetDataSleepTime * GlobalConst.kHoursToMilliseconds; + ImportSubnetDataTimer.AutoReset = true; + ImportSubnetDataTimer.Start(); + Log.WriteDebug("Import Area Subnet Data scheduler", "ImportSubnetDataTimer started."); + } + + private async void ImportAreaSubnetData(object? _, ElapsedEventArgs __) + { + try + { + AreaSubnetDataImport import = new AreaSubnetDataImport(apiConnection, globalConfig); + if(!await import.Run()) + { + throw new Exception("Area Subnet Import failed."); + } + } + catch (Exception exc) + { + Log.WriteError("Import Area Subnet Data", $"Ran into exception: ", exc); + Log.WriteAlert($"source: \"{GlobalConst.kImportAreaSubnetData}\"", + $"userId: \"0\", title: \"Error encountered while trying to import Area Subnet Data\", description: \"{exc}\", alertCode: \"{AlertCode.ImportAreaSubnetData}\""); + await AddLogEntry(1, globalConfig.GetText("scheduled_subnet_import"), globalConfig.GetText("ran_into_exception") + exc.Message, GlobalConst.kImportAreaSubnetData); + await SetAlert("Import Area Subnet Data failed", exc.Message, GlobalConst.kImportAreaSubnetData, AlertCode.ImportAreaSubnetData); + } + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs index 166e40607..12e1cfdf7 100644 --- a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs +++ b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs @@ -4,140 +4,177 @@ using System.Security.Claims; using System.Text.Json; using FWO.Api.Data; +using Microsoft.IdentityModel.JsonWebTokens; namespace FWO.Middleware.Server { - public class JwtWriter - { - private readonly RsaSecurityKey jwtPrivateKey; - - public JwtWriter(RsaSecurityKey jwtPrivateKey) - { - this.jwtPrivateKey = jwtPrivateKey; - JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); - } - - public async Task CreateJWT(UiUser? user = null, TimeSpan? lifetime = null) - { - if (user != null) - Log.WriteDebug("Jwt generation", $"Generating JWT for user {user.Name} ..."); - else - Log.WriteDebug("Jwt generation", "Generating empty JWT (startup)"); - - JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); - - UiUserHandler uiUserHandler = new UiUserHandler(CreateJWTMiddlewareServer()); - // if lifetime was speciefied use it, otherwise use standard lifetime - int jwtMinutesValid = (int)(lifetime?.TotalMinutes ?? await uiUserHandler.GetExpirationTime()); - - ClaimsIdentity subject; - if (user != null) - subject = GetClaims(await uiUserHandler.HandleUiUserAtLogin(user)); - else - subject = GetClaims(new UiUser() { Name = "", Password = "", Dn = "anonymous", Roles = new List { "anonymous" } }); - // adding uiuser.uiuser_id as x-hasura-user-id to JWT - - // Create JWToken - JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken - ( - issuer: JwtConstants.Issuer, - audience: JwtConstants.Audience, - subject: subject, - notBefore: DateTime.UtcNow.AddMinutes(-1), // we currently allow for some deviation in timing of the systems - issuedAt: DateTime.UtcNow.AddMinutes(-1), - expires: DateTime.UtcNow.AddMinutes(jwtMinutesValid), - signingCredentials: new SigningCredentials(jwtPrivateKey, SecurityAlgorithms.RsaSha256) - ); - - string GeneratedToken = tokenHandler.WriteToken(token); - if (user != null) - Log.WriteInfo("Jwt generation", $"Generated JWT {GeneratedToken} for User {user.Name}"); - else - Log.WriteInfo("Jwt generation", $"Generated JWT {GeneratedToken}"); - return GeneratedToken; - } - - /// - /// Jwt creator function used within middlewareserver that does not need: user, getClaims - /// necessary because this JWT needs to be used within getClaims - /// - /// JWT for middleware-server role. - public string CreateJWTMiddlewareServer() - { - JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); - ClaimsIdentity subject = new ClaimsIdentity(); - subject.AddClaim(new Claim("unique_name", "middleware-server")); - subject.AddClaim(new Claim("x-hasura-allowed-roles", JsonSerializer.Serialize(new string[] { "middleware-server" }), JsonClaimValueTypes.JsonArray)); - subject.AddClaim(new Claim("x-hasura-default-role", "middleware-server")); - - JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken - ( - issuer: JwtConstants.Issuer, - audience: JwtConstants.Audience, - subject: subject, - notBefore: DateTime.UtcNow.AddMinutes(-1), // we currently allow for some deviation in timing of the systems - issuedAt: DateTime.UtcNow.AddMinutes(-1), - expires: DateTime.UtcNow.AddYears(200), - signingCredentials: new SigningCredentials(jwtPrivateKey, SecurityAlgorithms.RsaSha256) - ); - string GeneratedToken = tokenHandler.WriteToken(token); - Log.WriteInfo("Jwt generation", $"Generated JWT {GeneratedToken} for middleware-server."); - return GeneratedToken; - } - - private ClaimsIdentity GetClaims(UiUser user) - { - ClaimsIdentity claimsIdentity = new ClaimsIdentity(); - claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); - claimsIdentity.AddClaim(new Claim("x-hasura-user-id", user.DbId.ToString())); - if (user.Dn != null && user.Dn.Length > 0) - claimsIdentity.AddClaim(new Claim("x-hasura-uuid", user.Dn)); // UUID used for access to reports via API - - if (user.Tenant != null && user.Tenant.VisibleDevices != null && user.Tenant.VisibleManagements != null) - { - // Hasura needs object {} instead of array [] notation (TODO: Changable?) - claimsIdentity.AddClaim(new Claim("x-hasura-tenant-id", user.Tenant.Id.ToString())); - claimsIdentity.AddClaim(new Claim("x-hasura-visible-managements", $"{{ {string.Join(",", user.Tenant.VisibleManagements)} }}")); - claimsIdentity.AddClaim(new Claim("x-hasura-visible-devices", $"{{ {string.Join(",", user.Tenant.VisibleDevices)} }}")); - } - - // we need to create an extra list beacause hasura only accepts an array of roles even if there is only one - List hasuraRolesList = new List(); - - foreach (string role in user.Roles) - { - claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role)); // Frontend Roles - hasuraRolesList.Add(role); // Hasura Roles - } - - // add hasura roles claim as array - claimsIdentity.AddClaim(new Claim("x-hasura-allowed-roles", JsonSerializer.Serialize(hasuraRolesList.ToArray()), JsonClaimValueTypes.JsonArray)); // Convert Hasura Roles to Array - - // deciding on default-role - string defaultRole = ""; - if (user.Roles.Count > 0) - { - if (hasuraRolesList.Contains("admin")) - defaultRole = "admin"; - else if (hasuraRolesList.Contains("auditor")) - defaultRole = "auditor"; - else if (hasuraRolesList.Contains("fw-admin")) - defaultRole = "fw-admin"; - else if (hasuraRolesList.Contains("reporter-viewall")) - defaultRole = "reporter-viewall"; - else if (hasuraRolesList.Contains("reporter")) - defaultRole = "reporter"; - else - defaultRole = user.Roles[0]; // pick first role at random (todo: might need to be changed) - } - else - { - Log.WriteError("User roles", $"User {user.Name} does not have any assigned roles."); - } - - claimsIdentity.AddClaim(new Claim("x-hasura-default-role", defaultRole)); - // Log.WriteDebug("Default role assignment", $"User {user.Name} was assigned default-role {defaultRole}"); - return claimsIdentity; - } - } + /// + /// Class for jwt creation + /// + public class JwtWriter + { + private readonly RsaSecurityKey jwtPrivateKey; + + /// + /// Constructor needing the private key + /// + public JwtWriter(RsaSecurityKey jwtPrivateKey) + { + this.jwtPrivateKey = jwtPrivateKey; + JsonWebTokenHandler.DefaultInboundClaimTypeMap.Clear(); + } + + /// + /// create jwt for given user + /// + /// generated token + public async Task CreateJWT(UiUser? user = null, TimeSpan? lifetime = null) + { + if (user != null) + Log.WriteDebug("Jwt generation", $"Generating JWT for user {user.Name} ..."); + else + Log.WriteDebug("Jwt generation", "Generating empty JWT (startup)"); + + JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); + + UiUserHandler uiUserHandler = new UiUserHandler(CreateJWTMiddlewareServer()); + // if lifetime was speciefied use it, otherwise use standard lifetime + int jwtMinutesValid = (int)(lifetime?.TotalMinutes ?? await uiUserHandler.GetExpirationTime()); + + ClaimsIdentity subject; + if (user != null) + subject = SetClaims(await uiUserHandler.HandleUiUserAtLogin(user)); + else + subject = SetClaims(new UiUser() { Name = "", Password = "", Dn = Roles.Anonymous, Roles = new List { Roles.Anonymous } }); + // adding uiuser.uiuser_id as x-hasura-user-id to JWT + + // Create JWToken + JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken + ( + issuer: JwtConstants.Issuer, + audience: JwtConstants.Audience, + subject: subject, + notBefore: DateTime.UtcNow.AddMinutes(-1), // we currently allow for some deviation in timing of the systems + issuedAt: DateTime.UtcNow.AddMinutes(-1), + // Anonymous jwt is valid for ten years (does not violate security) + expires: DateTime.UtcNow.AddMinutes(user != null ? jwtMinutesValid : 60 * 24 * 365 * 10), + signingCredentials: new SigningCredentials(jwtPrivateKey, SecurityAlgorithms.RsaSha256) + ); + + string GeneratedToken = tokenHandler.WriteToken(token); + if (user != null) + Log.WriteDebug("Jwt generation", $"Generated JWT {token.RawData} for User {user.Name}"); + else + Log.WriteDebug("Jwt generation", $"Generated JWT {token.RawData}"); + return GeneratedToken; + } + + /// + /// Jwt creator function used within middlewareserver that does not need: user, getClaims + /// necessary because this JWT needs to be used within getClaims + /// + /// JWT for middleware-server role. + public string CreateJWTMiddlewareServer() + { + return CreateJWTInternal(Roles.MiddlewareServer); + } + + /// + /// Jwt creator function used within middlewareserver that does not need: user, getClaims + /// necessary because this JWT needs to be used within getClaims + /// + /// JWT for reporter-viewall role. + public string CreateJWTReporterViewall() + { + return CreateJWTInternal(Roles.ReporterViewAll); + } + + private string CreateJWTInternal(string role) + { + JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); + ClaimsIdentity subject = new ClaimsIdentity(); + subject.AddClaim(new Claim("unique_name", role)); + subject.AddClaim(new Claim("x-hasura-allowed-roles", JsonSerializer.Serialize(new string[] { role }), System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.JsonArray)); + subject.AddClaim(new Claim("x-hasura-default-role", role)); + + JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken + ( + issuer: JwtConstants.Issuer, + audience: JwtConstants.Audience, + subject: subject, + notBefore: DateTime.UtcNow.AddMinutes(-1), // we currently allow for some deviation in timing of the systems + issuedAt: DateTime.UtcNow.AddMinutes(-1), + expires: DateTime.UtcNow.AddYears(200), + signingCredentials: new SigningCredentials(jwtPrivateKey, SecurityAlgorithms.RsaSha256) + ); + string GeneratedToken = tokenHandler.WriteToken(token); + Log.WriteDebug("Jwt generation", $"Generated JWT {GeneratedToken} for {role}."); + return GeneratedToken; + } + + private static ClaimsIdentity SetClaims(UiUser user) + { + ClaimsIdentity claimsIdentity = new ClaimsIdentity(); + claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); + claimsIdentity.AddClaim(new Claim("x-hasura-user-id", user.DbId.ToString())); + if (user.Dn != null && user.Dn.Length > 0) + claimsIdentity.AddClaim(new Claim("x-hasura-uuid", user.Dn)); // UUID used for access to reports via API + + if (user.Tenant != null) + { + claimsIdentity.AddClaim(new Claim("x-hasura-tenant-id", user.Tenant.Id.ToString())); + if(user.Tenant.VisibleGatewayIds != null && user.Tenant.VisibleManagementIds != null) + { + // Hasura needs object {} instead of array [] notation (TODO: Changable?) + claimsIdentity.AddClaim(new Claim("x-hasura-visible-managements", $"{{ {string.Join(",", user.Tenant.VisibleManagementIds)} }}")); + claimsIdentity.AddClaim(new Claim("x-hasura-visible-devices", $"{{ {string.Join(",", user.Tenant.VisibleGatewayIds)} }}")); + } + } + claimsIdentity.AddClaim(new Claim("x-hasura-editable-owners", $"{{ {string.Join(",", user.Ownerships)} }}")); + + // we need to create an extra list because hasura only accepts an array of roles even if there is only one + List hasuraRolesList = new List(); + + foreach (string role in user.Roles) + { + claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role)); // Frontend Roles + hasuraRolesList.Add(role); // Hasura Roles + } + + // add hasura roles claim as array + claimsIdentity.AddClaim(new Claim("x-hasura-allowed-roles", JsonSerializer.Serialize(hasuraRolesList.ToArray()), System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.JsonArray)); // Convert Hasura Roles to Array + + claimsIdentity.AddClaim(new Claim("x-hasura-default-role", GetDefaultRole(user, hasuraRolesList))); + return claimsIdentity; + } + + private static string GetDefaultRole(UiUser user, List hasuraRolesList) + { + string defaultRole = ""; + if (user.Roles.Count > 0) + { + if (hasuraRolesList.Contains(Roles.Admin)) + defaultRole = Roles.Admin; + else if (hasuraRolesList.Contains(Roles.Auditor)) + defaultRole = Roles.Auditor; + else if (hasuraRolesList.Contains(Roles.FwAdmin)) + defaultRole = Roles.FwAdmin; + else if (hasuraRolesList.Contains(Roles.ReporterViewAll)) + defaultRole = Roles.ReporterViewAll; + else if (hasuraRolesList.Contains(Roles.Reporter)) + defaultRole = Roles.Reporter; + else if (hasuraRolesList.Contains(Roles.Recertifier)) + defaultRole = Roles.Recertifier; + else if (hasuraRolesList.Contains(Roles.Modeller)) + defaultRole = Roles.Modeller; + else + defaultRole = user.Roles[0]; // pick first role at random (todo: might need to be changed) + } + else + { + Log.WriteError("User roles", $"User {user.Name} does not have any assigned roles."); + } + return defaultRole; + } + } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs index 676084ab3..c5779e5f9 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs @@ -2,887 +2,1133 @@ using Novell.Directory.Ldap; using System.Net.Security; using System.Security.Cryptography.X509Certificates; +using FWO.Encryption; using FWO.Api.Data; using FWO.Middleware.RequestParameters; using Microsoft.IdentityModel.Tokens; namespace FWO.Middleware.Server { - public class Ldap : LdapConnectionBase - { - // The following properties are retrieved from the database api: - // ldap_server ldap_port ldap_search_user ldap_tls ldap_tenant_level ldap_connection_id ldap_search_user_pwd ldap_searchpath_for_users ldap_searchpath_for_roles - private const int timeOutInMs = 3000; - - public Ldap() - {} - - public Ldap(LdapGetUpdateParameters ldapGetUpdateParameters) : base(ldapGetUpdateParameters) - {} - - /// - /// Builds a connection to the specified Ldap server. - /// - /// Connection to the specified Ldap server. - private LdapConnection Connect() - { - try - { - LdapConnectionOptions ldapOptions = new LdapConnectionOptions(); - if (Tls) ldapOptions.ConfigureRemoteCertificateValidationCallback((object sen, X509Certificate? cer, X509Chain? cha, SslPolicyErrors err) => true); // todo: allow real cert validation - LdapConnection connection = new LdapConnection(ldapOptions) { SecureSocketLayer = Tls, ConnectionTimeout = timeOutInMs }; - connection.Connect(Address, Port); - - return connection; - } - - catch (Exception exception) - { - Log.WriteDebug($"Could not connect to LDAP server {Address}:{Port}: ", exception.Message); - throw new Exception($"Error while trying to reach LDAP server {Address}:{Port}", exception); - } - } - - public void TestConnection() - { - using (LdapConnection connection = Connect()) - { - if (!string.IsNullOrEmpty(SearchUser)) - { - connection.Bind(SearchUser, SearchUserPwd); - if (!connection.Bound) throw new Exception("Binding failed for search user"); - } - if (!string.IsNullOrEmpty(WriteUser)) - { - connection.Bind(WriteUser, WriteUserPwd); - if (!connection.Bound) throw new Exception("Binding failed for write user"); - } - } - } - - private string getUserSearchFilter(string searchPattern) - { - string userFilter; - string searchFilter; - if(Type == (int)LdapType.ActiveDirectory) - { - userFilter = "(&(objectclass=user)(!(objectclass=computer)))"; - searchFilter = $"(|(cn={searchPattern})(sAMAccountName={searchPattern}))"; - } - else if(Type == (int)LdapType.OpenLdap) - { - userFilter = "(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))"; - searchFilter = $"(|(cn={searchPattern})(uid={searchPattern}))"; - } - else // LdapType.Default - { - userFilter = "(&(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))(!(objectclass=computer)))"; - searchFilter = $"(|(cn={searchPattern})(uid={searchPattern})(userPrincipalName={searchPattern})(mail={searchPattern}))"; - } - return ((searchPattern == null || searchPattern == "") ? userFilter : $"(&{userFilter}{searchFilter})"); - } - - private string getGroupSearchFilter(string searchPattern) - { - string groupFilter; - string searchFilter; - if(Type == (int)LdapType.ActiveDirectory) - { - groupFilter = "(objectClass=group)"; - searchFilter = $"(|(cn={searchPattern})(name={searchPattern}))"; - } - else if(Type == (int)LdapType.OpenLdap) - { - groupFilter = "(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"; - searchFilter = $"(cn={searchPattern})"; - } - else // LdapType.Default - { - groupFilter = "(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"; - searchFilter = $"(|(dc={searchPattern})(o={searchPattern})(ou={searchPattern})(cn={searchPattern})(uid={searchPattern})(mail={searchPattern}))"; - } - return ((searchPattern == null || searchPattern == "") ? groupFilter : $"(&{groupFilter}{searchFilter})"); - } - - public LdapEntry? GetLdapEntry(UiUser user, bool validateCredentials) - { - Log.WriteInfo("User Validation", $"Validating User: \"{user.Name}\" ..."); - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - List possibleUserEntries = new List(); - - // If dn was already provided - if (!user.Dn.IsNullOrEmpty()) - { - // Try to read user entry directly - LdapEntry? userEntry = connection.Read(user.Dn); - if (userEntry != null) - { - possibleUserEntries.Add(userEntry); - } - } - // Dn was not provided, search for user name - else - { - string[] attrList = new string[] { "*", "memberof" }; - - // Search for users in ldap with same name as user to validate - possibleUserEntries = ((LdapSearchResults)connection.Search( - UserSearchPath, // top-level path under which to search for user - LdapConnection.ScopeSub, // search all levels beneath - getUserSearchFilter(user.Name), - // $"(|(&(sAMAccountName={user.Name})(objectClass=person))(&(objectClass=inetOrgPerson)(uid:dn:={user.Name})))", // matching both AD and openldap filter - attrList, - typesOnly: false - )).ToList(); - } - - // If credentials are not checked return user that was found first - // It could happen that multiple users with the same name were found (impossible if dn was provided) - if (!validateCredentials && possibleUserEntries.Count > 0) - { - return possibleUserEntries.First(); - } - // If credentials should be checked - else if (validateCredentials) - { - // Multiple users with the same name could have been found (impossible if dn was provided) - foreach (LdapEntry possibleUserEntry in possibleUserEntries) - { - // Check credentials - if multiple users were found and the credentials are valid this is most definitely the correct user - if (CredentialsValid(connection, possibleUserEntry.Dn, user.Password)) - { - return possibleUserEntry; - } - } - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to validate user", exception); - } - - Log.WriteInfo("Invalid Credentials", $"Invalid login credentials - could not authenticate user \"{ user.Name}\" on {Address}:{Port}."); - return null; - } - - private bool CredentialsValid(LdapConnection connection, string dn, string password) - { - try - { - Log.WriteDebug("User Validation", $"Trying to validate user with distinguished name: \"{dn}\" ..."); - - // Try to authenticate as user with given password - connection.Bind(dn, password); - - // If authentication was successful (user is bound) - if (connection.Bound) - { - // Return ldap dn - Log.WriteDebug("User Validation", $"\"{dn}\" successfully authenticated in {Address}:{Port}."); - return true; - } - else - { - // this will probably never be reached as an error is thrown before - // Incorrect password - do nothing, assume its another user with the same username - Log.WriteDebug($"User Validation {Address}:{Port}", $"Found user with matching uid but different pwd: \"{dn}\"."); - } - } - catch (LdapException exc) - { - if (exc.ResultCode == 49) // 49 = InvalidCredentials - Log.WriteDebug($"Duplicate user {Address}:{Port}", $"Found user with matching uid but different pwd: \"{dn}\"."); - else - Log.WriteError($"Ldap exception {Address}:{Port}", $"Unexpected error while trying to validate user \"{dn}\"."); - } - return false; - } - - public string GetEmail(LdapEntry user) - { - return user.GetAttributeSet().ContainsKey("mail") ? user.GetAttribute("mail").StringValue : ""; - } - - public List GetGroups(LdapEntry user) - { - // Simplest way as most ldap types should provide the memberof attribute. - // - Probably this doesn't work for nested groups. - // - Some systtems may only save the "primaryGroupID", then we would have to resolve the name. - // - Some others may force us to look into all groups to find the membership. - List groups = new List(); - foreach (var attribute in user.GetAttributeSet()) - { - if (attribute.Name.ToLower() == "memberof") - { - foreach (string membership in attribute.StringValueArray) - { - if (GroupSearchPath != null && membership.EndsWith(GroupSearchPath)) - { - groups.Add(membership); - } - } - } - } - return groups; - } - - public string ChangePassword(string userDn, string oldPassword, string newPassword) - { - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Try to authenticate as user with old password - connection.Bind(userDn, oldPassword); - - if (connection.Bound) - { - // authentication was successful (user is bound): set new password - LdapAttribute attribute = new LdapAttribute("userPassword", newPassword); - LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; - - connection.Modify(userDn, mods); - Log.WriteDebug("Change password", $"Password for user {userDn} changed in {Address}:{Port}"); - } - else - { - return "wrong old password"; - } - } - } - catch (Exception exception) - { - return exception.Message; - } - return ""; - } - - public string SetPassword(string userDn, string newPassword) - { - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - if (connection.Bound) - { - // authentication was successful: set new password - LdapAttribute attribute = new LdapAttribute("userPassword", newPassword); - LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; - - connection.Modify(userDn, mods); - Log.WriteDebug("Change password", $"Password for user {userDn} changed in {Address}:{Port}"); - } - else - { - return "error in write user authentication"; - } - } - } - catch (Exception exception) - { - return exception.Message; - } - return ""; - } - - public List GetRoles(List dnList) - { - return GetMemberships(dnList, RoleSearchPath); - } - - public List GetGroups(List dnList) - { - return GetMemberships(dnList, GroupSearchPath); - } - - private List GetMemberships(List dnList, string? searchPath) - { - List userMemberships = new List(); - - // If this Ldap is containing roles / groups - if (searchPath != null && searchPath != "") - { - try - { - // Connect to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - // Search for Ldap roles / groups in given directory - int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope? - string searchFilter = $"(&(objectClass=groupOfUniqueNames)(cn=*))"; - LdapSearchResults searchResults = (LdapSearchResults)connection.Search(searchPath, searchScope, searchFilter, null, false); - - // convert dnList to lower case to avoid case problems - dnList = dnList.ConvertAll(dn => dn.ToLower()); - - // Foreach found role / group - foreach (LdapEntry entry in searchResults) - { - Log.WriteDebug("Ldap Roles/Groups", $"Try to get roles / groups from ldap entry {entry.GetAttribute("cn").StringValue}"); - - // Get dn of users having current role / group - LdapAttribute members = entry.GetAttribute("uniqueMember"); - string[] memberDn = members.StringValueArray; - - // Foreach user - foreach (string currentDn in memberDn) - { - Log.WriteDebug("Ldap Roles/Groups", $"Checking if current Dn: \"{currentDn}\" is user Dn. Then user has current role / group."); - - // Check if current user dn is matching with given user dn => Given user has current role / group - if (dnList.Contains(currentDn.ToLower())) - { - // Get name and add it to list of roles / groups of given user - string name = entry.GetAttribute("cn").StringValue; - userMemberships.Add(name); - break; - } - } - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get memberships", exception); - } - } - - Log.WriteDebug($"Found the following roles / groups for user {dnList.FirstOrDefault()} in {Address}:{Port}:", string.Join("\n", userMemberships)); - return userMemberships; - } - - public List GetAllRoles() - { - List roleUsers = new List(); - - // If this Ldap is containing roles - if (HasRoleHandling()) - { - try - { - // Connect to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - // Search for Ldap roles in given directory - int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope? - string searchFilter = $"(&(objectClass=groupOfUniqueNames)(cn=*))"; - LdapSearchResults searchResults = (LdapSearchResults)connection.Search(RoleSearchPath, searchScope, searchFilter, null, false); - - // Foreach found role - foreach (LdapEntry entry in searchResults) - { - List attributes = new List(); - string roleDesc = entry.GetAttribute("description").StringValue; - attributes.Add(new RoleAttribute(){ Key = "description", Value = roleDesc }); - - string[] roleMemberDn = entry.GetAttribute("uniqueMember").StringValueArray; - foreach (string currentDn in roleMemberDn) - { - if (currentDn != "") - { - attributes.Add(new RoleAttribute(){ Key = "user", Value = currentDn }); - } - } - roleUsers.Add(new RoleGetReturnParameters(){ Role = entry.Dn, Attributes = attributes}); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all roles", exception); - } - } - return roleUsers; - } - - public List GetAllGroups(string searchPattern) - { - List allGroups = new List(); - try - { - // Connect to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - // Search for Ldap groups in given directory - int searchScope = LdapConnection.ScopeSub; - LdapSearchResults searchResults = (LdapSearchResults)connection.Search(GroupSearchPath, searchScope, getGroupSearchFilter(searchPattern), null, false); - - foreach (LdapEntry entry in searchResults) - { - allGroups.Add(entry.Dn); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all groups", exception); - } - return allGroups; - } - - public List GetAllInternalGroups() - { - List allGroups = new List(); - - try - { - // Connect to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - // Search for Ldap groups in given directory - int searchScope = LdapConnection.ScopeSub; - LdapSearchResults searchResults = (LdapSearchResults)connection.Search(GroupSearchPath, searchScope, getGroupSearchFilter(""), null, false); - - foreach (LdapEntry entry in searchResults) - { - List members = new List(); - string[] groupMemberDn = entry.GetAttribute("uniqueMember").StringValueArray; - foreach (string currentDn in groupMemberDn) - { - if (currentDn != "") - { - members.Add(currentDn); - } - } - allGroups.Add(new GroupGetReturnParameters() - { - GroupDn = entry.Dn, - Members = members, - OwnerGroup = (entry.GetAttributeSet().ContainsKey("businessCategory") ? (entry.GetAttribute("businessCategory").StringValue.ToLower() == "ownergroup") : false) - }); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all internal groups", exception); - } - return allGroups; - } - - public List GetAllUsers(string searchPattern) - { - Log.WriteDebug("GetAllUsers", $"Looking for users with pattern {searchPattern} in {Address}:{Port}"); - List allUsers = new List(); - - try - { - // Connect to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as search user - connection.Bind(SearchUser, SearchUserPwd); - - // Search for Ldap users in given directory - int searchScope = LdapConnection.ScopeSub; - - LdapSearchConstraints cons = connection.SearchConstraints; - cons.ReferralFollowing = true; - connection.Constraints = cons; - - LdapSearchResults searchResults = (LdapSearchResults)connection.Search(UserSearchPath, searchScope, getUserSearchFilter(searchPattern), null, false); - - foreach (LdapEntry entry in searchResults) - { - allUsers.Add(new LdapUserGetReturnParameters() - { - UserDn = entry.Dn, - Email = (entry.GetAttributeSet().ContainsKey("mail") ? entry.GetAttribute("mail").StringValue : null) - }); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all users", exception); - } - return allUsers; - } - - public bool AddUser(string userDn , string password, string email) - { - Log.WriteInfo("Add User", $"Trying to add User: \"{userDn}\""); - bool userAdded = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - string userName = (new FWO.Api.Data.DistName(userDn)).UserName; - LdapAttributeSet attributeSet = new LdapAttributeSet - { - new LdapAttribute("objectclass", "inetOrgPerson"), - new LdapAttribute("sn", userName), - new LdapAttribute("cn", userName), - new LdapAttribute("uid", userName), - new LdapAttribute("userPassword", password), - new LdapAttribute("mail", email) - }; - - LdapEntry newEntry = new LdapEntry( userDn, attributeSet ); - - try - { - //Add the entry to the directory - connection.Add(newEntry); - userAdded = true; - Log.WriteDebug("Add user", $"User {userName} added in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Add User", $"couldn't add user to LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add user", exception); - } - return userAdded; - } - - public bool UpdateUser(string userDn, string email) - { - Log.WriteInfo("Update User", $"Trying to update User: \"{userDn}\""); - bool userUpdated = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - LdapAttribute attribute = new LdapAttribute("mail", email); - LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; - - try - { - //Add the entry to the directory - connection.Modify(userDn, mods); - userUpdated = true; - Log.WriteDebug("Update user", $"User {userDn} updated in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Update User", $"couldn't update user in LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to update user", exception); - } - return userUpdated; - } - - public bool DeleteUser(string userDn) - { - Log.WriteInfo("Delete User", $"Trying to delete User: \"{userDn}\""); - bool userDeleted = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - try - { - //Delete the entry in the directory - connection.Delete(userDn); - userDeleted = true; - Log.WriteDebug("Delete user", $"User {userDn} deleted in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Delete User", $"couldn't delete user in LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete user", exception); - } - return userDeleted; - } - - public string AddGroup(string groupName, bool ownerGroup) - { - Log.WriteInfo("Add Group", $"Trying to add Group: \"{groupName}\""); - bool groupAdded = false; - string groupDn = ""; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - groupDn = $"cn={groupName},{GroupSearchPath}"; - LdapAttributeSet attributeSet = new LdapAttributeSet(); - attributeSet.Add( new LdapAttribute("objectclass", "groupofuniquenames")); - attributeSet.Add( new LdapAttribute("uniqueMember", "")); - if (ownerGroup) - { - attributeSet.Add( new LdapAttribute("businessCategory", "ownergroup")); - } - - LdapEntry newEntry = new LdapEntry( groupDn, attributeSet ); - - try - { - //Add the entry to the directory - connection.Add(newEntry); - groupAdded = true; - Log.WriteDebug("Add group", $"Group {groupName} added in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Add Group", $"couldn't add group to LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add group", exception); - } - return (groupAdded ? groupDn : ""); - } - - public string UpdateGroup(string oldName, string newName) - { - Log.WriteInfo("Update Group", $"Trying to update Group: \"{oldName}\""); - bool groupUpdated = false; - string oldGroupDn = $"cn={oldName},{GroupSearchPath}"; - string newGroupRdn = $"cn={newName}"; - - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - try - { - //Add the entry to the directory - connection.Rename(oldGroupDn, newGroupRdn, true); - groupUpdated = true; - Log.WriteDebug("Update group", $"Group {oldName} renamed to {newName} in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Update Group", $"couldn't update group in LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to update group", exception); - } - return (groupUpdated ? $"{newGroupRdn},{GroupSearchPath}" : ""); - } - - public bool DeleteGroup(string groupName) - { - Log.WriteInfo("Delete Group", $"Trying to delete Group: \"{groupName}\""); - bool groupDeleted = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - try - { - //Delete the entry in the directory - string groupDn = $"cn={groupName},{GroupSearchPath}"; - connection.Delete(groupDn); - groupDeleted = true; - Log.WriteDebug("Delete group", $"Group {groupName} deleted in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Delete Group", $"couldn't delete group in LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete group", exception); - } - return groupDeleted; - } - - public bool AddUserToEntry(string userDn, string entry) - { - Log.WriteInfo("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\""); - return ModifyUserInEntry(userDn, entry, LdapModification.Add); - } - - public bool RemoveUserFromEntry(string userDn, string entry) - { - Log.WriteInfo("Remove User from Entry", $"Trying to remove User: \"{userDn}\" from Entry: \"{entry}\""); - return ModifyUserInEntry(userDn, entry, LdapModification.Delete); - } - - public bool RemoveUserFromAllEntries(string userDn) - { - List dnList = new List(); - dnList.Add(userDn); // group memberships do not need to be regarded here - List roles = GetRoles(dnList); - bool allRemoved = true; - foreach(var role in roles) - { - allRemoved &= RemoveUserFromEntry(userDn, $"cn={role},{RoleSearchPath}"); - } - List groups = GetGroups(dnList); - foreach(var group in groups) - { - allRemoved &= RemoveUserFromEntry(userDn, $"cn={group},{GroupSearchPath}"); - } - return allRemoved; - } - - private bool ModifyUserInEntry(string userDn, string entry, int LdapModification) - { - bool userModified = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - // Add a new value to the description attribute - LdapAttribute attribute = new LdapAttribute("uniquemember", userDn); - LdapModification[] mods = { new LdapModification(LdapModification, attribute) }; - - try - { - //Modify the entry in the directory - connection.Modify(entry, mods); - userModified = true; - Log.WriteDebug("Modify Entry", $"Entry {entry} modified in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Modify Entry", $"maybe entry doesn't exist in this LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to modify user", exception); - } - return userModified; - } - - public bool AddTenant(string tenantName) - { - Log.WriteInfo("Add Tenant", $"Trying to add Tenant: \"{tenantName}\""); - bool tenantAdded = false; - string tenantDn = ""; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - tenantDn = $"ou={tenantName},{UserSearchPath}"; - LdapAttributeSet attributeSet = new LdapAttributeSet(); - attributeSet.Add( new LdapAttribute("objectclass", "organizationalUnit")); - - LdapEntry newEntry = new LdapEntry( tenantDn, attributeSet ); - - try - { - //Add the entry to the directory - connection.Add(newEntry); - tenantAdded = true; - Log.WriteDebug("Add tenant", $"Tenant {tenantName} added in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Add Tenant", $"couldn't add tenant to LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add tenant", exception); - } - return tenantAdded; - } - - public bool DeleteTenant(string tenantName) - { - Log.WriteDebug("Delete Tenant", $"Trying to delete Tenant: \"{tenantName}\" from Ldap"); - bool tenantDeleted = false; - try - { - // Connecting to Ldap - using (LdapConnection connection = Connect()) - { - // Authenticate as write user - connection.Bind(WriteUser, WriteUserPwd); - - try - { - string tenantDn = "ou=" + tenantName + "," + UserSearchPath; - - //Delete the entry in the directory - connection.Delete(tenantDn); - tenantDeleted = true; - Log.WriteDebug("Delete Tenant", $"tenant {tenantDn} deleted in {Address}:{Port}"); - } - catch(Exception exception) - { - Log.WriteInfo("Delete Tenant", $"couldn't delete tenant in LDAP {Address}:{Port}: {exception.ToString()}"); - } - } - } - catch (Exception exception) - { - Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete tenant", exception); - } - return tenantDeleted; - } - } + /// + /// Class handling the ldap transactions + /// + public class Ldap : LdapConnectionBase + { + // The following properties are retrieved from the database api: + // ldap_server ldap_port ldap_search_user ldap_tls ldap_tenant_level ldap_connection_id ldap_search_user_pwd ldap_searchpath_for_users ldap_searchpath_for_roles + private const int timeOutInMs = 3000; + + /// + /// Default constructor + /// + public Ldap() + { } + + /// + /// Constructor from parameter struct + /// + public Ldap(LdapGetUpdateParameters ldapGetUpdateParameters) : base(ldapGetUpdateParameters) + { } + + /// + /// Builds a connection to the specified Ldap server. + /// + /// Connection to the specified Ldap server. + private LdapConnection Connect() + { + try + { + LdapConnectionOptions ldapOptions = new LdapConnectionOptions(); + if (Tls) ldapOptions.ConfigureRemoteCertificateValidationCallback((object sen, X509Certificate? cer, X509Chain? cha, SslPolicyErrors err) => true); // todo: allow real cert validation + LdapConnection connection = new LdapConnection(ldapOptions) { SecureSocketLayer = Tls, ConnectionTimeout = timeOutInMs }; + connection.Connect(Address, Port); + + return connection; + } + + catch (Exception exception) + { + Log.WriteDebug($"Could not connect to LDAP server {Address}:{Port}: ", exception.Message); + throw new Exception($"Error while trying to reach LDAP server {Address}:{Port}", exception); + } + } + + /// + /// try an ldap bind, decrypting pwd before bind; using pwd as is if it cannot be decrypted + /// false if bind fails + /// + private static bool TryBind(LdapConnection connection, string user, string password) + { + string decryptedPassword = password; + try + { + decryptedPassword = AesEnc.Decrypt(password, AesEnc.GetMainKey()); + } + catch + { + Log.WriteDebug("TryBind", $"Could not decrypt password"); + // assuming we already have an unencrypted password, trying this + } + connection.Bind(user, decryptedPassword); + return connection.Bound; + } + + /// + /// Test a connection to the specified Ldap server. + /// Throws exception if not successful + /// + public void TestConnection() + { + using (LdapConnection connection = Connect()) + { + if (!string.IsNullOrEmpty(SearchUser)) + { + if (!TryBind(connection, SearchUser, SearchUserPwd)) throw new Exception("Binding failed for search user"); + } + if (!string.IsNullOrEmpty(WriteUser)) + { + if (!TryBind(connection, WriteUser, WriteUserPwd)) throw new Exception("Binding failed for write user"); + } + } + } + + private string GetUserSearchFilter(string searchPattern) + { + string userFilter; + string searchFilter; + if (Type == (int)LdapType.ActiveDirectory) + { + userFilter = "(&(objectclass=user)(!(objectclass=computer)))"; + searchFilter = $"(|(cn={searchPattern})(sAMAccountName={searchPattern}))"; + } + else if (Type == (int)LdapType.OpenLdap) + { + userFilter = "(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))"; + searchFilter = $"(|(cn={searchPattern})(uid={searchPattern}))"; + } + else // LdapType.Default + { + userFilter = "(&(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))(!(objectclass=computer)))"; + searchFilter = $"(|(cn={searchPattern})(uid={searchPattern})(userPrincipalName={searchPattern})(mail={searchPattern}))"; + } + return ((searchPattern == null || searchPattern == "") ? userFilter : $"(&{userFilter}{searchFilter})"); + } + + private string GetGroupSearchFilter(string searchPattern) + { + string groupFilter; + string searchFilter; + if (Type == (int)LdapType.ActiveDirectory) + { + groupFilter = "(objectClass=group)"; + searchFilter = $"(|(cn={searchPattern})(name={searchPattern}))"; + } + else if (Type == (int)LdapType.OpenLdap) + { + groupFilter = "(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"; + searchFilter = $"(cn={searchPattern})"; + } + else // LdapType.Default + { + groupFilter = "(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"; + searchFilter = $"(|(dc={searchPattern})(o={searchPattern})(ou={searchPattern})(cn={searchPattern})(uid={searchPattern})(mail={searchPattern}))"; + } + return (searchPattern == null || searchPattern == "") ? groupFilter : $"(&{groupFilter}{searchFilter})"; + } + + /// + /// Get the LdapEntry for the given user with option to validate credentials + /// + /// LdapEntry for the given user if found + public LdapEntry? GetLdapEntry(UiUser user, bool validateCredentials) + { + Log.WriteDebug("User Validation", $"Validating User: \"{user.Name}\" ..."); + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + TryBind(connection, SearchUser, SearchUserPwd); + + LdapSearchConstraints cons = connection.SearchConstraints; + cons.ReferralFollowing = true; + connection.Constraints = cons; + + List possibleUserEntries = new List(); + + // If dn was already provided + if (!user.Dn.IsNullOrEmpty()) + { + // Try to read user entry directly + LdapEntry? userEntry = connection.Read(user.Dn); + if (userEntry != null) + { + possibleUserEntries.Add(userEntry); + } + } + else // Dn was not provided, search for user name + { + string[] attrList = new string[] { "*", "memberof" }; + string userSearchFilter = GetUserSearchFilter(user.Name); + + // Search for users in ldap with same name as user to validate + possibleUserEntries = ((LdapSearchResults)connection.Search( + UserSearchPath, // top-level path under which to search for user + LdapConnection.ScopeSub, // search all levels beneath + userSearchFilter, + attrList, + typesOnly: false + )).ToList(); + } + + // If credentials are not checked return user that was found first + // It could happen that multiple users with the same name were found (impossible if dn was provided) + if (!validateCredentials && possibleUserEntries.Count > 0) + { + return possibleUserEntries.First(); + } + // If credentials should be checked + else if (validateCredentials) + { + // Multiple users with the same name could have been found (impossible if dn was provided) + foreach (LdapEntry possibleUserEntry in possibleUserEntries) + { + // Check credentials - if multiple users were found and the credentials are valid this is most definitely the correct user + if (CredentialsValid(connection, possibleUserEntry.Dn, user.Password)) + { + return possibleUserEntry; + } + } + } + } + } + catch (LdapException ldapException) + { + Log.WriteInfo("Ldap entry exception", $"Ldap entry search at \"{Address}:{Port}\" lead to exception: {ldapException.Message}"); + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception \"{Address}:{Port}\"", "Unexpected error while trying to validate user", exception); + } + + Log.WriteDebug("Invalid Credentials", $"Invalid login credentials - could not authenticate user \"{user.Name}\" on {Address}:{Port}."); + return null; + } + + public LdapEntry? GetUserDetailsFromLdap(string distinguishedName) + { + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + TryBind(connection, SearchUser, SearchUserPwd); + + LdapSearchConstraints cons = connection.SearchConstraints; + cons.ReferralFollowing = true; + connection.Constraints = cons; + + List possibleUserEntries = []; + + // Try to read user entry directly + LdapEntry? userEntry = connection.Read(distinguishedName); + if (userEntry != null) + { + possibleUserEntries.Add(userEntry); + } + + if (possibleUserEntries.Count > 0) + { + return possibleUserEntries.First(); + } + } + } + catch (LdapException ldapException) + { + Log.WriteInfo("Ldap entry exception", $"Ldap entry search at \"{Address}:{Port}\" lead to exception: {ldapException.Message}"); + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception \"{Address}:{Port}\"", "Unexpected error while trying to validate user", exception); + } + return null; + } + + private bool CredentialsValid(LdapConnection connection, string dn, string password) + { + try + { + Log.WriteDebug("User Validation", $"Trying to validate user with distinguished name: \"{dn}\" ..."); + + // Try to authenticate as user with given password + if (TryBind(connection, dn, password)) + { + // Return ldap dn + Log.WriteDebug("User Validation", $"\"{dn}\" successfully authenticated in {Address}:{Port}."); + return true; + } + else + { + // this will probably never be reached as an error is thrown before + // Incorrect password - do nothing, assume its another user with the same username + Log.WriteDebug($"User Validation {Address}:{Port}", $"Found user with matching uid but different pwd: \"{dn}\"."); + } + } + catch (LdapException exc) + { + if (exc.ResultCode == 49) // 49 = InvalidCredentials + Log.WriteDebug($"Duplicate user {Address}:{Port}", $"Found user with matching uid but different pwd: \"{dn}\"."); + else + Log.WriteError($"Ldap exception {Address}:{Port}", $"Unexpected error while trying to validate user \"{dn}\"."); + } + return false; + } + + /// + /// Get the EmailAddress for the given user + /// + /// EmailAddress of the given user + public string GetEmail(LdapEntry user) + { + return user.GetAttributeSet().ContainsKey("mail") ? user.GetAttribute("mail").StringValue : ""; + } + + /// + /// Get the first name for the given user + /// + /// first name of the given user + public string GetFirstName(LdapEntry user) + { + return user.GetAttributeSet().ContainsKey("givenName") ? user.GetAttribute("givenName").StringValue : ""; + } + + /// + /// Get the last name for the given user + /// + /// last name of the given user + public string GetLastName(LdapEntry user) + { + return user.GetAttributeSet().ContainsKey("sn") ? user.GetAttribute("sn").StringValue : ""; + } + + /// + /// Get the user name for the given user + /// + /// username of the given user + public string GetName(LdapEntry user) + { + // active directory: + if (user.GetAttributeSet().ContainsKey("sAMAccountName")) + { + return user.GetAttribute("sAMAccountName").StringValue; + } + + // openldap: + if (user.GetAttributeSet().ContainsKey("uid")) + { + return user.GetAttribute("uid").StringValue; + } + return ""; + } + + /// + /// Get the tenant name for the given user + /// + /// tenant name of the given user + public string GetTenantName(LdapEntry user) + { + DistName dn = new (user.Dn); + return dn.GetTenantNameViaLdapTenantLevel (TenantLevel); + } + + /// + /// Get the groups for the given user + /// + /// list of groups for the given user + public List GetGroups(LdapEntry user) + { + // Simplest way as most ldap types should provide the memberof attribute. + // - Probably this doesn't work for nested groups. + // - Some systems may only save the "primaryGroupID", then we would have to resolve the name. + // - Some others may force us to look into all groups to find the membership. + List groups = new List(); + foreach (var attribute in user.GetAttributeSet()) + { + if (attribute.Name.ToLower() == "memberof") + { + foreach (string membership in attribute.StringValueArray) + { + if (GroupSearchPath != null && membership.EndsWith(GroupSearchPath)) + { + groups.Add(membership); + } + } + } + } + return groups; + } + + /// + /// Change the password of the given user + /// + /// error message if not successful + public string ChangePassword(string userDn, string oldPassword, string newPassword) + { + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Try to authenticate as user with old password + if (TryBind(connection, userDn, oldPassword)) + { + // authentication was successful (user is bound): set new password + LdapAttribute attribute = new("userPassword", newPassword); + LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; + + connection.Modify(userDn, mods); + Log.WriteDebug("Change password", $"Password for user {userDn} changed in {Address}:{Port}"); + } + else + { + return "wrong old password"; + } + } + } + catch (Exception exception) + { + return exception.Message; + } + return ""; + } + + /// + /// Set the password of the given user + /// + /// error message if not successful + public string SetPassword(string userDn, string newPassword) + { + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + if (TryBind(connection, WriteUser, WriteUserPwd)) + { + // authentication was successful: set new password + LdapAttribute attribute = new LdapAttribute("userPassword", newPassword); + LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; + + connection.Modify(userDn, mods); + Log.WriteDebug("Change password", $"Password for user {userDn} changed in {Address}:{Port}"); + } + else + { + return "error in write user authentication"; + } + } + } + catch (Exception exception) + { + return exception.Message; + } + return ""; + } + + /// + /// Get the roles for the given DN list + /// + /// list of roles for the given DN list + public List GetRoles(List dnList) + { + return GetMemberships(dnList, RoleSearchPath); + } + + /// + /// Get the groups for the given DN list + /// + /// list of groups for the given DN list + public List GetGroups(List dnList) + { + return GetMemberships(dnList, GroupSearchPath); + } + + private List GetMemberships(List dnList, string? searchPath) + { + List userMemberships = []; + + // If this Ldap is containing roles / groups + if (searchPath != null && searchPath != "") + { + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey())); + + // Search for Ldap roles / groups in given directory + int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope? + string searchFilter = $"(&(objectClass=groupOfUniqueNames)(cn=*))"; + LdapSearchResults searchResults = (LdapSearchResults)connection.Search(searchPath, searchScope, searchFilter, null, false); + + // convert dnList to lower case to avoid case problems + dnList = dnList.ConvertAll(dn => dn.ToLower()); + + // Foreach found role / group + foreach (LdapEntry entry in searchResults) + { + Log.WriteDebug("Ldap Roles/Groups", $"Try to get roles / groups from ldap entry {entry.GetAttribute("cn").StringValue}"); + + // Get dn of users having current role / group + LdapAttribute members = entry.GetAttribute("uniqueMember"); + string[] memberDn = members.StringValueArray; + + // Foreach user + foreach (string currentDn in memberDn) + { + Log.WriteDebug("Ldap Roles/Groups", $"Checking if current Dn: \"{currentDn}\" is user Dn. Then user has current role / group."); + + // Check if current user dn is matching with given user dn => Given user has current role / group + if (dnList.Contains(currentDn.ToLower())) + { + // Get name and add it to list of roles / groups of given user + string name = entry.GetAttribute("cn").StringValue; + userMemberships.Add(name); + break; + } + } + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get memberships", exception); + } + } + + Log.WriteDebug($"Found the following roles / groups for user {dnList.FirstOrDefault()} in {Address}:{Port}:", string.Join("\n", userMemberships)); + return userMemberships; + } + + /// + /// Get all roles + /// + /// list of roles + public List GetAllRoles() + { + List roleUsers = []; + + // If this Ldap is containing roles + if (HasRoleHandling()) + { + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, SearchUserPwd); + + // Search for Ldap roles in given directory + int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope? + string searchFilter = $"(&(objectClass=groupOfUniqueNames)(cn=*))"; + LdapSearchResults searchResults = (LdapSearchResults)connection.Search(RoleSearchPath, searchScope, searchFilter, null, false); + + // Foreach found role + foreach (LdapEntry entry in searchResults) + { + List attributes = []; + string roleDesc = entry.GetAttribute("description").StringValue; + attributes.Add(new RoleAttribute() { Key = "description", Value = roleDesc }); + + string[] roleMemberDn = entry.GetAttribute("uniqueMember").StringValueArray; + foreach (string currentDn in roleMemberDn) + { + if (currentDn != "") + { + attributes.Add(new RoleAttribute() { Key = "user", Value = currentDn }); + } + } + roleUsers.Add(new RoleGetReturnParameters() { Role = entry.Dn, Attributes = attributes }); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all roles", exception); + } + } + return roleUsers; + } + + /// + /// Search all groups with search pattern + /// + /// list of groups + public List GetAllGroups(string searchPattern) + { + List allGroups = []; + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, SearchUserPwd); + + // Search for Ldap groups in given directory + int searchScope = LdapConnection.ScopeSub; + LdapSearchResults searchResults = (LdapSearchResults)connection.Search(GroupSearchPath, searchScope, GetGroupSearchFilter(searchPattern), null, false); + + foreach (LdapEntry entry in searchResults) + { + allGroups.Add(entry.Dn); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all groups", exception); + } + return allGroups; + } + + /// + /// Get all internal groups + /// + /// list of groups + public List GetAllInternalGroups() + { + List allGroups = []; + + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, SearchUserPwd); + + // Search for Ldap groups in given directory + int searchScope = LdapConnection.ScopeSub; + LdapSearchResults searchResults = (LdapSearchResults)connection.Search(GroupSearchPath, searchScope, GetGroupSearchFilter(""), null, false); + + foreach (LdapEntry entry in searchResults) + { + List members = []; + string[] groupMemberDn = entry.GetAttribute("uniqueMember").StringValueArray; + foreach (string currentDn in groupMemberDn) + { + if (currentDn != "") + { + members.Add(currentDn); + } + } + allGroups.Add(new GroupGetReturnParameters() + { + GroupDn = entry.Dn, + Members = members, + OwnerGroup = entry.GetAttributeSet().ContainsKey("businessCategory") && entry.GetAttribute("businessCategory").StringValue.Equals("ownergroup", StringComparison.CurrentCultureIgnoreCase) + }); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all internal groups", exception); + } + return allGroups; + } + + /// + /// Get members of an ldap group + /// + /// list of members + public List GetGroupMembers(string groupDn) + { + List allMembers = []; + + if (groupDn.Contains(GroupSearchPath)) + { + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, SearchUserPwd); + LdapEntry entry = connection.Read(groupDn); + + if (entry != null) + { + string[] groupMemberDn = entry.GetAttribute("uniqueMember").StringValueArray; + foreach (string currentDn in groupMemberDn) + { + if (currentDn != "") + { + allMembers.Add(currentDn); + } + } + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", $"Unexpected error while trying to get all group members of group {groupDn}", exception); + } + } + return allMembers; + } + + /// + /// Search all users with search pattern + /// + /// list of users + public List GetAllUsers(string searchPattern) + { + Log.WriteDebug("GetAllUsers", $"Looking for users with pattern {searchPattern} in {Address}:{Port}"); + List allUsers = []; + + try + { + // Connect to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as search user + TryBind(connection, SearchUser, SearchUserPwd); + + // Search for Ldap users in given directory + int searchScope = LdapConnection.ScopeSub; + + LdapSearchConstraints cons = connection.SearchConstraints; + cons.ReferralFollowing = true; + connection.Constraints = cons; + + LdapSearchResults searchResults = (LdapSearchResults)connection.Search(UserSearchPath, searchScope, GetUserSearchFilter(searchPattern), null, false); + + foreach (LdapEntry entry in searchResults) + { + allUsers.Add(new LdapUserGetReturnParameters() + { + UserDn = entry.Dn, + Email = entry.GetAttributeSet().ContainsKey("mail") ? entry.GetAttribute("mail").StringValue : null + // add first and last name of user + }); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to get all users", exception); + } + return allUsers; + } + + /// + /// Add new user + /// + /// true if user added + public bool AddUser(string userDn, string password, string email) + { + Log.WriteInfo("Add User", $"Trying to add User: \"{userDn}\""); + bool userAdded = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + string userName = new FWO.Api.Data.DistName(userDn).UserName; + LdapAttributeSet attributeSet = new LdapAttributeSet + { + new LdapAttribute("objectclass", "inetOrgPerson"), + new LdapAttribute("sn", userName), + new LdapAttribute("cn", userName), + new LdapAttribute("uid", userName), + new LdapAttribute("userPassword", password), + new LdapAttribute("mail", email) + }; + + LdapEntry newEntry = new LdapEntry(userDn, attributeSet); + + try + { + //Add the entry to the directory + connection.Add(newEntry); + userAdded = true; + Log.WriteDebug("Add user", $"User {userName} added in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Add User", $"couldn't add user to LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add user", exception); + } + return userAdded; + } + + /// + /// Update user + /// + /// true if user updated + public bool UpdateUser(string userDn, string email) + { + Log.WriteInfo("Update User", $"Trying to update User: \"{userDn}\""); + bool userUpdated = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + LdapAttribute attribute = new LdapAttribute("mail", email); + LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) }; + + try + { + //Add the entry to the directory + connection.Modify(userDn, mods); + userUpdated = true; + Log.WriteDebug("Update user", $"User {userDn} updated in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Update User", $"couldn't update user in LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to update user", exception); + } + return userUpdated; + } + + /// + /// Delete user + /// + /// true if user deleted + public bool DeleteUser(string userDn) + { + Log.WriteInfo("Delete User", $"Trying to delete User: \"{userDn}\""); + bool userDeleted = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + try + { + //Delete the entry in the directory + connection.Delete(userDn); + userDeleted = true; + Log.WriteDebug("Delete user", $"User {userDn} deleted in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Delete User", $"couldn't delete user in LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete user", exception); + } + return userDeleted; + } + + /// + /// Add new group + /// + /// group DN if user added + public string AddGroup(string groupName, bool ownerGroup) + { + Log.WriteInfo("Add Group", $"Trying to add Group: \"{groupName}\""); + bool groupAdded = false; + string groupDn = ""; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + groupDn = $"cn={groupName},{GroupSearchPath}"; + LdapAttributeSet attributeSet = new LdapAttributeSet(); + attributeSet.Add(new LdapAttribute("objectclass", "groupofuniquenames")); + attributeSet.Add(new LdapAttribute("uniqueMember", "")); + if (ownerGroup) + { + attributeSet.Add(new LdapAttribute("businessCategory", "ownergroup")); + } + + LdapEntry newEntry = new LdapEntry(groupDn, attributeSet); + + try + { + //Add the entry to the directory + connection.Add(newEntry); + groupAdded = true; + Log.WriteDebug("Add group", $"Group {groupName} added in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Add Group", $"couldn't add group to LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add group", exception); + } + return (groupAdded ? groupDn : ""); + } + + /// + /// Update group name + /// + /// new group DN if group updated + public string UpdateGroup(string oldName, string newName) + { + Log.WriteInfo("Update Group", $"Trying to update Group: \"{oldName}\""); + bool groupUpdated = false; + string oldGroupDn = $"cn={oldName},{GroupSearchPath}"; + string newGroupRdn = $"cn={newName}"; + + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + try + { + //Add the entry to the directory + connection.Rename(oldGroupDn, newGroupRdn, true); + groupUpdated = true; + Log.WriteDebug("Update group", $"Group {oldName} renamed to {newName} in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Update Group", $"couldn't update group in LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to update group", exception); + } + return (groupUpdated ? $"{newGroupRdn},{GroupSearchPath}" : ""); + } + + /// + /// Delete group + /// + /// true if group deleted + public bool DeleteGroup(string groupName) + { + Log.WriteInfo("Delete Group", $"Trying to delete Group: \"{groupName}\""); + bool groupDeleted = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + try + { + //Delete the entry in the directory + string groupDn = $"cn={groupName},{GroupSearchPath}"; + connection.Delete(groupDn); + groupDeleted = true; + Log.WriteDebug("Delete group", $"Group {groupName} deleted in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Delete Group", $"couldn't delete group in LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete group", exception); + } + return groupDeleted; + } + + /// + /// Add user to entry + /// + /// true if user added + public bool AddUserToEntry(string userDn, string entry) + { + Log.WriteInfo("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\""); + return ModifyUserInEntry(userDn, entry, LdapModification.Add); + } + + /// + /// Remove user from entry + /// + /// true if user removed + public bool RemoveUserFromEntry(string userDn, string entry) + { + Log.WriteInfo("Remove User from Entry", $"Trying to remove User: \"{userDn}\" from Entry: \"{entry}\""); + return ModifyUserInEntry(userDn, entry, LdapModification.Delete); + } + + /// + /// Remove user from all entries + /// + /// true if user removed from all entries + public bool RemoveUserFromAllEntries(string userDn) + { + List dnList = new List(); + dnList.Add(userDn); // group memberships do not need to be regarded here + List roles = GetRoles(dnList); + bool allRemoved = true; + foreach (var role in roles) + { + allRemoved &= RemoveUserFromEntry(userDn, $"cn={role},{RoleSearchPath}"); + } + List groups = GetGroups(dnList); + foreach (var group in groups) + { + allRemoved &= RemoveUserFromEntry(userDn, $"cn={group},{GroupSearchPath}"); + } + return allRemoved; + } + + private bool ModifyUserInEntry(string userDn, string entry, int LdapModification) + { + bool userModified = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + // Add a new value to the description attribute + LdapAttribute attribute = new LdapAttribute("uniquemember", userDn); + LdapModification[] mods = { new LdapModification(LdapModification, attribute) }; + + try + { + //Modify the entry in the directory + connection.Modify(entry, mods); + userModified = true; + Log.WriteDebug("Modify Entry", $"Entry {entry} modified in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Modify Entry", $"maybe entry doesn't exist in this LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to modify user", exception); + } + return userModified; + } + + /// + /// Add new tenant + /// + /// true if tenant added + public bool AddTenant(string tenantName) + { + Log.WriteInfo("Add Tenant", $"Trying to add Tenant: \"{tenantName}\""); + bool tenantAdded = false; + string tenantDn = ""; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + tenantDn = $"ou={tenantName},{UserSearchPath}"; + LdapAttributeSet attributeSet = new LdapAttributeSet(); + attributeSet.Add(new LdapAttribute("objectclass", "organizationalUnit")); + + LdapEntry newEntry = new LdapEntry(tenantDn, attributeSet); + + try + { + //Add the entry to the directory + connection.Add(newEntry); + tenantAdded = true; + Log.WriteDebug("Add tenant", $"Tenant {tenantName} added in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Add Tenant", $"couldn't add tenant to LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to add tenant", exception); + } + return tenantAdded; + } + + /// + /// Delete tenant + /// + /// true if tenant deleted + public bool DeleteTenant(string tenantName) + { + Log.WriteDebug("Delete Tenant", $"Trying to delete Tenant: \"{tenantName}\" from Ldap"); + bool tenantDeleted = false; + try + { + // Connecting to Ldap + using (LdapConnection connection = Connect()) + { + // Authenticate as write user + TryBind(connection, WriteUser, WriteUserPwd); + + try + { + string tenantDn = "ou=" + tenantName + "," + UserSearchPath; + + //Delete the entry in the directory + connection.Delete(tenantDn); + tenantDeleted = true; + Log.WriteDebug("Delete Tenant", $"tenant {tenantDn} deleted in {Address}:{Port}"); + } + catch (Exception exception) + { + Log.WriteInfo("Delete Tenant", $"couldn't delete tenant in LDAP {Address}:{Port}: {exception.ToString()}"); + } + } + } + catch (Exception exception) + { + Log.WriteError($"Non-LDAP exception {Address}:{Port}", "Unexpected error while trying to delete tenant", exception); + } + return tenantDeleted; + } + } } diff --git a/roles/middleware/files/FWO.Middleware.Server/ModellingImportAppData.cs b/roles/middleware/files/FWO.Middleware.Server/ModellingImportAppData.cs new file mode 100644 index 000000000..72250e3a5 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ModellingImportAppData.cs @@ -0,0 +1,102 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + + +namespace FWO.Middleware.Server +{ + /// + /// Structure for imported owner data + /// + public class ModellingImportOwnerData + { + /// + /// List of all Owners + /// + [JsonProperty("owners"), JsonPropertyName("owners")] + public List? Owners { get; set; } + } + + /// + /// Structure for imported app data + /// + public class ModellingImportAppData + { + /// + /// App Name + /// + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + /// + /// External Id of App + /// + [JsonProperty("app_id_external"), JsonPropertyName("app_id_external")] + public string ExtAppId { get; set; } = ""; + + /// + /// Main User (Dn) + /// + [JsonProperty("main_user"), JsonPropertyName("main_user")] + public string? MainUser { get; set; } = ""; + + /// + /// List of allowed modellers (Dn) + /// + [JsonProperty("modellers"), JsonPropertyName("modellers")] + public List? Modellers { get; set; } = new(); + + /// + /// List of Ldap Groups of allowed modellers (Dn): (currently handled same as modellers) + /// + [JsonProperty("modeller_groups"), JsonPropertyName("modeller_groups")] + public List? ModellerGroups { get; set; } = new(); + + /// + /// Criticality of App + /// + [JsonProperty("criticality"), JsonPropertyName("criticality")] + public string? Criticality { get; set; } + + /// + /// Source of App import + /// + [JsonProperty("import_source"), JsonPropertyName("import_source")] + public string ImportSource { get; set; } = ""; + + /// + /// App Servers of App + /// + [JsonProperty("app_servers"), JsonPropertyName("app_servers")] + public List AppServers { get; set; } = new(); + } + + /// + /// Structure for imported app server + /// + public class ModellingImportAppServer + { + /// + /// App Server Name + /// + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + // /// + // /// App Server Subnet + // /// + // [JsonProperty("subnet"), JsonPropertyName("subnet")] + // public string Subnet { get; set; } = ""; + + /// + /// App Server Ip + /// + [JsonProperty("ip"), JsonPropertyName("ip")] + public string Ip { get; set; } = ""; + + /// + /// App Server IpEnd + /// + [JsonProperty("ip_end"), JsonPropertyName("ip_end")] + public string IpEnd { get; set; } = ""; + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/ModellingImportNwData.cs b/roles/middleware/files/FWO.Middleware.Server/ModellingImportNwData.cs new file mode 100644 index 000000000..0f9b43488 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/ModellingImportNwData.cs @@ -0,0 +1,67 @@ +using System.Text.Json.Serialization; +using Newtonsoft.Json; + + +namespace FWO.Middleware.Server +{ + /// + /// Structure for imported network data + /// + public class ModellingImportNwData + { + /// + /// List of all Areas + /// + [JsonProperty("areas"), JsonPropertyName("areas")] + public List? Areas { get; set; } + } + + /// + /// Structure for imported area data + /// + public class ModellingImportAreaData + { + /// + /// Area Name + /// + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + /// + /// Area Id String + /// + [JsonProperty("id_string"), JsonPropertyName("id_string")] + public string IdString { get; set; } = ""; + + /// + /// List of all associated Subnets + /// + [JsonProperty("subnets"), JsonPropertyName("subnets")] + public List Subnets { get; set; } = new(); + } + + /// + /// Structure for imported Area Subnets + /// + public class ModellingImportAreaSubnets + { + /// + /// Area Subnet Name + /// + [JsonProperty("name"), JsonPropertyName("name")] + public string Name { get; set; } = ""; + + /// + /// Area Subnet Network Start IP (in cidr notation) + /// + [JsonProperty("ip"), JsonPropertyName("ip")] + public string Ip { get; set; } = ""; + + /// + /// Area Subnet Network End IP (in cidr notation) + /// + [JsonProperty("ip_end"), JsonPropertyName("ip_end")] + public string? IpEnd { get; set; } = ""; + + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/Program.cs b/roles/middleware/files/FWO.Middleware.Server/Program.cs index dbcdb7301..f89559245 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Program.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Program.cs @@ -8,11 +8,18 @@ using Microsoft.OpenApi.Models; using System.Reflection; +// Implicitly call static constructor so background lock process is started +// (static constructor is only called after class is used in any way) +Log.WriteInfo("Startup", "Starting FWO Middleware Server..."); + object changesLock = new object(); // LOCK ReportScheduler reportScheduler; AutoDiscoverScheduler autoDiscoverScheduler; DailyCheckScheduler dailyCheckScheduler; +ImportAppDataScheduler importAppDataScheduler; +ImportSubnetDataScheduler importSubnetDataScheduler; +ImportChangeNotifyScheduler importChangeNotifyScheduler; WebApplicationBuilder builder = WebApplication.CreateBuilder(args); builder.WebHost.UseUrls(ConfigFile.MiddlewareServerNativeUri ?? throw new Exception("Missing middleware server url on startup.")); @@ -42,8 +49,8 @@ } Action handleSubscriptionException = (Exception exception) => Log.WriteError("Subscription", "Subscription lead to exception.", exception); -ApiSubscription>.SubscriptionUpdate connectedLdapsSubscriptionUpdate = (List ldapsChanges) => { lock (changesLock) { connectedLdaps = ldapsChanges; } }; -ApiSubscription> connectedLdapsSubscription = apiConnection.GetSubscription>(handleSubscriptionException, connectedLdapsSubscriptionUpdate, AuthQueries.getLdapConnectionsSubscription); +GraphQlApiSubscription>.SubscriptionUpdate connectedLdapsSubscriptionUpdate = (List ldapsChanges) => { lock (changesLock) { connectedLdaps = ldapsChanges; } }; +GraphQlApiSubscription> connectedLdapsSubscription = apiConnection.GetSubscription>(handleSubscriptionException, connectedLdapsSubscriptionUpdate, AuthQueries.getLdapConnectionsSubscription); Log.WriteInfo("Found ldap connection to server", string.Join("\n", connectedLdaps.ConvertAll(ldap => $"{ldap.Address}:{ldap.Port}"))); // Create and start report scheduler @@ -64,6 +71,25 @@ dailyCheckScheduler = await DailyCheckScheduler.CreateAsync(apiConnection); }, TaskCreationOptions.LongRunning); +// Create and start import app data scheduler +Task.Factory.StartNew(async() => +{ + importAppDataScheduler = await ImportAppDataScheduler.CreateAsync(apiConnection); +}, TaskCreationOptions.LongRunning); + +// Create and start import subnet data scheduler +Task.Factory.StartNew(async() => +{ + importSubnetDataScheduler = await ImportSubnetDataScheduler.CreateAsync(apiConnection); +}, TaskCreationOptions.LongRunning); + +// Create and start import change notify scheduler +Task.Factory.StartNew(async() => +{ + importChangeNotifyScheduler = await ImportChangeNotifyScheduler.CreateAsync(apiConnection); +}, TaskCreationOptions.LongRunning); + + // Add services to the container. builder.Services.AddControllers() .AddJsonOptions(jsonOptions => diff --git a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs new file mode 100644 index 000000000..f2e6e0c98 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs @@ -0,0 +1,288 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.Api.Data; +using FWO.Config.File; +using FWO.Config.Api; +using FWO.Config.Api.Data; +using FWO.Logging; +using FWO.Mail; +using FWO.Encryption; +using FWO.Middleware.RequestParameters; +using FWO.Report; +using FWO.Report.Filter; + + +namespace FWO.Middleware.Server +{ + /// + /// Recertification check class + /// + public class RecertCheck + { + private readonly ApiConnection apiConnectionMiddlewareServer; + private readonly GlobalConfig globalConfig; + private List groups = new (); + private List uiUsers = new (); + private RecertCheckParams? globCheckParams; + private List owners = new (); + + /// + /// Constructor for Recertification check class + /// + public RecertCheck(ApiConnection apiConnection, GlobalConfig globalConfig) + { + this.apiConnectionMiddlewareServer = apiConnection; + this.globalConfig = globalConfig; + } + + /// + /// Recertification check + /// + public async Task CheckRecertifications() + { + int emailsSent = 0; + try + { + await InitEnv(); + string decryptedSecret = ""; + try + { + string mainKey = AesEnc.GetMainKey(); + decryptedSecret = AesEnc.Decrypt(globalConfig.EmailPassword, mainKey); + } + catch (Exception exception) + { + Log.WriteError("CheckRecertifications", $"Could not decrypt mailserver password.", exception); + } + EmailConnection emailConnection = new(globalConfig.EmailServerAddress, globalConfig.EmailPort, + globalConfig.EmailTls, globalConfig.EmailUser, decryptedSecret, globalConfig.EmailSenderAddress); + MailKitMailer mailer = new(emailConnection); + JwtWriter jwtWriter = new(ConfigFile.JwtPrivateKey); + ApiConnection apiConnectionReporter = new GraphQlApiConnection(ConfigFile.ApiServerUri ?? throw new Exception("Missing api server url on startup."), jwtWriter.CreateJWTReporterViewall()); + + foreach(var owner in owners) + { + if(IsCheckTime(owner)) + { + // todo: refine handling + List upcomingRecerts = await GenerateRecertificationReport(apiConnectionReporter, owner, false); + List overdueRecerts = new (); // await GenerateRecertificationReport(apiConnectionReporter, owner, true); + + if(upcomingRecerts.Count > 0 || overdueRecerts.Count > 0) + { + await mailer.SendAsync(PrepareEmail(owner, upcomingRecerts, overdueRecerts), emailConnection, new CancellationToken()); + emailsSent++; + } + await SetOwnerLastCheck(owner); + } + } + } + catch(Exception exception) + { + Log.WriteError("Recertification Check", $"Checking owners for upcoming recertifications leads to exception.", exception); + } + return emailsSent; + } + + private async Task InitEnv() + { + globCheckParams = System.Text.Json.JsonSerializer.Deserialize(globalConfig.RecCheckParams); + List connectedLdaps = apiConnectionMiddlewareServer.SendQueryAsync>(AuthQueries.getLdapConnections).Result; + foreach (Ldap currentLdap in connectedLdaps) + { + if (currentLdap.IsInternal() && currentLdap.HasGroupHandling()) + { + groups.AddRange(currentLdap.GetAllInternalGroups()); + } + } + uiUsers = await apiConnectionMiddlewareServer.SendQueryAsync>(FWO.Api.Client.Queries.AuthQueries.getUsers); + owners = await apiConnectionMiddlewareServer.SendQueryAsync>(FWO.Api.Client.Queries.OwnerQueries.getOwners); + } + + private bool IsCheckTime(FwoOwner owner) + { + RecertCheckParams checkParams = (owner.RecertCheckParamString != null && owner.RecertCheckParamString != "" ? + System.Text.Json.JsonSerializer.Deserialize(owner.RecertCheckParamString) : + globCheckParams) ?? throw new Exception("Config Parameters not set."); + DateTime lastCheck = owner.LastRecertCheck ?? DateTime.MinValue; + DateTime nextCheck; + + switch (checkParams.RecertCheckInterval) + { + case Interval.Days: + nextCheck = lastCheck.AddDays(checkParams.RecertCheckOffset); + break; + case Interval.Weeks: + if(checkParams.RecertCheckWeekday == null) + { + nextCheck = lastCheck.AddDays(checkParams.RecertCheckOffset * 7); + } + else + { + nextCheck = lastCheck.AddDays((checkParams.RecertCheckOffset - 1) * 7 + 1); + int count = 0; + while(nextCheck.DayOfWeek != (DayOfWeek)checkParams.RecertCheckWeekday && count < 6) + { + nextCheck = nextCheck.AddDays(1); + count++; + } + } + break; + case Interval.Months: + if(checkParams.RecertCheckDayOfMonth == null) + { + nextCheck = lastCheck.AddMonths(checkParams.RecertCheckOffset); + } + else + { + nextCheck = lastCheck.AddMonths(checkParams.RecertCheckOffset - 1); + nextCheck = nextCheck.AddDays(1); + int count = 0; + while(nextCheck.Day != (int)checkParams.RecertCheckDayOfMonth && count < 30) + { + nextCheck = nextCheck.AddDays(1); + count++; + } + if(nextCheck.Day != (int)checkParams.RecertCheckDayOfMonth) + { + // missed the day because or month change: set to first of following month + nextCheck = nextCheck.AddDays(1 - nextCheck.Day); + } + } + break; + default: + throw new NotSupportedException("Time interval is not supported."); + } + + if(nextCheck <= DateTime.Today) + { + return true; + } + return false; + } + + private async Task> GenerateRecertificationReport(ApiConnection apiConnection, FwoOwner owner, bool overdueOnly) + { + List rules = new (); + try + { + CancellationToken token = new (); + UserConfig userConfig = new (globalConfig); + + DeviceFilter deviceFilter = new() + { + Managements = await apiConnection.SendQueryAsync>(DeviceQueries.getDevicesByManagement) + }; + deviceFilter.applyFullDeviceSelection(true); + + ReportParams reportParams = new((int)ReportType.Recertification, deviceFilter) + { + RecertFilter = new() + { + RecertOwnerList = new List() { owner.Id }, + RecertificationDisplayPeriod = globalConfig.RecertificationNoticePeriod + } + }; + ReportBase? currentReport = ReportBase.ConstructReport(new ReportTemplate("", reportParams), userConfig); + + ReportData reportData = new (); + + await currentReport.Generate(int.MaxValue, apiConnection, + rep => + { + reportData.ManagementData = rep.ManagementData; + return Task.CompletedTask; + }, token); + + foreach (var management in reportData.ManagementData) + { + foreach (var device in management.Devices) + { + if (device.ContainsRules()) + { + foreach (var rule in device.Rules!) + { + rule.Metadata.UpdateRecertPeriods(owner.RecertInterval ?? globalConfig.RecertificationPeriod, 0); + rule.DeviceName = device.Name ?? ""; + rules.Add(rule); + } + } + } + } + } + catch (Exception exception) + { + Log.WriteError("Recertification Check", $"Report for owner {owner.Name} leads to exception.", exception); + } + return rules; + } + + private MailData PrepareEmail(FwoOwner owner, List upcomingRecerts, List overdueRecerts) + { + string subject = globalConfig.RecCheckEmailSubject + " " + owner.Name; + string body = ""; + if(upcomingRecerts.Count > 0) + { + body += globalConfig.RecCheckEmailUpcomingText + "\r\n\r\n"; + foreach(var rule in upcomingRecerts) + { + body += PrepareLine(rule); + } + } + if(overdueRecerts.Count > 0) + { + body += globalConfig.RecCheckEmailOverdueText + "\r\n\r\n"; + foreach(var rule in overdueRecerts) + { + body += PrepareLine(rule); + } + } + return new MailData(CollectEmailAddresses(owner), subject, body); + } + + private static string PrepareLine(Rule rule) + { + Recertification? nextRecert = rule.Metadata.RuleRecertification.FirstOrDefault(x => x.RecertDate == null); + return (nextRecert != null && nextRecert.NextRecertDate != null ? DateOnly.FromDateTime((DateTime)nextRecert.NextRecertDate) : "") + ": " + + rule.DeviceName + ": " + rule.Name + ":" + rule.Uid + "\r\n\r\n"; // link ? + } + + private List CollectEmailAddresses(FwoOwner owner) + { + if(globalConfig.UseDummyEmailAddress) + { + return new() { globalConfig.DummyEmailAddress }; + } + List tos = new (); + List userDns = new (); + if(owner.Dn != "") + { + userDns.Add(owner.Dn); + } + GroupGetReturnParameters? ownerGroup = groups.FirstOrDefault(x => x.GroupDn == owner.GroupDn); + if(ownerGroup != null) + { + userDns.AddRange(ownerGroup.Members); + } + foreach(var userDn in userDns) + { + UiUser? uiuser = uiUsers.FirstOrDefault(x => x.Dn == userDn); + if(uiuser != null && uiuser.Email != null && uiuser.Email != "") + { + tos.Add(uiuser.Email); + } + } + return tos; + } + + private async Task SetOwnerLastCheck(FwoOwner owner) + { + var Variables = new + { + id = owner.Id, + lastRecertCheck = DateTime.Now + }; + await apiConnectionMiddlewareServer.SendQueryAsync(OwnerQueries.setOwnerLastCheck, Variables); + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs index 8747504b4..12068114e 100644 --- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs @@ -1,4 +1,5 @@ -using FWO.Api.Data; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Api.Client; using FWO.Api.Client.Queries; using FWO.Config.Api; @@ -12,21 +13,27 @@ namespace FWO.Middleware.Server { + /// + /// Report scheduler class + /// public class ReportScheduler { - private readonly object scheduledReportsLock = new object(); - private List scheduledReports = new List(); + private readonly object scheduledReportsLock = new (); + private List scheduledReports = new (); private readonly TimeSpan CheckScheduleInterval = TimeSpan.FromMinutes(1); private readonly string apiServerUri; private readonly ApiConnection apiConnection; - private readonly ApiSubscription scheduledReportsSubscription; + private readonly GraphQlApiSubscription scheduledReportsSubscription; private readonly JwtWriter jwtWriter; - private readonly object ldapLock = new object(); + private readonly object ldapLock = new (); private List connectedLdaps; - public ReportScheduler(ApiConnection apiConnection, JwtWriter jwtWriter, ApiSubscription> connectedLdapsSubscription) + /// + /// Constructor needing connection, jwtWriter and subscription to connected ldaps + /// + public ReportScheduler(ApiConnection apiConnection, JwtWriter jwtWriter, GraphQlApiSubscription> connectedLdapsSubscription) { this.jwtWriter = jwtWriter; this.apiConnection = apiConnection; @@ -35,8 +42,8 @@ public ReportScheduler(ApiConnection apiConnection, JwtWriter jwtWriter, ApiSubs connectedLdaps = apiConnection.SendQueryAsync>(AuthQueries.getLdapConnections).Result; connectedLdapsSubscription.OnUpdate += OnLdapUpdate; - //scheduledReports = apiConnection.SendQueryAsync(ReportQueries.getReportSchedules).Result.ToList(); - scheduledReportsSubscription = apiConnection.GetSubscription(ApiExceptionHandler, OnScheduleUpdate, ReportQueries.subscribeReportScheduleChanges); + //scheduledReports = apiConnection.SendQueryAsync(ReportQueries.getReportSchedules).Result.ToList(); + scheduledReportsSubscription = apiConnection.GetSubscription(ApiExceptionHandler, OnScheduleUpdate, ReportQueries.subscribeReportScheduleChanges); System.Timers.Timer checkScheduleTimer = new(); checkScheduleTimer.Elapsed += CheckSchedule; @@ -53,7 +60,7 @@ private void OnLdapUpdate(List connectedLdaps) } } - private void OnScheduleUpdate(ScheduledReport[] scheduledReports) + private void OnScheduleUpdate(ReportSchedule[] scheduledReports) { lock (scheduledReportsLock) { @@ -69,35 +76,35 @@ private void ApiExceptionHandler(Exception exception) private async void CheckSchedule(object? _, ElapsedEventArgs __) { - List reportGeneratorTasks = new List(); + List reportGeneratorTasks = new (); DateTime dateTimeNowRounded = RoundDown(DateTime.Now, CheckScheduleInterval); lock (scheduledReports) { - foreach (ScheduledReport scheduledReport in scheduledReports) + foreach (ReportSchedule reportSchedule in scheduledReports) { try { - if (scheduledReport.Active) + if (reportSchedule.Active) { // Add schedule interval as long as schedule time is smaller then current time - while (RoundDown(scheduledReport.StartTime, CheckScheduleInterval) < dateTimeNowRounded) + while (RoundDown(reportSchedule.StartTime, CheckScheduleInterval) < dateTimeNowRounded) { - scheduledReport.StartTime = scheduledReport.RepeatInterval switch + reportSchedule.StartTime = reportSchedule.RepeatInterval switch { - Interval.Days => scheduledReport.StartTime.AddDays(scheduledReport.RepeatOffset), - Interval.Weeks => scheduledReport.StartTime.AddDays(scheduledReport.RepeatOffset * 7), - Interval.Months => scheduledReport.StartTime.AddMonths(scheduledReport.RepeatOffset), - Interval.Years => scheduledReport.StartTime.AddYears(scheduledReport.RepeatOffset), - Interval.Never => scheduledReport.StartTime.AddYears(42_42), + Interval.Days => reportSchedule.StartTime.AddDays(reportSchedule.RepeatOffset), + Interval.Weeks => reportSchedule.StartTime.AddDays(reportSchedule.RepeatOffset * 7), + Interval.Months => reportSchedule.StartTime.AddMonths(reportSchedule.RepeatOffset), + Interval.Years => reportSchedule.StartTime.AddYears(reportSchedule.RepeatOffset), + Interval.Never => reportSchedule.StartTime.AddYears(42_42), _ => throw new NotSupportedException("Time interval is not supported.") }; } - if (RoundDown(scheduledReport.StartTime, CheckScheduleInterval) == dateTimeNowRounded) + if (RoundDown(reportSchedule.StartTime, CheckScheduleInterval) == dateTimeNowRounded) { - reportGeneratorTasks.Add(GenerateReport(scheduledReport, dateTimeNowRounded)); + reportGeneratorTasks.Add(GenerateReport(reportSchedule, dateTimeNowRounded)); } } } @@ -111,114 +118,157 @@ private async void CheckSchedule(object? _, ElapsedEventArgs __) await Task.WhenAll(reportGeneratorTasks); } - private Task GenerateReport(ScheduledReport report, DateTime dateTimeNowRounded) + private Task GenerateReport(ReportSchedule reportSchedule, DateTime dateTimeNowRounded) { - CancellationToken token = new CancellationToken(); + CancellationToken token = new (); return Task.Run(async () => { try { - Log.WriteInfo("Report Scheduling", $"Generating scheduled report \"{report.Name}\" with id \"{report.Id}\" for user \"{report.Owner.Name}\" with id \"{report.Owner.DbId}\" ..."); + Log.WriteInfo("Report Scheduling", $"Generating scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" for user \"{reportSchedule.Owner.Name}\" with id \"{reportSchedule.Owner.DbId}\" ..."); - ReportFile reportFile = new ReportFile + ReportFile reportFile = new () { - Name = $"{report.Name}_{dateTimeNowRounded.ToShortDateString()}", + Name = $"{reportSchedule.Name}_{dateTimeNowRounded.ToShortDateString()}", GenerationDateStart = DateTime.Now, - TemplateId = report.Template.Id, - OwnerId = report.Owner.DbId, - Type = report.Template.ReportParams.ReportType + TemplateId = reportSchedule.Template.Id, + OwnerId = reportSchedule.Owner.DbId, + Type = reportSchedule.Template.ReportParams.ReportType }; - DateTime reportGenerationStartDate = DateTime.Now; - // get uiuser roles + tenant - AuthManager authManager = new AuthManager(jwtWriter, connectedLdaps, apiConnection); - //AuthenticationRequestHandler authHandler = new AuthenticationRequestHandler(connectedLdaps, jwtWriter, apiConnection); - string jwt = await authManager.AuthorizeUserAsync(report.Owner, validatePassword: false, lifetime: TimeSpan.MaxValue); + AuthManager authManager = new (jwtWriter, connectedLdaps, apiConnection); + string jwt = await authManager.AuthorizeUserAsync(reportSchedule.Owner, validatePassword: false, lifetime: TimeSpan.FromDays(365)); ApiConnection apiConnectionUserContext = new GraphQlApiConnection(apiServerUri, jwt); GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(jwt); - UserConfig userConfig = await UserConfig.ConstructAsync(globalConfig, apiConnection, report.Owner.DbId); + UserConfig userConfig = await UserConfig.ConstructAsync(globalConfig, apiConnection, reportSchedule.Owner.DbId); - await apiConnectionUserContext.SendQueryAsync(ReportQueries.countReportSchedule, new { report_schedule_id = report.Id }); + await apiConnectionUserContext.SendQueryAsync(ReportQueries.countReportSchedule, new { report_schedule_id = reportSchedule.Id }); + await AdaptDeviceFilter(reportSchedule.Template.ReportParams, apiConnectionUserContext); - if(!report.Template.ReportParams.DeviceFilter.isAnyDeviceFilterSet()) + ReportBase report = ReportBase.ConstructReport(reportSchedule.Template, userConfig); + if(report.ReportType.IsDeviceRelatedReport()) { - // for scheduling no device selection means "all" - report.Template.ReportParams.DeviceFilter.Managements = await apiConnectionUserContext.SendQueryAsync>(DeviceQueries.getDevicesByManagements); - report.Template.ReportParams.DeviceFilter.applyFullDeviceSelection(true); + await report.Generate(int.MaxValue, apiConnectionUserContext, + rep => + { + report.ReportData.ManagementData = rep.ManagementData; + SetRelevantManagements(ref report.ReportData.ManagementData, reportSchedule.Template.ReportParams.DeviceFilter); + return Task.CompletedTask; + }, token); } - - ReportBase reportRules = ReportBase.ConstructReport(report.Template, userConfig); - Management[] managementsReport = Array.Empty(); - await reportRules.Generate(int.MaxValue, apiConnectionUserContext, - managementsReportIntermediate => - { - managementsReport = managementsReportIntermediate; - setRelevantManagements(ref managementsReport, report.Template.ReportParams.DeviceFilter); - return Task.CompletedTask; - }, token); - await reportRules.GetObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask); - - reportFile.Json = reportRules.ExportToJson(); - - foreach (FileFormat format in report.OutputFormat) + else { - switch (format.Name) + await report.Generate(int.MaxValue, apiConnectionUserContext, + rep => + { + report.ReportData.OwnerData = rep.OwnerData; + return Task.CompletedTask; + }, token); + foreach(var ownerReport in report.ReportData.OwnerData) { - case "csv": - reportFile.Csv = reportRules.ExportToCsv(); - break; - - case "html": - reportFile.Html = reportRules.ExportToHtml(); - break; - - case "pdf": - reportFile.Pdf = Convert.ToBase64String(reportRules.ToPdf(PaperKind.A4)); - break; - - case "json": - break; - - default: - throw new NotSupportedException("Output format is not supported."); + ownerReport.Name = reportSchedule.Template.ReportParams.ModellingFilter.SelectedOwner.Name; + ownerReport.RegularConnections = ownerReport.Connections.Where(x => !x.IsInterface && !x.IsCommonService).ToList(); + ownerReport.Interfaces = ownerReport.Connections.Where(x => x.IsInterface).ToList(); + ownerReport.CommonServices = ownerReport.Connections.Where(x => !x.IsInterface && x.IsCommonService).ToList(); } } + await report.GetObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask); + WriteReportFile(report, reportSchedule.OutputFormat, reportFile); + await SaveReport(reportFile, report.SetDescription(), apiConnectionUserContext); + Log.WriteInfo("Report Scheduling", $"Scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" for user \"{reportSchedule.Owner.Name}\" with id \"{reportSchedule.Owner.DbId}\" successfully generated."); + } + catch (Exception exception) + { + Log.WriteError("Report Scheduling", $"Generating scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" lead to exception.", exception); + } + }, token); + } - reportFile.GenerationDateEnd = DateTime.Now; + private static async Task AdaptDeviceFilter(ReportParams reportParams, ApiConnection apiConnection) + { + try + { + if(!reportParams.DeviceFilter.isAnyDeviceFilterSet()) + { + // for scheduling no device selection means "all" + reportParams.DeviceFilter.Managements = await apiConnection.SendQueryAsync>(DeviceQueries.getDevicesByManagement); + reportParams.DeviceFilter.applyFullDeviceSelection(true); + } + if(reportParams.ReportType == (int)ReportType.UnusedRules) + { + reportParams.DeviceFilter = (await ReportDevicesBase.GetUsageDataUnsupportedDevices(apiConnection, reportParams.DeviceFilter)).reducedDeviceFilter; + } + } + catch (Exception) + { + Log.WriteError("Set Device Filter", $"Could not adapt device filter."); + throw; + } + } - var queryVariables = new - { - report_name = reportFile.Name, - report_start_time = reportFile.GenerationDateStart, - report_end_time = reportFile.GenerationDateEnd, - report_owner_id = reportFile.OwnerId, - report_template_id = reportFile.TemplateId, - report_pdf = reportFile.Pdf, - report_csv = reportFile.Csv, - report_html = reportFile.Html, - report_json = reportFile.Json, - report_type = reportFile.Type, - description = reportRules.SetDescription() - }; + private static void WriteReportFile(ReportBase report, List fileFormats, ReportFile reportFile) + { + reportFile.Json = report.ExportToJson(); + foreach (FileFormat format in fileFormats) + { + switch (format.Name) + { + case GlobalConst.kCsv: + reportFile.Csv = report.ExportToCsv(); + break; + + case GlobalConst.kHtml: + reportFile.Html = report.ExportToHtml(); + break; + + case GlobalConst.kPdf: + reportFile.Pdf = Convert.ToBase64String(report.ToPdf(PaperKind.A4)); + break; - await apiConnectionUserContext.SendQueryAsync(ReportQueries.addGeneratedReport, queryVariables); + case GlobalConst.kJson: + break; - Log.WriteInfo("Report Scheduling", $"Scheduled report \"{report.Name}\" with id \"{report.Id}\" for user \"{report.Owner.Name}\" with id \"{report.Owner.DbId}\" successfully generated."); + default: + throw new NotSupportedException("Output format is not supported."); } - catch (Exception exception) + } + reportFile.GenerationDateEnd = DateTime.Now; + } + + private static async Task SaveReport(ReportFile reportFile, string desc, ApiConnection apiConnection) + { + try + { + var queryVariables = new { - Log.WriteError("Report Scheduling", $"Generating scheduled report \"{report.Name}\" with id \"{report.Id}\" lead to exception.", exception); - } - }, token); + report_name = reportFile.Name, + report_start_time = reportFile.GenerationDateStart, + report_end_time = reportFile.GenerationDateEnd, + report_owner_id = reportFile.OwnerId, + report_template_id = reportFile.TemplateId, + report_pdf = reportFile.Pdf, + report_csv = reportFile.Csv, + report_html = reportFile.Html, + report_json = reportFile.Json, + report_type = reportFile.Type, + description = desc + }; + await apiConnection.SendQueryAsync(ReportQueries.addGeneratedReport, queryVariables); + } + catch (Exception) + { + Log.WriteError("Save Report", $"Could not save report \"{reportFile.Name}\"."); + throw; + } } - private void setRelevantManagements(ref Management[] managementsReport, DeviceFilter deviceFilter) + private static void SetRelevantManagements(ref List managementsReport, DeviceFilter deviceFilter) { if (deviceFilter.isAnyDeviceFilterSet()) { List relevantManagements = deviceFilter.getSelectedManagements(); - foreach (Management mgm in managementsReport) + foreach (var mgm in managementsReport) { mgm.Ignore = !relevantManagements.Contains(mgm.Id); } diff --git a/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs new file mode 100644 index 000000000..06fbc53c3 --- /dev/null +++ b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs @@ -0,0 +1,174 @@ +using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Config.Api; +using FWO.Config.Api.Data; +using FWO.Logging; +using System.Text.Json; + +namespace FWO.Middleware.Server +{ + /// + /// Class handling the scheduler for the import change notifications + /// + public abstract class SchedulerBase + { + /// + /// API connection + /// + protected readonly ApiConnection apiConnection; + + /// + /// Global config + /// + protected GlobalConfig globalConfig; + + /// + /// Global config change subscription + /// + protected GraphQlApiSubscription>? ConfigDataSubscription; + + private List openAlerts = new(); + + + /// + /// Constructor starting the Schedule timer + /// + protected SchedulerBase(ApiConnection apiConnection, GlobalConfig globalConfig, string configDataSubscription) + { + this.apiConnection = apiConnection; + this.globalConfig = globalConfig; + ConfigDataSubscription = apiConnection.GetSubscription>(ApiExceptionHandler, OnGlobalConfigChange, configDataSubscription); + } + + /// + /// set scheduling timer from config values, to be overwritten for specific scheduler + /// + protected abstract void OnGlobalConfigChange(List _); + + /// + /// start the scheduling timer, to be overwritten for specific scheduler + /// + protected abstract void StartScheduleTimer(); + + /// + /// subscription exception handling + /// + protected static void ApiExceptionHandler(Exception exception) + { + Log.WriteError("Import App Data Config", "Api subscription lead to exception. Retry subscription.", exception); + // Subscription will be restored if no exception is thrown here + } + + /// + /// set an alert in error case with + /// + protected async Task SetAlert(string title, string description, string source, AlertCode alertCode, + int? mgmtId = null, object? JsonData = null, int? devId = null, long? refAlertId = null, bool compareDesc = false) + { + long? alertId = null; + try + { + openAlerts = await apiConnection.SendQueryAsync>(MonitorQueries.getOpenAlerts); + var Variables = new + { + source = source, + userId = 0, + title = title, + description = description, + mgmId = mgmtId, + devId = devId, + alertCode = (int)alertCode, + jsonData = JsonData, + refAlert = refAlertId + }; + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addAlert, Variables)).ReturnIds; + if (returnIds != null) + { + alertId = returnIds[0].NewId; + // Acknowledge older alert for same problem + Alert? existingAlert = openAlerts.FirstOrDefault(x => x.AlertCode == alertCode && + (x.ManagementId == mgmtId || (x.ManagementId == null && mgmtId == null)) + && (compareDesc ? x.Description == description : true)); + if(existingAlert != null) + { + await AcknowledgeAlert(existingAlert.Id); + } + } + else + { + Log.WriteError("Write Alert", "Log could not be written to database"); + } + LogAlert(title, description, source, alertCode, mgmtId, JsonData, devId); + } + catch(Exception exc) + { + Log.WriteError("Write Alert", $"Could not write Alert for {source}: ", exc); + } + return alertId; + } + + private static void LogAlert(string title, string description, string source, AlertCode alertCode, int? mgmtId, object? JsonData, int? devId) + { + string? mgmtIdString = mgmtId?.ToString() ?? ""; + string? devIdString = devId?.ToString() ?? ""; + string jsonString = JsonData != null ? JsonSerializer.Serialize(JsonData) : ""; + Log.WriteAlert ($"source: \"{source}\"", $"userId: \"0\", title: \"{title}\", description: \"{description}\", " + + $"mgmId: \"{mgmtIdString}\", devId: \"{devIdString}\", jsonData: \"{jsonString}\", alertCode: \"{alertCode}\""); + } + + private async Task AcknowledgeAlert(long alertId) + { + try + { + var Variables = new + { + id = alertId, + ackUser = 0, + ackTime = DateTime.Now + }; + await apiConnection.SendQueryAsync(MonitorQueries.acknowledgeAlert, Variables); + } + catch (Exception exception) + { + Log.WriteError("Acknowledge Alert", $"Could not acknowledge alert for {alertId}: ", exception); + } + } + + /// + /// Write Log to Database. Can be overwritten, if more than basic columns are to be filled + /// + protected virtual async Task AddLogEntry(int severity, string cause, string description, string source, int? mgmtId = null) + { + try + { + var Variables = new + { + source = source, + discoverUser = 0, + severity = severity, + suspectedCause = cause, + description = description, + mgmId = mgmtId, + devId = (int?)null, + importId = (long?)null, + objectType = (string?)null, + objectName = (string?)null, + objectUid = (string?)null, + ruleUid = (string?)null, + ruleId = (long?)null + }; + ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(MonitorQueries.addLogEntry, Variables)).ReturnIds; + if (returnIds == null) + { + Log.WriteError("Write Log", "Log could not be written to database"); + } + } + catch (Exception exc) + { + Log.WriteError("Write Log", $"Could not write log: ", exc); + } + } + } +} diff --git a/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs b/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs index 31617c875..0d4d12187 100644 --- a/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs @@ -2,146 +2,228 @@ using FWO.Api.Client.Queries; using FWO.Logging; using FWO.Config.File; +using FWO.GlobalConstants; using FWO.Api.Data; -using System.Text.Json.Serialization; -using Newtonsoft.Json; +using System.Text.Json.Serialization; +using Newtonsoft.Json; namespace FWO.Middleware.Server { - public class ConfExpirationTime - { - [JsonProperty("config_value"), JsonPropertyName("config_value")] - public int ExpirationValue { get; set; } - } + /// + /// Helper class to read config value for expiration time + /// + public class ConfExpirationTime + { + /// + /// config value for expiration time + /// + [JsonProperty("config_value"), JsonPropertyName("config_value")] + public int ExpirationValue { get; set; } + } - public class UiUserHandler - { - private readonly string jwtToken; - private ApiConnection apiConn; + /// + /// Handler class for local Ui user + /// + public class UiUserHandler + { + private readonly string jwtToken; + private ApiConnection apiConn; - public UiUserHandler(string jwtToken) - { - this.jwtToken = jwtToken; - apiConn = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwtToken); - } + /// + /// Constructor needing the jwt token + /// + public UiUserHandler(string jwtToken) + { + this.jwtToken = jwtToken; + apiConn = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwtToken); + } - public async Task GetExpirationTime() - { - int expirationTime = 60 * 12; - try - { - List resultList = await apiConn.SendQueryAsync>(ConfigQueries.getConfigItemByKey, new { key = "sessionTimeout" }); - if (resultList.Count > 0) - { - expirationTime = resultList[0].ExpirationValue; - } - } - catch(Exception exeption) - { - Log.WriteError("Get ExpirationTime Error", $"Error while trying to find config value in database. Taking default value", exeption); - } - return expirationTime; - } + /// + /// Get the configurated value for the session timeout. + /// + /// session timeout value in minutes + public async Task GetExpirationTime() + { + int expirationTime = 60 * 12; + try + { + List resultList = await apiConn.SendQueryAsync>(ConfigQueries.getConfigItemByKey, new { key = "sessionTimeout" }); + if (resultList.Count > 0) + { + expirationTime = resultList[0].ExpirationValue; + } + } + catch (Exception exeption) + { + Log.WriteError("Get ExpirationTime Error", $"Error while trying to find config value in database. Taking default value", exeption); + } + return expirationTime; + } - /// - /// if the user logs in for the first time, user details (excluding password) are written to DB bia API - /// the database id is retrieved and added to the user - /// the user id is needed for allowing access to report_templates - /// - /// user including its db id - public async Task HandleUiUserAtLogin(UiUser user) - { - ApiConnection apiConn = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwtToken); - bool userSetInDb = false; - try - { - UiUser[] existingUserFound = await apiConn.SendQueryAsync(AuthQueries.getUserByDn, new { dn = user.Dn }); + /// + /// if the user logs in for the first time, user details (excluding password) are written to DB bia API + /// the database id is retrieved and added to the user + /// the user id is needed for allowing access to report_templates + /// + /// user including its db id + public async Task HandleUiUserAtLogin(UiUser user) + { + ApiConnection apiConn = new GraphQlApiConnection(ConfigFile.ApiServerUri, jwtToken); + bool userSetInDb = false; + try + { + UiUser[] existingUsers = await apiConn.SendQueryAsync(AuthQueries.getUserByDn, new { dn = user.Dn }); - if (existingUserFound.Length == 1) - { - user.DbId = existingUserFound[0].DbId; - user.PasswordMustBeChanged = await UpdateLastLogin(apiConn, user.DbId); - userSetInDb = true; - } - else - { - Log.WriteError("User not found", $"Couldn't find {user.Name} exactly once!"); - } - } - catch(Exception exeption) - { - Log.WriteError("Get User Error", $"Error while trying to find {user.Name} in database.", exeption); - } + if (existingUsers.Length > 0) + { + user.DbId = existingUsers[0].DbId; + user.PasswordMustBeChanged = await UpdateLastLogin(apiConn, user.DbId); + userSetInDb = true; + } + else + { + Log.WriteDebug("User not found", $"Couldn't find {user.Name} in internal database"); + } + await GetOwnerships(apiConn, user); + } + catch (Exception exeption) + { + Log.WriteError("Get User Error", $"Error while trying to find {user.Name} in database.", exeption); + } - if(!userSetInDb) - { - Log.WriteInfo("New User", $"User {user.Name} first time log in - adding to database."); - await AddUiUserToDb(apiConn, user); - } - return user; - } + if (!userSetInDb) + { + Log.WriteInfo("New User", $"User {user.Name} first time log in - adding to internal database."); + await UpsertUiUser(apiConn, user, true); + } + return user; + } - private static async Task AddUiUserToDb(ApiConnection apiConn, UiUser user) - { - try - { - // add new user to uiuser - var Variables = new - { - uuid = user.Dn, - uiuser_username = user.Name, - email = user.Email, - tenant = (user.Tenant != null ? user.Tenant.Id : (int?)null), - loginTime = DateTime.UtcNow, - passwordMustBeChanged = false, - ldapConnectionId = user.LdapConnection.Id - }; - ReturnId[]? returnIds = (await apiConn.SendQueryAsync(AuthQueries.addUser, Variables)).ReturnIds; - if(returnIds != null) - { - user.DbId = returnIds[0].NewId; - } - } - catch (Exception exeption) - { - Log.WriteError("Add User Error", $"User {user.Name} could not be added to database.", exeption); - } - } + private static async Task GetOwnerships(ApiConnection apiConn, UiUser user) + { + try + { + List dirOwnerships = await apiConn.SendQueryAsync>(OwnerQueries.getOwnerIdsForUser, new { userDn = user.Dn }); + foreach (var owner in dirOwnerships) + { + user.Ownerships.Add(owner.Id); + } - private static async Task UpdateLastLogin(ApiConnection apiConn, int id) - { - try - { - var Variables = new - { - id = id, - loginTime = DateTime.UtcNow - }; - return (await apiConn.SendQueryAsync(AuthQueries.updateUserLastLogin, Variables)).PasswordMustBeChanged; - } - catch(Exception exeption) - { - Log.WriteError("Update User Error", $"User {id} could not be updated in database.", exeption); - } - return true; - } + if (user.Groups != null) + { + List apps = await apiConn.SendQueryAsync>(OwnerQueries.getOwners); + foreach (var grp in user.Groups) + { + string grpName = new DistName(grp).Group; + if (grpName.StartsWith(GlobalConst.kModellerGroup)) + { + FwoOwner? owner = apps.FirstOrDefault(x => x.ExtAppId == grpName.Substring(GlobalConst.kModellerGroup.Length)); + if (owner != null) + { + user.Ownerships.Add(owner.Id); + } + } + } + } + } + catch (Exception exeption) + { + Log.WriteError("Get ownerships", $"Ownerships could not be detemined for User {user.Name}.", exeption); + } + } - public static async Task UpdateUserPasswordChanged(ApiConnection apiConn, string userDn, bool passwordMustBeChanged = false) - { - try - { - var Variables = new - { - dn = userDn, - passwordMustBeChanged = passwordMustBeChanged, - changeTime = DateTime.UtcNow - }; - await apiConn.SendQueryAsync(AuthQueries.updateUserPasswordChange, Variables); - } - catch(Exception exeption) - { - Log.WriteError("Update User Error", $"User {userDn} could not be updated in database.", exeption); - } - } - } + /// + /// add user to uiuser - either with or without current login time + /// + /// void + public static async Task UpsertUiUser(ApiConnection apiConn, UiUser user, bool loginHappened = false) + { + try + { + // add new user to uiuser + if (loginHappened) + { + var VariablesWithLogin = new + { + uuid = user.Dn, + uiuser_username = user.Name, + uiuser_first_name = user.Firstname, + uiuser_last_name = user.Lastname, + email = user.Email, + tenant = user.Tenant != null ? user.Tenant.Id : (int?)null, + passwordMustBeChanged = false, + ldapConnectionId = user.LdapConnection.Id, + loginTime = DateTime.UtcNow + }; + ReturnId[]? returnIds = (await apiConn.SendQueryAsync(AuthQueries.upsertUiUser, VariablesWithLogin)).ReturnIds; + if (returnIds != null) + { + user.DbId = returnIds[0].NewId; + } + } + else + { + var VariablesWithoutLogin = new + { + uuid = user.Dn, + uiuser_username = user.Name, + uiuser_first_name = user.Firstname, + uiuser_last_name = user.Lastname, + email = user.Email, + tenant = user.Tenant != null ? user.Tenant.Id : (int?)null, + passwordMustBeChanged = false, + ldapConnectionId = user.LdapConnection.Id + }; + ReturnId[]? returnIds = (await apiConn.SendQueryAsync(AuthQueries.upsertUiUser, VariablesWithoutLogin)).ReturnIds; + if (returnIds != null) + { + user.DbId = returnIds[0].NewId; + } + } + } + catch (Exception exeption) + { + Log.WriteError("Add User Error", $"User {user.Name} could not be added to database.", exeption); + } + } + + private static async Task UpdateLastLogin(ApiConnection apiConn, int id) + { + try + { + var Variables = new + { + id = id, + loginTime = DateTime.UtcNow + }; + return (await apiConn.SendQueryAsync(AuthQueries.updateUserLastLogin, Variables)).PasswordMustBeChanged; + } + catch (Exception exeption) + { + Log.WriteError("Update User Error", $"User {id} could not be updated in database.", exeption); + } + return true; + } + + /// + /// Update the passwordMustBeChanged flag. + /// + public static async Task UpdateUserPasswordChanged(ApiConnection apiConn, string userDn, bool passwordMustBeChanged = false) + { + try + { + var Variables = new + { + dn = userDn, + passwordMustBeChanged = passwordMustBeChanged, + changeTime = DateTime.UtcNow + }; + await apiConn.SendQueryAsync(AuthQueries.updateUserPasswordChange, Variables); + } + catch (Exception exeption) + { + Log.WriteError("Update User Error", $"User {userDn} could not be updated in database.", exeption); + } + } + } } diff --git a/roles/middleware/handlers/main.yml b/roles/middleware/handlers/main.yml index bc852761e..fe1ed8f75 100644 --- a/roles/middleware/handlers/main.yml +++ b/roles/middleware/handlers/main.yml @@ -7,14 +7,14 @@ delegate_to: "{{ inventory_hostname }}" listen: "middleware handler" when: middleware_handler_guard == "start" - become: yes + become: true - name: delete backup file: state: absent path: "{{ fworch_home }}/backup_middleware" listen: "middleware handler" - become: yes + become: true - name: fail message debug: diff --git a/roles/middleware/tasks/create_auth_secrets.yml b/roles/middleware/tasks/create_auth_secrets.yml index ef91f02ec..f0a1685fb 100644 --- a/roles/middleware/tasks/create_auth_secrets.yml +++ b/roles/middleware/tasks/create_auth_secrets.yml @@ -3,9 +3,9 @@ file: path: "{{ fworch_home }}/etc/secrets" state: directory - mode: "0700" + mode: "0750" owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" + group: "{{ postgres_group }}" - name: read ldap manager pwd from file slurp: @@ -24,13 +24,13 @@ openssl_privatekey: path: "{{ jwt_private_key_file }}" size: 2048 - force: yes + force: true type: RSA owner: "{{ fworch_user }}" group: "{{ fworch_group }}" mode: "0600" - backup: yes - become: yes + backup: true + become: true - name: Generate JWT public key in PEM format openssl_publickey: @@ -39,7 +39,7 @@ owner: "{{ fworch_user }}" group: "{{ fworch_group }}" mode: "0644" - become: yes + become: true - name: overwrite random private key with fixed test key copy: @@ -48,7 +48,7 @@ owner: "{{ fworch_user }}" group: "{{ fworch_group }}" mode: "0600" - become: yes + become: true when: testkeys | bool - name: overwrite random public key with fixed test key @@ -58,7 +58,7 @@ owner: "{{ fworch_user }}" group: "{{ fworch_group }}" mode: "0644" - become: yes + become: true when: testkeys | bool - name: create {{ openldap_readonly_user_name }} password @@ -70,4 +70,4 @@ set_fact: ldap_writer_pw: "{{ randomly_generated_pwd }}" when: installation_mode == "new" - become: yes + become: true diff --git a/roles/middleware/tasks/install_and_run_mw_service.yml b/roles/middleware/tasks/install_and_run_mw_service.yml index 42c3f98b8..694e4962c 100644 --- a/roles/middleware/tasks/install_and_run_mw_service.yml +++ b/roles/middleware/tasks/install_and_run_mw_service.yml @@ -2,25 +2,31 @@ template: src: fworch-middleware.service.j2 dest: "/lib/systemd/system/{{ middleware_service_name }}.service" - backup: yes + backup: true mode: "0644" owner: "root" - become: yes + become: true environment: "{{ proxy_env }}" - name: publish middlewareserver command: "dotnet publish --no-self-contained -c {{ dotnet_mode }} -o {{ middleware_server_start_dir }}/bin/{{ dotnet_mode }}/net{{ dotnet_version }}" args: chdir: "{{ middleware_server_start_dir }}" - become: yes + become: true become_user: "{{ fworch_user }}" environment: "{{ proxy_env }}" + register: publish_result + +- name: fail if publish returned an error + fail: + msg: "could not publish middleware server successfully: {{ publish_result }}" + when: publish_result.rc != 0 - name: make middleware service run at host startup systemd: name: "{{ middleware_service_name }}" - enabled: yes - become: yes + enabled: true + become: true # not starting the server as the api is not ready yet # we will restart the middlewareserver later diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index d29385ce5..07e5ec5e8 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -34,11 +34,12 @@ group: "{{ fworch_group }}" - name: copy middleware module files to middlewareserver - copy: + synchronize: src: "{{ middleware_path_rel }}" dest: "{{ middleware_server_base_dir }}" - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" + rsync_opts: + - "--chown={{ fworch_user }}:{{ fworch_group }}" + tags: [ 'test' ] - name: install python3-openssl for openssl key generation and unprivileged user package: @@ -48,7 +49,7 @@ - python3-cryptography - python3-openssl - become: yes + become: true - name: create auth secrets (jwt key, ldap) include_tasks: create_auth_secrets.yml @@ -67,16 +68,16 @@ - libssl-dev - python3-setuptools - python3-pyldap - become: yes + become: true - name: make sure {{ fworch_secrets_dir }} exists file: path: "{{ fworch_secrets_dir }}" state: directory owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - mode: "0700" - become: yes + group: "{{ postgres_group }}" + mode: "0750" + become: true - name: set UI admin password for testing set_fact: @@ -95,7 +96,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true when: installation_mode == 'new' - name: Set admin password in ldap @@ -119,7 +120,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true when: installation_mode == 'new' # the local copy of the import pwd will be used by the importer role to copy it to the importer host(s) @@ -127,9 +128,9 @@ fetch: src: "{{ importer_password_file }}" dest: "{{ importer_password_file_on_installer }}" - flat: yes + flat: true mode: '0600' - become: yes + become: true - name: Set importer password in ldap ldap_passwd: @@ -176,25 +177,21 @@ THEN insert into tenant (tenant_name, tenant_can_view_all_devices, tenant_is_superadmin) values ('tenant0', true, true); END IF; END $do$ - become: yes + become: true become_user: postgres when: installation_mode == "new" -- name: add connection for internal ldap +- name: add connection for internal ldap with encrypted passwords postgresql_query: db: "{{ fworch_db_name }}" query: > - DO $do$ BEGIN IF NOT EXISTS - (SELECT * FROM ldap_connection WHERE ldap_server = '{{ openldap_server }}') - THEN INSERT INTO ldap_connection - (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups, - ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type) - VALUES ('{{ openldap_server }}', {{ openldap_port }}, + DO $do$ BEGIN + PERFORM insertLocalLdapWithEncryptedPasswords ('{{ openldap_server }}', {{ openldap_port }}, '{{ openldap_std_user_dn }}', '{{ openldap_std_role_dn }}', '{{ openldap_std_group_dn }}', 5, '{{ openldap_readonly_user_dn }}', '{{ ldap_inspector_pw }}', '{{ openldap_writer_dn }}', '{{ ldap_writer_pw }}', 2); - END IF; END $do$ - become: yes + END $do$ + become: true become_user: postgres when: installation_mode == "new" @@ -207,7 +204,7 @@ select tenant.tenant_id, device.dev_id FROM tenant, device WHERE tenant_name='tenant0'; END IF; END $do$ - become: yes + become: true become_user: postgres when: installation_mode=="new" diff --git a/roles/middleware/tasks/mw_apache_install_and_setup.yml b/roles/middleware/tasks/mw_apache_install_and_setup.yml index 79cdc99c5..3546a4e39 100644 --- a/roles/middleware/tasks/mw_apache_install_and_setup.yml +++ b/roles/middleware/tasks/mw_apache_install_and_setup.yml @@ -34,7 +34,7 @@ copy: src: "/etc/apache2/ssl/server.crt" dest: "/etc/ssl/certs/" - remote_src: yes + remote_src: true when: installation_mode == "new" - name: enable apache modules proxy proxy_http ssl @@ -61,5 +61,5 @@ name: "{{ webserver_package_name }}" state: restarted - become: yes + become: true environment: "{{ proxy_env }}" diff --git a/roles/middleware/tasks/set_initial_ldap_tree.yml b/roles/middleware/tasks/set_initial_ldap_tree.yml index d94895e24..43ea55cbf 100644 --- a/roles/middleware/tasks/set_initial_ldap_tree.yml +++ b/roles/middleware/tasks/set_initial_ldap_tree.yml @@ -6,12 +6,12 @@ template: src: "{{ item }}" dest: "{{ middleware_ldif_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - force: yes + force: true owner: "{{ fworch_user }}" group: "{{ fworch_group }}" with_fileglob: - ../templates/ldif_files/*.j2 - become: yes + become: true - name: add tree command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -w {{ ldap_manager_pwd }} -x -f {{ middleware_ldif_dir }}/tree_{{ item }}.ldif" diff --git a/roles/middleware/tasks/upgrade/5.4.1.yml b/roles/middleware/tasks/upgrade/5.4.1.yml index 9ca48ebf1..33a5995e6 100644 --- a/roles/middleware/tasks/upgrade/5.4.1.yml +++ b/roles/middleware/tasks/upgrade/5.4.1.yml @@ -12,7 +12,7 @@ mode: '0600' owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: Set importer password in ldap ldap_passwd: diff --git a/roles/middleware/tasks/upgrade/5.5.1.yml b/roles/middleware/tasks/upgrade/5.5.1.yml index 8f3e4ee87..e8549a6a1 100644 --- a/roles/middleware/tasks/upgrade/5.5.1.yml +++ b/roles/middleware/tasks/upgrade/5.5.1.yml @@ -2,12 +2,12 @@ # - name: stop old middleware server # systemd: # name: "{{ middleware_service_name }}" -# enabled: no +# enabled: false # status: stopped -# become: yes +# become: true # - name: remove debugging middleware server # file: # path: "/usr/local/fworch/middleware/files/FWO.Middleware.Server/bin/Debug" # state: absent -# become: yes +# become: true diff --git a/roles/middleware/tasks/upgrade/5.5.5.yml b/roles/middleware/tasks/upgrade/5.5.5.yml index eb7eb105b..9994b60eb 100644 --- a/roles/middleware/tasks/upgrade/5.5.5.yml +++ b/roles/middleware/tasks/upgrade/5.5.5.yml @@ -8,5 +8,5 @@ THEN UPDATE ldap_connection SET ldap_tenant_level=5; END IF; END $do$ - become: yes + become: true become_user: postgres diff --git a/roles/middleware/tasks/upgrade_ldap_tree.yml b/roles/middleware/tasks/upgrade_ldap_tree.yml index 572d9a8ca..363fc33cb 100644 --- a/roles/middleware/tasks/upgrade_ldap_tree.yml +++ b/roles/middleware/tasks/upgrade_ldap_tree.yml @@ -21,11 +21,11 @@ template: src: "../templates/upgrade/{{ item }}.ldif.j2" dest: "{{ middleware_ldif_dir }}/{{ item }}.ldif" - force: yes + force: true owner: "{{ fworch_user }}" group: "{{ fworch_group }}" loop: "{{ upgrade_files }}" - become: yes + become: true - name: include_tasks: upgrade_ldif_file.yml diff --git a/roles/middleware/tasks/upgrade_ldif_file.yml b/roles/middleware/tasks/upgrade_ldif_file.yml index ce44c4308..ef6ea4f57 100644 --- a/roles/middleware/tasks/upgrade_ldif_file.yml +++ b/roles/middleware/tasks/upgrade_ldif_file.yml @@ -11,6 +11,7 @@ set_fact: ldif_list: "{{ big_ldif_file.split('dn: ') }}" -- name: +- name: calling upgrade_modify_routine include_tasks: upgrade_modify_routine.yml loop: "{{ ldif_list[1:] }}" + # ignoring first lines before first dn (TODO: make this more robust for files that start with dn: line) diff --git a/roles/middleware/tasks/upgrade_modify_routine.yml b/roles/middleware/tasks/upgrade_modify_routine.yml index 7dc9f59ae..be2d3bbf2 100644 --- a/roles/middleware/tasks/upgrade_modify_routine.yml +++ b/roles/middleware/tasks/upgrade_modify_routine.yml @@ -2,9 +2,10 @@ copy: dest: "{{ middleware_ldif_dir }}/{{ outer_item }}_{{ item.split(',')[0] }}.ldif" content: "dn: {{ item }}" - force: yes + force: true owner: "{{ fworch_user }}" group: "{{ fworch_group }}" + become: true - name: determine distinguished name and changetype set_fact: @@ -14,25 +15,25 @@ - name: test if distinguished name exists # error code 32, when searchbase not existing command: "ldapsearch -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -w {{ ldap_manager_pwd }} -b {{ distinguished_name }}" - #become: yes + #become: true register: search_existence failed_when: (search_existence.rc != 0) and (search_existence.rc != 32) - name: add ldap entry if not existing command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -w {{ ldap_manager_pwd }} -x -f {{ middleware_ldif_dir }}/{{ outer_item }}_{{ item.split(',')[0] }}.ldif" when: (changetype == 'add') and (search_existence.stdout.split('result:')[1].splitlines()[0] is match('.*No such object')) - #become: yes + #become: true - name: delete ldap entry if existing # dont delete in case numEntries > 1, otherwise ldap nodes are disconected command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -w {{ ldap_manager_pwd }} -x -f {{ middleware_ldif_dir }}/{{ outer_item }}_{{ item.split(',')[0] }}.ldif" when: (changetype == 'delete') and (search_existence.stdout.split('# numEntries:')[1].splitlines()[0] is match('\s1')) - #become: yes + #become: true - name: modify ldap entry if existing # error code 20, when attribute already exists command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -w {{ ldap_manager_pwd }} -x -f {{ middleware_ldif_dir }}/{{ outer_item }}_{{ item.split(',')[0] }}.ldif" register: modify_out when: (changetype == 'modify') and (search_existence.stdout.split('# numEntries:')[1].splitlines()[0] is match('\s1')) - #become: yes + #become: true failed_when: (modify_out.rc != 0) and (modify_out.rc != 16) and (modify_out.rc != 20) diff --git a/roles/middleware/templates/fworch-middleware.service.j2 b/roles/middleware/templates/fworch-middleware.service.j2 index e7fd745f1..e0853016f 100644 --- a/roles/middleware/templates/fworch-middleware.service.j2 +++ b/roles/middleware/templates/fworch-middleware.service.j2 @@ -9,8 +9,7 @@ After=network.target remote-fs.target nss-lookup.target slapd.service WorkingDirectory={{ middleware_server_start_dir }} ExecStartPre=/bin/sleep 10 ExecStart={{ middleware_server_start_dir }}/bin/{{ dotnet_mode }}/net{{ dotnet_version }}/FWO.Middleware.Server -#StandardOutput=syslog -#StandardError=syslog +Restart=on-failure SyslogIdentifier={{ middleware_server_syslog_id }} User={{ fworch_user }} Environment= diff --git a/roles/middleware/templates/ldif_files/tree_roles.ldif.j2 b/roles/middleware/templates/ldif_files/tree_roles.ldif.j2 index a655be245..a4bf0174b 100644 --- a/roles/middleware/templates/ldif_files/tree_roles.ldif.j2 +++ b/roles/middleware/templates/ldif_files/tree_roles.ldif.j2 @@ -161,3 +161,14 @@ cn: reviewer uniqueMember: description: T0017 {%- endif %} + + +dn: cn=modeller,ou=role,{{ openldap_path }} +changetype: {{ ldif_changetype }} +{% if ldif_changetype != 'delete' -%} +objectClass: top +objectClass: groupofuniquenames +cn: modeller +uniqueMember: +description: T0018 +{%- endif %} diff --git a/roles/middleware/templates/upgrade/7.2.4.ldif.j2 b/roles/middleware/templates/upgrade/7.2.4.ldif.j2 new file mode 100644 index 000000000..e171c1dea --- /dev/null +++ b/roles/middleware/templates/upgrade/7.2.4.ldif.j2 @@ -0,0 +1,9 @@ + +dn: cn=modeller,ou=role,{{ openldap_path }} +changetype: add +objectClass: top +objectClass: groupofuniquenames +cn: modeller +uniqueMember: +description: T0018 + diff --git a/roles/openldap-server/defaults/main.yml b/roles/openldap-server/defaults/main.yml index 9593690ca..6204b1966 100644 --- a/roles/openldap-server/defaults/main.yml +++ b/roles/openldap-server/defaults/main.yml @@ -18,7 +18,7 @@ openldap_server_location: portland openldap_server_organization: IT openldap_server_email_address: "{{ product_name }}@cactus.de" -openldap_server_enable_ssl: yes +openldap_server_enable_ssl: true #The path to the pw dir fworch_secrets_dir: /tmp diff --git a/roles/openldap-server/handlers/main.yml b/roles/openldap-server/handlers/main.yml index fd156fffd..df34a1bd3 100644 --- a/roles/openldap-server/handlers/main.yml +++ b/roles/openldap-server/handlers/main.yml @@ -1,4 +1,4 @@ --- - name: restart slapd - service: name=slapd state=restarted enabled=yes - become: yes + service: name=slapd state=restarted enabled=true + become: true diff --git a/roles/openldap-server/tasks/main.yml b/roles/openldap-server/tasks/main.yml index 6130456f3..d8a7234fd 100644 --- a/roles/openldap-server/tasks/main.yml +++ b/roles/openldap-server/tasks/main.yml @@ -5,7 +5,8 @@ state: directory owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true + tags: [ 'test', 'unittest' ] - block: ### OS basics @@ -54,6 +55,7 @@ owner: "{{ fworch_user }}" group: "{{ fworch_group }}" when: not is_manger_pw_present_flag.stat.exists + tags: [ 'test' ] - name: Generate the root password hash for the config command: "slappasswd -T {{ ldap_manager_pwd_file }}" @@ -99,7 +101,7 @@ template: src: config.ldif.j2 dest: "{{ openldap_server_app_path }}/slapd.d/config.ldif" - force: no + force: false mode: 0640 - name: Configure LDAP protocol, URI and port @@ -115,14 +117,14 @@ file: path: "{{ openldap_server_app_path }}/slapd.d" state: directory - recurse: yes + recurse: true owner: openldap ### systemctl - name: Create dir to enable TLS for slapd service file: path: /etc/systemd/system/slapd.service.d - recurse: yes + recurse: true - name: Enable TLS for slapd service template: @@ -133,10 +135,10 @@ systemd: name: slapd state: restarted - enabled: yes - daemon_reload: yes + enabled: true + daemon_reload: true - become: yes + become: true when: installation_mode == "new" - name: include upgrade script diff --git a/roles/openldap-server/tasks/upgrade/5.4.1.yml b/roles/openldap-server/tasks/upgrade/5.4.1.yml index 0b1368eac..f3f4d3fe4 100644 --- a/roles/openldap-server/tasks/upgrade/5.4.1.yml +++ b/roles/openldap-server/tasks/upgrade/5.4.1.yml @@ -2,9 +2,9 @@ template: src: upgrade/5.4.1.ldif.j2 dest: "{{ middleware_ldif_dir }}/5.4.1.ldif" - force: yes - become: yes + force: true + become: true - name: upgrade olcAccess policy command: "ldapmodify -H {{ openldap_url }} -D cn=config -y {{ ldap_manager_pwd_file }} -x -f {{ middleware_ldif_dir }}/5.4.1.ldif" - become: yes + become: true diff --git a/roles/openldap-server/tasks/upgrade/5.7.1.yml b/roles/openldap-server/tasks/upgrade/5.7.1.yml index b860dd18e..cfcf4d5ec 100644 --- a/roles/openldap-server/tasks/upgrade/5.7.1.yml +++ b/roles/openldap-server/tasks/upgrade/5.7.1.yml @@ -2,7 +2,7 @@ copy: src: "{{ fworch_secrets_dir }}/ldap_manager_pw.txt" dest: "{{ ldap_manager_pwd_file }}" - force: yes - remote_src: yes - become: yes + force: true + remote_src: true + become: true ignore_errors: true diff --git a/roles/openldap-server/tasks/upgrade/6.4.9.yml b/roles/openldap-server/tasks/upgrade/6.4.9.yml new file mode 100644 index 000000000..6210c6b27 --- /dev/null +++ b/roles/openldap-server/tasks/upgrade/6.4.9.yml @@ -0,0 +1,11 @@ +- name: copy associated ldif files to system + template: + src: upgrade/6.4.9.ldif.j2 + dest: "{{ middleware_ldif_dir }}/6.4.9.ldif" + force: true + become: true + +- name: upgrade sample group roles + command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -y {{ ldap_manager_pwd_file }} -x -f {{ middleware_ldif_dir }}/6.4.9.ldif -c" + become: true + ignore_errors: true diff --git a/roles/openldap-server/templates/config.ldif.j2 b/roles/openldap-server/templates/config.ldif.j2 index 27e171f6c..2322c8ee1 100644 --- a/roles/openldap-server/templates/config.ldif.j2 +++ b/roles/openldap-server/templates/config.ldif.j2 @@ -16,7 +16,6 @@ olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_mdb.la olcModuleLoad: {1}memberof.la olcModuleLoad: {2}refint.la -olcModuleLoad: {3}ppolicy.la # internal schema dn: cn=schema,cn=config @@ -28,9 +27,6 @@ include: file:///etc/ldap/schema/core.ldif include: file:///etc/ldap/schema/cosine.ldif include: file:///etc/ldap/schema/inetorgperson.ldif include: file:///etc/ldap/schema/nis.ldif -{% if not ((ansible_facts['distribution_release']|lower == 'bookworm') or (ansible_distribution|lower == 'ubuntu' and ansible_distribution_version is version ('22', '>='))) %} -include: file:///etc/ldap/schema/ppolicy.ldif -{% endif %} # configure config database dn: olcDatabase=config,cn=config @@ -107,12 +103,3 @@ objectClass: top olcOverlay: refint olcRefintAttribute: memberOf olcRefintAttribute: uniqueMember - -# Password policy overlay -dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config -objectClass: olcConfig -objectClass: top -objectClass: olcOverlayConfig -objectClass: olcPPolicyConfig -olcOverlay: ppolicy -olcPPolicyHashCleartext: TRUE diff --git a/roles/openldap-server/templates/upgrade/6.4.9.ldif.j2 b/roles/openldap-server/templates/upgrade/6.4.9.ldif.j2 new file mode 100644 index 000000000..b93122332 --- /dev/null +++ b/roles/openldap-server/templates/upgrade/6.4.9.ldif.j2 @@ -0,0 +1,13 @@ +dn: cn=recertifier,ou=role,{{ openldap_path }} +changetype: modify +delete: uniquemember +uniquemember: uid=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} +- +delete: uniquemember +uniquemember: uid=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} +- +add: uniquemember +uniquemember: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} +- +add: uniquemember +uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} diff --git a/roles/openssl-cert/tasks/main.yml b/roles/openssl-cert/tasks/main.yml index 584f046d8..29aaaf232 100644 --- a/roles/openssl-cert/tasks/main.yml +++ b/roles/openssl-cert/tasks/main.yml @@ -50,10 +50,10 @@ src: "{{ openssl_cert }}" dest: /usr/local/share/ca-certificates/{{ product_name }}-server.crt state: link - become: yes + become: true # sudo dpkg-reconfigure ca-certificates -f noninteractive - name: reconfigure ca-certificates package debconf: name: ca-certificates - become: yes + become: true diff --git a/roles/prepare/files/maintenance-info.html b/roles/prepare/files/maintenance-info.html new file mode 100644 index 000000000..4a8362790 --- /dev/null +++ b/roles/prepare/files/maintenance-info.html @@ -0,0 +1,39 @@ + + + + + + Under Maintenance + + + +
    +

    Firewall Orchestrator is under maintenance

    +

    Sorry for the inconvenience. Please try again in 10 minutes.

    + Maintenance Image +
    + + diff --git a/roles/prepare/files/men-at-work.jpg b/roles/prepare/files/men-at-work.jpg new file mode 100644 index 000000000..b3fa37998 Binary files /dev/null and b/roles/prepare/files/men-at-work.jpg differ diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml new file mode 100644 index 000000000..8e065739e --- /dev/null +++ b/roles/prepare/tasks/main.yml @@ -0,0 +1,67 @@ + +- block: + + - name: create maint website dir + file: + path: "/var/www/html/" + state: directory + mode: "0755" + owner: "{{ fworch_user }}" + group: "{{ fworch_group }}" + + - name: copy maintenance web site index + copy: + src: maintenance-info.html + dest: "/var/www/html/index.html" + mode: "0644" + + - name: copy maintenance web site image + copy: + src: men-at-work.jpg + dest: "/var/www/html/men-at-work.jpg" + mode: "0644" + + - name: copy httpd maintenance config file to ui target + template: + src: "httpd-maintenance.conf" + dest: "{{ http_conf_dir }}/{{ product_name }}-maintenance.conf" + owner: root + group: root + + - name: enable apache2 maintenance web site + command: "a2ensite {{ product_name }}-maintenance" + ignore_errors: true + + - name: disable {{ product_name }} web site + command: "a2dissite {{ product_name }}-ui" + + - name: restart apache with maintenance site + service: + name: "{{ webserver_package_name }}" + state: restarted + + when: "installation_mode == 'upgrade' and inventory_hostname in groups['frontends']" + become: true + + +- name: stop importer service before making any changes + systemd: + name: "{{ item }}" + state: stopped + become: true + when: "inventory_hostname in groups['importers'] and installation_mode == 'upgrade'" + loop: + - "{{ product_name }}-importer-legacy" + - "{{ product_name }}-importer-api" + +- name: stop importer service before making any changes + systemd: + name: "{{ item }}" + state: stopped + become: true + ignore_errors: true # might not have been installed yet in case of early fail installs + when: "inventory_hostname in groups['importers'] and installation_mode == 'uninstall'" + loop: + - "{{ product_name }}-importer-legacy" + - "{{ product_name }}-importer-api" + diff --git a/roles/prepare/templates/httpd-maintenance.conf b/roles/prepare/templates/httpd-maintenance.conf new file mode 100644 index 000000000..7fc75e34b --- /dev/null +++ b/roles/prepare/templates/httpd-maintenance.conf @@ -0,0 +1,39 @@ + + ServerName {{ ui_server_name }}:80 + ServerAdmin {{ server_admin }} + ServerAlias {{ ui_server_alias }} + Timeout {{ apache_ui_timeout }} + + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)$ + RewriteCond %{REQUEST_URI} !^/$ + RewriteCond %{REQUEST_URI} !^/men-at-work.jpg$ + RewriteRule ^(.*)$ / [R=301,L] + + ErrorLog /var/log/{{ webserver_package_name }}/error.log + TransferLog /var/log/{{ webserver_package_name }}/access.log + + +# https vhost: + + ServerName {{ ui_server_name }}:{{ ui_web_port }} + ServerAdmin {{ server_admin }} + ServerAlias {{ ui_server_alias }} + Timeout {{ apache_ui_timeout }} + DocumentRoot /var/www/html + + ErrorLog /var/log/{{ webserver_package_name }}/maint_error.log + TransferLog /var/log/{{ webserver_package_name }}/maint_access.log + CustomLog /var/log/{{ webserver_package_name }}/maint_ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + SSLEngine on + SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW + SSLCertificateFile /etc/{{ webserver_package_name }}/ssl/server.crt + SSLCertificateKeyFile /etc/{{ webserver_package_name }}/ssl/server.key + + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)$ + RewriteCond %{REQUEST_URI} !^/$ + RewriteCond %{REQUEST_URI} !^/men-at-work.jpg$ + RewriteRule ^(.*)$ / [R=301,L] + + diff --git a/roles/sample-auth-data/tasks/auth_sample_data.yml b/roles/sample-auth-data/tasks/auth_sample_data.yml index 512df1948..3eef29491 100644 --- a/roles/sample-auth-data/tasks/auth_sample_data.yml +++ b/roles/sample-auth-data/tasks/auth_sample_data.yml @@ -11,14 +11,29 @@ END IF; END $do$ - - name: add devices for tenant tenant1{{ sample_postfix }} + - name: add device mapping for tenant tenant1{{ sample_postfix }} postgresql_query: db: "{{ fworch_db_name }}" query: > - DO $do$ BEGIN + DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN INSERT INTO tenant_to_device (tenant_id, device_id) - SELECT tenant_id, (select dev_id FROM device where device.dev_name='fortigate{{ sample_postfix }}') from tenant WHERE tenant.tenant_name='tenant1{{ sample_postfix }}'; + SELECT tenant_id, (select dev_id FROM device where device.dev_name='{{ sample_fortigate_basename }}{{ sample_postfix }}') from tenant WHERE tenant.tenant_name='tenant1{{ sample_postfix }}'; + END IF; + END $do$ + + - name: add management mapping for tenant tenant1{{ sample_postfix }} + postgresql_query: + db: "{{ fworch_db_name }}" + query: > + DO $do$ BEGIN + IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1{{ sample_postfix }}') THEN + INSERT INTO tenant_to_management (tenant_id, management_id, shared) + SELECT + tenant_id, + (select mgm_id FROM management where management.mgm_name='{{ sample_fortigate_basename }}{{ sample_postfix }}'), + TRUE + FROM tenant WHERE tenant.tenant_name='tenant1{{ sample_postfix }}'; END IF; END $do$ @@ -33,7 +48,7 @@ END IF; END $do$ - - name: add devices for tenant tenant2{{ sample_postfix }} + - name: add device mapping for tenant tenant2{{ sample_postfix }} postgresql_query: db: "{{ fworch_db_name }}" query: > @@ -41,30 +56,44 @@ IF NOT EXISTS (SELECT * FROM tenant_to_device LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2{{ sample_postfix }}') THEN INSERT INTO tenant_to_device (tenant_id, device_id) - SELECT tenant_id, (select dev_id FROM device where device.dev_name='checkpoint{{ sample_postfix }}') from tenant WHERE tenant.tenant_name='tenant2{{ sample_postfix }}'; + SELECT tenant_id, (select dev_id FROM device where device.dev_name='{{ sample_fortigate_basename }}{{ sample_postfix }}') from tenant WHERE tenant.tenant_name='tenant2{{ sample_postfix }}'; END IF; END $do$ when: sample_role_purpose is not match('test') + - name: add management mapping for tenant tenant2{{ sample_postfix }} + postgresql_query: + db: "{{ fworch_db_name }}" + query: > + DO $do$ BEGIN + IF NOT EXISTS (SELECT * FROM tenant_to_management LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2{{ sample_postfix }}') THEN + INSERT INTO tenant_to_management (tenant_id, management_id, shared) + SELECT + tenant_id, + (select mgm_id FROM management where management.mgm_name='{{ sample_fortigate_basename }}{{ sample_postfix }}'), + FALSE + FROM tenant WHERE tenant.tenant_name='tenant2{{ sample_postfix }}'; + END IF; + END $do$ + - name: insert demo tenant network data postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant1_demo') THEN - IF NOT EXISTS (SELECT * FROM tenant_network LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1_demo' and tenant_net_ip='10.222.0.32/27') THEN - insert into tenant_network (tenant_id, tenant_net_ip, tenant_net_comment) - VALUES ((SELECT tenant_id FROM tenant WHERE tenant_name='tenant1_demo'), '10.222.0.32/27', 'demo network for tenant 1') ON CONFLICT DO NOTHING; + IF NOT EXISTS (SELECT * FROM tenant_network LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant1_demo' and tenant_net_ip='10.10.0.0/32' AND tenant_net_ip_end='10.10.255.255/32') THEN + insert into tenant_network (tenant_id, tenant_net_ip, tenant_net_ip_end, tenant_net_comment) + VALUES ((SELECT tenant_id FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}'), '10.10.0.0/32', '10.10.255.255/32', 'demo network for tenant 1') ON CONFLICT DO NOTHING; END IF; END IF; IF EXISTS (SELECT tenant_id FROM tenant WHERE tenant_name='tenant2_demo') THEN - IF NOT EXISTS (SELECT * FROM tenant_network LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2_demo' and tenant_net_ip='10.0.0.48/29') THEN - insert into tenant_network (tenant_id, tenant_net_ip, tenant_net_comment) - VALUES ((SELECT tenant_id FROM tenant WHERE tenant_name='tenant2_demo'), '10.0.0.48/29', 'demo network for tenant 2') ON CONFLICT DO NOTHING; + IF NOT EXISTS (SELECT * FROM tenant_network LEFT JOIN tenant USING (tenant_id) WHERE tenant_name='tenant2_demo' and tenant_net_ip='10.0.0.48/32' and tenant_net_ip_end='10.0.0.55/32') THEN + insert into tenant_network (tenant_id, tenant_net_ip, tenant_net_ip_end, tenant_net_comment) + VALUES ((SELECT tenant_id FROM tenant WHERE tenant_name='tenant2{{ sample_postfix }}'), '10.0.0.48/32', '10.0.0.55/32', 'demo network for tenant 2') ON CONFLICT DO NOTHING; END IF; END IF; END $do$ - - become: yes + become: true become_user: postgres diff --git a/roles/sample-auth-data/tasks/main.yml b/roles/sample-auth-data/tasks/main.yml index 29a7b6166..08ffa18e5 100644 --- a/roles/sample-auth-data/tasks/main.yml +++ b/roles/sample-auth-data/tasks/main.yml @@ -16,4 +16,4 @@ systemd: name: "{{ middleware_service_name }}" state: restarted - become: yes + become: true diff --git a/roles/sample-auth-data/tasks/modify_ldap_tree.yml b/roles/sample-auth-data/tasks/modify_ldap_tree.yml index 944878a28..9a2a362d5 100644 --- a/roles/sample-auth-data/tasks/modify_ldap_tree.yml +++ b/roles/sample-auth-data/tasks/modify_ldap_tree.yml @@ -2,10 +2,10 @@ template: src: "{{ item }}" dest: "{{ middleware_ldif_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - force: yes + force: true with_fileglob: - ../templates/tree_*.j2 - become: yes + become: true - name: add tree command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -y {{ ldap_manager_pwd_file }} -x -f {{ middleware_ldif_dir }}/tree_{{ item }}.ldif" @@ -13,6 +13,13 @@ - sample_tenants - sample_operators - sample_groups + become: true + +# only add roles and groups when not testing to avoid resudue from tests +- name: add tree + command: "ldapmodify -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -y {{ ldap_manager_pwd_file }} -x -f {{ middleware_ldif_dir }}/tree_{{ item }}.ldif" + loop: - roles_for_sample_operators - groups_for_sample_operators - become: yes + become: true + when: sample_role_purpose is not match('test') diff --git a/roles/sample-auth-data/tasks/sample_owner_data.yml b/roles/sample-auth-data/tasks/sample_owner_data.yml index 9c2a9b2d5..4c5342e2a 100644 --- a/roles/sample-auth-data/tasks/sample_owner_data.yml +++ b/roles/sample-auth-data/tasks/sample_owner_data.yml @@ -4,35 +4,30 @@ db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN - INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('ownerF_demo', 'ad-single-owner-f', 'ad-group-owner-f', false, 1, 30, '2022-12-01T00:00:00', '123') + INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, app_id_external) + VALUES ('ownerF_demo', 'uid=user1_demo,ou=tenant1_demo,ou=operator,ou=user,dc=fworch,dc=internal', 'cn=ownergroup_F_demo,ou=group,dc=fworch,dc=internal', false, 2, 30, '123') ON CONFLICT DO NOTHING; - INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('ownerD_demo', 'ad-single-owner-d', 'ad-group-owner-d', false, 1, 30, '2022-12-01T00:00:00', '234') - ON CONFLICT DO NOTHING; - INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, next_recert_date, app_id_external) - VALUES ('defaultOwner_demo', 'ad-single-owner-default', 'ad-group-owner-default', true, 1, 30, '2022-12-01T00:00:00', '111') + INSERT INTO owner (name, dn, group_dn, is_default, tenant_id, recert_interval, app_id_external) + VALUES ('ownerD_demo', 'uid=user2_demo,ou=tenant2_demo,ou=operator,ou=user,dc=fworch,dc=internal', 'cn=ownergroup_D_demo,ou=group,dc=fworch,dc=internal', false, 3, 30, '234') ON CONFLICT DO NOTHING; - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerF_demo' AND tenant_id=1), '10.222.0.0/27') + INSERT INTO owner_network (owner_id, ip, ip_end) + VALUES ((SELECT id FROM owner WHERE name='ownerF_demo'), '10.222.0.0', '10.222.0.31') ON CONFLICT DO NOTHING; - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerD_demo' AND tenant_id=1), '10.222.0.32/27') + INSERT INTO owner_network (owner_id, ip, ip_end) + VALUES ((SELECT id FROM owner WHERE name='ownerD_demo'), '10.222.0.32', '10.222.0.63') ON CONFLICT DO NOTHING; - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerF_demo' AND tenant_id=1), '10.0.0.0/27') + INSERT INTO owner_network (owner_id, ip, ip_end) + VALUES ((SELECT id FROM owner WHERE name='ownerF_demo'), '10.0.0.0', '10.0.0.31') ON CONFLICT DO NOTHING; - INSERT INTO owner_network (owner_id, ip) - VALUES ((SELECT id FROM owner WHERE name='ownerD_demo' AND tenant_id=1), '10.0.0.32/27') + INSERT INTO owner_network (owner_id, ip, ip_end) + VALUES ((SELECT id FROM owner WHERE name='ownerD_demo'), '10.0.0.32', '10.0.0.63') ON CONFLICT DO NOTHING; END $do$ - become: yes + when: sample_role_purpose is not match('test') and add_demo_data|bool + become: true become_user: postgres - - - diff --git a/roles/sample-auth-data/templates/tree_groups_for_sample_operators.ldif.j2 b/roles/sample-auth-data/templates/tree_groups_for_sample_operators.ldif.j2 index d0a3deaae..9256bfa12 100644 --- a/roles/sample-auth-data/templates/tree_groups_for_sample_operators.ldif.j2 +++ b/roles/sample-auth-data/templates/tree_groups_for_sample_operators.ldif.j2 @@ -15,3 +15,15 @@ dn: cn=group2{{ sample_postfix }},ou=group,{{ openldap_path }} changetype: modify add: uniquemember uniquemember: uid=user1{{ sample_postfix }},ou=tenant2{{ sample_postfix }},ou=operator,ou=user,dc=fworch,dc=internal + + +dn: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: uid=user1{{ sample_postfix }},ou=tenant1{{ sample_postfix }},ou=operator,ou=user,dc=fworch,dc=internal + + +dn: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: uid=user2{{ sample_postfix }},ou=tenant2{{ sample_postfix }},ou=operator,ou=user,dc=fworch,dc=internal diff --git a/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 b/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 index be797efea..29acc66b0 100644 --- a/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 +++ b/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 @@ -4,7 +4,32 @@ changetype: modify add: uniquemember uniquemember: uid=user2{{ sample_postfix }},ou=tenant2{{ sample_postfix }},ou=operator,ou=user,dc=fworch,dc=internal + dn: cn=reporter,ou=role,{{ openldap_path }} changetype: modify add: uniquemember uniquemember: uid=user1{{ sample_postfix }},ou=tenant1{{ sample_postfix }},ou=operator,ou=user,{{ openldap_path }} + + +dn: cn=recertifier,ou=role,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} + + +dn: cn=recertifier,ou=role,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} + + +dn: cn=modeller,ou=role,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} + + +dn: cn=modeller,ou=role,{{ openldap_path }} +changetype: modify +add: uniquemember +uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} diff --git a/roles/sample-auth-data/templates/tree_sample_groups.ldif.j2 b/roles/sample-auth-data/templates/tree_sample_groups.ldif.j2 index d985790f1..1e0e57b4b 100644 --- a/roles/sample-auth-data/templates/tree_sample_groups.ldif.j2 +++ b/roles/sample-auth-data/templates/tree_sample_groups.ldif.j2 @@ -19,3 +19,25 @@ objectClass: groupofuniquenames cn: group2{{ sample_postfix }} uniqueMember: {%- endif %} + + +dn: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }} +changetype: {{ ldif_changetype }} +{% if ldif_changetype != 'delete' -%} +objectClass: top +objectClass: groupofuniquenames +cn: group2{{ sample_postfix }} +businessCategory: ownergroup +uniqueMember: +{%- endif %} + + +dn: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }} +changetype: {{ ldif_changetype }} +{% if ldif_changetype != 'delete' -%} +objectClass: top +objectClass: groupofuniquenames +cn: group2{{ sample_postfix }} +businessCategory: ownergroup +uniqueMember: +{%- endif %} diff --git a/roles/sample-data/files/config_changes/changeRule.py b/roles/sample-data/files/config_changes/changeRule.py new file mode 100644 index 000000000..5fe7fc7f4 --- /dev/null +++ b/roles/sample-data/files/config_changes/changeRule.py @@ -0,0 +1,134 @@ +#!/usr/bin/python3 +# changes a random rule from a native fortigate config + +import random +import string +import os +import sys +import json +import logging + + +def randomOctet(): + return str(random.randrange(0, 256)) + + +def randomIp(): + return randomOctet() + '.' + randomOctet() + '.' + randomOctet() + '.' + randomOctet() + + +def randomUid(): + s = ''.join(random.choices(string.ascii_lowercase + string.digits, k=32)) + return s[:8] + '-' + s[8:12] + '-' + s[12:16] + '-' + s[16:20] + '-' + s[20:] + + +# constants: +maxElements = 5 +commentChangeId = "FWORCH: " + +# fortiOS specific: +anyObj = { + "name": "all", + "q_origin_key": "all" + } + +srcString = 'srcaddr' +dstString = 'dstaddr' +nwObjString = "nw_obj_firewall/address" +deleteElement = False +changeSource = False + +if len(sys.argv) == 2: + config_path = sys.argv[1] +else: + logging.error('did not specify config file as parameter') + logging.error("syntax: changeRule.py configFileName") + exit(1) + +tempConfigFile = config_path + ".tmp" + +with open(config_path) as f: + config = json.load(f) + +# fortiOs settings: +rules = config['rules']['rules'] + + +numberOfRules = len(rules) +numberOfRules = round(numberOfRules/2) # only change the first half of the rules and keep the rest as is + +pickedRuleNumber = random.randrange(0, numberOfRules) +rule = rules[pickedRuleNumber] + +if random.randrange(0, 2)==0: + changeSource = True + ruleSide = rule[srcString] +else: + ruleSide = rule[dstString] + +if len(ruleSide)>=maxElements: + deleteElement=True + del ruleSide[len(ruleSide)-1] + +actionChoices = ['changeSrcOrDst', 'enDisable', 'reverseAction', 'reverseLogging'] + +actionChosen = actionChoices[random.randrange(0, len(actionChoices))] + +if actionChosen == 'changeSrcOrDst': + if not deleteElement: + newUid = randomUid() + newIp = randomIp() + + # cannot add to any obj, so delete it first + if anyObj in ruleSide: + del ruleSide[0] + + nwObj = { + "name": newIp, + "q_origin_key": newIp, + "uuid": newUid, + "subnet": [newIp, 32], + "type": "ipmask", + "obj-type": "ip", + "comment": commentChangeId + "random ip added as simulated change", + "associated-interface": "", + "color": 0 + } + config[nwObjString].append(nwObj) + + nwObjRef = { + "name": newIp, + "q_origin_key": newIp + } + ruleSide.append(nwObjRef) + +elif actionChosen == 'enDisable': + if rule['status'] == "enable": + rule['status'] = "disable" + else: + rule['status'] = "enable" +elif actionChosen == 'reverseAction': + if rule['action'] == "accept": + rule['action'] = "deny" + else: + rule['action'] = "accept" +elif actionChosen == 'reverseLogging': + if rule['logtraffic'] == "all" or rule['logtraffic'] == "utm": + rule['logtraffic'] = "disable" + else: + rule['logtraffic'] = "all" +else: + logging.warning("unknown action chosen: " + actionChosen ) +with open(tempConfigFile, 'w', encoding='utf-8') as f: + json.dump(config, f, ensure_ascii=False, indent=4) + +os.rename(tempConfigFile, config_path) +if changeSource: + sideString = 'source' +else: + sideString = 'destination' + +logText = 'changeRule simulator: changed rule no. ' + str(pickedRuleNumber)+ ', changeType=' + actionChosen +if actionChosen=='changeSrcOrDst': + logText += ', changed ' + sideString +logging.info(logText) diff --git a/roles/sample-data/files/config_changes/enlarge_rule.py b/roles/sample-data/files/config_changes/unused_enlarge_rule.py similarity index 100% rename from roles/sample-data/files/config_changes/enlarge_rule.py rename to roles/sample-data/files/config_changes/unused_enlarge_rule.py diff --git a/roles/sample-data/files/sample-configs/checkpoint_demo/fwauth.NDB b/roles/sample-data/files/sample-configs/checkpoint_demo/fwauth.NDB deleted file mode 100644 index c08307db4..000000000 Binary files a/roles/sample-data/files/sample-configs/checkpoint_demo/fwauth.NDB and /dev/null differ diff --git a/roles/sample-data/files/sample-configs/checkpoint_demo/objects_5_0.C b/roles/sample-data/files/sample-configs/checkpoint_demo/objects_5_0.C deleted file mode 100644 index 11d3f643d..000000000 --- a/roles/sample-data/files/sample-configs/checkpoint_demo/objects_5_0.C +++ /dev/null @@ -1,25894 +0,0 @@ -( - :anyobj (Any - :color (Blue) - ) - :superanyobj ( - : (Any - :color (Blue) - ) - ) - :sofaware_gw_types ( - : (IP40 - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:24:13 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{1FF5E2C5-43E1-4A1B-9E20-376ACB0BA683}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (nokia_ip40) - :type (sofaware_product_type_obj) - ) - : (SBox-200 - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:24:13 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{3A8F3574-D510-4FA9-8467-1AC488A0CEF0}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (generic2_safe@) - :type (sofaware_product_type_obj) - ) - : (SecureBlade300 - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:24:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{D554FE57-BAFB-410B-9708-71BA81052FBA}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (generic_safe@) - :type (sofaware_product_type_obj) - ) - : (SBox-100 - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:23:49 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{EC1B649A-7485-4039-B6FC-56EBA3BE59BC}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (generic_safe@) - :type (sofaware_product_type_obj) - ) - : (IP30 - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:24:13 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{7C65EB3E-CF01-4816-948E-0799A3804FC6}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (nokia_ip30) - :type (sofaware_product_type_obj) - ) - : (SecureBlade - :AdminInfo ( - :LastModified ( - :Time ("Sun Jul 21 12:24:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{F7B25443-282D-4D90-AB96-91A082AEB5B1}") - :ClassName (sofaware_product_type) - :table (sofaware_gw_types) - :Deleteable (false) - :Renameable (false) - ) - :default_package () - :firmware_type (generic_safe@) - :type (sofaware_product_type_obj) - ) - ) - :atlas_gateway_properties ( - : (SW - :AdminInfo ( - :chkpf_uid ("{5E6B7A8C-81F5-4B10-8069-03A85BBF4D21}") - :ClassName (atlas_gateway_property) - :table (atlas_gateway_properties) - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :firmwares () - :versions () - :default_profile (sofaware_gw_default_profile) - :gw_type_displayed_name ("Safe@ ROBO") - :is_default (false) - :profile_type (gw_profile_lsm_sofaware) - :type (atlas_gateway_property) - ) - : (CP - :AdminInfo ( - :chkpf_uid ("{F5DF4B54-2FE4-4BFE-8AF1-D5925E240F5D}") - :ClassName (atlas_gateway_property) - :table (atlas_gateway_properties) - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :firmwares () - :versions ( - : ("NG FP3") - ) - :default_profile () - :gw_type_displayed_name ("Check Point ROBO") - :is_default (true) - :profile_type (gw_profile_cp) - :type (atlas_gateway_property) - ) - ) - :atlas_general_properties ( - : (general - :AdminInfo ( - :chkpf_uid ("{7D2D8989-C348-4126-B551-0AF4222217CD}") - :ClassName (atlas_general_property) - :table (atlas_general_properties) - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :statuses ( - : ( - :AdminInfo ( - :chkpf_uid ("{97AEB36C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (status_properties) - ) - :is_critical (false) - :status_name (OK) - :status_value (0) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{E10C00B2-B7E7-47F0-9D1D-B6274CDF620D}") - :ClassName (status_properties) - ) - :is_critical (false) - :status_name (Unknown) - :status_value (1) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{36C16215-80C6-4C44-A963-E94263AF46CC}") - :ClassName (status_properties) - ) - :is_critical (false) - :status_name (Untrusted) - :status_value (2) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{030973CA-77D5-4CE6-B907-11E6F8801A23}") - :ClassName (status_properties) - ) - :is_critical (true) - :status_name ("Not Responding") - :status_value (3) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{80FFC1F0-4591-4DC2-AFFC-10162D947179}") - :ClassName (status_properties) - ) - :is_critical (true) - :status_name ("Needs Attention") - :status_value (4) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{1D94C5C9-961E-47C5-81B3-8306D898957B}") - :ClassName (status_properties) - ) - :is_critical (false) - :status_name ("Not Installed") - :status_value (5) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{F30E6621-205D-43DA-BFD7-9BDAC5F2ACDB}") - :ClassName (status_properties) - ) - :is_critical (true) - :status_name ("Not Updated") - :status_value (6) - :type (status_properties) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{3BBD2FB3-F19E-4AB7-859A-E2614E8F5DEE}") - :ClassName (status_properties) - ) - :is_critical (false) - :status_name ("May be out of date") - :status_value (7) - :type (status_properties) - ) - ) - :type (atlas_general_property) - ) - ) - :policies_collections ( - : (Standard - :AdminInfo ( - :chkpf_uid ("{2E49485A-61E2-4F55-A71C-85B9BF5CD9E1}") - :ClassName (policies_collection) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{711F7FC2-4ADA-4AE2-AC0B-95421F5A9949}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (policies_collections) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Feb 16 01:21:31 2003") - :By (tim) - :From (STICHLING) - ) - ) - :installable_targets () - :all_internal_modules (true) - :color (black) - :comments () - :default (0) - :type (policies_collection) - ) - : (IsoAAAA-traditional - :AdminInfo ( - :chkpf_uid ("{8EA5AF0F-7640-4BF9-8E5B-577091884205}") - :ClassName (policies_collection) - :table (policies_collections) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 27 19:39:19 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :default (0) - :installable_targets () - :all_internal_modules (true) - :color (black) - :comments () - :type (policies_collection) - ) - : (IsoAAAA_Simplified - :AdminInfo ( - :chkpf_uid ("{26FF70B8-9599-49B4-B6F6-84B7AE0D2EBB}") - :ClassName (policies_collection) - :table (policies_collections) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 20 21:55:27 2004") - :By (tim) - :From (gateway) - ) - ) - :comments () - :default (0) - :installable_targets () - :all_internal_modules (true) - :color (black) - :type (policies_collection) - ) - : (IsoAAAA - :AdminInfo ( - :chkpf_uid ("{462FD47E-BB4B-4DC4-95D6-E25D7E6C1E41}") - :ClassName (policies_collection) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{98264DAA-4862-46E3-AE64-BB8A15BB9CCC}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (policies_collections) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 20 21:55:27 2004") - :By (tim) - :From (gateway) - ) - ) - :installable_targets () - :all_internal_modules (true) - :color (black) - :comments () - :default (1) - :type (policies_collection) - ) - ) - :network_objects (network_objects - : (InternalNet - :AdminInfo ( - :LastModified ( - :Time ("Sun May 12 10:37:48 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{5E414BEC-4A61-4675-A980-4841A1F5A0BE}") - :ClassName (dynamic_object) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (InternalNet) - ) - :bogus_ip (10.222.0.1) - :color (black) - :comments () - :track (none) - :type (dynamic_net_obj) - ) - : (DMZNet - :AdminInfo ( - :LastModified ( - :Time ("Sun May 12 10:38:03 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{8A883654-CDD4-45A8-B079-D4E476A70AD6}") - :ClassName (dynamic_object) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (DMZNet) - ) - :bogus_ip (10.222.0.2) - :color (black) - :comments () - :track (none) - :type (dynamic_net_obj) - ) - : (AuxiliaryNet - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 11 14:11:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{CAC127FB-24F5-4079-9404-BE5C00D11393}") - :ClassName (dynamic_object) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (AuxiliaryNet) - ) - :bogus_ip (10.222.0.3) - :color (black) - :comments () - :track (none) - :type (dynamic_net_obj) - ) - : (Low - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 11 14:11:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{0F147E90-C23D-432C-9294-DEEFD31A1E56}") - :ClassName (sofaware_profiles_security_level) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (Low) - ) - :color (black) - :comments () - :ipaddr (10.222.0.4) - :level (low) - :type (sofaware_profiles_security_level) - ) - : (Medium - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 11 14:11:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{7DF4722A-0B57-4906-8E0C-699EC278B6FA}") - :ClassName (sofaware_profiles_security_level) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (Medium) - ) - :color (black) - :comments () - :ipaddr (10.222.0.5) - :level (med) - :type (sofaware_profiles_security_level) - ) - : (High - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 11 14:11:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{C8460A52-CEE1-4A85-BBAA-0097C0401CAE}") - :ClassName (sofaware_profiles_security_level) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :name (High) - ) - :color (black) - :comments () - :ipaddr (10.222.0.6) - :level (high) - :type (sofaware_profiles_security_level) - ) - : (LocalMachine - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dynamic_object) - :table (network_objects) - :name (LocalMachine) - :Deleteable (false) - :Renameable (false) - ) - :bogus_ip (10.222.0.7) - :color (black) - :comments ("Check Point Local Machine") - :track (none) - :type (dynamic_net_obj) - ) - : (DAG_range - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (address_range) - :table (network_objects) - :Hidden (true) - :Deleteable (false) - :Renameable (false) - :name (DAG_range) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :color (black) - :comments () - :ipaddr_first (10.222.0.1) - :ipaddr_last (10.222.0.8) - :type (machines_range) - ) - : (wasp - :AdminInfo ( - :chkpf_uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat May 10 18:55:57 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (wasp) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (blue) - :comments (timeserver) - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.9) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{CCB732A7-07A1-43DA-920D-1BE2566CEF93}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (itchy - :AdminInfo ( - :chkpf_uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat May 10 18:59:46 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (itchy) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (gold) - :comments (dns) - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.10) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{A69EA138-D19E-4AE9-BBAD-4693DA3C2124}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (mg.IsoAAAA-es.com - :AdminInfo ( - :chkpf_uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sun May 18 16:27:49 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (mg.IsoAAAA-es.com) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color ("forest green") - :comments (spike) - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.11) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{EB6C11C9-CF82-4F05-A5F8-F505D9CB9280}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (heag_off_supper - :AdminInfo ( - :chkpf_uid ("{858E3E67-0517-485F-AA04-97A12BC119C3}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 15 16:08:08 2003") - :By (stephan) - :From (vaio) - ) - :name (heag_off_supper) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments ("obere Heag Netz H�lfte") - :ipaddr (10.222.0.12) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D0BDE3B1-1AF8-45E1-95FB-3E047BB5709D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (heag_off_upper - :AdminInfo ( - :chkpf_uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 15 16:08:08 2003") - :By (stephan) - :From (vaio) - ) - :name (heag_off_upper) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments ("obere Heag Netz H�lfte") - :ipaddr (10.222.0.13) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D0BDE3B1-1AF8-45E1-95FB-3E047BB5709D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (thorn - :AdminInfo ( - :chkpf_uid ("{32A2BEEF-3078-4B23-A9D9-5B0BDBDB08C3}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 15 16:09:30 2003") - :By (stephan) - :From (vaio) - ) - :name (thorn) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{32A2BEEF-3078-4B23-A9D9-5B0BDBDB08C3}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (black) - :comments (thorn) - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.14) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{09C26953-217D-4923-80E8-E13B538C5616}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (IsoAAADray.local - :AdminInfo ( - :chkpf_uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Nov 21 12:52:52 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (IsoAAADray.local) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (gold) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.15) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{EE89D4EB-6706-4A6D-98A9-4EC4604186B7}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (scratchy.local - :AdminInfo ( - :chkpf_uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Nov 30 19:34:35 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (scratchy.local) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (gold) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.16) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{27703391-81D0-4189-AE45-96F1931504E8}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (wlan-router - :AdminInfo ( - :chkpf_uid ("{426CC3AD-BE7D-45B6-AAAB-22BA0680EE21}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Dec 5 20:01:42 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (wlan-router) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{426CC3AD-BE7D-45B6-AAAB-22BA0680EE21}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color ("deep pink") - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.17) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{50E99C71-A042-439A-B5ED-B8F5F93BE3CA}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (wlan-sources - :AdminInfo ( - :chkpf_uid ("{7592504D-3B32-4F86-BC38-3F6D9EF8BFA7}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Dec 5 21:31:42 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (wlan-sources) - ) - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (Cactus-Wlan) - :Table (network_objects) - :Uid ("{FFB3BAC5-FD79-4D0B-911A-7413DA524723}") - ) - : (ReferenceObject - :Name (wlan-router) - :Table (network_objects) - :Uid ("{426CC3AD-BE7D-45B6-AAAB-22BA0680EE21}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (IsoAAAA-internal-wlan - :AdminInfo ( - :chkpf_uid ("{8A25E764-4E9E-4BAD-A56C-81B80488E392}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Dec 5 21:40:52 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (IsoAAAA-internal-wlan) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (blue) - :comments () - :ipaddr (10.222.0.18) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{5097D84E-F91D-4A79-BD6A-B6A94CC900B3}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (gateway.local - :AdminInfo ( - :chkpf_uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Dec 5 23:09:16 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (gateway.local) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (black) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.19) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{40E084FD-FB2F-40AC-AD74-D82956846BDA}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (www.t-online.de - :AdminInfo ( - :chkpf_uid ("{2F2418CB-D1AF-4470-AB97-4D6058666A71}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Dec 17 21:54:39 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (www.t-online.de) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{2F2418CB-D1AF-4470-AB97-4D6058666A71}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color ("deep pink") - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.20) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{69011F4C-61A3-4695-82C4-25AC0C726615}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (Heag-DSL-ext - :AdminInfo ( - :chkpf_uid ("{27F77C5F-9C50-486D-8003-AA7178B2F6FB}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Feb 25 19:34:32 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (Heag-DSL-ext) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{27F77C5F-9C50-486D-8003-AA7178B2F6FB}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :color (gold) - :comments ("external IP of Heag DSL Router") - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.21) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{DDDE838A-A815-42D9-AC5D-927510B8148A}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (Cactus-Telefonica - :AdminInfo ( - :chkpf_uid ("{1F2B8DAD-46AD-4E8B-8B94-D7524713EB39}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Feb 25 19:46:14 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (Cactus-Telefonica) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color ("forest green") - :comments ("Cactus Official IPs") - :ipaddr (10.222.0.22) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{4EE2803A-C1AA-4951-B802-D2CF7C587BB9}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (Cactus-Heag - :AdminInfo ( - :chkpf_uid ("{83B5E8DA-0AC8-4B27-9EB4-750F7521EB61}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Feb 25 19:47:42 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (Cactus-Heag) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color ("forest green") - :comments ("Cactus Official IPs") - :ipaddr (10.222.0.23) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{8D0684BB-A091-45F1-90D7-35AC66F6CE2E}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (Cactus-InternetTransfer - :AdminInfo ( - :chkpf_uid ("{408C820D-33A1-4E25-B576-EC826F525DCD}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Feb 25 20:49:59 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (Cactus-InternetTransfer) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.24) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{019385B1-7834-4C96-A99D-EA1BC5F3B1F3}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (CactusDSL-DHCP - :AdminInfo ( - :chkpf_uid ("{4F363EC1-417F-4F6D-B8DC-21875B3E4AC6}") - :ClassName (address_range) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Feb 25 20:54:55 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (CactusDSL-DHCP) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :color (black) - :comments () - :ipaddr_first (10.222.0.25) - :ipaddr_last (10.222.0.26) - :type (machines_range) - ) - : (paybox-10.222.0.27 - :AdminInfo ( - :chkpf_uid ("{2EF7EE27-EB4A-447A-B8FE-8A367BCD19E0}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{63E2E2DB-2D24-4B23-9A04-D003371692BE}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:40:34 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-10.222.0.27) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.27) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D1455603-2D6E-40DE-AACA-B19DA884C309}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-10.222.0.28 - :AdminInfo ( - :chkpf_uid ("{7BDD2C1E-B632-4342-A7FA-055FB7790AFC}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{4C8AAF89-DDF6-4D95-9A6F-76755563FEB7}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:41:12 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-10.222.0.28) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.28) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{79D5131C-B9CF-49FC-BDFF-E57213796A88}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-10.222.0.29 - :AdminInfo ( - :chkpf_uid ("{30E9FBBC-84F2-4AA5-8E83-3D2FBE17B82B}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{3EBAAF92-00D6-41FF-BD92-B00F146CC85A}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:41:50 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-10.222.0.29) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.29) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{8BD04057-F288-44C9-815B-0C6C30BFECD3}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-10.222.0.30 - :AdminInfo ( - :chkpf_uid ("{A915A86D-0ADD-4FF3-9986-27D96FFB0EAE}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{23CB3782-4AD4-44CE-8E17-DA87B28CAA78}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:42:17 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-10.222.0.30) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.30) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{1ADD6F6C-BC1D-4E8C-B82F-71C079A91DAA}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-10.222.0.31 - :AdminInfo ( - :chkpf_uid ("{40032AA5-60A7-4F1B-AB53-96695880ED25}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{4A88E9A8-AAE3-45D1-B703-DAB2DB5582D0}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:42:51 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-10.222.0.31) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments (gateway) - :ipaddr (10.222.0.31) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{40D1A5E5-DB0C-457E-AC81-70F174E54B36}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-alle-netze - :AdminInfo ( - :chkpf_uid ("{17EB75CC-2538-48EF-809F-C5C5D808214A}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{502DBDBD-EE2E-4729-9294-B6A8C75861F3}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 15 20:51:53 2003") - :By (tim) - :From (STICHLING) - ) - :name (paybox-alle-netze) - ) - : (ReferenceObject - :Table (network_objects) - :Name (paybox-raunheim) - :Uid ("{0A1725B4-534D-46F1-A8C0-02C3351C8312}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (paybox-10.30.0 - :AdminInfo ( - :chkpf_uid ("{D4C16451-2329-4472-A5B7-57B81057B2C8}") - :ClassName (network) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{F033472D-1808-46FA-BE3E-611CAD75F23E}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Feb 22 20:39:16 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (paybox-10.30.0) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.32) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{E3E0DB32-3359-476D-A635-32007BD47E1D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-frankfurt - :AdminInfo ( - :chkpf_uid ("{463C45CA-0C86-42DC-9B02-E83E28764370}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{80AFD32D-59B8-43A3-A3A7-C3EA05E23367}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sat Feb 22 20:39:52 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (paybox-frankfurt) - ) - : (ReferenceObject - :Name (paybox-10.30.0) - :Table (network_objects) - :Uid ("{D4C16451-2329-4472-A5B7-57B81057B2C8}") - ) - : (ReferenceObject - :Name (paybox-213.70.103) - :Table (network_objects) - :Uid ("{C5AE7301-030D-4C4E-9E63-AB4053BEB2AC}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (paybox-213.69.149 - :AdminInfo ( - :chkpf_uid ("{E9026D53-F670-4739-B9C3-1AE97B9FBE15}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{7B26CCF6-E04E-4B55-95E0-D8C29A5AE5A5}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Tue Jul 15 16:27:21 2003") - :By (stephan) - :From (vaio) - ) - :name (paybox-213.69.149) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments ("10.222.0.33/32") - :ipaddr (10.222.0.33) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{3CBBF669-133A-4808-B3E7-B4C94DBF081C}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-213.70.103 - :AdminInfo ( - :chkpf_uid ("{C5AE7301-030D-4C4E-9E63-AB4053BEB2AC}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{A3E49847-44E5-4C29-A011-B710399F1881}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Tue Jul 15 16:27:21 2003") - :By (stephan) - :From (vaio) - ) - :name (paybox-213.70.103) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments ("10.222.0.34/32") - :ipaddr (10.222.0.34) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{114183D4-4482-4D60-894D-EFD8222BD4E8}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (paybox-raunheim - :AdminInfo ( - :chkpf_uid ("{0A1725B4-534D-46F1-A8C0-02C3351C8312}") - :ClassName (network_object_group) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{94774A3C-1D92-412B-A220-6AAB0D9EEF51}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jul 21 19:28:32 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (paybox-raunheim) - ) - : (ReferenceObject - :Name (paybox-10.222.0.27) - :Table (network_objects) - :Uid ("{2EF7EE27-EB4A-447A-B8FE-8A367BCD19E0}") - ) - : (ReferenceObject - :Name (paybox-10.222.0.28) - :Table (network_objects) - :Uid ("{7BDD2C1E-B632-4342-A7FA-055FB7790AFC}") - ) - : (ReferenceObject - :Name (paybox-10.222.0.29) - :Table (network_objects) - :Uid ("{30E9FBBC-84F2-4AA5-8E83-3D2FBE17B82B}") - ) - : (ReferenceObject - :Name (paybox-10.222.0.31) - :Table (network_objects) - :Uid ("{40032AA5-60A7-4F1B-AB53-96695880ED25}") - ) - : (ReferenceObject - :Name (paybox-10.222.0.30) - :Table (network_objects) - :Uid ("{A915A86D-0ADD-4FF3-9986-27D96FFB0EAE}") - ) - : (ReferenceObject - :Name (paybox-213.70.103) - :Table (network_objects) - :Uid ("{C5AE7301-030D-4C4E-9E63-AB4053BEB2AC}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (IsoAAAD_eth1 - :AdminInfo ( - :chkpf_uid ("{932BDE10-E9C1-4DD6-AB1D-11D57CE91F00}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Apr 1 17:11:35 2004") - :By (holger) - :From (dragonfly) - ) - :name (IsoAAAD_eth1) - ) - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (t-online) - :Table (network_objects) - :Uid ("{C3D65C4B-6498-4E00-9BAF-15539231E8EE}") - ) - :color (Foreground) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (IsoAAAA-100 - :AdminInfo ( - :chkpf_uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - :ClassName (network) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{0461DB3A-AC66-4603-9264-9646289CDFF0}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 12:15:56 2004") - :By (andre) - :From (gateway) - ) - :name (IsoAAAA-100) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (disallow) - :color (black) - :comments () - :ipaddr (10.222.0.35) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{392661F1-45BC-4F78-AD42-B6A199EFB38D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (daba - :AdminInfo ( - :chkpf_uid ("{94817CDB-EA8C-4213-B38D-F4417EA620C6}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Aug 1 12:48:13 2004") - :By (tim) - :From (pieks) - ) - :name (daba) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{87E22239-B653-4FFC-AEBF-05E54A5FAC2B}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments ("database server") - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.36) - :type (host) - ) - : (allNet - :AdminInfo ( - :chkpf_uid ("{8C20ECB8-A6DB-4C35-B79A-D12ECE559C77}") - :ClassName (address_range) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Aug 17 21:33:42 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (allNet) - ) - :add_adtr_rule (false) - :edges () - :NAT () - :color (black) - :comments (everything) - :ipaddr_first (0.0.0.0) - :ipaddr_last (255.255.255.255) - :type (machines_range) - ) - : (IsoAAAA_home_stephan - :AdminInfo ( - :chkpf_uid ("{B86B46D5-DCB5-4A25-A0B6-766D78D30780}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 16 16:38:51 2004") - :By (stephan) - :From (gateway) - ) - :name (IsoAAAA_home_stephan) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{F1BDDF41-0018-425A-BC22-16B4152381BF}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color (black) - :comments ("Stephan's Netze") - :ipaddr (10.222.0.37) - :netmask (255.255.255.255) - :type (network) - ) - : (IsoAAAA_home_tim - :AdminInfo ( - :chkpf_uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 16 16:39:22 2004") - :By (stephan) - :From (gateway) - ) - :name (IsoAAAA_home_tim) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (green) - :comments ("10.222.0.38/32") - :ipaddr (10.222.0.38) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{E9B5F7A4-CC68-41C2-BE23-DF0A2D54E0D7}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (Cactus_home_test_2 - :AdminInfo ( - :chkpf_uid ("{3CB93962-2930-41A7-8067-FC373151BB91}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 22 13:27:12 2004") - :By (stephan) - :From (gateway) - ) - :name (Cactus_home_test_2) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{90366C6B-50ED-4AD3-AB1E-73DDD97F0C32}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments ("nat, war frei f�r test") - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.39) - :type (host) - ) - : (IsoAAAA_home_test_3 - :AdminInfo ( - :chkpf_uid ("{3B37A3DE-4411-4FFC-9E54-3ABC5C4F693B}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 22 13:29:00 2004") - :By (stephan) - :From (gateway) - ) - :name (IsoAAAA_home_test_3) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{615B2573-914D-483E-94BF-88142A4E938D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments (orig_source) - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.40) - :type (host) - ) - : (hpux - :AdminInfo ( - :chkpf_uid ("{BF00A847-A0D6-4A75-BE1C-27E7D91EDB55}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Sep 27 07:52:27 2004") - :By (tim) - :From (pieks) - ) - :name (hpux) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{2607915D-F3D5-43F8-B6C3-599AA00195B3}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments ("hp-ux-test for hardening") - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.41) - :type (host) - ) - : (Cactus-Official - :AdminInfo ( - :chkpf_uid ("{2136B4E8-3ABF-4931-BDB9-12CDF457D4A4}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:26:37 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-Official) - ) - :members_query () - : (ReferenceObject - :Name (Cactus-Heag) - :Table (network_objects) - :Uid ("{83B5E8DA-0AC8-4B27-9EB4-750F7521EB61}") - ) - : (ReferenceObject - :Name (Cactus-Telefonica) - :Table (network_objects) - :Uid ("{1F2B8DAD-46AD-4E8B-8B94-D7524713EB39}") - ) - :color (black) - :comments () - :member_class (network_object) - :type (group) - ) - : (IsoAAAD_extern - :AdminInfo ( - :chkpf_uid ("{DB456CE7-0DCA-423F-A5E4-9FA976C0B594}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:28:11 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (IsoAAAD_extern) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{E10D68CF-49A0-49E2-BD41-F3501F9AC613}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (green) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.42) - :type (host) - ) - : (Cactus-DMZ1 - :AdminInfo ( - :chkpf_uid ("{62523F8E-9AE0-4CC0-82C6-BB41846BA2B7}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:30:05 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-DMZ1) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{A36075C6-6E18-44CD-AA68-156B28425E7C}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color ("forest green") - :comments ("10.222.0.22/32") - :ipaddr (10.222.0.22) - :netmask (255.255.255.255) - :type (network) - ) - : (Cactus-DMZ2 - :AdminInfo ( - :chkpf_uid ("{61AB70E0-5514-43CF-9194-B37A13EC102D}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:30:56 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-DMZ2) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{9560D37A-C58D-4BED-9BA7-012AFD867887}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color ("forest green") - :comments ("10.222.0.43/32") - :ipaddr (10.222.0.43) - :netmask (255.255.255.255) - :type (network) - ) - : (Cactus-DMZ3 - :AdminInfo ( - :chkpf_uid ("{DE80C48A-20E5-4396-BBA2-9E0AE9B95383}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:32:05 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-DMZ3) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{C6B94E29-F2A7-44C9-B730-F5B6757F6C63}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color ("forest green") - :comments ("10.222.0.23/32") - :ipaddr (10.222.0.23) - :netmask (255.255.255.255) - :type (network) - ) - : (speedy2 - :AdminInfo ( - :chkpf_uid ("{B4DB2EF5-42D8-41DC-9A1C-33310FDFB184}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:39:12 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (speedy2) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{57F30020-0328-467D-8FBE-0B565E807D9F}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (orange) - :comments ("Silkes Rechner") - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.44) - :type (host) - ) - : (www.t-update.de - :AdminInfo ( - :chkpf_uid ("{8F3990BA-9B98-4260-888D-100CA19D688F}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 21:19:50 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (www.t-update.de) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{47B256C1-6339-44A4-A5B3-814C177025F1}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color ("deep pink") - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.45) - :type (host) - ) - : (www1.sda.t-online.de - :AdminInfo ( - :chkpf_uid ("{01ADF4A6-6639-4CD9-9336-A3D2CC0182B9}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 21:22:15 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (www1.sda.t-online.de) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{738A5B60-ADE1-4631-8861-E4DB4453DD30}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color ("deep pink") - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.46) - :type (host) - ) - : (update2.t-online - :AdminInfo ( - :chkpf_uid ("{DFBF3C44-7C42-4FA0-A73F-2DA57B106127}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 21:24:02 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (update2.t-online) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{F377E73F-A48F-4286-9305-E505B1C4B79F}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color ("deep pink") - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.47) - :type (host) - ) - : (t-onlineUpdate - :AdminInfo ( - :chkpf_uid ("{99089D97-0EB3-4CE6-8C78-79BC61ECE307}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 21:25:01 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (t-onlineUpdate) - ) - :members_query () - : (ReferenceObject - :Name (update2.t-online) - :Table (network_objects) - :Uid ("{DFBF3C44-7C42-4FA0-A73F-2DA57B106127}") - ) - : (ReferenceObject - :Name (www.t-update.de) - :Table (network_objects) - :Uid ("{8F3990BA-9B98-4260-888D-100CA19D688F}") - ) - : (ReferenceObject - :Name (www1.sda.t-online.de) - :Table (network_objects) - :Uid ("{01ADF4A6-6639-4CD9-9336-A3D2CC0182B9}") - ) - :color ("deep pink") - :comments () - :member_class (network_object) - :type (group) - ) - : (auth1.lhsystems.com - :AdminInfo ( - :chkpf_uid ("{D60E902E-4BE8-43E0-95DC-BFE60E86965F}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:20:12 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (auth1.lhsystems.com) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{5296EABE-CD28-417D-B3F6-26D44B7A6929}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (firebrick) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.48) - :type (host) - ) - : (LSYI-pptp - :AdminInfo ( - :chkpf_uid ("{DF2F1A45-9938-4006-A550-0421F3DAA3E2}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:22:17 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (LSYI-pptp) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{808DE519-4384-40CA-A3B4-1C12A22D03A9}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color (gold) - :comments ("10.222.0.49/32") - :ipaddr (10.222.0.49) - :netmask (255.255.255.255) - :type (network) - ) - : (IP-255 - :AdminInfo ( - :chkpf_uid ("{589C570C-0905-4946-9736-9BD05B95FBF6}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:29:36 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (IP-255) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{554786B0-07BA-4411-BF5C-F110F4CDF47C}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (255.255.255.255) - :type (host) - ) - : (Drop_nologDest - :AdminInfo ( - :chkpf_uid ("{79369987-B128-4B3F-827C-3C936F7C3F53}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:29:41 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (Drop_nologDest) - ) - :members_query () - : (ReferenceObject - :Name (IP-255) - :Table (network_objects) - :Uid ("{589C570C-0905-4946-9736-9BD05B95FBF6}") - ) - :color (black) - :comments () - :member_class (network_object) - :type (group) - ) - : (spike.local - :AdminInfo ( - :chkpf_uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 08:43:06 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (spike.local) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (black) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.50) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{80CBD075-13E9-4F84-BCA5-32D480915D3B}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (LSYI-WWA - :AdminInfo ( - :chkpf_uid ("{3ECB1B79-1A26-41A3-90F9-71BE179A7211}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 10:09:48 2004") - :By (IsoAAAF) - :From (scratchy) - ) - :name (LSYI-WWA) - ) - :members_query () - : (ReferenceObject - :Name (auth1.lhsystems.com) - :Table (network_objects) - :Uid ("{D60E902E-4BE8-43E0-95DC-BFE60E86965F}") - ) - : (ReferenceObject - :Name (LSYI-pptp) - :Table (network_objects) - :Uid ("{DF2F1A45-9938-4006-A550-0421F3DAA3E2}") - ) - :color (gold) - :comments () - :member_class (network_object) - :type (group) - ) - : (mail.hayn.de - :AdminInfo ( - :chkpf_uid ("{741A5834-3EA7-4899-92F4-3B365DDBCD98}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 16:34:01 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.hayn.de) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{2581BB20-10CA-4806-8E36-0020A5BE895B}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (blue) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.51) - :type (host) - ) - : (mail.purschke.de - :AdminInfo ( - :chkpf_uid ("{8EFADE68-A4E4-4BF3-B2C4-EDBD81769700}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 16:34:18 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.purschke.de) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{A4BD025C-525F-4C40-86BF-A4F93BC60B4C}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (blue) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.52) - :type (host) - ) - : (mail.IsoAAAA.de - :AdminInfo ( - :chkpf_uid ("{98537EEE-D16C-4C24-940F-6880836A7350}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 16:34:41 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.IsoAAAA.de) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{11B9ACD9-8F60-4611-A33D-D79FFE94455C}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (blue) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.53) - :type (host) - ) - : (mail.IsoAAAA-es.com - :AdminInfo ( - :chkpf_uid ("{B096EA6A-9B9D-4804-ADF0-E9D196210EDE}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 16:35:03 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.IsoAAAA-es.com) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{96AAF8C1-2F91-4581-B3A3-9E259D51D7FC}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (blue) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.54) - :type (host) - ) - : (MailServer - :AdminInfo ( - :chkpf_uid ("{17935795-6ADC-4B45-8E2B-BEC361E6CAB1}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 16:35:07 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (MailServer) - ) - :members_query () - : (ReferenceObject - :Name (mail.IsoAAAA.de) - :Table (network_objects) - :Uid ("{98537EEE-D16C-4C24-940F-6880836A7350}") - ) - : (ReferenceObject - :Name (mail.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{B096EA6A-9B9D-4804-ADF0-E9D196210EDE}") - ) - : (ReferenceObject - :Name (mail.hayn.de) - :Table (network_objects) - :Uid ("{741A5834-3EA7-4899-92F4-3B365DDBCD98}") - ) - : (ReferenceObject - :Name (mail.purschke.de) - :Table (network_objects) - :Uid ("{8EFADE68-A4E4-4BF3-B2C4-EDBD81769700}") - ) - :color (blue1) - :comments ("all Maildomains") - :member_class (network_object) - :type (group) - ) - : (sol8 - :AdminInfo ( - :chkpf_uid ("{86F22190-7D8D-435D-8906-A346CA12A17C}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Oct 2 16:28:42 2004") - :By (tim) - :From (pieks) - ) - :name (sol8) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{CC64DA48-EF9D-41E6-862A-BC87E9AEDB2F}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (black) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.55) - :type (host) - ) - : (t-online - :AdminInfo ( - :chkpf_uid ("{C3D65C4B-6498-4E00-9BAF-15539231E8EE}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Oct 3 14:33:10 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (t-online) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color ("deep pink") - :comments () - :ipaddr (10.222.0.56) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D7BABA12-EB8B-4603-81A3-02DD65E162B4}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (network) - ) - : (ras.IsoAAAA-es.com - :AdminInfo ( - :chkpf_uid ("{23B1E779-B8D5-4384-AD60-80E498B77196}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 4 19:53:42 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (ras.IsoAAAA-es.com) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{04E9B794-BC12-4F6F-B9AE-C0A08A74FF4A}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (cyan) - :comments () - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.57) - :type (host) - ) - : (Premier_Access - :AdminInfo ( - :chkpf_uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Oct 7 13:35:32 2004") - :By (andre) - :From (Roadrunner) - ) - :name (Premier_Access) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color ("medium slate blue") - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.58) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{38EF5369-2EDF-4CAA-BE8E-155605B4C87D}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 6 14:38:57 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (vpn-sources-IsoAAAA) - ) - : (ReferenceObject - :Name (IsoAAAA_home_stephan) - :Table (network_objects) - :Uid ("{B86B46D5-DCB5-4A25-A0B6-766D78D30780}") - ) - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (CactusDSL-DHCP) - :Table (network_objects) - :Uid ("{4F363EC1-417F-4F6D-B8DC-21875B3E4AC6}") - ) - : (ReferenceObject - :Name (Cactus-InternetTransfer) - :Table (network_objects) - :Uid ("{408C820D-33A1-4E25-B576-EC826F525DCD}") - ) - : (ReferenceObject - :Name (Cactus-Wlan) - :Table (network_objects) - :Uid ("{FFB3BAC5-FD79-4D0B-911A-7413DA524723}") - ) - : (ReferenceObject - :Name (wlan-router) - :Table (network_objects) - :Uid ("{426CC3AD-BE7D-45B6-AAAB-22BA0680EE21}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (Cactus10.222.0.1 - :AdminInfo ( - :chkpf_uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 6 16:10:22 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus10.222.0.1) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (blue) - :comments ("IBM Laptop with VMWare 6.11.2004") - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.1) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D2AFE9A3-FE6E-47EC-8A3D-93104C67F9B3}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (Cactus10.222.0.59 - :AdminInfo ( - :chkpf_uid ("{B0D01C29-857D-4A0A-BC23-66A08FCD094D}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 6 16:10:29 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus10.222.0.59) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{B0D01C29-857D-4A0A-BC23-66A08FCD094D}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (black) - :comments ("VIP-Net Koordinator auf VM-Ware IBM Laptop 5.11.2004") - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.59) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{52322F92-8A93-488B-93D3-6C8350FC9A52}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (SecOVID_Authserver - :AdminInfo ( - :chkpf_uid ("{DB220C3D-763C-46AB-A7D1-1F9C7C45910E}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 2 15:56:31 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (SecOVID_Authserver) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{DB220C3D-763C-46AB-A7D1-1F9C7C45910E}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (green) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.60) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{24962D03-284E-4ECD-AD98-86D19C8271B4}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (mail.light-life.netOld - :AdminInfo ( - :chkpf_uid ("{DF004F13-7986-4569-811C-6EC7391A8764}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jan 24 13:50:53 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.light-life.netOld) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{DF004F13-7986-4569-811C-6EC7391A8764}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (orange) - :comments ("Silkes Mail") - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.61) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{2E52BC89-F624-44E8-B100-A39B0AB9B399}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (mail.light-life.net - :AdminInfo ( - :chkpf_uid ("{C534904C-317E-431D-BF6C-03977CC08203}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jan 24 13:50:58 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (mail.light-life.net) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{C534904C-317E-431D-BF6C-03977CC08203}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (blue) - :comments () - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.62) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{59E4FEAD-7108-4E23-B865-7C7A401F382A}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (IsoAAAD_intern - :AdminInfo ( - :chkpf_uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jan 24 13:57:02 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (IsoAAAD_intern) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - :ClassName (SNMP) - ) - ) - :VPN () - :add_adtr_rule (false) - :additional_products () - :color (red) - :comments (10.222.0.63) - :cp_products_installed (false) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :ipaddr (10.222.0.63) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{F32BCF76-B27C-4087-AC45-A7A6DCB70413}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (host) - ) - : (IsoAAAA-office-mode-range - :AdminInfo ( - :chkpf_uid ("{AF3BE336-00D5-4975-B0C9-F759300D42D8}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Feb 1 14:12:41 2005") - :By (tim) - :From (pieks) - ) - :name (IsoAAAA-office-mode-range) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{669DDE9F-A4D3-4F79-AB66-6D46F1710730}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color (black) - :comments () - :ipaddr (10.222.0.64) - :netmask (255.255.255.255) - :type (network) - ) - : (Cactus-DMZ4 - :AdminInfo ( - :chkpf_uid ("{9C2C49CE-5100-423C-BECB-08951751059F}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Mar 31 20:38:45 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-DMZ4) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{BB469654-D760-4C34-8DED-EDB208914A3F}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color ("forest green") - :comments ("10.222.0.65/32") - :ipaddr (10.222.0.65) - :netmask (255.255.255.255) - :type (network) - ) - : (ITSecOrg-dev - :AdminInfo ( - :chkpf_uid ("{18122B8C-51F8-4102-B143-72DA4E57367D}") - :ClassName (host_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Apr 28 14:17:13 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (ITSecOrg-dev) - ) - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :add_adtr_rule (false) - :certificates () - :edges () - :enforce_gtp_rate_limit (false) - :gtp_rate_limit (2048) - :interfaces () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{9295DAEC-8C37-4E45-816D-977184D54CA4}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :SNMP () - :VPN () - :additional_products () - :color (blue1) - :comments ("development 4 ITSecOrg") - :cp_products_installed (false) - :firewall (not-installed) - :floodgate (not-installed) - :ipaddr (10.222.0.66) - :type (host) - ) - : (SonicLAN - :AdminInfo ( - :chkpf_uid ("{587A029D-04EA-49A0-9DB2-93ADC651B7BF}") - :ClassName (network) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue May 24 11:53:28 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (SonicLAN) - ) - :add_adtr_rule (false) - :edges () - :location (internal) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{82672588-DA60-4678-BCFE-9855BBA7B813}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :NAT () - :broadcast (allow) - :color ("light coral") - :comments ("4 VPN-Test") - :ipaddr (10.222.0.67) - :netmask (255.255.255.255) - :type (network) - ) - : (Cactus-Wlan - :AdminInfo ( - :chkpf_uid ("{FFB3BAC5-FD79-4D0B-911A-7413DA524723}") - :ClassName (address_range) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Tue May 24 15:51:05 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - :name (Cactus-Wlan) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :color (black) - :comments ("net for wlan") - :ipaddr_first (10.222.0.68) - :ipaddr_last (10.222.0.69) - :type (machines_range) - ) - : (CactusDA - :AdminInfo ( - :chkpf_uid ("{69DBB75C-7E6D-49AD-A814-96F1BAFF12F7}") - :ClassName (network_object_group) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jun 6 11:27:32 2005") - :By (andre) - :From (andres-laptop) - ) - :name (CactusDA) - ) - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (Cactus-Official) - :Table (network_objects) - :Uid ("{2136B4E8-3ABF-4931-BDB9-12CDF457D4A4}") - ) - : (ReferenceObject - :Name (Sonic1) - :Table (network_objects) - :Uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - ) - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - :color (black) - :comments () - :member_class (network_object) - :members_query () - :type (group) - ) - : (Sonic1 - :AdminInfo ( - :chkpf_uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - :ClassName (gateway_plain) - :table (network_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jun 23 14:32:41 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :certificates () - :edges () - :interfaces () - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - :ClassName (SNMP) - ) - ) - :isakmp.authmethods ( - : (pre-shared) - ) - :isakmp.matchpeer () - :FWZ () - :isakmp.encmethods ( - : (3DES) - : (DES) - ) - :isakmp.hashmethods ( - : (MD5) - : (SHA1) - ) - :isakmp.phase1_DH_groups ( - : (ReferenceObject - :Name ("Group 5 (1536 bit)") - :Table (encryption) - :Uid ("{97AEB62E-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :isakmpsharedkey () - :ISAKMP_aggressive_support (true) - :ike.empty_udp_socket (false) - :isakmp.crlreq (false) - :isakmp.phase1_rekeying_time (60) - :isakmp.phase2_rekeying_kbytes (50000) - :isakmp.phase2_rekeying_time (3600) - :isakmp.phase2_use_rekeying_kbytes (false) - :isakmpkeymanager () - :IKE ( - :AdminInfo ( - :chkpf_uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - :ClassName (IKE) - ) - ) - :ISAKMP_subnet_support (true) - :accept_3des_for_clientless_vpn (true) - :clientless_VPN_ask_user_for_certificate (none) - :clientless_proc_num (1) - :enable_internet_routing (false) - :enable_routing (true) - :ipsec.copy_TOS_to_inner (false) - :ipsec.copy_TOS_to_outer (true) - :ipsec_dont_fragment (true) - :isakmp.allowed_ca () - :isakmp.allowed_cert () - :isakmp.dn () - :isakmp.dns_name () - :isakmp.do_dns_resolve (false) - :isakmp.email () - :isakmp.ipcomp_support (false) - :isakmp.udpencapsulation ( - :AdminInfo ( - :chkpf_uid ("{7B561E2F-3476-4F65-B808-B887605A9F7C}") - :ClassName (IKE_UDP_encapsulation) - ) - :active (true) - :resource (ReferenceObject - :Table (services) - :Name (VPN1_IPSEC_encapsulation) - :Uid ("{97AEB390-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :tcpt ( - :AdminInfo ( - :chkpf_uid ("{32763E96-70C9-4186-B5D8-F99AEEC93FE1}") - :ClassName (TCP_TUNNELING) - ) - :active (false) - :interface ("All IPs") - :resource (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :third_party_encryption (true) - :use_cert () - :use_clientless_vpn (false) - :use_service (ReferenceObject - :Table (services) - :Name (https) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - :vpn_comp_level (2) - :VPN ( - :AdminInfo ( - :chkpf_uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - :ClassName (VPN) - ) - ) - :VPN_allow_relay (false) - :VPN_relay_if_name () - :add_adtr_rule (false) - :additional_products () - :backup_gateway () - :backup_gw (false) - :color (black) - :comments ("VPN Test") - :cp_products_installed (false) - :encdomain (manual) - :enforce_gtp_rate_limit (false) - :firewall (not-installed) - :floodgate (not-installed) - :gtp_rate_limit (2048) - :interface_resolving_ha_primary_if_GW () - :ip_pool_exhaust_ret_interval (30) - :ip_pool_gw2gw (false) - :ip_pool_securemote (false) - :ip_pool_securemote_allocation_name () - :ip_pool_unused_return_interval (60) - :ipaddr (10.222.0.59) - :manual_encdomain (ReferenceObject - :Name (SonicLAN) - :Table (network_objects) - :Uid ("{587A029D-04EA-49A0-9DB2-93ADC651B7BF}") - ) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{FDEAA053-4C49-4838-A711-7C0DEB9E0AB0}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :perform_encryption (true) - :range_encdomain () - :type (gateway) - ) - : (IsoAAAD - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (gateway_ckp) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{EB6FC940-52CD-4BD6-904C-EB31739BDA15}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (network_objects) - :Deleteable (false) - :Renameable (false) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jun 23 14:32:41 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :backup_gateway () - :certificates ( - : (defaultCert - :AdminInfo ( - :chkpf_uid ("{C1CADC7F-56D0-42CB-9EE4-CBCBFE50930A}") - :ClassName (certificate) - ) - :"#certreq-pki-gen" (false) - :"#pki-host-cert-set" (false) - :ca (ReferenceObject - :Name (internal_ca) - :Table (servers) - :Uid ("{29DD801C-414C-11D7-AEB8-7F0000013C3C}") - ) - :dn ("CN=IsoAAAD VPN Certificate,O=IsoAAAD.IsoAAAA-es.de..jnbkhk") - :pkisignkey (c9b51d2a6789df31ea72d712) - :status (signed) - :stored.at (management_server) - ) - ) - :edges () - :free_fields () - :interfaces ( - :0 ( - :AdminInfo ( - :chkpf_uid ("{29C486E8-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (interface) - ) - :edges () - :diff_serv_values () - :diff_serv (false) - :fg_inbound_active (false) - :fg_inbound_rate (5898240) - :fg_outbound_active (false) - :fg_outbound_rate (5898240) - :bandwidth ( - :AdminInfo ( - :chkpf_uid ("{29C486E8-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (interface_bandwidth) - ) - ) - :comments () - :description () - :dynamic_ip (false) - :ifindex (0) - :ipaddr (10.222.0.63) - :netmask (255.255.255.255) - :officialname (eth0) - :antispoof (true) - :netaccess ( - :AdminInfo ( - :chkpf_uid ("{29C47BDA-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (netaccess) - ) - :access (undefined) - :allowed () - :enable_overlapping_nat (false) - :force_policy (true) - :leads_to_internet (false) - :log (alert) - :overlap_nat_dst_ipaddr () - :overlap_nat_netmask (255.255.255.255) - :overlap_nat_src_ipaddr () - :perform_anti_spoofing (false) - ) - :security ( - :AdminInfo ( - :chkpf_uid ("{29C486E8-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (interface_security) - ) - ) - :shared (true) - ) - :1 ( - :AdminInfo ( - :chkpf_uid ("{BE1E514B-74C7-4EA3-B375-A0752C2C9F9A}") - :ClassName (interface) - ) - :edges () - :bandwidth () - :comments () - :description () - :dynamic_ip (false) - :ifindex (1) - :ipaddr (10.222.0.42) - :netmask (255.255.255.255) - :officialname (eth1) - :antispoof (true) - :netaccess ( - :AdminInfo ( - :chkpf_uid ("{8602D66D-CE3F-428D-9A10-F9D5112DCF93}") - :ClassName (netaccess) - ) - :access (undefined) - :allowed () - :enable_overlapping_nat (false) - :force_policy (true) - :leads_to_internet (true) - :log (log) - :overlap_nat_dst_ipaddr () - :overlap_nat_netmask (255.255.255.255) - :overlap_nat_src_ipaddr () - :perform_anti_spoofing (true) - ) - :security ( - :AdminInfo ( - :chkpf_uid ("{BE1E514B-74C7-4EA3-B375-A0752C2C9F9A}") - :ClassName (interface_security) - ) - ) - :shared (true) - ) - ) - :masters () - :Enable_CPSyslogD (false) - :Everest (false) - :IPSec_orig_if_nat (true) - :MetaIP_Admin_Server (false) - :MetaIP_DHCP_Server (false) - :MetaIP_DNS_Server (false) - :MetaIP_RADIUS_Server (false) - :MetaIP_UAT (false) - :NAT () - :read_community () - :sysContact () - :sysDescr () - :sysLocation () - :sysName () - :write_community () - :SNMP ( - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (SNMP) - ) - ) - :SmallOffice (false) - :UA_WebAccess (false) - :UA_gateway (false) - :UA_server (false) - :isakmp.authmethods ( - : (pre-shared) - ) - :isakmp.matchpeer () - :FWZ () - :isakmp.encmethods ( - : (3DES) - : (AES-256) - : (CAST) - ) - :isakmp.hashmethods ( - : (MD5) - : (SHA1) - ) - :isakmp.phase1_DH_groups ( - : (ReferenceObject - :Name ("Group 2 (1024 bit)") - :Table (encryption) - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name ("Group 5 (1536 bit)") - :Table (encryption) - :Uid ("{97AEB62E-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :isakmpsharedkey ( - : (tmp-IsoAAAA.mine.nu) - : (IsoAAAA-ffm) - ) - :ISAKMP_aggressive_support (true) - :ike.empty_udp_socket (false) - :isakmp.crlreq (false) - :isakmp.phase1_rekeying_time (60) - :isakmp.phase2_rekeying_kbytes (50000) - :isakmp.phase2_rekeying_time (3600) - :isakmp.phase2_use_rekeying_kbytes (false) - :isakmpkeymanager () - :IKE ( - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (IKE) - ) - ) - :ISAKMP_subnet_support (true) - :accept_3des_for_clientless_vpn (false) - :clientless_VPN_ask_user_for_certificate (ask) - :clientless_proc_num (1) - :enable_internet_routing (false) - :enable_routing (true) - :ipsec.copy_TOS_to_inner (false) - :ipsec.copy_TOS_to_outer (true) - :ipsec_dont_fragment (true) - :isakmp.allowed_ca () - :isakmp.allowed_cert () - :isakmp.dn () - :isakmp.dns_name () - :isakmp.do_dns_resolve (false) - :isakmp.email () - :isakmp.ipcomp_support (false) - :isakmp.udpencapsulation ( - :AdminInfo ( - :chkpf_uid ("{3D18AC86-B15C-46DA-8C2B-4A8549E5B3DF}") - :ClassName (IKE_UDP_encapsulation) - ) - :active (true) - :resource (ReferenceObject - :Name (VPN1_IPSEC_encapsulation) - :Table (services) - :Uid ("{97AEB390-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :tcpt ( - :AdminInfo ( - :chkpf_uid ("{C0FB535C-83FE-11D8-AF49-C0A8645AD0D0}") - :ClassName (TCP_TUNNELING) - ) - :active (false) - :interface ("All IPs") - :resource (ReferenceObject - :Table (services) - :Name (https) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :third_party_encryption (false) - :use_cert () - :use_clientless_vpn (false) - :use_service (ReferenceObject - :Table (services) - :Name (https) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - :vpn_comp_level (2) - :VPN ( - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (VPN) - ) - ) - :VPN_1 (true) - :VPN_allow_relay (false) - :VPN_relay_if_name () - :WAM (false) - :add_adtr_rule (false) - :additional_products () - :allow_extranet (false) - :amazonas_machine (false) - :apply_nat_for_cp_conns (false) - :asm_synatk (false) - :asm_synatk_external_only (false) - :asm_synatk_log (none) - :asm_synatk_log_level (1) - :asm_synatk_threshold (200) - :asm_synatk_timeout (10) - :au_timeout (15) - :backup_gw (false) - :ca_wait_mode (false) - :color (black) - :comments () - :connection_state (communicating) - :copy_DF_flag_SR (false) - :cp_products_installed (true) - :cp_suite_type (pro) - :cpver (5.0) - :default_track (alert) - :define_logging_servers (false) - :disable_replay_check (false) - :display_name_for_sr_sc () - :enable_rtm_counters_report (true) - :enable_rtm_traffic_report (false) - :enable_rtm_traffic_report_per_connection (false) - :encdomain (manual) - :enforce_gtp_rate_limit (false) - :event_analyzer (false) - :exportable (true) - :firewall (installed) - :auth_user_groups (ReferenceObject - :Table (globals) - :Name ("All Users") - :Uid ("{97AEB36A-9AEB-11D5-BD16-0090272CCB30}") - ) - :custom_multi_server_au_list () - :misp_dns_entries () - :misp_isps () - :DAG (false) - :DAG_manual_fetch (false) - :DAG_schedule_interval () - :IPSec_main_if_nat (false) - :NAT_cache_expiration (30) - :NAT_cache_nentries (10000) - :SDS (not-installed) - :allow_VPN_routing_from_SR (false) - :calculation_type (partially_automatic) - :connections_hashsize (32768) - :connections_limit (25000) - :disable_outgoing_tcpt (false) - :display_au_list (false) - :ftp_transparent_server_connection (true) - :fw_hmem_maxsize (30) - :fw_hmem_size (6) - :fw_keep_old_conns (false) - :fw_rst_expired_conn (false) - :fwver (5.0) - :generic_transparent_server_connection (true) - :host_schemes_val (122) - :http_next_proxy_defined (false) - :http_transparent_server_connection (true) - :ip_assignment_group () - :ip_assignment_offer (never) - :ip_assignment_settings () - :l2tp_auth_method (MD5) - :max_concurrent_gw_tunnels (200) - :max_concurrent_vpn_tunnels (10000) - :max_num_negs (200) - :misp_active (false) - :misp_cache_hashsize (4096) - :misp_cache_limit (10000) - :misp_cache_timeout (300) - :misp_cache_use_cln (true) - :misp_cache_use_srv (false) - :misp_dns_active (false) - :misp_dns_ttl (15) - :misp_host_is_dead_after (15) - :misp_load_sharing (true) - :misp_ping_interval (5) - :misp_ping_wait_time (3) - :misp_pings_per_interval (1) - :misp_track_isp_went_down (alert) - :misp_track_isp_went_up (log) - :netso () - :non_tcp_quota_enable (false) - :non_tcp_quota_percentage (50) - :policy_server (not-installed) - :remote_access_nrules (4) - :rlogin_transparent_server_connection (true) - :save_control_conns (false) - :save_data_conns (false) - :smtp ( - :AdminInfo ( - :chkpf_uid ("{29C42F18-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (smtp_module) - ) - :abandon_time (43200) - :detailed_av_err_mail (false) - :detailed_rb_err_mail (false) - :detailed_smtp_err_mail (false) - :max_conns (40) - :max_conns_per_site (6) - :max_ips_per_mx_node (1) - :max_mail_size (1000) - :max_mails_per_conn (20) - :max_mx_node_per_mail (5) - :maxrecipients (50) - :postmaster () - :resend_period (600) - :rundir () - :scan_period (2) - :spool_limit (20000) - :spool_limit_scan_period (20) - :timeout (90) - ) - :smtp_transparent_server_connection (false) - :support_l2tp (false) - :telnet_transparent_server_connection (true) - :use_cert_for_l2tp () - :use_custom_au_list (false) - :use_sequential_au_lookup (false) - :xrs (false) - :firewall_setting ( - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (firewall) - ) - ) - :floodgate (not-installed) - :fgver (5.0) - :floodgate_setting ( - :AdminInfo ( - :chkpf_uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (floodgate) - ) - ) - :fwldap_RequestTimeout (20) - :fwsynatk_max (5000) - :fwsynatk_method (0) - :fwsynatk_timeout (10) - :fwsynatk_warning (1) - :gtp_rate_limit (2048) - :gx_version (2.0) - :hosted_by_mds () - :http_next_proxy_host () - :http_next_proxy_port () - :ike_support_crash_recovery_sr (true) - :interface_resolving_ha (false) - :interface_resolving_ha_GW (false) - :interface_resolving_ha_primary_if_GW () - :ip_pool_exhaust_ret_interval (30) - :ip_pool_gw2gw (false) - :ip_pool_securemote (false) - :ip_pool_securemote_allocation_name () - :ip_pool_unused_return_interval (60) - :ipaddr (10.222.0.63) - :keep_DF_flag (false) - :keep_DF_flag_SR (false) - :location (internal) - :log_consolidator (false) - :log_policy ( - :AdminInfo ( - :chkpf_uid ("{29C3E8F0-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (log_policy) - ) - :Citrix_ICA_application_detection (false) - :acct_update_interval (3600) - :alert_free_disk_space (20) - :alert_free_disk_space_metrics (mbytes) - :alert_on_disk_space (true) - :alert_type (alert) - :etm_logging (true) - :forward_event (false) - :forward_logs (false) - :log_delete_below_metrics (mbytes) - :log_delete_below_value (45) - :log_delete_on_below (false) - :log_delete_on_run_script (false) - :log_delete_script_command () - :log_forward_schedule () - :log_forward_target () - :log_keep_days_value (0) - :log_keep_on_days (false) - :log_switch_before_forwarding (false) - :log_switch_on_file_size (true) - :log_switch_schedule () - :log_switch_size (100) - :min_free_disk_space (15) - :reject_connections (true) - :scheduled_switch (false) - :stop_free_disk_space_metrics (mbytes) - :stop_logging_on_free_disk_space (true) - ) - :log_server (true) - :log_servers ( - :AdminInfo ( - :chkpf_uid ("{BB06EAAB-D151-444E-BAC8-98C29198FED4}") - :ClassName (log_servers) - ) - :backup_log_servers () - :send_alerts_to () - :send_logs_to () - :self_log_server (false) - ) - :management (true) - :manual_encdomain (ReferenceObject - :Name (CactusDA) - :Table (network_objects) - :Uid ("{69DBB75C-7E6D-49AD-A814-96F1BAFF12F7}") - ) - :mds () - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{29C3F3D6-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (operating_system) - ) - :name (secureplatform) - :sp ("#1 Wed Nov 19 19:54:48 GMT 2003") - :version (2.4.9-42cp) - ) - :option_pack (4) - :owner () - :perform_encryption (true) - :performancepack (false) - :primary_management (true) - :radius_server (ReferenceObject - :Table (globals) - :Name (None) - :Uid ("{97AEB36A-9AEA-11D5-BD16-0090272CCB30}") - ) - :range_encdomain () - :real_time_monitor (false) - :reporting_server (false) - :resolve_multiple_interfaces (false) - :resolve_multiple_interfaces_GW (false) - :sam_allow_remote_request (true) - :sam_enable_purge_history_file (false) - :sam_proxy_backwards_compatibility_security_method () - :sam_purge_file_start_size (100) - :sic_name ("cn=cp_mgmt,o=IsoAAAD.IsoAAAA-es.de..jnbkhk") - :support_sr_ike_mm (true) - :supports_tcp_ike (use_site_default) - :type (gateway) - :upload_logs (true) - :use_loggers_and_masters (true) - :used_globaly (false) - :user_friendly () - :vpnddcate (false) - :web_auth () - ) - ) - :servers (servers - : (internal_ca - :AdminInfo ( - :LastModified ( - :Time ("Sun Feb 16 01:15:40 2003") - :By ("Firewall Management Process") - :From (IsoAAAD) - ) - :chkpf_uid ("{29DD801C-414C-11D7-AEB8-7F0000013C3C}") - :ClassName (internal_ca_server) - :Deleteable (false) - :table (servers) - :name (internal_ca) - ) - :permissions_strings () - :use_cn_to_fetch_user (false) - :ca_type (internal) - :cacertificate () - :cacertsignkey (dd743a1f4010fadb90d0d8ad) - :color (black) - :comments () - :crl_cache_timeout (86400) - :crl_cache_type (Timeout) - :crl_http (true) - :crl_ldap (false) - :dn ("O=IsoAAAD.IsoAAAA-es.de..jnbkhk") - :internal_CA_check_CRL (true) - :permissions_type (None) - :type (ca) - ) - : (PremierAccess - :AdminInfo ( - :chkpf_uid ("{9484F12B-7004-4574-8BF1-306A4836D397}") - :ClassName (radius_server) - :table (servers) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Oct 7 14:00:42 2004") - :By (andre) - :From (Roadrunner) - ) - ) - :color (blue) - :comments (Radius) - :new_shared_secret (e855fbb32a) - :priority (1) - :server (ReferenceObject - :Name (Premier_Access) - :Table (network_objects) - :Uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - ) - :service (ReferenceObject - :Name (NEW-RADIUS) - :Table (services) - :Uid ("{97AEB41E-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (radius) - :version ("RADIUS Ver. 2.0") - ) - : (SecOVID - :AdminInfo ( - :chkpf_uid ("{9F7FBB97-1E72-4A3C-9FF7-08D5B5A4FAFF}") - :ClassName (radius_server) - :table (servers) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Oct 7 15:20:35 2004") - :By (stephan) - :From (Pegasus) - ) - ) - :color (green) - :comments (testinstall) - :new_shared_secret (e1e053fda323) - :priority (2) - :server (ReferenceObject - :Name (SecOVID_Authserver) - :Table (network_objects) - :Uid ("{DB220C3D-763C-46AB-A7D1-1F9C7C45910E}") - ) - :service (ReferenceObject - :Name (NEW-RADIUS) - :Table (services) - :Uid ("{97AEB41E-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (radius) - :version ("RADIUS Ver. 2.0") - ) - ) - :resources_types (resources_types - : ("CIFS spec" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36D-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (resource_type) - :table (resources_types) - ) - :type (cifs) - ) - : ("URI spec" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (resource_type) - :table (resources_types) - :name ("URI spec") - ) - :type (uri) - ) - : ("SMTP spec" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (resource_type) - :table (resources_types) - :name ("SMTP spec") - ) - :type (smtp) - ) - : ("FTP spec" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (resource_type) - :table (resources_types) - :name ("FTP spec") - ) - :type (ftp) - ) - ) - :protocols (protocols - : (ENC-HTTP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{8294399D-9333-4774-B3DA-C00EACEF3211}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler () - :res_type (ReferenceObject - :Name ("URI spec") - :Table (resources_types) - :Uid ("{97AEB36D-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (SSL_V3 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{16A704F7-7BD7-49BD-A52A-525AAEDAE7AB}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler (ssl_v3_code) - :res_type (none) - :type (tcp_protocol) - ) - : (FTP_BASIC - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{DE35C446-D028-4451-9095-84597C97B78A}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler (ftp_reduced) - :res_type (ReferenceObject - :Name ("FTP spec") - :Table (resources_types) - :Uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (SSH2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{55F4C5D7-60D9-44B3-9BD4-C3F76B7C8360}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler (ssh2_code) - :res_type (none) - :type (tcp_protocol) - ) - : (CitrixICA - :AdminInfo ( - :LastModified ( - :Time ("Thu Apr 10 17:36:34 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{C59AA9F5-FF06-4A15-BB4F-945D7DAB69B7}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler (citrix_ica_code) - :res_type (none) - :type (tcp_protocol) - ) - : (SQL_SLAMMER - :AdminInfo ( - :LastModified ( - :Time ("Thu Apr 10 17:36:34 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{A9B88863-0786-4961-B1E9-DDC2FA723135}") - :ClassName (udp_protocol) - :table (protocols) - ) - :handler (sql_worm_slammer) - :res_type (none) - :type (udp_protocol) - ) - : (FTP-BIDIR - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{8026ECE8-E867-4c4c-9E10-08AC73B709B1}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler (ftp_bidir_code) - :res_type (ReferenceObject - :Name ("FTP spec") - :Table (resources_types) - :Uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (CIFS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB373-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (tcp_protocol) - :table (protocols) - ) - :handler () - :res_type (ReferenceObject - :Name ("CIFS spec") - :Table (resources_types) - :Uid ("{97AEB36D-9AEA-11D5-BD16-0090272CCB31}") - ) - :type (tcp_protocol) - ) - : (H.323_ANY - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB377-9AEA-11D5-BD16-0090272CCB35}") - :ClassName (tcp_protocol) - :table (protocols) - :name (H.323_ANY) - ) - :handler (h323_h225_code_any) - :res_type (none) - :type (tcp_protocol) - ) - : (H.323_RAS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (udp_protocol) - :table (protocols) - :name (H.323_RAS) - ) - :handler (h323_ras_code) - :res_type (none) - :type (udp_protocol) - ) - : (SIP_UDP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB37}") - :ClassName (udp_protocol) - :table (protocols) - :name (SIP_UDP) - ) - :handler (sip_manager) - :res_type (none) - :type (udp_protocol) - ) - : (SIP_UDP_ANY - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB38}") - :ClassName (udp_protocol) - :table (protocols) - :name (SIP_UDP_ANY) - ) - :handler (sip_manager_any) - :res_type (none) - :type (udp_protocol) - ) - : (FTP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB370-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (FTP) - ) - :handler (ftp_code) - :res_type (ReferenceObject - :Name ("FTP spec") - :Table (resources_types) - :Uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (FTP-PORT - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB371-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (FTP-PORT) - ) - :handler (ftp_port_code) - :res_type (ReferenceObject - :Name ("FTP spec") - :Table (resources_types) - :Uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (FTP-PASV - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB372-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (FTP-PASV) - ) - :handler (ftp_pasv_code) - :res_type (ReferenceObject - :Name ("FTP spec") - :Table (resources_types) - :Uid ("{97AEB36F-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (HTTP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB373-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (HTTP) - ) - :handler () - :res_type (ReferenceObject - :Name ("URI spec") - :Table (resources_types) - :Uid ("{97AEB36D-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (SMTP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB374-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (SMTP) - ) - :handler () - :res_type (ReferenceObject - :Name ("SMTP spec") - :Table (resources_types) - :Uid ("{97AEB36E-9AEA-11D5-BD16-0090272CCB30}") - ) - :type (tcp_protocol) - ) - : (RSHELL - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB375-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (RSHELL) - ) - :handler (rshstderr_code) - :res_type (none) - :type (tcp_protocol) - ) - : (SQLNET2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB376-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (SQLNET2) - ) - :handler (sqlnet_code) - :res_type (none) - :type (tcp_protocol) - ) - : (H.323 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB377-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (H.323) - ) - :handler (h323_h225_code) - :res_type (none) - :type (tcp_protocol) - ) - : (DNS_UDP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_protocol) - :table (protocols) - :name (DNS_UDP) - ) - :handler (dns_verification_code) - :res_type (none) - :type (udp_protocol) - ) - : (DNS_TCP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB379-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (DNS_TCP) - ) - :handler (dns_verification_code) - :res_type (none) - :type (tcp_protocol) - ) - : (PNA - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB37A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (PNA) - ) - :handler (raudio_code) - :res_type (none) - :type (tcp_protocol) - ) - : (RTSP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB37B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (RTSP) - ) - :handler (rtsp_code) - :res_type (none) - :type (tcp_protocol) - ) - : (NetShow - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB37C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (NetShow) - ) - :handler (netshow_code) - :res_type (none) - :type (tcp_protocol) - ) - : (CP-DHCP-request - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{71878CD2-B8A9-11D5-BB1D-D496C1818686}") - :ClassName (udp_protocol) - :table (protocols) - :name (CP-DHCP-request) - ) - :handler (dhcp_request_code) - :res_type (none) - :type (udp_protocol) - ) - : (CP-DHCP-reply - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{71879F1A-B8A9-11D5-BB1D-D496C1818686}") - :ClassName (udp_protocol) - :table (protocols) - :name (CP-DHCP-reply) - ) - :handler (dhcp_reply_code) - :res_type (none) - :type (udp_protocol) - ) - : (FreeTel - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB37E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_protocol) - :table (protocols) - :name (FreeTel) - ) - :handler (freetel_code) - :res_type (none) - :type (udp_protocol) - ) - : (BackWeb - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB37F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_protocol) - :table (protocols) - :name (BackWeb) - ) - :handler (backweb_code) - :res_type (none) - :type (other_protocol) - ) - : (WinFrame - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB380-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (WinFrame) - ) - :handler (winframe_code) - :res_type (none) - :type (tcp_protocol) - ) - : (FW1_CVP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB381-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (FW1_CVP) - ) - :handler (cvp_code) - :res_type (none) - :type (tcp_protocol) - ) - : (MSEXCHANGE - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB382-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_protocol) - :table (protocols) - :name (MSEXCHANGE) - ) - :handler (exchange_code) - :res_type (none) - :type (dcerpc_protocol) - ) - : (Snmp-Read - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB383-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_protocol) - :table (protocols) - :name (Snmp-Read) - ) - :handler (snmp_ro_code) - :res_type (none) - :type (udp_protocol) - ) - : (NBNAME - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB384-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_protocol) - :table (protocols) - :name (NBNAME) - ) - :handler (nbname_code) - :res_type (none) - :type (udp_protocol) - ) - : (NBDATAGRAM - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB385-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_protocol) - :table (protocols) - :name (NBDATAGRAM) - ) - :handler (nbdatagram_code) - :res_type (none) - :type (udp_protocol) - ) - : (IIOP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB386-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (IIOP) - ) - :handler (iiop_code) - :res_type (none) - :type (tcp_protocol) - ) - : (INSPECT - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB387-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_protocol) - :table (protocols) - :name (INSPECT) - ) - :handler (INSPECT) - :res_type (none) - :type (tcp_protocol) - ) - ) - :services (services - : (FW1_ica_mgmt_tools - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB44E-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :reload_proof (false) - :sync_on_cluster (true) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Internal CA Management Tools") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18265) - :proto_type () - :src_port () - :timeout (0) - :type (tcp) - ) - : (IPSO_Clustering_Mgmt_Protocol - :AdminInfo ( - :LastModified ( - :Time ("Thu Feb 13 07:43:26 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{BD824B60-5C5A-42E8-A8E6-348A35CEF8C4}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - ) - :color (black) - :comments ("used for distributing configuration changes among cluster members and cluster wide monitoring") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1111) - :proto_type () - :reload_proof (true) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (microsoft-ds-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB390-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (udp_service) - :table (services) - ) - :delete_on_reply (false) - :reload_proof (false) - :sync_on_cluster (true) - :color (FireBrick) - :comments ("Microsoft CIFS over UDP") - :etm_enabled (false) - :include_in_any (true) - :port (445) - :proto_type () - :replies (true) - :replies_from_any_port (false) - :src_port () - :timeout (0) - :type (udp) - ) - : (ssh_version_2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :reload_proof (false) - :sync_on_cluster (true) - :use_delayed_sync (false) - :color (Blue) - :comments ("Secure Shell, version 1.x block") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (22) - :proto_type (ReferenceObject - :Name (SSH2) - :Table (protocols) - :Uid ("{55F4C5D7-60D9-44B3-9BD4-C3F76B7C8360}") - ) - :src_port () - :timeout (0) - :type (tcp) - ) - : (Citrix_ICA_printing - :AdminInfo ( - :chkpf_uid ("{0A3667B6-800B-49A9-A655-087CD970AC27}") - :ClassName (tcp_citrix_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Mar 30 14:42:57 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :citrix_application_name (All_citrix_ICA_printing) - :color (black) - :comments ("Citrix ICA printing traffic") - :etm_enabled (false) - :is_printing (true) - :port (1494) - :proto_type () - :reload_proof (false) - :type (tcp_citrix) - ) - : (Citrix_ICA_Browsing - :AdminInfo ( - :chkpf_uid ("{E8C5AB78-F08D-437C-A9B1-BE4A8679D766}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Mar 30 14:49:31 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Tcp Service for general Citrix browsing") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (false) - :port (1604) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (GTPv0 - :AdminInfo ( - :chkpf_uid ("{3A5AD81B-3BFA-4396-97B2-2581B33790B5}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :Deleteable (false) - :Hidden (true) - :LastModified ( - :Time ("Tue Dec 24 12:37:31 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :delete_on_reply (false) - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :comments ("used only for log resolving") - :include_in_any (false) - :port (3386) - :type (Udp) - ) - : (GTPv1-C - :AdminInfo ( - :chkpf_uid ("{0A95FEAA-A655-484D-BE5E-E6D38A6937A5}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :Deleteable (false) - :Hidden (true) - :LastModified ( - :Time ("Tue Dec 24 10:47:41 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :delete_on_reply (false) - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :comments ("used only for log resolving") - :include_in_any (false) - :port (2123) - :type (Udp) - ) - : (GTPv1-U - :AdminInfo ( - :chkpf_uid ("{A1B5DB0A-FA8D-4821-B4DE-B7A8E9435EF6}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :Deleteable (false) - :Hidden (true) - :LastModified ( - :Time ("Tue Dec 24 10:48:43 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :delete_on_reply (false) - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :comments ("used only for log resolving") - :include_in_any (false) - :port (2152) - :type (Udp) - ) - : (Citrix_ICA - :AdminInfo ( - :chkpf_uid ("{986BAD5A-94D2-4A8C-81AA-DE98D3ECB5C6}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Mar 30 14:48:11 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Citrix ICA general Service.") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (1494) - :proto_type (ReferenceObject - :Name (CitrixICA) - :Table (protocols) - :Uid ("{C59AA9F5-FF06-4A15-BB4F-945D7DAB69B7}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Kerberos_v5_TCP - :AdminInfo ( - :chkpf_uid ("{8D807250-57EB-4051-9AEC-E6128260261B}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jan 09 15:58:26 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Kerberos authentication protocol (version 5)") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (88) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Kerberos_v5_UDP - :AdminInfo ( - :chkpf_uid ("{8C137030-A995-4E96-AAAE-5F5BC74E7B4E}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jan 09 15:58:37 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Kerberos authentication protocol (version 5)") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (88) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (ssl_v3 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{69815F35-2A03-4121-8335-23A337DCE927}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :reload_proof (false) - :sync_on_cluster (true) - :use_delayed_sync (false) - :color (Blue) - :comments ("SSL version 3, droping anything else.") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (443) - :proto_type (ReferenceObject - :Name (SSL_V3) - :Table (protocols) - :Uid ("{16A704F7-7BD7-49BD-A52A-525AAEDAE7AB}") - ) - :src_port () - :timeout (0) - :type (tcp) - ) - : (SWTP_SMS - :AdminInfo ( - :chkpf_uid ("{6A40F044-296B-4611-8105-FE83284BAF03}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Apr 09 22:29:17 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("VPN-1 embedded / SofaWare Management Server (SMS)") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (9282) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (SWTP_Gateway - :AdminInfo ( - :chkpf_uid ("{1649FC50-B2B3-4A95-9839-802DA7108629}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 13 10:23:43 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("VPN-1 Embedded/SofaWare commands") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (9281) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (DCOM-RemoteActivation - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 15 14:54:08 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{5C66B970-E289-4B39-89EA-4F0F19A389D7}") - :ClassName (dcerpc_service) - :table (services) - ) - :color (black) - :comments ("DCOM Remote Activation") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (4d9f4ab8-7d1c-11cf-861e-0020af6e7c57) - ) - : (ALL_DCE_RPC - :AdminInfo ( - :chkpf_uid ("{3D0D46B6-4DDB-43E0-9FAA-C969DBC3E19F}") - :ClassName (dcerpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 1 08:34:11 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (red) - :comments ("Special Service For Allowing All DCE-RPC Services") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (DceRpc) - :uuid (00000000-0000-0000-0000-000000000000) - ) - : (MSNP - :AdminInfo ( - :chkpf_uid ("{D18F244B-0B13-4FB8-AA2F-D966EEFFB6B3}") - :ClassName (tcp_service) - :table (services) - :LastModified ( - :Time ("Tue Oct 22 13:25:25 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("MSN Messenger") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1863) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (ttdbserverd - :AdminInfo ( - :chkpf_uid ("{320ADBC3-F4F0-4254-A7A4-79DEE1726B8C}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:45:43 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("ToolTalk database server") - :etm_enabled (false) - :port (100083) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (cmsd - :AdminInfo ( - :chkpf_uid ("{968C527C-2191-4BEA-ABF3-F41DA07F20DC}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:46:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Calendar Manager Service Daemon") - :etm_enabled (false) - :port (100068) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (statd - :AdminInfo ( - :chkpf_uid ("{FC4E8697-6C1F-4152-94F1-C9A2AE21EF6E}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:46:44 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Network status monitor daemon") - :etm_enabled (false) - :port (100024) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (sadmind - :AdminInfo ( - :chkpf_uid ("{5FF55D69-74F8-46E0-9D21-A2163A906D76}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:47:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Solstice AdminSuite") - :etm_enabled (false) - :port (100232) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (cachefsd - :AdminInfo ( - :chkpf_uid ("{F4C95E3E-A820-4B35-B35E-0AFB703EB11E}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:47:36 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (burlywood4) - :comments ("SUN NFS/RPC file system cachefs daemon") - :etm_enabled (false) - :port (100235) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (snmpXdmid - :AdminInfo ( - :chkpf_uid ("{953DFC46-7EAD-4D97-9ADE-6560D79DB563}") - :ClassName (rpc_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 14 15:48:02 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (burlywood4) - :comments ("SUN SNMP to DMI mapper daemon") - :etm_enabled (false) - :port (100249) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (ICQ_locator - :AdminInfo ( - :chkpf_uid ("{BBEC6807-808D-49B7-B8DC-54C5A655D392}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:36:19 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Mirabilis ICQ versions") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (4000) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MSN_Messenger_1863_UDP - :AdminInfo ( - :chkpf_uid ("{0094AAC2-A29E-4D04-B86C-F31F63DFFAE2}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:37:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Microsoft Network Messenger UDP") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1863) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MSN_Messenger_5190 - :AdminInfo ( - :chkpf_uid ("{0AC39B6A-701A-4C33-A88D-9EB0FECF9EF6}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:38:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Microsoft Network Messenger") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (5190) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MSN_Messenger_File_Transfer - :AdminInfo ( - :chkpf_uid ("{505BADAD-AE57-4584-9A4C-15987C093A32}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:39:01 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Microsoft Network Messenger File Transfer") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6891-6900) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (MSN_Messenger_Voice - :AdminInfo ( - :chkpf_uid ("{E3E6D587-3212-4FF4-86A1-D16093689E19}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:39:30 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Microsoft Network Messenger Voice communication") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (6901) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Yahoo_Messenger_messages - :AdminInfo ( - :chkpf_uid ("{24CD3A7C-AA2C-43D4-8EB6-FF1F070143EA}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:40:02 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Yahoo Messenger messages") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5050) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Yahoo_Messenger_Voice_Chat_TCP - :AdminInfo ( - :chkpf_uid ("{C2639E22-FD63-4520-99F7-A70215B95874}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:03:50 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Yahoo Messenger Voice Chat") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (5000-5001) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Yahoo_Messenger_Voice_Chat_UDP - :AdminInfo ( - :chkpf_uid ("{C98BB09A-B04F-437C-AD1A-6C8261831B87}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:41:22 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Yahoo Messenger Voice Chat") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (5000-5010) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Yahoo_Messenger_Webcams - :AdminInfo ( - :chkpf_uid ("{910F509F-8F2A-452D-BC15-E51F8CC1694C}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:41:53 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Yahoo Messenger Webcams video") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5100) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Direct_Connect_TCP - :AdminInfo ( - :chkpf_uid ("{D02080C1-B225-4DA0-987B-28B3A551B8C9}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:42:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Direct Connect P2P application. Used also by other clients") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (411-412) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Direct_Connect_UDP - :AdminInfo ( - :chkpf_uid ("{64C3AD3F-69D2-4EC1-B843-5DF030C70ABF}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:42:59 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Direct Connect P2P application. Used also by other clients") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (411-412) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (eDonkey_4661 - :AdminInfo ( - :chkpf_uid ("{760D9035-1C76-4C5C-B929-BA1DC6685D6F}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:43:26 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("eDonkey protocol. Used also by other clients.") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (4661) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (eDonkey_4662 - :AdminInfo ( - :chkpf_uid ("{7115E261-185C-4487-AA18-84F8C275D186}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:43:49 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("eDonkey protocol. Used also by other clients.") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (4662) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (GNUtella_rtr_TCP - :AdminInfo ( - :chkpf_uid ("{B1189907-B9EB-4A21-8B38-1D3E5C6C06D0}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:44:57 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Also used by: BearShare, ToadNode, Gnucleus, Xolox, LimeWire") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6347) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (GNUtella_rtr_UDP - :AdminInfo ( - :chkpf_uid ("{1B4543A3-579E-4CC7-8F57-4387C37A6815}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:45:16 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Also used by: BearShare, ToadNode, Gnucleus, Xolox, LimeWire") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (6347) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (GNUtella_TCP - :AdminInfo ( - :chkpf_uid ("{CDEF1FEB-485E-4929-942E-011DE8318E56}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:45:56 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Also used by: BearShare, ToadNode, Gnucleus, Xolox, LimeWire") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6346) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (GNUtella_UDP - :AdminInfo ( - :chkpf_uid ("{8EB18480-2690-4520-AE88-412BF5CE94E3}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:46:33 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Also used by: BearShare, ToadNode, Gnucleus, Xolox, LimeWire") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (6346) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Hotline_client - :AdminInfo ( - :chkpf_uid ("{B45556D9-5E0B-46F4-9C35-ED7D82BEC43D}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:47:07 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Hotline client connections") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5500-5503) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Hotline_tracker - :AdminInfo ( - :chkpf_uid ("{D6B64DF2-4803-4D79-9794-793D18B277D8}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:47:41 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Hotline tracker connections") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (5499) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Napster_Client_6600-6699 - :AdminInfo ( - :chkpf_uid ("{3BB26988-E0A5-45D6-8018-D4D4DE8B96FA}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:48:46 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster clients. Also used by: WinMX") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (6600-6699) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_directory_4444 - :AdminInfo ( - :chkpf_uid ("{741A5B0E-3788-4284-91A1-819E99D9ED96}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:49:50 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster directory connections") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (4444) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_directory_5555 - :AdminInfo ( - :chkpf_uid ("{8287D6D8-3B6B-4824-8F2D-18BC570EC9B2}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:50:15 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster directory connections") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5555) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_directory_6666 - :AdminInfo ( - :chkpf_uid ("{1EF8FC95-FF10-414B-AF76-C0BCC2CD711E}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:50:49 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster directory connections") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (6666) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_directory_7777 - :AdminInfo ( - :chkpf_uid ("{182B1D39-54B6-4E2F-BAE8-2D8021D52206}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:51:15 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster directory connections") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (7777) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_directory_8888_primary - :AdminInfo ( - :chkpf_uid ("{BE51561E-7876-4C70-9546-0914AE737F6E}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:51:47 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Napster directory connections (Primary)") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (8888) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Napster_redirector - :AdminInfo ( - :chkpf_uid ("{3FD0D58A-9759-4686-B103-D177ADFC7193}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:52:06 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments () - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (8875) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Blubster - :AdminInfo ( - :chkpf_uid ("{C86F055D-31AD-4430-B12C-1094A86C673C}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:52:35 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Uses MANOLITO protocol") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (41170) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (GoToMyPC - :AdminInfo ( - :chkpf_uid ("{2D89310C-5761-4213-BEF5-C81BB5677E44}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:52:59 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Remote Computer Access & Sharing application, also uses HTTP and HTTPS") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (8200) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (iMesh - :AdminInfo ( - :chkpf_uid ("{01E9FC32-73DF-43D5-9CD4-4F91B6A5C711}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:53:25 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("This port also used by many trojans and the upnp service") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Madster - :AdminInfo ( - :chkpf_uid ("{B863EC35-604F-4DA1-8E63-82A7903D2C1C}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:54:13 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Formerly called Aimster") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5025) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (RAT - :AdminInfo ( - :chkpf_uid ("{B236D830-9615-4578-B6E2-B0B44C45FDA0}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:21:52 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("RAT trojan (Remote Administration Tool)") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1097-1098) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Multidropper - :AdminInfo ( - :chkpf_uid ("{E38E4DEA-A610-4416-BF44-6F4E45E95E70}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:28:06 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Multidropper trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1035) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Kaos - :AdminInfo ( - :chkpf_uid ("{10F56849-2E03-40DD-9CF7-56AEE2CFA57F}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:29:24 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Kaos trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1212) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Connect-Back_Backdoor - :AdminInfo ( - :chkpf_uid ("{E0C17142-433D-40A7-9EAA-E1D5EBA40D2E}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:32:26 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by SkyDance trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (4000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (DerSphere - :AdminInfo ( - :chkpf_uid ("{8055B0DE-DACE-4D18-91F4-F39915B7ABA8}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:34:45 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by: Direct Connection,Connecter,Insane Network trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Freak2k - :AdminInfo ( - :chkpf_uid ("{08DA33FF-BC5F-402A-9865-BEE8FEE69422}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:36:23 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by: Freak88,NetSnooper Gold trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (7001) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Jade - :AdminInfo ( - :chkpf_uid ("{C2F963B0-DB3C-42D5-B0F2-A2A7BC0D378D}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:40:18 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by: Latinus,NetSpy,RAT trojans and K Display Manager") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1024) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (GateCrasher - :AdminInfo ( - :chkpf_uid ("{81B90130-2A31-45CD-8092-DC492B116CA9}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:41:23 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("GateCrasher trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6970) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Kuang2 - :AdminInfo ( - :chkpf_uid ("{CE29B597-76B9-48AA-AC24-AE7E23C438ED}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:49:08 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Kuang2 trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (17300) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (WinHole - :AdminInfo ( - :chkpf_uid ("{25AC306E-1FC9-4E3E-BF66-4A48473CAF3F}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:50:10 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("WinHole trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1081) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (RexxRave - :AdminInfo ( - :chkpf_uid ("{637B7F26-C4B2-4510-872E-5A10DE046CB4}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:51:04 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("RexxRave trojan") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1104) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (ICKiller - :AdminInfo ( - :chkpf_uid ("{06233377-3454-489A-B9FB-2F2CA14B895B}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:52:06 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments (ICKiller) - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1027) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31785 - :AdminInfo ( - :chkpf_uid ("{82BA0DD2-42E6-472D-8877-57F519175C14}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 18:59:17 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments (HackaTack) - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (31785) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31787 - :AdminInfo ( - :chkpf_uid ("{C693C8C1-78E3-450D-936E-AA3278190633}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:00:30 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("HackaTack trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (31787) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31788 - :AdminInfo ( - :chkpf_uid ("{B8D159DC-AA70-4CC5-9C5A-8C2AD3AA977E}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:02:02 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("HackaTack trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (31788) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31789 - :AdminInfo ( - :chkpf_uid ("{FF8EA038-34FD-4B7B-8A8A-8D6BF0A599FE}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:03:49 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("HackaTack trojan") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (31789) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (HackaTack_31792 - :AdminInfo ( - :chkpf_uid ("{26339B33-1C42-4E49-96E9-55770F6AF0CE}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:06:41 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("HackaTack trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (31792) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (UltorsTrojan - :AdminInfo ( - :chkpf_uid ("{6E745536-B8C9-4DF5-BFD5-043E62013956}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:08:55 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by: SubSeven Java client") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1234) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (NoBackO - :AdminInfo ( - :chkpf_uid ("{AA02E546-80D1-453A-91DC-49F606764451}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:10:06 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("NoBackO trojan") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1201) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (InCommand - :AdminInfo ( - :chkpf_uid ("{230B24DF-1EFA-4A28-B7A4-87DFB79AFBA7}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:11:57 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by: ICQ Nuke 98 trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1029) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Xanadu - :AdminInfo ( - :chkpf_uid ("{24DE2CDE-DFCD-4C9B-9124-492AC4BEDBA7}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:12:59 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Xanadu trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1031) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (SubSeven - :AdminInfo ( - :chkpf_uid ("{E926E948-FAE7-4140-8FED-11426B1A32B9}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:16:01 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by:Bad Blood,EGO,Lion,Ramen,Seeker,The Saint,Tftloader,Webhead trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (27374) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31790 - :AdminInfo ( - :chkpf_uid ("{2176F91C-5FB4-4111-98BD-7D5D5B358FE0}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:16:21 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("HackaTack trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (31790) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Terrortrojan - :AdminInfo ( - :chkpf_uid ("{CC1D78CC-5FCE-4496-A78B-C37AA0622F7A}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:18:18 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Terror trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (3456) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (CrackDown - :AdminInfo ( - :chkpf_uid ("{88AAA643-BF12-4D40-A02D-E98A8159358A}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:19:38 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("CrackDown trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (4444) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (lpdw0rm - :AdminInfo ( - :chkpf_uid ("{73BFBF75-EB13-42C0-BA69-58B8F026B4D6}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:22:38 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by: Ramen trojan and printer service.") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (515) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (TheFlu - :AdminInfo ( - :chkpf_uid ("{02F708DD-0337-485F-A04B-3B931971B93A}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:23:32 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("TheFlu trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5534) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Shadyshell - :AdminInfo ( - :chkpf_uid ("{41C4DF08-DBF9-4576-9114-B8F1DC4DC8D7}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:26:02 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Shadyshell trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1337) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (TransScout - :AdminInfo ( - :chkpf_uid ("{16AEE006-0F79-407E-B6A4-F3CC5A7A31D5}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:27:16 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("TransScout trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2004-2005) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Trinoo - :AdminInfo ( - :chkpf_uid ("{3CF4DA8B-576E-47EC-903E-91F155BD0CD9}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:28:12 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Trinoo trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1524) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (SocketsdesTroie - :AdminInfo ( - :chkpf_uid ("{69CA7583-1FD4-4C86-AC1A-680697A9AF93}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:29:16 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by the: tcpmux service") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Remote_Storm - :AdminInfo ( - :chkpf_uid ("{D4B1F3B0-C606-4B6B-8118-EE61303F8E19}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:31:06 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by: Fraggle Rock,NetSpy,md5 Backdoor trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1025) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (BackDoor-G - :AdminInfo ( - :chkpf_uid ("{A651F18C-1C7C-4BD2-9FFE-790C29E3CCD9}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:32:22 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by:SubSeven,Tiles trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1243) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Back_Door_Setup - :AdminInfo ( - :chkpf_uid ("{86077A7D-A8DA-4B5B-919C-366FE91AD1DA}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:34:29 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Also used by:BioNet Lite,Blazer5,Bubbel trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (5000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (DaCryptic - :AdminInfo ( - :chkpf_uid ("{C13E3031-02D6-4341-A307-3DAF10735078}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:38:01 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("DaCryptic trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1074) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (HackaTack_31791 - :AdminInfo ( - :chkpf_uid ("{05647A8C-F0E7-4354-ADBD-C685EE7742F0}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:39:11 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("HackaTack trojan") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (31791) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Mneah - :AdminInfo ( - :chkpf_uid ("{E43B7817-DBB6-4C74-A95A-C424DC47999C}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:39:48 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Mneah trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (4666) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Port_6667_trojans - :AdminInfo ( - :chkpf_uid ("{AEAA6C77-E87E-4581-AD73-06417391DFAD}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:42:26 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (magenta) - :comments ("Used by: Dark FTP,EGO,Maniac rootkit,Moses,ScheduleAgent,SubSeven,Trinity,The thing,Kaitex,WinSatan trojans.") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (6667) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (DerSphere_II - :AdminInfo ( - :chkpf_uid ("{8D971C42-17DE-49A0-A646-A8E0057AEBBD}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:42:53 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Also used by:Insane Network,Last 2000,Remote Explorer 2000,Senna Spy Trojan Generator trojans") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (2000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (Backage - :AdminInfo ( - :chkpf_uid ("{96759A8D-AAB8-43D9-BBFC-B459CE66AC87}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:43:17 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("deep pink") - :comments ("Backage trojan") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (411) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (RIPng - :AdminInfo ( - :chkpf_uid ("{B854AB7B-C8C0-448F-9DD5-491212097C3B}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jan 09 15:26:43 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (blue1) - :comments ("Routing Information Protocol for IPv6") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (521) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MS-SQL-Server_UDP - :AdminInfo ( - :chkpf_uid ("{BFD72CD2-8E5F-4EDE-BDB2-6DFC016AFCCD}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Feb 20 17:53:57 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (gold3) - :comments ("Microsoft SQL Server") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1433) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MS-SQL-Monitor_UDP - :AdminInfo ( - :chkpf_uid ("{5AD1A14C-647C-41DE-9F84-D1C34F09D63B}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Feb 20 17:55:14 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("dark khaki") - :comments (Microsoft-SQL-Monitor_UDP) - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1434) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (DameWare - :AdminInfo ( - :chkpf_uid ("{F8A15DFE-8C58-407A-BA18-D92AD5B33966}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Feb 20 18:00:28 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color ("dark orchid") - :comments ("DameWare Mini Remote Control Protocol") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6129) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (WinMX - :AdminInfo ( - :chkpf_uid ("{6414F98E-6883-44DB-8EE2-DEBD443C7714}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 12:54:40 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("Also uses Napster ports") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (6257) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (eDonkey_4665 - :AdminInfo ( - :chkpf_uid ("{D3CAA92A-1032-41AE-A1A1-2274F3AB9F45}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Dec 08 13:21:41 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("eDonkey protocol. Used also by other clients.") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (4665) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MSSQL_resolver - :AdminInfo ( - :chkpf_uid ("{7E7CE9B0-8631-4EC3-A7EE-6EB084782A66}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 03 17:18:55 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :color (black) - :comments ("MS SQL Sapphire /SQL Slammer Worm") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (false) - :port (1434) - :proto_type (ReferenceObject - :Name (SQL_SLAMMER) - :Table (protocols) - :Uid ("{A9B88863-0786-4961-B1E9-DDC2FA723135}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (gtp_path_mgmt - :AdminInfo ( - :chkpf_uid ("{2801A9E7-2983-4106-BD3D-4D46B686868C}") - :ClassName (other_service) - :table (services) - :Deleteable (false) - :Hidden (false) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - ) - :color ("Forest Green") - :comments ("GTP Path Management") - :etm_enabled (false) - :exp (gtp_path_match) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (100) - ) - : (Kazaa - :AdminInfo ( - :LastModified ( - :Time ("Tue May 7 14:54:07 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{BE146201-61B2-11d6-B5E0-0002B316D24E}") - :ClassName (tcp_service) - :table (services) - ) - :color ("Forest Green") - :comments ("FastTrack (Kazaa/Morpheus) P2P Protocol") - :delayed_sync_value (0) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1214) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (ftp-bidir - :AdminInfo ( - :LastModified ( - :Time ("Tue May 21 17:54:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{16A6AAA2-8449-11D6-A9C5-3E5A6FDB3434}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("File Transfer Protocol with bi-directional data transfer") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (21) - :proto_type (ReferenceObject - :Name (FTP-BIDIR) - :Table (protocols) - :Uid ("{8026ECE8-E867-4c4c-9E10-08AC73B709B1}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (L2TP - :AdminInfo ( - :chkpf_uid ("{7D452F42-CE34-442F-A023-FBC755DDF3D4}") - :ClassName (udp_service) - :table (services) - :LastModified ( - :Time ("Wed May 15 13:45:31 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :delete_on_reply (false) - :color (red) - :comments ("Layer 2 Tunneling Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (1701) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (MSExchangeDirRef - :AdminInfo ( - :LastModified ( - :Time ("Wed Jul 24 14:54:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{01693eed-3f81-44d3-b498-51696722cc32}") - :ClassName (dcerpc_service) - :table (services) - ) - :color (Blue) - :comments ("Microsoft Exchange 2000 Directory Reference") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (1544f5e0-613c-11d1-93df-00c04fd7bd09) - ) - : (microsoft-ds - :AdminInfo ( - :chkpf_uid ("{CFBCACE4-7C6F-11D6-BF0E-3E5A6FE83232}") - :ClassName (tcp_service) - :table (services) - :LastModified ( - :Time ("Wed Jun 12 11:56:36 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (magenta) - :comments ("Microsoft CIFS over TCP") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (445) - :proto_type (ReferenceObject - :Name (CIFS) - :Table (protocols) - :Uid ("{97AEB373-9AEA-11D5-BD16-0090272CCB31}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (CP_SecureAgent-udp - :AdminInfo ( - :chkpf_uid ("{D8CB6ABC-1A8B-4FC0-8BE1-3255E51DECD1}") - :ClassName (udp_service) - :table (services) - :LastModified ( - :Time ("Sun Jun 16 15:56:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :delete_on_reply (false) - :color (black) - :comments ("SecureAgent Authentication service") - :etm_enabled (false) - :include_in_any (false) - :port (19194-19195) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (FW1_sds_logon_NG - :AdminInfo ( - :LastModified ( - :Time ("Mon Jun 17 17:54:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{B61424B4-81E4-11D6-BCEC-3E5A6FDDCECE}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("SecuRemote Distribution Server Protocol (VC and higher)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (65524) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (MS-SQL-Server - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 18 17:54:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{DFF4F7BA-9A3D-11D6-91C1-3E5A6FDD5151}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Microsoft SQL Server") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1433) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (MS-SQL-Monitor - :AdminInfo ( - :LastModified ( - :Time ("Thu Jul 18 17:54:08 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{EF245528-9A3D-11D6-9EAA-3E5A6FDD6A6A}") - :ClassName (tcp_service) - :table (services) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Microsoft SQL Monitor") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1434) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB388-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (256) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_log - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB389-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_log) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Logs") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (257) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_mgmt - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_mgmt) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Management (Version 4.x)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (258) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_clntauth_telnet - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_clntauth_telnet) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Client Authentication (Telnet)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (259) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_clntauth_http - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_clntauth_http) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Client Authentication (HTTP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (900) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_snauth - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_snauth) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Session Authentication") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (261) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_topo - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_topo) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 SecuRemote Topology Requests") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (264) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (VPN1_IPSEC_encapsulation - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB390-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (VPN1_IPSEC_encapsulation) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (2746) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (FW1_key - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB391-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_key) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point VPN-1 Public Key Transfer Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (265) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_cvp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB392-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :name (FW1_cvp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Content Vectoring Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18181) - :proto_type (ReferenceObject - :Name (FW1_CVP) - :Table (protocols) - :Uid ("{97AEB381-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_ufp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB393-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :name (FW1_ufp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC URL Filtering Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18182) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_amon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB394-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :name (FW1_amon) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Application Monitoring") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18193) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_omi - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB395-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_omi) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Objects Management Interface") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18185) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_omi-sic - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB396-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_omi-sic) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Objects Management Interface with Secure Internal Communication") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18186) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CP_reporting - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB397-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CP_reporting) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Reporting Client Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18205) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_CPRID - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB398-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_CPRID) - :Deleteable (false) - :Renameable (false) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Remote Installation Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18208) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_netso - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB399-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_netso) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("Check Point User Authority simple protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (19190) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_uaa - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_uaa) - :Deleteable (false) - :Renameable (false) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("Check Point OPSEC User Authority API") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (19191) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_pslogon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_pslogon) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("Check Point Policy Server Logon protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18207) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_pslogon_NG - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_pslogon_NG) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("Check Point NG Policy Server Logon protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18231) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_sds_logon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_sds_logon) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (firebrick) - :comments ("Check Point SecuRemote Distribution Server Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18232) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (FW1_scv_keep_alive - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (FW1_scv_keep_alive) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point SecureClient Verification Keepalive Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (18233) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (RDP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB39F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (RDP) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point VPN-1 FWZ Key Negotiations - Reliable Datagram Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (259) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (FW1_lea - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_lea) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Log Export API") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18184) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_ela - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :name (FW1_ela) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Event Logging API") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18187) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CP_rtm - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CP_rtm) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Real Time Monitoring") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18202) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_sam - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_sam) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point OPSEC Suspicious Activity Monitor API") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18183) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_ica_pull - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_ica_pull) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Internal CA Pull Certificate Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18210) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_ica_push - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_ica_push) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Internal CA Push Certificate Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18211) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_ica_services - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB44E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (FW1_ica_services) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Internal CA Fetch CRL and User Registration Services") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18264) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_load_agent - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (FW1_load_agent) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point ConnectControl Load Agent") - :etm_enabled (false) - :include_in_any (true) - :port (18212) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (E2ECP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (E2ECP) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point End to End Control Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (18241) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (tunnel_test - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (tunnel_test) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point tunnel teIsoAAAD application") - :etm_enabled (false) - :include_in_any (true) - :port (18234) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (CP_redundant - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3A9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CP_redundant) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Redundant Management Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18221) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CPMI - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CPMI) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Management Interface") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18190) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CPD - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CPD) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Daemon Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18191) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CPD_amon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Deleteable (false) - :Renameable (false) - :name (CPD_amon) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Internal Application Monitoring") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18192) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CP_Exnet_PK - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CP_Exnet_PK) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Extrnet public key advertisement") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18262) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CP_Exnet_resolve - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CP_Exnet_resolve) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Check Point Extranet remote objects resolution") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (18263) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (IKE_tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3AF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (IKE_tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Cyan) - :comments ("IPSEC Internet Key Exchange Protocol over TCP") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (500) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (IKE - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (IKE) - ) - :delete_on_reply (false) - :color (Cyan) - :comments ("IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley)") - :etm_enabled (false) - :include_in_any (true) - :port (500) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (FW1_snmp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (FW1_snmp) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 SNMP Agent") - :etm_enabled (false) - :include_in_any (true) - :port (260) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (snmp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (snmp) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Simple Network Management Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (161) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (snmp-trap - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (snmp-trap) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Simple Network Management Protocol Traps") - :etm_enabled (false) - :include_in_any (true) - :port (162) - :proto_type () - :reload_proof (false) - :replies (false) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (snmp-read - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (snmp-read) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Simple Network Management Protocol - Read Only") - :etm_enabled (false) - :include_in_any (false) - :port (161) - :proto_type (ReferenceObject - :Name (Snmp-Read) - :Table (protocols) - :Uid ("{97AEB383-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (X11 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (X11) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("X Window System") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6000-6063) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (OpenWindows - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (OpenWindows) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (nfsprog - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (nfsprog) - ) - :color (Red) - :comments ("RPCs Network File System (Ordinary)") - :etm_enabled (false) - :port (100003) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (nfsd - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (nfsd) - ) - :delete_on_reply (false) - :color (Red) - :comments ("Network File System Daemon over UDP (earlier versions of NFS)") - :etm_enabled (false) - :include_in_any (true) - :port (2049) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (nfsd-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3B9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (nfsd-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("Network File System Daemon over TCP") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2049) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (mountd - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (mountd) - ) - :color (Red) - :comments ("Initiate client access to NFS application") - :etm_enabled (false) - :port (100005) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (pcnfsd - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (pcnfsd) - ) - :color (Red) - :comments ("PCs (windows client) password authorization") - :etm_enabled (false) - :port (150001) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (nlockmgr - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (nlockmgr) - ) - :color (Red) - :comments ("RPC, Network Lock Manager") - :etm_enabled (false) - :port (100021) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (tftp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (tftp) - ) - :delete_on_reply (false) - :color (Red) - :comments ("Trivial File Transfer Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (69) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (true) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (sip_any - :AdminInfo ( - :LastModified ( - :Time ("Tue Nov 6 14:16:27 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{BD8B98D4-D2C0-11D5-A329-00D0B7D41431}") - :ClassName (udp_service) - :table (services) - :name (sip_any) - ) - :delete_on_reply (false) - :color (black) - :comments ("Session Initiation Protocol") - :etm_enabled (false) - :include_in_any (false) - :port (5060) - :proto_type (ReferenceObject - :Name (SIP_UDP_ANY) - :Table (protocols) - :Uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB38}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (true) - :src_port () - :sync_on_cluster (true) - :timeout (40) - :type (Udp) - ) - : (sip - :AdminInfo ( - :LastModified ( - :Time ("Tue Nov 6 14:16:27 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{BD8B98D4-D2C0-11D5-A329-00D0B7D4143F}") - :ClassName (udp_service) - :table (services) - :name (sip) - ) - :delete_on_reply (false) - :color (black) - :comments ("Session Initiation Protocol") - :etm_enabled (false) - :include_in_any (false) - :port (5060) - :proto_type (ReferenceObject - :Name (SIP_UDP) - :Table (protocols) - :Uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB37}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (true) - :src_port () - :sync_on_cluster (true) - :timeout (40) - :type (Udp) - ) - : (login - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (login) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("Remote login (rlogin)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (513) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (exec - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3BF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (exec) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("Remote execution (rexec)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (512) - :proto_type (ReferenceObject - :Name (RSHELL) - :Table (protocols) - :Uid ("{97AEB375-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (shell - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (shell) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("Remote shell (rsh)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (514) - :proto_type (ReferenceObject - :Name (RSHELL) - :Table (protocols) - :Uid ("{97AEB375-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ssh - :AdminInfo ( - :LastModified ( - :Time ("Thu Dec 20 09:48:23 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - :ClassName (tcp_service) - :table (services) - :name (ssh) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("secure shell, encrypted and authenticated rsh") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (22) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ypserv - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (ypserv) - ) - :color ("Navy Blue") - :comments ("Sun Yellow Pages directory service (YP) protocol, now known as NIS") - :etm_enabled (false) - :port (100004) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (ypbind - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (ypbind) - ) - :color ("Navy Blue") - :comments ("Sun Yellow Pages binder (NIS), provide servers addressing information") - :etm_enabled (false) - :port (100007) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (yppasswd - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (yppasswd) - ) - :color ("Navy Blue") - :comments ("Sun Yellow Pages protocol (NIS), password server") - :etm_enabled (false) - :port (100009) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (ypupdated - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (ypupdated) - ) - :color ("Navy Blue") - :comments ("Sun Yellow Pages protocol (NIS), update service") - :etm_enabled (false) - :port (100028) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (ypxfrd - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (ypxfrd) - ) - :color ("Navy Blue") - :comments ("Sun Yellow Pages protocol (NIS), transfers NIS maps") - :etm_enabled (false) - :port (100069) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (nisplus - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (nisplus) - ) - :color ("Navy Blue") - :comments ("NIS+ later version provides additional security and other facilities") - :etm_enabled (false) - :port (100300) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (ospf - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (ospf) - ) - :color ("Medium Slate Blue") - :comments ("Open Shortest Path First Interior GW Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (89) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (ggp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (ggp) - ) - :color ("Medium Slate Blue") - :comments ("Gateway-to-Gateway protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (3) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (igrp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3C9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (igrp) - ) - :color ("Medium Slate Blue") - :comments ("Cisco Interior Gateway Routing Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (9) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (0) - ) - : (egp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (egp) - ) - :color ("Medium Slate Blue") - :comments ("Exterior Gateway Protocol, convey net-reachability information between gateways") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (8) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (igmp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (igmp) - ) - :color ("Medium Slate Blue") - :comments ("Internet Group Management Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (2) - :reload_proof (false) - :replies (false) - :sync_on_cluster (false) - :timeout (0) - :type (other) - :weight (0) - ) - : (vrrp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (vrrp) - ) - :color ("Medium Slate Blue") - :comments ("Virtual Router Redundancy Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (112) - :reload_proof (false) - :replies (false) - :sync_on_cluster (false) - :timeout (0) - :type (other) - :weight (0) - ) - : (gtp_default - :AdminInfo ( - :chkpf_uid ("{ACB96D00-A1F9-11D5-A414-00D0B7BE171D}") - :ClassName (gtp_service) - :table (services) - :Deleteable (false) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :name (gtp_default) - ) - :apn_obj () - :port (3386) - :apn_any (true) - :color ("Forest Green") - :comments ("GPRS Tunnelling Protocol") - :data_packet (true) - :etm_enabled (false) - :imsi () - :imsi_any (true) - :include_in_any (true) - :ms_isdn (1) - :ms_isdn_any (true) - :proto_type () - :reload_proof (false) - :sel_mode (0) - :sel_mode_any (false) - :signaling_packet (true) - :static_eua (false) - :timeout (600) - :type (gtp) - :weight (100) - ) - : (gtp_reverse - :AdminInfo ( - :chkpf_uid ("{ACB96D01-A1F9-11D5-A414-00D0B7BE171D}") - :ClassName (other_service) - :table (services) - :Deleteable (false) - :Hidden (true) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :name (gtp_reverse) - ) - :color ("Forest Green") - :comments ("GTP Reverse Connections") - :etm_enabled (false) - :exp (gtp_rev_match) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (http_mapped - :AdminInfo ( - :chkpf_uid ("{DA123892-B250-11D5-A47A-0006294583C7}") - :ClassName (other_service) - :table (services) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :name (http_mapped) - ) - :color (orange) - :comments ("HTTP Port Mapping Service") - :etm_enabled (false) - :exp ("SRV_REDIRECT(80,0.0.0.0,80) ") - :include_in_any (false) - :needruleinfo (false) - :proto_type () - :protocol (6) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (100) - ) - : (ftp_mapped - :AdminInfo ( - :chkpf_uid ("{DA123897-B250-11D5-A47A-0006294583C7}") - :ClassName (other_service) - :table (services) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :name (ftp_mapped) - ) - :color (orange) - :comments ("FTP Port Mapping Service") - :etm_enabled (false) - :exp ("SRV_REDIRECT(21,0.0.0.0,21), set r_mhandler &ftp_code") - :include_in_any (false) - :needruleinfo (false) - :proto_type () - :protocol (6) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (100) - ) - : (smtp_mapped - :AdminInfo ( - :chkpf_uid ("{DA12389A-B250-11D5-A47A-0006294583C7}") - :ClassName (other_service) - :table (services) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :name (smtp_mapped) - ) - :color (orange) - :comments ("SMTP Port Mapping Service") - :etm_enabled (false) - :exp ("SRV_REDIRECT(25,0.0.0.0,25) ") - :include_in_any (false) - :needruleinfo (false) - :proto_type () - :protocol (6) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (100) - ) - : (tunnel_test_mapped - :AdminInfo ( - :chkpf_uid ("{38A8AF07-D990-4178-AA8C-82E32066959C}") - :ClassName (other_service) - :table (services) - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :name (tunnel_test_mapped) - ) - :color (black) - :comments ("tunnel teIsoAAAD for a module performing the tunnel test") - :etm_enabled (false) - :exp ("SRV_REDIRECT_LOCAL_UDP(CP_TUNNEL_TEST_PORT, FP2_VER)") - :include_in_any (false) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (100) - ) - : (rip - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (rip) - ) - :delete_on_reply (false) - :color ("Medium Slate Blue") - :comments ("Routing Information Protocol") - :etm_enabled (false) - :include_in_any (true) - :port (520) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (rip-response - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (rip-response) - ) - :color ("Medium Slate Blue") - :comments ("Routing Information Protocol - response") - :etm_enabled (false) - :exp ("dport=520,rip_cmd=RIPCMD_RESPONSE") - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (telnet - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (telnet) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("Telnet Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (23) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ftp-port - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ftp-port) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("File Transfer Protocol - PORT mode only") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (21) - :proto_type (ReferenceObject - :Name (FTP-PORT) - :Table (protocols) - :Uid ("{97AEB371-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ftp-pasv - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ftp-pasv) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("File Transfer Protocol - PASV mode only") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (21) - :proto_type (ReferenceObject - :Name (FTP-PASV) - :Table (protocols) - :Uid ("{97AEB372-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ftp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ftp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("File Transfer Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (21) - :proto_type (ReferenceObject - :Name (FTP) - :Table (protocols) - :Uid ("{97AEB370-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (uucp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (uucp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("Unix-to-Unix Copy Program") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (540) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (gopher - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (gopher) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("The Internet Gopher Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (70) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (archie - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (archie) - ) - :delete_on_reply (false) - :color ("Forest Green") - :comments ("Archie Internet Protocol, search for files over FTP servers") - :etm_enabled (false) - :include_in_any (true) - :port (1525) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (wais - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (wais) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("Wide Area Information Servers") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (210) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (X11-verify - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (X11-verify) - ) - :color (Red) - :comments ("X Window System With Authorization") - :etm_enabled (false) - :exp (x11verify_code) - :include_in_any (true) - :needruleinfo (true) - :proto_type () - :protocol (6) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (100) - ) - : (smtp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (smtp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Simple Mail Transfer Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (25) - :proto_type (ReferenceObject - :Name (SMTP) - :Table (protocols) - :Uid ("{97AEB374-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (pop-2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (pop-2) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Post Office Protocol - Version 2") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (109) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (pop-3 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (pop-3) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Post Office Protocol - Version 3") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (110) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (nntp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (nntp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Network News Transfer Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (119) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (tcp-high-ports - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (tcp-high-ports) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Yellow) - :comments ("TCP Ports 1024-65535") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (">1023") - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (udp-high-ports - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (udp-high-ports) - ) - :delete_on_reply (false) - :color (Yellow) - :comments ("UDP Ports 1024-65535") - :etm_enabled (false) - :include_in_any (false) - :port (">1023") - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (who - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3DF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (who) - ) - :delete_on_reply (false) - :color (Blue) - :comments ("UNIX who Protocol, who is on the system") - :etm_enabled (false) - :include_in_any (true) - :port (513) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (syslog - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (syslog) - ) - :delete_on_reply (false) - :color (Blue) - :comments ("UNIX syslog Protocol, control system log") - :etm_enabled (false) - :include_in_any (true) - :port (514) - :proto_type () - :reload_proof (false) - :replies (false) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (netstat - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (netstat) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("UNIX netstat Protocol, show network status") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (15) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (finger - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (finger) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("UNIX, Finger Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (79) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (rwall - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (rwall) - ) - :color (Blue) - :comments ("RPC, Shutdown messages") - :etm_enabled (false) - :port (100008) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (rstat - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (rpc_service) - :table (services) - :name (rstat) - ) - :color (Blue) - :comments ("RPC, Remote statistics") - :etm_enabled (false) - :port (100001) - :proto_type () - :reload_proof (false) - :type (Rpc) - ) - : (name - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (name) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Host Name Server") - :etm_enabled (false) - :include_in_any (true) - :port (42) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (biff - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (biff) - ) - :delete_on_reply (false) - :color (Black) - :comments ("UNIX biff Protocol, give notice of incoming mail messages") - :etm_enabled (false) - :include_in_any (true) - :port (512) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (traceroute - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (traceroute) - ) - :color (Black) - :comments ("UNIX Traceroute, print the route packets take to network host") - :etm_enabled (false) - :exp ("uh_dport > 33000, ip_ttl < 30") - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (ident - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ident) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Identify RCS keyword strings in files") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (113) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (AP-Defender - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3E9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (AP-Defender) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Defender Authentication service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2626) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (AT-Defender - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3EA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (AT-Defender) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Defender Authentication service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (2626) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (bootp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3EB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (bootp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Bootstrap Protocol Server, users automatically configured ") - :etm_enabled (false) - :include_in_any (true) - :port (67) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (dhcp-req-localmodule - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{22725520-8E10-4A91-98AC-DCD1F6C4A4DD}") - :ClassName (udp_service) - :table (services) - :name (dhcp-req-localmodule) - ) - :delete_on_reply (false) - :color (black) - :comments ("DHCP request from enforcement module only") - :etm_enabled (false) - :include_in_any (false) - :port (67) - :proto_type (ReferenceObject - :Name (CP-DHCP-request) - :Table (protocols) - :Uid ("{71878CD2-B8A9-11D5-BB1D-D496C1818686}") - ) - :reload_proof (false) - :replies (false) - :replies_from_any_port (false) - :src_port (68) - :sync_on_cluster (true) - :timeout (10) - :type (Udp) - ) - : (dhcp-rep-localmodule - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{FCA646B5-EF34-4DF1-895D-7639E181501A}") - :ClassName (udp_service) - :table (services) - :name (dhcp-rep-localmodule) - ) - :delete_on_reply (false) - :color (black) - :comments ("DHCP reply to enforcement module only") - :etm_enabled (false) - :include_in_any (false) - :port (68) - :proto_type (ReferenceObject - :Name (CP-DHCP-reply) - :Table (protocols) - :Uid ("{71879F1A-B8A9-11D5-BB1D-D496C1818686}") - ) - :reload_proof (false) - :replies (false) - :replies_from_any_port (false) - :src_port (67) - :sync_on_cluster (true) - :timeout (10) - :type (Udp) - ) - : (securid-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3EC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (securid-udp) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Token based Authentication service (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (5500) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (securidprop - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3ED-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (securidprop) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Token based Authentication service (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5510) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (sqlnet1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3EE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (sqlnet1) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("Oracle SQL*Net Version 1") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1521) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (sqlnet2-1521 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3EF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (sqlnet2-1521) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("part of Oracle SQL*Net Version 2 Services") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (1521) - :proto_type (ReferenceObject - :Name (SQLNET2) - :Table (protocols) - :Uid ("{97AEB376-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (sqlnet2-1525 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (sqlnet2-1525) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("part of Oracle SQL*Net Version 2 Services") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1525) - :proto_type (ReferenceObject - :Name (SQLNET2) - :Table (protocols) - :Uid ("{97AEB376-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (sqlnet2-1526 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (sqlnet2-1526) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("part of Oracle SQL*Net Version 2 Services") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1526) - :proto_type (ReferenceObject - :Name (SQLNET2) - :Table (protocols) - :Uid ("{97AEB376-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FreeTel-outgoing-server - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (FreeTel-outgoing-server) - ) - :delete_on_reply (false) - :color (Foreground) - :comments ("real-time full-duplex voice communication via the Internet-server") - :etm_enabled (false) - :include_in_any (false) - :port (21300) - :proto_type (ReferenceObject - :Name (FreeTel) - :Table (protocols) - :Uid ("{97AEB37E-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port (21301-21305) - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (FreeTel-outgoing-client - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (FreeTel-outgoing-client) - ) - :color (Foreground) - :comments ("real-time full-duplex voice communication via the Internet-client") - :etm_enabled (false) - :exp (freetel_outgoing) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (FreeTel-incoming - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (FreeTel-incoming) - ) - :color (Foreground) - :comments ("FreeTel Incoming Connections") - :etm_enabled (false) - :exp (freetel_incoming) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (echo-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (echo-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Echo Protocol (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (7) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (echo-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (echo-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Echo Protocol (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (7) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (domain-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (domain-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Domain Name System Download") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (53) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (domain-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (domain-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Domain Name System Queries") - :etm_enabled (false) - :include_in_any (true) - :port (53) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (kerberos-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (kerberos-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("secure method for authenticating a request for service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (750) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (kerberos-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (kerberos-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("secure method for authenticating a request for service") - :etm_enabled (false) - :include_in_any (true) - :port (750) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (discard-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (discard-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Discard Server Protocol (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (9) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (discard-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (discard-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Discard Server Protocol (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (9) - :proto_type () - :reload_proof (false) - :replies (false) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (time-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3FF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (time-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Time Server Protocol (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (37) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (time-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB400-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (time-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Time Server Protocol (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (37) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (daytime-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB401-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (daytime-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Daytime Server Protocol (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (13) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (daytime-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB402-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (daytime-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Daytime Server Protocol (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (13) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (ntp-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB403-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ntp-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Network Time Protocol (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (123) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ntp-udp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (ntp-udp) - ) - :delete_on_reply (false) - :color (Black) - :comments ("Network Time Protocol (UDP)") - :etm_enabled (false) - :include_in_any (true) - :port (123) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (icmp-proto - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB405-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (icmp-proto) - ) - :color ("Dark Orchid") - :comments ("Internet Control Message Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (1) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (echo-reply - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB406-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (echo-reply) - ) - :color ("Dark Orchid") - :comments ("ICMP, echo reply") - :etm_enabled (true) - :icmp_code () - :icmp_type (0) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (dest-unreach - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB407-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (dest-unreach) - ) - :color ("Dark Orchid") - :comments ("ICMP, destination unreach") - :etm_enabled (false) - :icmp_code () - :icmp_type (3) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (source-quench - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB408-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (source-quench) - ) - :color ("Dark Orchid") - :comments ("ICMP, source quench") - :etm_enabled (false) - :icmp_code () - :icmp_type (4) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (redirect - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB409-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (redirect) - ) - :color ("Dark Orchid") - :comments ("ICMP, route redirect") - :etm_enabled (true) - :icmp_code () - :icmp_type (5) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (echo-request - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (echo-request) - ) - :color ("Dark Orchid") - :comments ("ICMP, echo request") - :etm_enabled (true) - :icmp_code () - :icmp_type (8) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (time-exceeded - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (time-exceeded) - ) - :color ("Dark Orchid") - :comments ("ICMP, time to live exceeded") - :etm_enabled (false) - :icmp_code () - :icmp_type (11) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (param-prblm - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (param-prblm) - ) - :color ("Dark Orchid") - :comments ("ICMP, parameters problem") - :etm_enabled (false) - :icmp_code () - :icmp_type (12) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (timestamp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (timestamp) - ) - :color ("Dark Orchid") - :comments ("ICMP, timestamp request") - :etm_enabled (true) - :icmp_code () - :icmp_type (13) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (timestamp-reply - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (timestamp-reply) - ) - :color ("Dark Orchid") - :comments ("ICMP, timestamp reply") - :etm_enabled (true) - :icmp_code () - :icmp_type (14) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (info-req - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB40F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (info-req) - ) - :color ("Dark Orchid") - :comments ("ICMP, info request") - :etm_enabled (true) - :icmp_code () - :icmp_type (15) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (info-reply - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB410-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (info-reply) - ) - :color ("Dark Orchid") - :comments ("ICMP, info reply") - :etm_enabled (true) - :icmp_code () - :icmp_type (16) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (mask-request - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB411-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (mask-request) - ) - :color ("Dark Orchid") - :comments ("ICMP, mask request") - :etm_enabled (true) - :icmp_code () - :icmp_type (17) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (mask-reply - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB412-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (icmp_service) - :table (services) - :name (mask-reply) - ) - :color ("Dark Orchid") - :comments ("ICMP, mask reply") - :etm_enabled (true) - :icmp_code () - :icmp_type (18) - :proto_type () - :reload_proof (false) - :type (Icmp) - ) - : (nbname - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB414-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (nbname) - ) - :delete_on_reply (false) - :color (Magenta) - :comments ("NetBios Name Service") - :etm_enabled (false) - :include_in_any (true) - :port (137) - :proto_type (ReferenceObject - :Name (NBNAME) - :Table (protocols) - :Uid ("{97AEB384-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (nbdatagram - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB415-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (nbdatagram) - ) - :delete_on_reply (false) - :color (Magenta) - :comments ("NetBios Datagram Service") - :etm_enabled (false) - :include_in_any (true) - :port (138) - :proto_type (ReferenceObject - :Name (NBDATAGRAM) - :Table (protocols) - :Uid ("{97AEB385-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (nbsession - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB416-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (nbsession) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("NetBios Session Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (139) - :proto_type (ReferenceObject - :Name (CIFS) - :Table (protocols) - :Uid ("{97AEB373-9AEA-11D5-BD16-0090272CCB31}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (irc1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB417-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (irc1) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Internet Relay Chat Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6660-6670) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (lotus - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB419-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (lotus) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Lotus iNotes Web Access Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1352) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (interphone - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB41A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (interphone) - ) - :delete_on_reply (false) - :color (Blue) - :comments ("Vocaltec Internet Phone") - :etm_enabled (false) - :include_in_any (true) - :port (22555) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (Real-Audio - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB41B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (Real-Audio) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("RealNetworks PNA Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (7070) - :proto_type (ReferenceObject - :Name (PNA) - :Table (protocols) - :Uid ("{97AEB37A-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (rtsp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB41C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (rtsp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("Real Time Streaming Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (554) - :proto_type (ReferenceObject - :Name (RTSP) - :Table (protocols) - :Uid ("{97AEB37B-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (TACACS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB41F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (TACACS) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Terminal Access Controller Access Control System over UDP") - :etm_enabled (false) - :include_in_any (true) - :port (49) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (TACACSplus - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB420-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (TACACSplus) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Terminal Access Controller Access Control System over TCP") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (49) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (SKIP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB421-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (SKIP) - ) - :color (Cyan) - :comments ("IPSEC Simple Key Management for Internet Protocols") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (57) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (600) - :type (other) - :weight (0) - ) - : (AH - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB422-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (AH) - ) - :color (Cyan) - :comments ("IPSEC Authentication Header Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (51) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (600) - :type (other) - :weight (0) - ) - : (ESP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB423-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (ESP) - ) - :color (cyan) - :comments ("IPSEC Encapsulating Security Payload Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (50) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (600) - :type (other) - :weight (0) - ) - : (gre - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB424-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (gre) - ) - :color (Red) - :comments () - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (47) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (600) - :type (other) - :weight (0) - ) - : (pptp-tcp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB425-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (pptp-tcp) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("Point-to-Point Tunneling Protocol, extension of PPP") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1723) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (H323_ras - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB32}") - :ClassName (udp_service) - :table (services) - :name (H323_ras) - ) - :delete_on_reply (false) - :color (Cyan) - :comments ("RAS and associated connections (H.323 protocols)") - :etm_enabled (false) - :include_in_any (false) - :port (1719) - :proto_type (ReferenceObject - :Name (H.323_RAS) - :Table (protocols) - :Uid ("{97AEB378-9AEA-11D5-BD16-0090272CCB31}") - ) - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (H323_ras_only - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB432-9AEA-11D5-BD16-0090272CCB31}") - :ClassName (udp_service) - :table (services) - :name (H323_ras_only) - ) - :delete_on_reply (false) - :color (Cyan) - :comments ("Endpoint to Gatekeeper and Gatekeeper to Gatekeeper communication") - :etm_enabled (false) - :include_in_any (true) - :port (1719) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (T.120 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB428-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (T.120) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Cyan) - :comments ("H323, Application sharing protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1503) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (NCP - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB429-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (NCP) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Magenta) - :comments ("Novell NetWare Core Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (524) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (Orbix-1570 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (Orbix-1570) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("IONA Orbix Daemon (IIOP) Port 1570") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1570) - :proto_type (ReferenceObject - :Name (IIOP) - :Table (protocols) - :Uid ("{97AEB386-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Orbix-1571 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (Orbix-1571) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("IONA Orbix Daemon (IIOP) Port 1571") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1571) - :proto_type (ReferenceObject - :Name (IIOP) - :Table (protocols) - :Uid ("{97AEB386-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (OAS-NameServer - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (OAS-NameServer) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("Oracle Application Server (IIOP) NameServer") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2649) - :proto_type (ReferenceObject - :Name (IIOP) - :Table (protocols) - :Uid ("{97AEB386-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (OAS-ORB - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (OAS-ORB) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("Oracle Application Server (IIOP) ORB") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2651) - :proto_type (ReferenceObject - :Name (IIOP) - :Table (protocols) - :Uid ("{97AEB386-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Sitara - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB430-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (Sitara) - ) - :color (Red) - :comments ("Sitara Networks Protocol (SpeedSeeker)") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (109) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (IS411-srvr - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB431-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (IS411-srvr) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6499) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Streamworks - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB432-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (Streamworks) - ) - :delete_on_reply (false) - :color (Red) - :comments () - :etm_enabled (false) - :include_in_any (true) - :port (1558) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (ldap - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB433-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ldap) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("Lightweight Directory Access Protocol") - :enable_tcp_resource (false) - :etm_enabled (true) - :include_in_any (true) - :port (389) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (ldap-ssl - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB434-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ldap-ssl) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments ("Lightweight Directory Access Protocol over TLS/SSL") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (636) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Entrust-Admin - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB435-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (Entrust-Admin) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Entrust CA Administration Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (710) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Entrust-KeyMgmt - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB436-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (Entrust-KeyMgmt) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (FireBrick) - :comments ("Entrust CA Key Management Service") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (709) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (MetaIP-UAT - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB437-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (MetaIP-UAT) - ) - :delete_on_reply (false) - :color (FireBrick) - :comments ("Check Point Meta IP UAM Client-Server Communication") - :etm_enabled (false) - :include_in_any (false) - :port (5004) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (RainWall_Command - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{B9BBEEBA-B639-41A3-97D5-1F9D982D7E44}") - :ClassName (tcp_service) - :table (services) - :name (RainWall_Command) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (black) - :comments ("RainWall higu availability daemon") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (6374) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (RainWall_Daemon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{21CC3F85-E6DF-443D-9846-BD39BD015B85}") - :ClassName (udp_service) - :table (services) - :name (RainWall_Daemon) - ) - :delete_on_reply (false) - :color (black) - :comments ("RainWall daemons communication") - :etm_enabled (false) - :include_in_any (true) - :port (6372) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (RainWall_Status - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{4FBD29C5-06DB-4912-B23D-1BD50D693185}") - :ClassName (udp_service) - :table (services) - :name (RainWall_Status) - ) - :delete_on_reply (false) - :color (black) - :comments ("RainWall remote management status") - :etm_enabled (false) - :include_in_any (true) - :port (6374) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (RainWall_Stop - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{5FF8E3F0-F9E7-47C0-A8CE-FABCCCDB7755}") - :ClassName (udp_service) - :table (services) - :name (RainWall_Stop) - ) - :delete_on_reply (false) - :color (black) - :comments ("RainWall monitoring") - :etm_enabled (false) - :include_in_any (true) - :port (6373) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (StoneBeat-Control - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB438-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (StoneBeat-Control) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Stonesoft StoneBeat Control") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (3002) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (StoneBeat-Daemon - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB439-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (StoneBeat-Daemon) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Black) - :comments ("Stonesoft StoneBeat Daemon Heartbeat") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (3001) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (RealSecure - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (RealSecure) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("Forest Green") - :comments ("Automatic 'Suspicious Activity Monitoring' activator") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2998) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (pcANYWHERE-data - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (pcANYWHERE-data) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("PCs remote access security software, data") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5631) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (pcANYWHERE-stat - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (pcANYWHERE-stat) - ) - :delete_on_reply (false) - :color (Blue) - :comments ("PCs remote access security software, status") - :etm_enabled (false) - :include_in_any (true) - :port (5632) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (pcTELECOMMUTE-FileSync - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB441-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (pcTELECOMMUTE-FileSync) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("Symantec pcTELECOMMUTE File Synchronization") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (2299) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (vosaic-data - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB444-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (vosaic-data) - ) - :delete_on_reply (false) - :color (Blue) - :comments () - :etm_enabled (false) - :include_in_any (true) - :port (20000-20300) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (vosaic-ctrl - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB445-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (vosaic-ctrl) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1235) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (imap - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB446-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (imap) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Yellow) - :comments ("Interactive Mail Access Protocol") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (143) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (FW1_Encapsulation - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB447-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (FW1_Encapsulation) - ) - :color (Firebrick) - :comments ("Check Point VPN-1 SecuRemote FWZ Encapsulation Protocol") - :etm_enabled (false) - :exp () - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (94) - :reload_proof (false) - :replies (true) - :sync_on_cluster (true) - :timeout (600) - :type (other) - :weight (0) - ) - : (netshow - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB448-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (netshow) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("Microsoft NetShow (Windows Media Player)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1755) - :proto_type (ReferenceObject - :Name (NetShow) - :Table (protocols) - :Uid ("{97AEB37C-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (backweb - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB449-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (other_service) - :table (services) - :name (backweb) - ) - :color (Blue) - :comments ("PUSH Web applications, send information directly to desktops. over the Internet") - :etm_enabled (false) - :exp (backweb_match) - :include_in_any (true) - :needruleinfo (false) - :proto_type (ReferenceObject - :Name (BackWeb) - :Table (protocols) - :Uid ("{97AEB37F-9AEA-11D5-BD16-0090272CCB30}") - ) - :protocol (17) - :reload_proof (false) - :replies (false) - :sync_on_cluster (true) - :timeout (0) - :type (other) - :weight (0) - ) - : (winframe - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB44A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (winframe) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Blue) - :comments ("Allows servers to provide applications and data for attached computer workstations (Windows)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (1494) - :proto_type (ReferenceObject - :Name (WinFrame) - :Table (protocols) - :Uid ("{97AEB380-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (CU-SeeMe - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB44B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (CU-SeeMe) - ) - :delete_on_reply (false) - :color (Blue) - :comments ("person-to-person or group discussions videoconference") - :etm_enabled (false) - :include_in_any (true) - :port (7648-7652) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (CreativePartnerSrvr - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB44C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CreativePartnerSrvr) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("The Server listening port") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (453) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (CreativePartnerClnt - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB44D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (CreativePartnerClnt) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("The Client listening port") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (455) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (AOL - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB44F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (AOL) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("America-Online client service (TCP)") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (5190) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (OnTime - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB450-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :name (OnTime) - ) - :delete_on_reply (false) - :color (Foreground) - :comments () - :etm_enabled (false) - :include_in_any (true) - :port (1622) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (udp) - ) - : (ConnectedOnLine - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB451-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (ConnectedOnLine) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Foreground) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (16384) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (MSExchangeDSNSPI - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB452-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeDSNSPI) - ) - :color (Blue) - :comments ("Microsoft Exchange Directory Services (NSPI)") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (f5cc5a18-4264-101a-8c59-08002b2f8426) - ) - : (MSExchangeDSRep - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB453-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeDSRep) - ) - :color (Blue) - :comments ("Microsoft Exchange Directory Replication Services") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (f5cc59b4-4264-101a-8c59-08002b2f8426) - ) - : (MSExchangeDSXDS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB454-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeDSXDS) - ) - :color (Blue) - :comments ("Microsoft Exchange Directory Services XDS") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (f5cc5a7c-4264-101a-8c59-08002b2f8426) - ) - : (MSExchangeIS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB455-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeIS) - ) - :color (Blue) - :comments ("Microsoft Exchange Information Store") - :etm_enabled (false) - :proto_type (ReferenceObject - :Name (MSEXCHANGE) - :Table (protocols) - :Uid ("{97AEB382-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :type (dcerpc) - :uuid (a4f1db00-ca47-1067-b31f-00dd010662da) - ) - : (MSExchangeMTA - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB456-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeMTA) - ) - :color (Blue) - :comments ("Microsoft Exchange Message Transfer Agent") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (9e8ee830-4459-11ce-979b-00aa005ffebe) - ) - : (MSExchangeADL - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB457-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeADL) - ) - :color (Blue) - :comments ("Microsoft Exchange 2000 Active Directory Logon") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (12345678-1234-abcd-ef00-01234567cffb) - ) - : (MSExchangeDirRep - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB458-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeDirRep) - ) - :color (Blue) - :comments ("Microsoft Exchange 2000 Directory Replication") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (e3514235-4b06-11d1-ab04-00c04fc2dcd2) - ) - : (MSExchangeSysAtt - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB459-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeSysAtt) - ) - :color (Blue) - :comments ("Microsoft Exchange System Attendant") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (469d6ec0-0d87-11ce-b13f-00aa003bac6c) - ) - : (MSExchangeSysAttPriv - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeSysAttPriv) - ) - :color (Blue) - :comments ("Microsoft Exchange System Attendant Private") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (83d72bf0-0d89-11ce-b13f-00aa003bac6c) - ) - : (MSExchangeStoreAdm - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (MSExchangeStoreAdm) - ) - :color (Blue) - :comments ("Microsoft Exchange Store Administration") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (89742ace-a9ed-11cf-9c0c-08002be7ae86) - ) - : (HP-OpCdistm - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB460-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCdistm) - ) - :color (Blue) - :comments ("HP-OV OpC Distribution Manager") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (5df3dc6f-a568-0000-020f-887805000000) - ) - : (HP-OpCmsgrd-std - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB461-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCmsgrd-std) - ) - :color (Blue) - :comments ("HP-OV OpC Message Receiver") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (6d63f833-c0a0-0000-020f-887818000000) - ) - : (HP-OpCmsgrd-m2m - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB462-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCmsgrd-m2m) - ) - :color (Blue) - :comments ("HP-OV OpC Message Receiver (M2M)") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (6e0b494b-d551-0000-020f-88781a000000) - ) - : (HP-OpCmsgrd-coa - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB463-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCmsgrd-coa) - ) - :color (Blue) - :comments ("HP-OV OpC Message receiver (COA)") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (e0c92330-3ba9-0000-a38b-0800096df3a6) - ) - : (HP-OpCctla - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB464-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCctla) - ) - :color (Blue) - :comments ("HP-OV OpC Control Agent") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (9e0c0224-3654-0000-9a8d-08000949ab4c) - ) - : (HP-OpCctla-cfgpush - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB465-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCctla-cfgpush) - ) - :color (Blue) - :comments ("HP-OV OpC Control Agent (cfgpush)") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (0d8fe322-d6ee-11d2-b858-0800096df3a6) - ) - : (HP-OpCctla-bulk - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB466-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (dcerpc_service) - :table (services) - :name (HP-OpCctla-bulk) - ) - :color (Blue) - :comments ("HP-OV OpC Control Agent (Bulk)") - :etm_enabled (false) - :proto_type () - :reload_proof (false) - :type (dcerpc) - :uuid (8d5cae88-43c9-0000-94f1-0800096df3a6) - ) - : (Pointcast - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB477-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (compound_tcp_service) - :table (services) - :name (Pointcast) - ) - :color ("Forest Green") - :comments ("http subservice for FloodGate use, push web content") - :etm_enabled (false) - :port (80) - :proto_type () - :reload_proof (false) - :svc_type (pointcast) - :type (Tcp_subservice) - ) - : (Cdf - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB478-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (compound_tcp_service) - :table (services) - :name (Cdf) - ) - :color ("Forest Green") - :comments ("http subservice for FloodGate use,Channel Definition Format") - :etm_enabled (false) - :port (80) - :proto_type () - :reload_proof (false) - :svc_type (Cdf) - :type (Tcp_subservice) - ) - : (Marimba_Netcaster - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB479-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (compound_tcp_service) - :table (services) - :name (Marimba_Netcaster) - ) - :color (black) - :comments ("http subservice for FloodGate use, Marimba Castanet Tuner product") - :etm_enabled (false) - :port (80) - :proto_type () - :reload_proof (false) - :svc_type (NetCaster) - :type (Tcp_subservice) - ) - : (Microsoft_Channels - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (compound_tcp_service) - :table (services) - :name (Microsoft_Channels) - ) - :color (black) - :comments ("http subservice for FloodGate use, Microsoft Channels") - :etm_enabled (false) - :port (80) - :proto_type () - :reload_proof (false) - :svc_type (CDF) - :type (Tcp_subservice) - ) - : (squid - :AdminInfo ( - :chkpf_uid ("{91C0454D-F70C-44B3-8F2D-70C4A68E9594}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Nov 30 19:21:23 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("forest green") - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (3128) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (RAdmin-custom - :AdminInfo ( - :chkpf_uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Nov 30 19:36:18 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (gold) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (60000) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (apcupsd - :AdminInfo ( - :chkpf_uid ("{A1044CB4-439C-40C9-8489-FA5086134886}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Dec 5 20:06:52 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (gold) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (6666) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (T-online-classic - :AdminInfo ( - :chkpf_uid ("{738B04E5-09F7-44BF-9FEC-AEA0F15B7E9A}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Dec 17 21:34:22 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color ("deep pink") - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (866) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (H323 - :AdminInfo ( - :chkpf_uid ("{97AEB427-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Jan 30 21:58:29 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (cyan) - :comments ("videoconference transmissions over IP networks") - :enable_tcp_resource (false) - :etm_enabled (true) - :include_in_any (false) - :port (1720) - :proto_type (ReferenceObject - :Name (H.323) - :Table (protocols) - :Uid ("{97AEB377-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (H323_any - :AdminInfo ( - :chkpf_uid ("{97AEB427-9AEA-11D5-BD16-0090272CCB33}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Jan 30 21:59:04 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (cyan) - :comments ("videoconference transmissions over IP networks") - :enable_tcp_resource (false) - :etm_enabled (true) - :include_in_any (false) - :port (1720) - :proto_type (ReferenceObject - :Name (H.323_ANY) - :Table (protocols) - :Uid ("{97AEB377-9AEA-11D5-BD16-0090272CCB35}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (Citrix_metaFrame - :AdminInfo ( - :chkpf_uid ("{13D7904E-334B-4549-8FBD-6B4D6B8B80B2}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Mar 30 14:50:57 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Citrix_ICA) - :Table (services) - :Uid ("{986BAD5A-94D2-4A8C-81AA-DE98D3ECB5C6}") - ) - : (ReferenceObject - :Name (Citrix_ICA_Browsing) - :Table (services) - :Uid ("{E8C5AB78-F08D-437C-A9B1-BE4A8679D766}") - ) - :color (black) - :comments ("group for citrix communication") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Trojan_Services - :AdminInfo ( - :chkpf_uid ("{F956089C-6DD8-4FF4-9FB1-E13969CDADFF}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 07 19:44:37 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Back_Door_Setup) - :Table (services) - :Uid ("{86077A7D-A8DA-4B5B-919C-366FE91AD1DA}") - ) - : (ReferenceObject - :Name (Backage) - :Table (services) - :Uid ("{96759A8D-AAB8-43D9-BBFC-B459CE66AC87}") - ) - : (ReferenceObject - :Name (BackDoor-G) - :Table (services) - :Uid ("{A651F18C-1C7C-4BD2-9FFE-790C29E3CCD9}") - ) - : (ReferenceObject - :Name (Connect-Back_Backdoor) - :Table (services) - :Uid ("{E0C17142-433D-40A7-9EAA-E1D5EBA40D2E}") - ) - : (ReferenceObject - :Name (CrackDown) - :Table (services) - :Uid ("{88AAA643-BF12-4D40-A02D-E98A8159358A}") - ) - : (ReferenceObject - :Name (DaCryptic) - :Table (services) - :Uid ("{C13E3031-02D6-4341-A307-3DAF10735078}") - ) - : (ReferenceObject - :Name (DerSphere) - :Table (services) - :Uid ("{8055B0DE-DACE-4D18-91F4-F39915B7ABA8}") - ) - : (ReferenceObject - :Name (DerSphere_II) - :Table (services) - :Uid ("{8D971C42-17DE-49A0-A646-A8E0057AEBBD}") - ) - : (ReferenceObject - :Name (Freak2k) - :Table (services) - :Uid ("{08DA33FF-BC5F-402A-9865-BEE8FEE69422}") - ) - : (ReferenceObject - :Name (GateCrasher) - :Table (services) - :Uid ("{81B90130-2A31-45CD-8092-DC492B116CA9}") - ) - : (ReferenceObject - :Name (HackaTack_31785) - :Table (services) - :Uid ("{82BA0DD2-42E6-472D-8877-57F519175C14}") - ) - : (ReferenceObject - :Name (HackaTack_31787) - :Table (services) - :Uid ("{C693C8C1-78E3-450D-936E-AA3278190633}") - ) - : (ReferenceObject - :Name (HackaTack_31788) - :Table (services) - :Uid ("{B8D159DC-AA70-4CC5-9C5A-8C2AD3AA977E}") - ) - : (ReferenceObject - :Name (HackaTack_31789) - :Table (services) - :Uid ("{FF8EA038-34FD-4B7B-8A8A-8D6BF0A599FE}") - ) - : (ReferenceObject - :Name (HackaTack_31790) - :Table (services) - :Uid ("{2176F91C-5FB4-4111-98BD-7D5D5B358FE0}") - ) - : (ReferenceObject - :Name (HackaTack_31791) - :Table (services) - :Uid ("{05647A8C-F0E7-4354-ADBD-C685EE7742F0}") - ) - : (ReferenceObject - :Name (HackaTack_31792) - :Table (services) - :Uid ("{26339B33-1C42-4E49-96E9-55770F6AF0CE}") - ) - : (ReferenceObject - :Name (ICKiller) - :Table (services) - :Uid ("{06233377-3454-489A-B9FB-2F2CA14B895B}") - ) - : (ReferenceObject - :Name (InCommand) - :Table (services) - :Uid ("{230B24DF-1EFA-4A28-B7A4-87DFB79AFBA7}") - ) - : (ReferenceObject - :Name (Jade) - :Table (services) - :Uid ("{C2F963B0-DB3C-42D5-B0F2-A2A7BC0D378D}") - ) - : (ReferenceObject - :Name (Kaos) - :Table (services) - :Uid ("{10F56849-2E03-40DD-9CF7-56AEE2CFA57F}") - ) - : (ReferenceObject - :Name (Kuang2) - :Table (services) - :Uid ("{CE29B597-76B9-48AA-AC24-AE7E23C438ED}") - ) - : (ReferenceObject - :Name (lpdw0rm) - :Table (services) - :Uid ("{73BFBF75-EB13-42C0-BA69-58B8F026B4D6}") - ) - : (ReferenceObject - :Name (Mneah) - :Table (services) - :Uid ("{E43B7817-DBB6-4C74-A95A-C424DC47999C}") - ) - : (ReferenceObject - :Name (Multidropper) - :Table (services) - :Uid ("{E38E4DEA-A610-4416-BF44-6F4E45E95E70}") - ) - : (ReferenceObject - :Name (NoBackO) - :Table (services) - :Uid ("{AA02E546-80D1-453A-91DC-49F606764451}") - ) - : (ReferenceObject - :Name (Port_6667_trojans) - :Table (services) - :Uid ("{AEAA6C77-E87E-4581-AD73-06417391DFAD}") - ) - : (ReferenceObject - :Name (RAT) - :Table (services) - :Uid ("{B236D830-9615-4578-B6E2-B0B44C45FDA0}") - ) - : (ReferenceObject - :Name (Remote_Storm) - :Table (services) - :Uid ("{D4B1F3B0-C606-4B6B-8118-EE61303F8E19}") - ) - : (ReferenceObject - :Name (RexxRave) - :Table (services) - :Uid ("{637B7F26-C4B2-4510-872E-5A10DE046CB4}") - ) - : (ReferenceObject - :Name (Shadyshell) - :Table (services) - :Uid ("{41C4DF08-DBF9-4576-9114-B8F1DC4DC8D7}") - ) - : (ReferenceObject - :Name (SocketsdesTroie) - :Table (services) - :Uid ("{69CA7583-1FD4-4C86-AC1A-680697A9AF93}") - ) - : (ReferenceObject - :Name (SubSeven) - :Table (services) - :Uid ("{E926E948-FAE7-4140-8FED-11426B1A32B9}") - ) - : (ReferenceObject - :Name (Terrortrojan) - :Table (services) - :Uid ("{CC1D78CC-5FCE-4496-A78B-C37AA0622F7A}") - ) - : (ReferenceObject - :Name (TheFlu) - :Table (services) - :Uid ("{02F708DD-0337-485F-A04B-3B931971B93A}") - ) - : (ReferenceObject - :Name (TransScout) - :Table (services) - :Uid ("{16AEE006-0F79-407E-B6A4-F3CC5A7A31D5}") - ) - : (ReferenceObject - :Name (Trinoo) - :Table (services) - :Uid ("{3CF4DA8B-576E-47EC-903E-91F155BD0CD9}") - ) - : (ReferenceObject - :Name (UltorsTrojan) - :Table (services) - :Uid ("{6E745536-B8C9-4DF5-BFD5-043E62013956}") - ) - : (ReferenceObject - :Name (WinHole) - :Table (services) - :Uid ("{25AC306E-1FC9-4E3E-BF66-4A48473CAF3F}") - ) - : (ReferenceObject - :Name (Xanadu) - :Table (services) - :Uid ("{24DE2CDE-DFCD-4C9B-9124-492AC4BEDBA7}") - ) - :color (magenta) - :comments ("Common ports used by trojan applications.") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MS-SQL - :AdminInfo ( - :chkpf_uid ("{68A602A2-28DA-4425-B566-86A537A3BCA3}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Feb 20 18:15:39 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (MS-SQL-Monitor) - :Table (services) - :Uid ("{EF245528-9A3D-11D6-9EAA-3E5A6FDD6A6A}") - ) - : (ReferenceObject - :Name (MS-SQL-Monitor_UDP) - :Table (services) - :Uid ("{5AD1A14C-647C-41DE-9F84-D1C34F09D63B}") - ) - : (ReferenceObject - :Name (MS-SQL-Server) - :Table (services) - :Uid ("{DFF4F7BA-9A3D-11D6-91C1-3E5A6FDD5151}") - ) - : (ReferenceObject - :Name (MS-SQL-Server_UDP) - :Table (services) - :Uid ("{BFD72CD2-8E5F-4EDE-BDB2-6DFC016AFCCD}") - ) - :color (black) - :comments ("MS-SQL Server Protocols") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (AOL_Messenger - :AdminInfo ( - :chkpf_uid ("{2C970C2B-84A3-40B5-AB0E-83244DD47BCD}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:19:56 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (AOL) - :Table (services) - :Uid ("{97AEB44F-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ICQ_locator) - :Table (services) - :Uid ("{BBEC6807-808D-49B7-B8DC-54C5A655D392}") - ) - :color (black) - :comments ("AOL Instant Messenger. Also used by: ICQ & Apple iChat") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MSN_Messenger - :AdminInfo ( - :chkpf_uid ("{5693ACA1-316D-410E-A8F3-BA5D2F97E5B7}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:24:19 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (MSN_Messenger_1863_UDP) - :Table (services) - :Uid ("{0094AAC2-A29E-4D04-B86C-F31F63DFFAE2}") - ) - : (ReferenceObject - :Name (MSN_Messenger_5190) - :Table (services) - :Uid ("{0AC39B6A-701A-4C33-A88D-9EB0FECF9EF6}") - ) - : (ReferenceObject - :Name (MSN_Messenger_File_Transfer) - :Table (services) - :Uid ("{505BADAD-AE57-4584-9A4C-15987C093A32}") - ) - : (ReferenceObject - :Name (MSN_Messenger_Voice) - :Table (services) - :Uid ("{E3E6D587-3212-4FF4-86A1-D16093689E19}") - ) - : (ReferenceObject - :Name (MSNP) - :Table (services) - :Uid ("{D18F244B-0B13-4FB8-AA2F-D966EEFFB6B3}") - ) - :color (black) - :comments ("MSN Messenger") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Yahoo_Messenger - :AdminInfo ( - :chkpf_uid ("{8E3ED837-81C6-43EF-BADA-7C330C57D891}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:25:36 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Yahoo_Messenger_messages) - :Table (services) - :Uid ("{24CD3A7C-AA2C-43D4-8EB6-FF1F070143EA}") - ) - : (ReferenceObject - :Name (Yahoo_Messenger_Voice_Chat_TCP) - :Table (services) - :Uid ("{C2639E22-FD63-4520-99F7-A70215B95874}") - ) - : (ReferenceObject - :Name (Yahoo_Messenger_Voice_Chat_UDP) - :Table (services) - :Uid ("{C98BB09A-B04F-437C-AD1A-6C8261831B87}") - ) - : (ReferenceObject - :Name (Yahoo_Messenger_Webcams) - :Table (services) - :Uid ("{910F509F-8F2A-452D-BC15-E51F8CC1694C}") - ) - :color (blue) - :comments ("Yahoo Messenger") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Messenger_Applications - :AdminInfo ( - :chkpf_uid ("{CD7C1A5F-6268-40B6-A8C7-2727B8036CB1}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:28:17 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (AOL_Messenger) - :Table (services) - :Uid ("{2C970C2B-84A3-40B5-AB0E-83244DD47BCD}") - ) - : (ReferenceObject - :Name (MSN_Messenger) - :Table (services) - :Uid ("{5693ACA1-316D-410E-A8F3-BA5D2F97E5B7}") - ) - : (ReferenceObject - :Name (Yahoo_Messenger) - :Table (services) - :Uid ("{8E3ED837-81C6-43EF-BADA-7C330C57D891}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Direct_Connect - :AdminInfo ( - :chkpf_uid ("{5CFC76C2-B743-4B68-9FBF-E901EAA3698D}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:29:23 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Direct_Connect_TCP) - :Table (services) - :Uid ("{D02080C1-B225-4DA0-987B-28B3A551B8C9}") - ) - : (ReferenceObject - :Name (Direct_Connect_UDP) - :Table (services) - :Uid ("{64C3AD3F-69D2-4EC1-B843-5DF030C70ABF}") - ) - :color (black) - :comments ("Direct Connect P2P application. Used also by other clients") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (eDonkey - :AdminInfo ( - :chkpf_uid ("{42929FB0-C8DD-465E-BE01-3E484F4299F6}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:33:32 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (eDonkey_4661) - :Table (services) - :Uid ("{760D9035-1C76-4C5C-B929-BA1DC6685D6F}") - ) - : (ReferenceObject - :Name (eDonkey_4662) - :Table (services) - :Uid ("{7115E261-185C-4487-AA18-84F8C275D186}") - ) - : (ReferenceObject - :Name (eDonkey_4665) - :Table (services) - :Uid ("{D3CAA92A-1032-41AE-A1A1-2274F3AB9F45}") - ) - :color (black) - :comments ("eDonkey protocol. Used also by other clients.") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (GNUtella - :AdminInfo ( - :chkpf_uid ("{F0059B62-E18E-478F-A3BD-18595D53D3E1}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:35:10 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (GNUtella_rtr_TCP) - :Table (services) - :Uid ("{B1189907-B9EB-4A21-8B38-1D3E5C6C06D0}") - ) - : (ReferenceObject - :Name (GNUtella_rtr_UDP) - :Table (services) - :Uid ("{1B4543A3-579E-4CC7-8F57-4387C37A6815}") - ) - : (ReferenceObject - :Name (GNUtella_TCP) - :Table (services) - :Uid ("{CDEF1FEB-485E-4929-942E-011DE8318E56}") - ) - : (ReferenceObject - :Name (GNUtella_UDP) - :Table (services) - :Uid ("{8EB18480-2690-4520-AE88-412BF5CE94E3}") - ) - :color (black) - :comments ("GNUtella P2P protocol (used by: BearShare, ToadNode, Gnucleus, Xolox, LimeWire)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Hotline - :AdminInfo ( - :chkpf_uid ("{4C3E148F-BCC4-4C97-9955-09DA850FB9A6}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:37:42 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Hotline_client) - :Table (services) - :Uid ("{B45556D9-5E0B-46F4-9C35-ED7D82BEC43D}") - ) - : (ReferenceObject - :Name (Hotline_tracker) - :Table (services) - :Uid ("{D6B64DF2-4803-4D79-9794-793D18B277D8}") - ) - :color (black) - :comments ("Hotline P2P protocol") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (DAIP_Control_services - :AdminInfo ( - :chkpf_uid ("{77C21EA4-9DB4-40FE-86E0-58252C3759D8}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Apr 03 09:38:32 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (CPD) - :Table (services) - :Uid ("{97AEB3AB-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (FW1) - :Table (services) - :Uid ("{97AEB388-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (FW1_ica_pull) - :Table (services) - :Uid ("{97AEB3A4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (FW1_log) - :Table (services) - :Uid ("{97AEB389-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Napster - :AdminInfo ( - :chkpf_uid ("{5EE3CA5B-35A2-4988-859C-7157E8CFFEAD}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:38:38 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Napster_Client_6600-6699) - :Table (services) - :Uid ("{3BB26988-E0A5-45D6-8018-D4D4DE8B96FA}") - ) - : (ReferenceObject - :Name (Napster_directory_4444) - :Table (services) - :Uid ("{741A5B0E-3788-4284-91A1-819E99D9ED96}") - ) - : (ReferenceObject - :Name (Napster_directory_5555) - :Table (services) - :Uid ("{8287D6D8-3B6B-4824-8F2D-18BC570EC9B2}") - ) - : (ReferenceObject - :Name (Napster_directory_6666) - :Table (services) - :Uid ("{1EF8FC95-FF10-414B-AF76-C0BCC2CD711E}") - ) - : (ReferenceObject - :Name (Napster_directory_7777) - :Table (services) - :Uid ("{182B1D39-54B6-4E2F-BAE8-2D8021D52206}") - ) - : (ReferenceObject - :Name (Napster_directory_8888_primary) - :Table (services) - :Uid ("{BE51561E-7876-4C70-9546-0914AE737F6E}") - ) - : (ReferenceObject - :Name (Napster_redirector) - :Table (services) - :Uid ("{3FD0D58A-9759-4686-B103-D177ADFC7193}") - ) - :color (black) - :comments ("Napster P2P protocol") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (CIFS - :AdminInfo ( - :chkpf_uid ("{2A469820-B502-434C-9340-A377677A6A60}") - :ClassName (service_group) - :table (services) - :LastModified ( - :Time ("Wed Jun 12 12:11:06 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (microsoft-ds) - :Table (services) - :Uid ("{CFBCACE4-7C6F-11D6-BF0E-3E5A6FE83232}") - ) - : (ReferenceObject - :Name (NBT) - :Table (services) - :Uid ("{97AEB471-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments ("Common Internet File System Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (FW1_clntauth - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB38D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (FW1_clntauth) - ) - : (ReferenceObject - :Name (FW1_clntauth_telnet) - :Table (services) - :Uid ("{97AEB38B-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (FW1_clntauth_http) - :Table (services) - :Uid ("{97AEB38C-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (FireBrick) - :comments ("Check Point VPN-1 & FireWall-1 Client Authentication") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (sqlnet2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (sqlnet2) - ) - : (ReferenceObject - :Name (sqlnet2-1521) - :Table (services) - :Uid ("{97AEB3EF-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (sqlnet2-1525) - :Table (services) - :Uid ("{97AEB3F0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (sqlnet2-1526) - :Table (services) - :Uid ("{97AEB3F1-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Foreground) - :comments ("Oracle SQL*Net Version 2 Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (FreeTel-outgoing - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:07 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB3F5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (FreeTel-outgoing) - ) - : (ReferenceObject - :Name (FreeTel-outgoing-server) - :Table (services) - :Uid ("{97AEB3F3-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (FreeTel-outgoing-client) - :Table (services) - :Uid ("{97AEB3F4-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Foreground) - :comments ("FreeTel Outgoing Connections") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (icmp-requests - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (icmp-requests) - ) - : (ReferenceObject - :Name (echo-request) - :Table (services) - :Uid ("{97AEB40A-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (info-req) - :Table (services) - :Uid ("{97AEB40F-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (timestamp) - :Table (services) - :Uid ("{97AEB40D-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (mask-request) - :Table (services) - :Uid ("{97AEB411-9AEA-11D5-BD16-0090272CCB30}") - ) - :color ("Dark Orchid") - :comments ("ICMP, requests group") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Orbix - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (Orbix) - ) - : (ReferenceObject - :Name (Orbix-1570) - :Table (services) - :Uid ("{97AEB42A-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (Orbix-1571) - :Table (services) - :Uid ("{97AEB42B-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments ("IONA Orbix Daemon (IIOP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (OAS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB42F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (OAS) - ) - : (ReferenceObject - :Name (OAS-NameServer) - :Table (services) - :Uid ("{97AEB42D-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (OAS-ORB) - :Table (services) - :Uid ("{97AEB42E-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments ("Oracle Application Server (IIOP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (StoneBeat - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (StoneBeat) - ) - : (ReferenceObject - :Name (StoneBeat-Control) - :Table (services) - :Uid ("{97AEB438-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (StoneBeat-Daemon) - :Table (services) - :Uid ("{97AEB439-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (snmp) - :Table (services) - :Uid ("{97AEB3B2-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Stonesoft StoneBeat") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (RealPlayer - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (RealPlayer) - ) - : (ReferenceObject - :Name (Real-Audio) - :Table (services) - :Uid ("{97AEB41B-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (rtsp) - :Table (services) - :Uid ("{97AEB41C-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Blue) - :comments ("RealNetworks RealPlayer Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (NetMeeting - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB43D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (NetMeeting) - ) - : (ReferenceObject - :Name (H323) - :Table (services) - :Uid ("{97AEB427-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ldap) - :Table (services) - :Uid ("{97AEB433-9AEA-11D5-BD16-0090272CCB30}") - ) - :color ("Dark Green") - :comments ("Netmeeting group (H323 & Ldap)") - :etm_enabled (true) - :member_class (service) - :members_query () - :type (group) - ) - : (pcANYWHERE - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB440-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (pcANYWHERE) - ) - : (ReferenceObject - :Name (pcANYWHERE-data) - :Table (services) - :Uid ("{97AEB43E-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pcANYWHERE-stat) - :Table (services) - :Uid ("{97AEB43F-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Blue) - :comments ("Symantec pcANYWHERE") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (pcTELECOMMUTE - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB442-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (pcTELECOMMUTE) - ) - : (ReferenceObject - :Name (pcANYWHERE) - :Table (services) - :Uid ("{97AEB440-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pcTELECOMMUTE-FileSync) - :Table (services) - :Uid ("{97AEB441-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Blue) - :comments ("Symantec pcTELECOMMUTE") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MSExchange - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (MSExchange) - ) - : (ReferenceObject - :Name (MSExchangeDSNSPI) - :Table (services) - :Uid ("{97AEB452-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeIS) - :Table (services) - :Uid ("{97AEB455-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeDirRef) - :Table (services) - :Uid ("{01693eed-3f81-44d3-b498-51696722cc32}") - ) - :color (Blue) - :comments ("Microsoft Exchange Client-Server over MAPI") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MSExchange-SiteConnector - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (MSExchange-SiteConnector) - ) - : (ReferenceObject - :Name (MSExchangeDSNSPI) - :Table (services) - :Uid ("{97AEB452-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeDSRep) - :Table (services) - :Uid ("{97AEB453-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeMTA) - :Table (services) - :Uid ("{97AEB456-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Blue) - :comments ("Microsoft Exchange MAPI Site Connector") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MSExchange-RemoteAdmin - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (MSExchange-RemoteAdmin) - ) - : (ReferenceObject - :Name (MSExchangeDSXDS) - :Table (services) - :Uid ("{97AEB454-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeSysAtt) - :Table (services) - :Uid ("{97AEB459-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeSysAttPriv) - :Table (services) - :Uid ("{97AEB45A-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeStoreAdm) - :Table (services) - :Uid ("{97AEB45B-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Blue) - :comments ("Microsoft Exchange Remote Administration") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (MSExchange-2000 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB45F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (MSExchange-2000) - ) - : (ReferenceObject - :Name (MSExchangeADL) - :Table (services) - :Uid ("{97AEB457-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeDirRep) - :Table (services) - :Uid ("{97AEB458-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (MSExchangeDirRef) - :Table (services) - :Uid ("{01693eed-3f81-44d3-b498-51696722cc32}") - ) - :color (Blue) - :comments ("Microsoft Exchange 2000 Extensions") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (securid - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB467-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (securid) - ) - : (ReferenceObject - :Name (securid-udp) - :Table (services) - :Uid ("{97AEB3EC-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (securidprop) - :Table (services) - :Uid ("{97AEB3ED-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (FireBrick) - :comments ("Secure ID group") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Authenticated - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB468-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (Authenticated) - ) - : (ReferenceObject - :Name (telnet) - :Table (services) - :Uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ftp) - :Table (services) - :Uid ("{97AEB3D0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (login) - :Table (services) - :Uid ("{97AEB3BE-9AEA-11D5-BD16-0090272CCB30}") - ) - :color ("Forest Green") - :comments ("Authenticated group") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (mosaic - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB469-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (mosaic) - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (gopher) - :Table (services) - :Uid ("{97AEB3D5-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ftp) - :Table (services) - :Uid ("{97AEB3D0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (archie) - :Table (services) - :Uid ("{97AEB3D6-9AEA-11D5-BD16-0090272CCB30}") - ) - :color ("Forest Green") - :comments ("Mosaic group") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (echo - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (echo) - ) - : (ReferenceObject - :Name (echo-tcp) - :Table (services) - :Uid ("{97AEB3F7-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (echo-udp) - :Table (services) - :Uid ("{97AEB3F8-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Echo Protocol group (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (dns - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (dns) - ) - : (ReferenceObject - :Name (domain-tcp) - :Table (services) - :Uid ("{97AEB3F9-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Domain Name System (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (kerberos - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (kerberos) - ) - : (ReferenceObject - :Name (kerberos-tcp) - :Table (services) - :Uid ("{97AEB3FB-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (kerberos-udp) - :Table (services) - :Uid ("{97AEB3FC-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Kerberos Protocol group (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (discard - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (discard) - ) - : (ReferenceObject - :Name (discard-tcp) - :Table (services) - :Uid ("{97AEB3FD-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (discard-udp) - :Table (services) - :Uid ("{97AEB3FE-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Discard Protocol group (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (time - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (time) - ) - : (ReferenceObject - :Name (time-tcp) - :Table (services) - :Uid ("{97AEB3FF-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (time-udp) - :Table (services) - :Uid ("{97AEB400-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Time Server Protocol") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (daytime - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB46F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (daytime) - ) - : (ReferenceObject - :Name (daytime-tcp) - :Table (services) - :Uid ("{97AEB401-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (daytime-udp) - :Table (services) - :Uid ("{97AEB402-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Daytime Protocol group (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (ntp - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB470-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (ntp) - ) - : (ReferenceObject - :Name (ntp-tcp) - :Table (services) - :Uid ("{97AEB403-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Network Time Protocol group (TCP/UDP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (NBT - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB471-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (NBT) - ) - : (ReferenceObject - :Name (nbname) - :Table (services) - :Uid ("{97AEB414-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nbdatagram) - :Table (services) - :Uid ("{97AEB415-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nbsession) - :Table (services) - :Uid ("{97AEB416-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Magenta) - :comments ("NetBios Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (Group) - ) - : (NIS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB472-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (NIS) - ) - : (ReferenceObject - :Name (ypbind) - :Table (services) - :Uid ("{97AEB3C2-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (yppasswd) - :Table (services) - :Uid ("{97AEB3C3-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ypserv) - :Table (services) - :Uid ("{97AEB3C1-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ypupdated) - :Table (services) - :Uid ("{97AEB3C4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ypxfrd) - :Table (services) - :Uid ("{97AEB3C5-9AEA-11D5-BD16-0090272CCB30}") - ) - :color ("Navy Blue") - :comments ("Network Information Services (YP)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (Group) - ) - : (NFS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB473-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (NFS) - ) - : (ReferenceObject - :Name (mountd) - :Table (services) - :Uid ("{97AEB3BA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nfsd) - :Table (services) - :Uid ("{97AEB3B8-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nfsd-tcp) - :Table (services) - :Uid ("{97AEB3B9-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nfsprog) - :Table (services) - :Uid ("{97AEB3B7-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nlockmgr) - :Table (services) - :Uid ("{97AEB3BC-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pcnfsd) - :Table (services) - :Uid ("{97AEB3BB-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Red) - :comments ("Network File System Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (Group) - ) - : (irc - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB474-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (irc) - ) - : (ReferenceObject - :Name (irc1) - :Table (services) - :Uid ("{97AEB417-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (irc2) - :Table (services) - :Uid ("{97AEB418-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Black) - :comments ("Internet Relay Chat Protocol") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (Group) - ) - : (IPSEC - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB475-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (IPSEC) - ) - : (ReferenceObject - :Name (AH) - :Table (services) - :Uid ("{97AEB422-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ESP) - :Table (services) - :Uid ("{97AEB423-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (SKIP) - :Table (services) - :Uid ("{97AEB421-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (IKE) - :Table (services) - :Uid ("{97AEB3B0-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (Cyan) - :comments ("IPSEC Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Entrust-CA - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB476-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :name (Entrust-CA) - ) - : (ReferenceObject - :Name (Entrust-Admin) - :Table (services) - :Uid ("{97AEB435-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (Entrust-KeyMgmt) - :Table (services) - :Uid ("{97AEB436-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (FireBrick) - :comments ("Entrust CA Services") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (Group) - ) - : (RainWall-Control - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{04ECA4D1-E4B7-4EC3-A86F-9BB56765519E}") - :ClassName (service_group) - :table (services) - :name (RainWall-Control) - ) - : (ReferenceObject - :Name (RainWall_Command) - :Table (services) - :Uid ("{B9BBEEBA-B639-41A3-97D5-1F9D982D7E44}") - ) - : (ReferenceObject - :Name (RainWall_Daemon) - :Table (services) - :Uid ("{21CC3F85-E6DF-443D-9846-BD39BD015B85}") - ) - : (ReferenceObject - :Name (RainWall_Status) - :Table (services) - :Uid ("{4FBD29C5-06DB-4912-B23D-1BD50D693185}") - ) - :color (black) - :comments ("RainWall higu availability") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (ICMPgute - :AdminInfo ( - :chkpf_uid ("{418C7C0A-956A-41FF-9BC1-5867B2265090}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Mar 4 15:28:05 2003") - :By (tim) - :From (STICHLING) - ) - ) - : (ReferenceObject - :Name (dest-unreach) - :Table (services) - :Uid ("{97AEB407-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (echo-reply) - :Table (services) - :Uid ("{97AEB406-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (echo-request) - :Table (services) - :Uid ("{97AEB40A-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (time-exceeded) - :Table (services) - :Uid ("{97AEB40B-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (gtp_v0_default - :AdminInfo ( - :chkpf_uid ("{D9531700-F8BB-4E3B-983D-10D69906A028}") - :ClassName (gtp_service) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{B0160177-1F41-4B9F-803B-B58D93988C24}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (services) - :Deleteable (false) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Aug 14 12:20:51 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :apn_obj () - :reload_proof (false) - :weight (100) - :apn_any (true) - :color ("forest green") - :comments ("GPRS Tunneling Protocol version 0") - :data_packet (true) - :etm_enabled (false) - :imsi () - :imsi_any (true) - :include_in_any (false) - :ms_isdn (1) - :ms_isdn_any (true) - :port (3386) - :proto_type () - :sel_mode (0) - :sel_mode_any (false) - :signaling_packet (true) - :static_eua (false) - :timeout (600) - :type (gtp) - ) - : (gtp_v1_default - :AdminInfo ( - :chkpf_uid ("{AFF26F18-B9B0-4E7C-BC4D-D6749E0487B2}") - :ClassName (gtp_v1_service) - :table (services) - :Deleteable (false) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{E61F7C69-C165-4A73-ACCC-E2A7A6F69500}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Wed Aug 14 12:44:28 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :apn_obj () - :reload_proof (false) - :weight (100) - :apn_any (true) - :color ("forest green") - :comments ("GPRS Tunneling Protocol version 1") - :control_port (2123) - :data_packet (true) - :etm_enabled (false) - :imsi () - :imsi_any (true) - :include_in_any (false) - :ms_isdn (1) - :ms_isdn_any (true) - :proto_type () - :sel_mode (0) - :sel_mode_any (false) - :signaling_packet (true) - :static_eua (false) - :timeout (600) - :type (gtp_v1) - :user_port (2152) - ) - : (gtp_v0_path_mgmt - :AdminInfo ( - :chkpf_uid ("{35029B62-16B1-4D34-8004-410710DFD492}") - :ClassName (other_service) - :table (services) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{6B50E6B6-7FA8-42DB-AEB6-45C57EB6DA39}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Wed Aug 14 16:33:40 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :reload_proof (false) - :color ("forest green") - :comments ("GTP version 0 path management") - :etm_enabled (false) - :exp (gtp_path_match_v0) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (0) - ) - : (gtp_v1_path_mgmt - :AdminInfo ( - :chkpf_uid ("{6106FFDD-A8FE-4B2E-8270-CB3435217427}") - :ClassName (other_service) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{DA40F0A4-D596-4339-B84D-1AF50B0BDD13}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Aug 14 16:19:19 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :reload_proof (false) - :color ("forest green") - :comments ("GTP version 1 path management") - :etm_enabled (false) - :exp (gtp_path_match_v1) - :include_in_any (true) - :needruleinfo (false) - :proto_type () - :protocol (17) - :replies (true) - :sync_on_cluster (true) - :timeout (0) - :type (Other) - :weight (0) - ) - : (https - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :name (https) - :Deleteable (false) - :Renameable (false) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (Red) - :comments ("HTTP protocol over TLS/SSL") - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (443) - :proto_type (ReferenceObject - :Table (protocols) - :Name (ENC-HTTP) - :Uid ("{8294399D-9333-4774-B3DA-C00EACEF3211}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (tcp) - ) - : (TCP_135 - :AdminInfo ( - :chkpf_uid ("{C748295C-99D9-474C-8136-7959A5A98E30}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{9E3FE282-81AB-4032-B803-8CDAB5917CC0}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Feb 16 16:51:51 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (TCP_135) - ) - :delayed_sync_value (30) - :use_delayed_sync (false) - :color (magenta) - :comments () - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (135) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - ) - : (ldap-udp - :AdminInfo ( - :chkpf_uid ("{DE59BD94-9610-4C6C-B667-97B79EB2EBAA}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{8C4728BD-72A1-44FF-9328-D17430D20776}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Feb 16 16:54:14 2003") - :By (IsoAAAF) - :From (scratchy) - ) - :name (ldap-udp) - ) - :delete_on_reply (false) - :color (black) - :comments () - :etm_enabled (false) - :include_in_any (true) - :port (389) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (P2P_File_Sharing_Applications - :AdminInfo ( - :chkpf_uid ("{D138E7DA-3BF1-4D7C-AE35-D551416E8DB3}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Dec 12 14:44:07 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Blubster) - :Table (services) - :Uid ("{C86F055D-31AD-4430-B12C-1094A86C673C}") - ) - : (ReferenceObject - :Name (Direct_Connect) - :Table (services) - :Uid ("{5CFC76C2-B743-4B68-9FBF-E901EAA3698D}") - ) - : (ReferenceObject - :Name (eDonkey) - :Table (services) - :Uid ("{42929FB0-C8DD-465E-BE01-3E484F4299F6}") - ) - : (ReferenceObject - :Name (GNUtella) - :Table (services) - :Uid ("{F0059B62-E18E-478F-A3BD-18595D53D3E1}") - ) - : (ReferenceObject - :Name (GoToMyPC) - :Table (services) - :Uid ("{2D89310C-5761-4213-BEF5-C81BB5677E44}") - ) - : (ReferenceObject - :Name (Hotline) - :Table (services) - :Uid ("{4C3E148F-BCC4-4C97-9955-09DA850FB9A6}") - ) - : (ReferenceObject - :Name (iMesh) - :Table (services) - :Uid ("{01E9FC32-73DF-43D5-9CD4-4F91B6A5C711}") - ) - : (ReferenceObject - :Table (services) - :Name (Kazaa) - :Uid ("{BE146201-61B2-11d6-B5E0-0002B316D24E}") - ) - : (ReferenceObject - :Name (Madster) - :Table (services) - :Uid ("{B863EC35-604F-4DA1-8E63-82A7903D2C1C}") - ) - : (ReferenceObject - :Name (Napster) - :Table (services) - :Uid ("{5EE3CA5B-35A2-4988-859C-7157E8CFFEAD}") - ) - : (ReferenceObject - :Name (WinMX) - :Table (services) - :Uid ("{6414F98E-6883-44DB-8EE2-DEBD443C7714}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (NEW-RADIUS - :AdminInfo ( - :chkpf_uid ("{97AEB41E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 14:03:23 2004") - :By (andre) - :From (gateway) - ) - ) - :color (firebrick) - :comments ("NEW - Remote Authentication Dial-In User Service") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1812) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (premier_access_5010 - :AdminInfo ( - :chkpf_uid ("{A1489778-CD8C-41F2-BCC1-0C60B89C822F}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 14:47:35 2004") - :By (andre) - :From (gateway) - ) - ) - :etm_enabled (false) - :proto_type () - :timeout (0) - :color (black) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (5010) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :type (Tcp) - :use_delayed_sync (false) - ) - : (premier_access_5029 - :AdminInfo ( - :chkpf_uid ("{CCF60486-D5C2-4D26-B4D6-8CFBF7BC63A5}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 14:50:36 2004") - :By (andre) - :From (gateway) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (blue1) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (5029) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (premier_access_5031 - :AdminInfo ( - :chkpf_uid ("{6668A65E-65C1-4BE1-BBA7-9F18D8DE169C}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 14:51:15 2004") - :By (andre) - :From (gateway) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (blue1) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (5031) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (http - :AdminInfo ( - :chkpf_uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jun 8 12:58:02 2004") - :By (tim) - :From (pieks) - ) - ) - :color ("forest green") - :comments ("Hypertext Transfer Protocol") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (80) - :proto_type (ReferenceObject - :Name (HTTP) - :Table (protocols) - :Uid ("{97AEB373-9AEA-11D5-BD16-0090272CCB30}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (mysql - :AdminInfo ( - :chkpf_uid ("{08A07607-EAAA-4A45-AD6E-6020770BD519}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Aug 1 12:49:09 2004") - :By (tim) - :From (pieks) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (black) - :comments ("3306/tcp") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (3306) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (PremierAccess_udp - :AdminInfo ( - :chkpf_uid ("{0AE4AA4A-30BB-41D3-9113-3C0A41901F0E}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Aug 5 14:15:43 2004") - :By (andre) - :From (gateway) - ) - ) - :delete_on_reply (false) - :etm_enabled (false) - :proto_type () - :timeout (0) - :color (blue) - :comments () - :include_in_any (true) - :port (5030) - :reload_proof (false) - :replies (true) - :replies_from_any_port (true) - :src_port () - :sync_on_cluster (true) - :type (Udp) - ) - : (rdp - :AdminInfo ( - :chkpf_uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Wed Sep 29 20:43:11 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :color (cyan) - :comments (rdp_new) - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (true) - :port (3389) - :proto_type () - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Tcp) - :use_delayed_sync (false) - ) - : (PPTP - :AdminInfo ( - :chkpf_uid ("{97AEB426-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:20:55 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - : (ReferenceObject - :Name (gre) - :Table (services) - :Uid ("{97AEB424-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pptp-tcp) - :Table (services) - :Uid ("{97AEB425-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (red) - :comments ("Point-to-Point Tunneling group, (pptp & gre)") - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (Drop_nologServices - :AdminInfo ( - :chkpf_uid ("{495E1A16-2612-49D9-8F69-B00EB33699E8}") - :ClassName (service_group) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{61465BAC-5B02-4B46-9186-82DDFB8A898F}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 07:28:52 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - : (ReferenceObject - :Name (dhcp-rep-localmodule) - :Table (services) - :Uid ("{FCA646B5-EF34-4DF1-895D-7639E181501A}") - ) - : (ReferenceObject - :Name (dhcp-req-localmodule) - :Table (services) - :Uid ("{22725520-8E10-4A91-98AC-DCD1F6C4A4DD}") - ) - : (ReferenceObject - :Name (ldap-udp) - :Table (services) - :Uid ("{DE59BD94-9610-4C6C-B667-97B79EB2EBAA}") - ) - : (ReferenceObject - :Name (nbdatagram) - :Table (services) - :Uid ("{97AEB415-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (nbname) - :Table (services) - :Uid ("{97AEB414-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - ) - : (HBCI - :AdminInfo ( - :chkpf_uid ("{336C93F8-5CC2-48BE-9328-2E92F61EFCF1}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Sep 30 09:43:31 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (black) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (3000) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (sshv2-24 - :AdminInfo ( - :chkpf_uid ("{1DA78BCE-7ABC-4DBB-82AF-FDBE6B853493}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Oct 4 19:52:06 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :etm_enabled (false) - :timeout (0) - :use_delayed_sync (false) - :color (black) - :comments ("ssh on port24") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (24) - :proto_type (ReferenceObject - :Name (SSH2) - :Table (protocols) - :Uid ("{55F4C5D7-60D9-44B3-9BD4-C3F76B7C8360}") - ) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :type (Tcp) - ) - : (irc2 - :AdminInfo ( - :chkpf_uid ("{97AEB418-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Oct 7 13:39:51 2004") - :By (andre) - :From (Roadrunner) - ) - ) - :proto_type () - :timeout (0) - :color (black) - :comments ("Internet Relay Chat Protocol") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (7000) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :type (Tcp) - :use_delayed_sync (false) - ) - : (UPS-Monitor - :AdminInfo ( - :chkpf_uid ("{8C8DED7E-F3C9-4964-B9D3-063C23997020}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Oct 7 13:40:06 2004") - :By (andre) - :From (Roadrunner) - ) - ) - :proto_type () - :timeout (0) - :color (black) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :etm_enabled (false) - :include_in_any (false) - :port (7000) - :reload_proof (false) - :src_port () - :sync_on_cluster (true) - :type (Tcp) - :use_delayed_sync (false) - ) - : (VNC-neu - :AdminInfo ( - :chkpf_uid ("{00000006-735E-4158-A169-8701B9624E47}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 6 14:40:14 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (gold) - :comments ("standard VNC") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (55901) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (VNC - :AdminInfo ( - :chkpf_uid ("{9788B566-735E-4158-A169-8701B9624E47}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 6 14:40:14 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (gold) - :comments ("standard VNC") - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (5900) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (RAdmin - :AdminInfo ( - :chkpf_uid ("{8888DA95-4E43-4F96-95FF-F5B41410BDBD}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Sun Nov 7 14:43:43 2004") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (black) - :comments (default) - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (44899) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (RADIUS - :AdminInfo ( - :chkpf_uid ("{97AEB41D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jan 4 22:09:25 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :color (firebrick) - :comments ("Remote Authentication Dial-In User Service") - :delete_on_reply (false) - :etm_enabled (false) - :include_in_any (true) - :port (1645) - :proto_type () - :reload_proof (false) - :replies (true) - :replies_from_any_port (false) - :src_port () - :sync_on_cluster (true) - :timeout (0) - :type (Udp) - ) - : (SpikeServices - :AdminInfo ( - :chkpf_uid ("{9D35FACE-289F-49A6-95C7-13417959BC9D}") - :ClassName (service_group) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jan 6 16:41:59 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - : (ReferenceObject - :Name (apcupsd) - :Table (services) - :Uid ("{A1044CB4-439C-40C9-8489-FA5086134886}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (echo-request) - :Table (services) - :Uid ("{97AEB40A-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (imap) - :Table (services) - :Uid ("{97AEB446-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (squid) - :Table (services) - :Uid ("{91C0454D-F70C-44B3-8F2D-70C4A68E9594}") - ) - : (ReferenceObject - :Name (sshv2-24) - :Table (services) - :Uid ("{1DA78BCE-7ABC-4DBB-82AF-FDBE6B853493}") - ) - : (ReferenceObject - :Name (syslog) - :Table (services) - :Uid ("{97AEB3E0-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :comments () - :etm_enabled (false) - :member_class (service) - :members_query () - :type (group) - : (ReferenceObject - :Table (services) - :Name (imaps) - :Uid ("{B760A869-04DF-43E2-91F9-414C58F86F16}") - ) - ) - : (imaps - :AdminInfo ( - :chkpf_uid ("{B760A869-04DF-43E2-91F9-414C58F86F16}") - :ClassName (tcp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Jan 6 16:41:59 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :etm_enabled (false) - :proto_type () - :sync_on_cluster (true) - :timeout (0) - :use_delayed_sync (false) - :color (black) - :comments () - :delayed_sync_value (30) - :enable_tcp_resource (false) - :include_in_any (true) - :port (993) - :reload_proof (false) - :src_port () - :type (Tcp) - ) - : (TeamSpeak - :AdminInfo ( - :chkpf_uid ("{D2BBEFB3-8450-4301-9040-2D305887A748}") - :ClassName (udp_service) - :table (services) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Apr 12 08:48:10 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :delete_on_reply (false) - :etm_enabled (false) - :proto_type () - :replies (true) - :replies_from_any_port (false) - :sync_on_cluster (true) - :timeout (0) - :color (blue) - :comments () - :include_in_any (true) - :port (8767) - :reload_proof (false) - :src_port () - :type (Udp) - ) - ) - :times (times - : (Midnight - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (scheduled_event) - :table (times) - :name (Midnight) - ) - :day_of_month () - :day_of_week () - :month () - :color (black) - :comments () - :days_specification (daily) - :every_seconds (0) - :hour (23) - :minutes (59) - :type (scheduled_event) - ) - : (Fetch_Inter - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (scheduled_event) - :table (times) - :Deleteable (false) - :Renameable (false) - :name (Fetch_Inter) - ) - :day_of_month () - :day_of_week () - :month () - :color (black) - :comments ("Check Point policy fetching interval for Dynamic IP Address Machines") - :days_specification (seconds) - :every_seconds (14400) - :hour (0) - :minutes (0) - :type (scheduled_event) - ) - ) - :products ( - : (AirWave_AMP_1.5 - :AdminInfo ( - :chkpf_uid ("{EC04E1E1-6B83-419E-9241-EA20DFE40A04}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:47 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{514CB955-084F-47DF-9C4F-BDB3CFA8E3DE}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (AMP) - :vendor (AirWave) - :version (1.5) - ) - :type (OPSEC_product) - ) - : (ArcSight_1.0 - :AdminInfo ( - :chkpf_uid ("{5ABDFE5C-4A62-4D67-BC7E-79E5F56EAFD5}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:48 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{1E6C4B1C-8FCF-486E-8504-BA240244BB82}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ArcSight) - :vendor (ArcSight) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (Avivasolutions_HostSheild_1.0 - :AdminInfo ( - :chkpf_uid ("{21582C3A-9696-47A1-B15D-E2A117393148}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:48 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{56D49EC7-1614-44AC-86AE-5D3041519DFF}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (HostShield) - :vendor ("Aviva Inc.") - :version (1.0) - ) - :type (OPSEC_product) - ) - : (Baltimore_MAILSweeper_3.8 - :AdminInfo ( - :chkpf_uid ("{CE8E3346-8544-4224-AD22-99E37F91ED7C}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:48 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{BA2F9666-90C4-48C4-AD11-E85128BA70C2}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (MAILSweeper_OPSECAlerter) - :vendor ("Baltimore Technologies") - :version (3.8) - ) - :type (OPSEC_product) - ) - : (Columbitech_Event_Log_1.0 - :AdminInfo ( - :chkpf_uid ("{F47602F3-A2DD-409C-A9EE-A7A66B4242BF}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:49 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{9FAED062-CCDC-47B0-916F-48105A612B07}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Event_Log_Extension_Service) - :vendor (Columbitech) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (e-Security_e-Wizard_3.1 - :AdminInfo ( - :chkpf_uid ("{266E0FAB-4BF3-4368-9B9F-9141B2C76CA4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:49 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{F4B28A64-FE25-476E-AD4E-D5793BE16893}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (eWizard) - :vendor (e-Security) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (ForeScout_ActiveScout_2.1 - :AdminInfo ( - :chkpf_uid ("{46EE3C54-A144-4D5E-BDE0-D8445ADA3BBB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:50 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A7A45782-B3D3-4B10-AA8C-B26651F3858D}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ActiveScout) - :vendor (ForeScout) - :version (2.1) - ) - :type (OPSEC_product) - ) - : (FSecure_AV_FireWall_6.01 - :AdminInfo ( - :chkpf_uid ("{8C5BE8C6-C05A-4E9E-B66E-B9BEC089369B}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:50 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{0CC4CDC9-5A4E-4709-8841-9B128FABA503}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Anti_Virus_For_FireWall) - :vendor (F-Secure) - :version (6.01) - ) - :type (OPSEC_product) - ) - : (iCognito_PureSight_3.6 - :AdminInfo ( - :chkpf_uid ("{3B743BA2-84C7-4D30-804A-00AD1FC9234D}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:50 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{20675293-747A-4F42-B193-49B12EE0646A}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (PureSight) - :vendor ("iCognito Technologies Ltd") - :version (3.6) - ) - :type (OPSEC_product) - ) - : (Intrusion_ELA_Bridge_1.0 - :AdminInfo ( - :chkpf_uid ("{990D5111-5271-4BD2-A548-0ED5903648B1}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:51 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{7AD97E26-C1E6-449A-83DA-58F911CB7498}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecureNet_Provider_ELA_Bridge) - :vendor (Intrusion) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (IntruVert_IntruShield_IDS_1.1 - :AdminInfo ( - :chkpf_uid ("{2B22AC72-6A6B-4C14-805A-9A0D5215792A}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:51 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{EE1220EA-F8F5-4BB6-8816-A85165707FC8}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (IntruShield_IDS) - :vendor ("IntruVert Networks") - :version (1.1) - ) - :type (OPSEC_product) - ) - : (KaVaDo_InterDo_2.5 - :AdminInfo ( - :chkpf_uid ("{144CFFB1-0280-490F-9CEE-AE3BDD368B21}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:51 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{6BEBC5CE-0101-4710-897F-779537481B0F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterDo) - :vendor (KaVaDo) - :version (2.5) - ) - :type (OPSEC_product) - ) - : (Latis_StillSecure_2.0 - :AdminInfo ( - :chkpf_uid ("{2399873E-177B-4AF7-AC6E-7845A0954862}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:52 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{BAC1DA63-5F78-4799-B59A-EB9A64F5CA85}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (StillSecure_Perimeter) - :vendor ("Latis Networks") - :version (2.0) - ) - :type (OPSEC_product) - ) - : (LogOn_SQLGuard_2.01 - :AdminInfo ( - :chkpf_uid ("{1ACBD3A6-68E6-412E-8E07-44BBAA8BDF5F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:52 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C87A1D0B-A8D6-4DAF-9AB8-995462460978}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SQL_Guard) - :vendor ("LogOn Software") - :version (2.01) - ) - :type (OPSEC_product) - ) - : (nCircle_IP360 - :AdminInfo ( - :chkpf_uid ("{D0A4C84D-82ED-4392-B204-D629E94BC7E4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:52 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{5DBDFBB4-6BEC-49EF-AA6B-F255E0B750E5}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (IP360) - :vendor ("nCircle Network Security") - :version (360) - ) - :type (OPSEC_product) - ) - : (NEC_CLUSTERPRO_FW_1.0 - :AdminInfo ( - :chkpf_uid ("{5B33026B-6D05-4339-BD69-F3ABA12FF288}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:53 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{EE9AE544-5D34-465C-9D6D-FF28FD7DB74E}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (CLUSTERPRO_FW) - :vendor (NEC) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (NetIQ_SecurityManager_3.51 - :AdminInfo ( - :chkpf_uid ("{CAD16706-7ACE-4479-920A-8A9EB0790812}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:53 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{CEA85410-9DC8-45EC-BE66-C7B2DA28E786}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecurityManager) - :vendor (NetIQ) - :version (3.51) - ) - :type (OPSEC_product) - ) - : (netVmg_Flow_Analyzer_2.0 - :AdminInfo ( - :chkpf_uid ("{237FD389-CC08-47CA-A42C-FF62CBA22D06}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{E00EC2B1-E27A-4C96-84CA-DE18198E750E}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Flow_Analyzer_FCP) - :vendor (netVmg) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (OpenService_SystemWatch_2.7 - :AdminInfo ( - :chkpf_uid ("{43D8E678-3FDF-42ED-AD5E-D07340ACA9ED}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:54 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{317645D2-91AC-4C3D-983B-FB53604719E8}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SystemWatch) - :vendor (OpenService) - :version (2.7) - ) - :type (OPSEC_product) - ) - : (QualysGuard_1.7 - :AdminInfo ( - :chkpf_uid ("{AD3BB362-2949-4F52-9EF6-66267EA09606}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:55 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A11EBA5E-4B2F-44B1-85F8-CA4C9490294A}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (QualysGuard) - :vendor (Qualys) - :version (1.7) - ) - :type (OPSEC_product) - ) - : (Rainwall_3.0 - :AdminInfo ( - :chkpf_uid ("{8F2C6D6D-8475-4D1D-882B-A6A73B03ED69}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:55 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C1E8A9A9-2313-40C4-BED7-BDEE7523EA3F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Rainwall) - :vendor (Rainfinity) - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Rainwall_3.0_SP2 - :AdminInfo ( - :chkpf_uid ("{36263BBB-C30B-4DC7-B6E1-7E3B614F106D}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:55 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{69B7508E-5363-49B4-8202-199C5BCCDF19}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Rainwall) - :vendor (Rainfinity) - :version ("3.0 SP2") - ) - :type (OPSEC_product) - ) - : (Recourse_ManHunt_MSA_2.1 - :AdminInfo ( - :chkpf_uid ("{68E38A62-5F3D-4BA4-B7A7-A1F27A577DBB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:56 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{4D9D1236-FF5A-42CC-8619-2BEB69E5476D}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ManHunt_Smart_Agent) - :vendor ("Recourse Technologies") - :version (2.1) - ) - :type (OPSEC_product) - ) - : (RiscManager_4.1 - :AdminInfo ( - :chkpf_uid ("{00EB61E3-C6A3-432E-8BC0-855659B09BEE}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:56 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{EF2BB489-5E4A-40FA-85AE-0028FE27D337}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (RiscManager) - :vendor ("Risc Solutions") - :version (4.1) - ) - :type (OPSEC_product) - ) - : (RouteScience_PathControl_2.0 - :AdminInfo ( - :chkpf_uid ("{3E077F18-923D-4FA9-8F8A-AD42DDEB8577}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:56 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A3E3AE18-C0D7-491F-899F-37B0CF81C9C7}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (PathControl) - :vendor (RouteScience) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (RSF-1_2.1 - :AdminInfo ( - :chkpf_uid ("{962C136F-A152-4A70-896C-B5255E38100E}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:57 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{213E59BB-B78D-40B4-AD2E-E04A72C24A55}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (RSF-1) - :vendor ("High Availability.com") - :version (2.1) - ) - :type (OPSEC_product) - ) - : (SecoShield_3.1 - :AdminInfo ( - :chkpf_uid ("{DA16BDEE-AB1A-42B5-AF7B-F9CEDED44C56}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:58 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{E1F03A62-6DF6-4159-AC8F-6D89669D4DC8}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecoShield_3.1) - :vendor (INFOSEC_Technologies) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (StoneBeat_FullCluster_3.0 - :AdminInfo ( - :chkpf_uid ("{0CDB568E-F4AC-4E4F-913F-5563993374F1}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:58 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{BC989FF9-70E8-4BDC-8EF1-164E8F913B52}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (StoneBeat_FullCluster) - :vendor (StoneSoft) - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Symantec_Web_Security_2.5 - :AdminInfo ( - :chkpf_uid ("{CAA1846F-E365-4D28-9D97-CFF832118A3B}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:58 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A8557DE2-054D-4398-A350-EEFEDEBD6E1F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Symantec_Web_Security) - :vendor (Symantec) - :version (2.5) - ) - :type (OPSEC_product) - ) - : (Tripwire_For_Servers_3.0 - :AdminInfo ( - :chkpf_uid ("{9C167955-001C-49CD-81C8-E7663735FF48}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:59 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{65423D8E-21F1-4972-A4B9-BC0E2474018D}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Tripwire_For_Servers) - :vendor (Tripwire) - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Trustworks_GSM_3.3.2 - :AdminInfo ( - :chkpf_uid ("{53437B06-A258-4A76-92C1-CFC3D7B85384}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:47:59 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{8BE4E5A1-C142-48DC-BCF8-A0E9D39D054D}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Global_Security_Manager) - :vendor (Trustworks) - :version (3.3.2) - ) - :type (OPSEC_product) - ) - : (WebSense_Enterprise_4.4 - :AdminInfo ( - :chkpf_uid ("{5CD0E11A-7658-4158-B313-C310E5D14E21}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:48:00 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{4471126F-C2FA-411F-A459-9C4ACC501A67}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebSense_for_FireWall-1) - :vendor (WebSense) - :version (4.4) - ) - :type (OPSEC_product) - ) - : (TM_IMSS_5.1 - :AdminInfo ( - :chkpf_uid ("{B8177692-19D5-4746-AD58-D9C46E4F00A0}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:48:00 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{5185B9D6-D1E2-4181-95A1-0FA095D2E4B2}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (IMSS) - :vendor (Trend_Micro) - :version (5.1) - ) - :type (OPSEC_product) - ) - : (NetIQ_Security_Manager_4.0 - :AdminInfo ( - :chkpf_uid ("{F41306EC-F711-4A31-B662-FC7FD9668891}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:48:01 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{9311BC4D-291F-42F9-85B4-223BBB5D5FBB}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecurityManager) - :vendor (NetIQ) - :version (4.0) - ) - :type (OPSEC_product) - ) - : (Akonix_L7_1.0 - :AdminInfo ( - :chkpf_uid ("{510B55DC-06E8-4615-AFE5-35648B79E433}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:55:27 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{49E1EC41-3764-42B5-BB07-6307CD981126}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (L7) - :vendor (Akonix) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (Aladdin_ESafe_Gateway_3.1 - :AdminInfo ( - :chkpf_uid ("{8A7D0327-7578-4055-A615-2AB7AC4AD39D}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 14:57:22 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{50FC2B4C-A41F-42B7-A844-50E87B242B5C}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ESafe_Protect_Gateway) - :vendor (Aladdin_Knowledge_Systems) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (Bind_View_bv-Control_7.2 - :AdminInfo ( - :chkpf_uid ("{B544740E-DCC8-4BDC-B37C-5CA1E4C0ED0E}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 15:00:04 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{B308FF29-A6B2-4715-9230-2C1E1FD8D2BA}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (bv-Control_for_Check_Point_FW-1) - :vendor (BindView) - :version (7.2) - ) - :type (OPSEC_product) - ) - : (NFR_Security_CMS_2.1 - :AdminInfo ( - :chkpf_uid ("{9C629DA4-D45E-4D12-9BF9-6F7991C58852}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 15:03:31 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{7DCC5BDA-E8DA-4B6C-847E-D421730BCBD4}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (CMS) - :vendor ("NFR Security Inc.") - :version (2.1) - ) - :type (OPSEC_product) - ) - : (Sanctum_AppShield_3.0 - :AdminInfo ( - :chkpf_uid ("{C900DCF0-FCC4-45E7-9E29-EFD0F8D5FD3A}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 15:09:02 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{B83C4359-4890-49A7-AECB-0DD4B4F689CF}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (AppShield) - :vendor ("Sanctum Inc.") - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Lucid_Security_ipAngel_1.0 - :AdminInfo ( - :chkpf_uid ("{10CD6D53-3FF5-4722-BB68-E10652AEB4AC}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 15:11:33 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{418A3011-4E22-4946-9B6D-55A5EB88FCD3}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ipAngel) - :vendor ("Lucid Security") - :version (1.0) - ) - :type (OPSEC_product) - ) - : (Ikarus_Content_Wall_2.25 - :AdminInfo ( - :chkpf_uid ("{8C48300C-3289-4DC7-985B-4E8C6C32709C}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 15:18:14 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{64C3E29F-AEBE-4E19-B46D-7B141DDF8D99}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Content_Wall) - :vendor (Ikarus) - :version (2.25) - ) - :type (OPSEC_product) - ) - : (AirWave_AMP_1.1 - :AdminInfo ( - :chkpf_uid ("{F52E30B3-EF5F-411A-AE83-1063D39506C4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Nov 17 17:10:45 2002") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A168D04B-589F-48F1-B49D-E5E0DF7F0E29}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (AMP) - :vendor (AirWave) - :version (1.1) - ) - :type (OPSEC_product) - ) - : (Aladdin_eSafe_Gateway_3.5 - :AdminInfo ( - :chkpf_uid ("{1C1AFCE6-1DBB-4CD9-BE8A-403C84ED1944}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 07:32:08 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{70DAC38B-14C8-4DEE-9556-0EF42BB91747}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (eSafe_Gateway) - :vendor (Aladdin_Knowledge_Systems) - :version (3.5) - ) - :type (OPSEC_product) - ) - : (Business_Layers_eProvision_Module_3.0 - :AdminInfo ( - :chkpf_uid ("{BD248D30-B489-4C70-A9FA-3A74B10AABA9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 07:45:11 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{38EE5F2D-3285-4457-B17D-67D666728119}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (eProvision_Module) - :vendor (Business_Layers) - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Citrix_MetaFrame_XP - :AdminInfo ( - :chkpf_uid ("{B6A4EAFE-A167-4EE3-BDDA-FEA9437DF8D2}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 07:49:04 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3A6CE35E-BAFB-4DBF-928A-ABD6A5DB4DA1}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (MetaFrame) - :vendor (Citrix) - :version (XP) - ) - :type (OPSEC_product) - ) - : (Computer_Associate_eTrust_Antivirus_7.0 - :AdminInfo ( - :chkpf_uid ("{D92F77E0-57F8-4CBF-B0DE-76C1FF309196}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 07:55:18 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{0396E466-6ECE-47DC-8090-4FF589D2092C}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (eTrust_Antivirus) - :vendor (Computer_Associates) - :version (7.0) - ) - :type (OPSEC_product) - ) - : (Lucid_Security_ipANGEL_2.0 - :AdminInfo ( - :chkpf_uid ("{136A989A-4087-4E20-8B6F-D253F54C80E4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 07:59:12 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3707BE37-699F-4F0B-95E2-5F012D352BD6}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ipANGEL) - :vendor ("Lucid Security") - :version (2.0) - ) - :type (OPSEC_product) - ) - : (ProactiveNet_Monitor_for_FireWall-1_3.1 - :AdminInfo ( - :chkpf_uid ("{3A254832-21E2-4952-8729-120CF0B2915C}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:03:27 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C7DD1EDC-B16A-470A-ABF5-D1B03EF97BB0}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Monitor_for_FireWall-1) - :vendor (ProactiveNet) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (NetIQ_Security_Reporting_Center_2.0 - :AdminInfo ( - :chkpf_uid ("{4F7AFBF3-C02E-4416-AF7F-5A4651A2E48B}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:06:28 2003") - :By (ChackPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{6316A47A-91A9-40B5-AA42-D4DB602B8D41}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Security_Reporting_Center) - :vendor (NetIQ) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (Sanctum_AppShield_4.0 - :AdminInfo ( - :chkpf_uid ("{2E9FE302-3DC2-4E79-AF86-C67B48E1443E}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:10:50 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C75B7FC4-4E1A-42AC-8020-878ABCCE5BBF}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (AppShield) - :vendor ("Sanctum Inc.") - :version (4.0) - ) - :type (OPSEC_product) - ) - : (TowerView_Security_HighTower_1.5 - :AdminInfo ( - :chkpf_uid ("{E885A37B-817D-469F-B118-CA226D9F4175}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:15:00 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{28B69705-28C6-45D7-8BF7-904C979156E2}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (HighTower) - :vendor (TowerView_Security) - :version (1.5) - ) - :type (OPSEC_product) - ) - : (Network_Intelligence_enVision_1100 - :AdminInfo ( - :chkpf_uid ("{ABE2AB14-520E-4731-8078-B4FE56B5DE77}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:17:24 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{450B818C-C024-4F91-87C4-1998E5BA24D4}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (enVision) - :vendor (Network_Intelligence) - :version (1100) - ) - :type (OPSEC_product) - ) - : (FishNet_Security_FireMon_2.5 - :AdminInfo ( - :chkpf_uid ("{CA2D620E-74C6-4ECB-B9C7-86CE53A7D707}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:30:03 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{F921C2BE-68A6-4A08-80D9-47E995BC92EA}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (FireMon) - :vendor ("FishNet Security") - :version (2.5) - ) - :type (OPSEC_product) - ) - : (Secure_Computing_Smart_Filter_3.2 - :AdminInfo ( - :chkpf_uid ("{114F1E7F-DC18-4F2F-83D7-61B60A69BFBA}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:34:09 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3DCF6EEE-46C4-45C2-AD85-B0AD5CAF3FA7}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Smart_Filter) - :vendor (Secure_Computing) - :version (3.2) - ) - :type (OPSEC_product) - ) - : (Bindview_bv-Control_7.25 - :AdminInfo ( - :chkpf_uid ("{00DF0C36-DD39-4472-8144-74A62E060134}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:37:17 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C34E2DA4-ECF8-4F10-AE5F-D9DE79468E25}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (bv-Control) - :vendor (BindView) - :version (7.25) - ) - :type (OPSEC_product) - ) - : (Proficient_Networks_Network_Policy_Engine_2.2 - :AdminInfo ( - :chkpf_uid ("{D0FD2531-1933-46C7-87CC-DBB691CB1B6E}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:40:22 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{28F2187E-B387-4246-AF8D-C46A26DB75D2}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Network_Policy_Engine) - :vendor (Proficient_Networks) - :version (2.2) - ) - :type (OPSEC_product) - ) - : (Micromuse_NetCool_2.2 - :AdminInfo ( - :chkpf_uid ("{AF936F3A-87BE-4E98-9E6E-C85559D9E127}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:43:04 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{661C391B-10C6-46FE-B22D-EF0393EF654B}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (NetCool) - :vendor (Micromuse) - :version (2.2) - ) - :type (OPSEC_product) - ) - : (Websense_Enterprise_for_FireWall-1_5.0 - :AdminInfo ( - :chkpf_uid ("{708269B3-0DA5-4550-8CE5-E715F4C4D3B4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:45:26 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{28116254-C132-4EC1-8E49-84FE1E829DD4}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Enterprise_for_FireWall-1) - :vendor (Websense) - :version (5.0) - ) - :type (OPSEC_product) - ) - : (ForeScout_ActiveScout_2.7 - :AdminInfo ( - :chkpf_uid ("{315BCBAA-1D35-40BD-902C-3FFDE190FBCB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:49:17 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{175B4203-FE14-4AE7-B016-B2078FFB826E}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ActiveScout) - :vendor (ForeScout) - :version (2.7) - ) - :type (OPSEC_product) - ) - : (Rainfintiy_Rainwall_3.1 - :AdminInfo ( - :chkpf_uid ("{BA568194-BEF4-40FA-883A-388AFDB6CBF9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:52:02 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (true) - :AMON_class_name (default_opsec_status_object) - :CPMI (true) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A26B3A19-396C-4FEA-A4CD-B2AEAFAF14E7}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Rainwall) - :vendor (Rainfinity) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (Sourcefire_Network_Sensor_2.5 - :AdminInfo ( - :chkpf_uid ("{86BC6AD3-097D-4F6D-8E2F-8E5BACA98F52}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Mon Sep 15 08:54:44 2003") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{6AC5B4CD-C4DA-4658-AFE6-5607F55B6EA7}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Network_Sensor) - :vendor (Sourcefire) - :version (2.5) - ) - :type (OPSEC_product) - ) - : (Aladdin_ESafe_Gateway_3.0 - :AdminInfo ( - :chkpf_uid ("{4BB6349F-A175-4E3F-8EE3-F81BB8B3E834}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{CAC071E3-8788-4ACF-95F1-F9115142E871}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ESafe_Protect_Gateway) - :vendor (Aladdin_Knowledge_Systems) - :version (3.0) - ) - :type (OPSEC_product) - ) - : (Finjan_SurfinGate_5.6_NT - :AdminInfo ( - :chkpf_uid ("{581E4A3D-C37D-4C9F-8070-0E7BBFDED473}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3A847D56-AC20-438E-9EF1-B29045D58527}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SurfinGate) - :vendor (Finjan_Software) - :version (5.6) - ) - :type (OPSEC_product) - ) - : (TM_VirusWall_NT_3.5 - :AdminInfo ( - :chkpf_uid ("{28ED5FB8-B8BA-4623-943B-3764F248A55E}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{59DD615D-4C31-4897-93E8-00466E9ED42F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_VirusWall_for_NT) - :vendor (Trend_Micro) - :version (3.5) - ) - :type (OPSEC_product) - ) - : (TM_VirusWall_Solaris_3.6 - :AdminInfo ( - :chkpf_uid ("{80CDD43D-F7F8-475C-958D-D3CCF7BCEEFB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{1CB5277A-F5A4-4F8D-AC60-B6F3D67BAF3B}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_VirusWall_for_Solaris) - :vendor (Trend_Micro) - :version (3.6) - ) - :type (OPSEC_product) - ) - : (WebWasher_EE_Linux_3.1 - :AdminInfo ( - :chkpf_uid ("{B8954622-E780-46DB-8E0B-50DA720721E1}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{F05C21CD-6929-425B-AEB0-5E6F97E8C0AE}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebWasher_EE_Linux) - :vendor (WebWasher) - :version (3.1) - ) - :type (OPSEC_product) - ) - : (SecureWatch - :AdminInfo ( - :chkpf_uid ("{DF11985A-C890-48D3-ADE2-1F60A5DEEAC4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:41 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{B7CABFFA-EF0A-4C62-8878-3D27791B43AA}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecureWatchfor_W2K) - :vendor (TopLayer_Networks) - :version (1.11) - ) - :type (OPSEC_product) - ) - : (Entercept_Integrator_1.03 - :AdminInfo ( - :chkpf_uid ("{05F22C3A-F03E-490A-BC64-DA2B88596D92}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:42 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{2CBABE45-6A56-48FB-A844-3C86D4E4080F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Integrator_for_Check_Point) - :vendor (Entercept_Security_Technologies) - :version (1.03) - ) - :type (OPSEC_product) - ) - : (VigilEnt_Security_Agent_for_FW1 - :AdminInfo ( - :chkpf_uid ("{EDA9A2A2-E238-44F0-8C4F-50FECB4245AA}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:42 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{8F748A3B-A7D4-4D9B-9570-B8C7514B00F4}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (VigilEnt_Security_Agent) - :vendor (PentaSafe_Security_Technologies) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (SecoShield_2.0 - :AdminInfo ( - :chkpf_uid ("{8FCB396C-8F37-4AF1-A771-F79C20A734FC}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:42 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{D23690F2-1004-4050-91C3-13684C56626F}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecoShield_2.0) - :vendor (INFOSEC_Technologies) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (N2H2_Filtering_FW1 - :AdminInfo ( - :chkpf_uid ("{6313C1EB-AEA2-4923-A310-E5E018D0CB0C}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:42 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{D1D8E27B-6B13-4961-9F2B-0CB800AE04EB}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (N2H2_Filtering_NT) - :vendor (N2H2) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (SecureComputing_SmartFilter_2.1 - :AdminInfo ( - :chkpf_uid ("{406D3171-2CF2-4FFA-8C32-3A9DB53D0690}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{7ED208A5-8DF4-47A0-A70A-E5DA135718D4}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Smart_Filter) - :vendor (Secure_Computing) - :version (2.1) - ) - :type (OPSEC_product) - ) - : (SurfControl_SuperScout_FW1_2.1 - :AdminInfo ( - :chkpf_uid ("{DFB6904F-584B-4FDC-9048-B6EFC2C47AD2}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{77AE98F8-845F-4BE1-90F5-04A09C12040A}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SuperScout_for_FireWall) - :vendor (SurfControl) - :version (2.1) - ) - :type (OPSEC_product) - ) - : (WebSense_FW1_4.3 - :AdminInfo ( - :chkpf_uid ("{D2E3E730-EA2E-4A31-B689-436B5D0494DB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{A09058AD-B5A9-4E51-902D-18CCC8356D88}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebSense_for_FireWall-1) - :vendor (WebSense) - :version (4.3) - ) - :type (OPSEC_product) - ) - : (OpenService_SystemWatch_2.63 - :AdminInfo ( - :chkpf_uid ("{C0BDCDCD-3FB6-4FA3-9156-A018891014E4}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{0165BA91-6330-496C-A49A-CA8BE943069A}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SystemWatch) - :vendor (OpenService) - :version (2.63) - ) - :type (OPSEC_product) - ) - : (OpenSystems_Private_I_6420 - :AdminInfo ( - :chkpf_uid ("{73C6C1FF-5DFF-4F59-AB9D-8529A8C0F87F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{28BDF40C-8959-4DA1-B885-F4A2FBAD1AF8}") - :ClassName (OPSEC_product_info) - ) - :certification_info (NG-Compatible) - :certified (true) - :product (Private_I_Intelligence_Suite) - :vendor (OpenSystems.com) - :version (6420) - ) - :type (OPSEC_product) - ) - : (WebTrends_Firewall_3.0 - :AdminInfo ( - :chkpf_uid ("{518896A3-7E38-4FB6-9EEE-3FA990AC8763}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:43 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{622728CE-F3A5-4242-B50A-641279B43867}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebTrends_Firewall_Suite) - :vendor (NetIQ) - :version (3.0a) - ) - :type (OPSEC_product) - ) - : (G_Server_ELA_Module_1.51 - :AdminInfo ( - :chkpf_uid ("{F6EC787D-C321-41BC-BFF9-9DB0A5984472}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3645A004-C3C0-4804-800A-C31096DCB83A}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (G_Server_Appliance) - :vendor (Gilian) - :version (1.51) - ) - :type (OPSEC_product) - ) - : (SPiDER-1_for_FireWall-1_1.5 - :AdminInfo ( - :chkpf_uid ("{7410F783-733E-47F3-BE86-F75762A013B1}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{511EE6E0-062A-42AE-9BB5-8112C9A086B0}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SPiDER-1) - :vendor ("Igloo Security") - :version (1.5) - ) - :type (OPSEC_product) - ) - : (netForensics_agent_for_FireWall-1_2.3 - :AdminInfo ( - :chkpf_uid ("{1408C2EC-55E1-48E4-B30F-FA57B9A9A296}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{4735633B-A973-4063-8275-2A368974FDF3}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (netForensics) - :vendor (netForensics) - :version (2.3) - ) - :type (OPSEC_product) - ) - : (AppManager_for_FireWall-1 - :AdminInfo ( - :chkpf_uid ("{DB381B83-1437-49DF-9D31-FF09AA4C7AD3}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (true) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{9398256E-B09C-4EC3-9058-7F224456D415}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (NetIQ) - :vendor (NetIQ) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (FireMon_1.0 - :AdminInfo ( - :chkpf_uid ("{EB771FBB-70FC-4F68-8152-D8B8460D5C6F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (true) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{35F9775B-3553-45EA-AD18-26771CF94F08}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (FireMon) - :vendor ("FishNet Security") - :version (1.0) - ) - :type (OPSEC_product) - ) - : (Oblix_NetPoint_4.6 - :AdminInfo ( - :chkpf_uid ("{DFAB534E-6BC0-463D-B579-E69B5FC61240}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{57410EA9-7C70-465B-A44C-99E03876E9F3}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (NetPoint_Authentication_Adapter) - :vendor (Oblix) - :version (4.6) - ) - :type (OPSEC_product) - ) - : (Protegrity_Secure.Data_10.222.0.70 - :AdminInfo ( - :chkpf_uid ("{D8366FEB-B48F-47C6-99E8-15A2D9670F89}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{C5059AA0-8F27-43FC-B430-23D47DB03218}") - :ClassName (OPSEC_product_info) - ) - :certification_info (NT-Version) - :certified (true) - :product (Secure.Data) - :vendor (Protegrity) - :version (10.222.0.70) - ) - :type (OPSEC_product) - ) - : (Protegrity_Secure.Data_10.222.0.71 - :AdminInfo ( - :chkpf_uid ("{4EE7B65C-3574-4EE6-A9F3-91602909F8C9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (true) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{E6998505-4126-4A3E-AC5C-297804808410}") - :ClassName (OPSEC_product_info) - ) - :certification_info (Solaris-Version) - :certified (true) - :product (Secure.Data) - :vendor (Protegrity) - :version (10.222.0.71) - ) - :type (OPSEC_product) - ) - : (ACESwitch_ACEDirector - :AdminInfo ( - :chkpf_uid ("{811545CB-804A-4BA7-942B-75211682D4C3}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{6242753E-9464-47E6-A05E-4A9980A60EFA}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product ("ACESwitch & ACEDirector") - :vendor (Nortel) - :version ("Web OS 8.3 (firmware)") - ) - :type (OPSEC_product) - ) - : (Internet_Ironware - :AdminInfo ( - :chkpf_uid ("{3229CD03-370D-4C91-B6E7-74534768EEB9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{B5EEB358-4DE3-4DAB-B4EF-BC63ED1D8931}") - :ClassName (OPSEC_product_info) - ) - :certification_info (4.1) - :certified (true) - :product (ServerIron) - :vendor ("Foundry Networks") - :version ("7.1 (firmware)") - ) - :type (OPSEC_product) - ) - : (FireProof_2.0 - :AdminInfo ( - :chkpf_uid ("{5350D161-61B1-4343-A938-34D2CDD80EEB}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:45 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{F6B045C9-A796-48D7-B749-95DB577E3D9A}") - :ClassName (OPSEC_product_info) - ) - :certification_info (4.1) - :certified (true) - :product (FireProof) - :vendor (Radware) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (FireProof_2.3 - :AdminInfo ( - :chkpf_uid ("{504E8A0D-2F89-471C-9F66-F32547CBE3F7}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:46 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{06B4CA81-C14B-4C05-ACFB-A50CB599BF79}") - :ClassName (OPSEC_product_info) - ) - :certification_info (NG) - :certified (true) - :product (FireProof) - :vendor (Radware) - :version (2.3) - ) - :type (OPSEC_product) - ) - : (Rainwall_E_1.6 - :AdminInfo ( - :chkpf_uid ("{E8AE9F2F-5613-4B88-B376-F8FFCE0EF08B}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:46 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{76587B88-1D16-405B-B28F-16E74B8968C8}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("NG - Solaris") - :certified (true) - :product ("Rainwall E") - :vendor (Rainfinity) - :version (1.6) - ) - :type (OPSEC_product) - ) - : (Rainwall_E_1.5.1B30 - :AdminInfo ( - :chkpf_uid ("{731F7841-A16A-4221-BB44-DDDC9E64432F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:46 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{2311F091-0329-406B-BE92-93F13AC351DD}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Solaris") - :certified (true) - :product ("Rainwall E") - :vendor (Rainfinity) - :version ("1.5.1 bld_30") - ) - :type (OPSEC_product) - ) - : (Rainwall_E_1.5SP3 - :AdminInfo ( - :chkpf_uid ("{FBEA2DB3-5FA0-4E09-96A8-150F404B52D9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:46 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{78D963B6-0668-4159-BB1F-ACC287C55949}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Linux") - :certified (true) - :product ("Rainwall E") - :vendor (Rainfinity) - :version ("1.5 SP3") - ) - :type (OPSEC_product) - ) - : (StoneBeat_FullCluster_1.0SP4 - :AdminInfo ( - :chkpf_uid ("{3FA44973-4658-459A-8665-234474316BF9}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:46 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{B8A93E68-E662-4FD1-BA90-098D50FC3131}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - NT") - :certified (true) - :product ("StoneBeat FullCluster") - :vendor (StoneSoft) - :version ("1.0 SP4") - ) - :type (OPSEC_product) - ) - : (StoneBeat_FullCluster_2.0SP1a - :AdminInfo ( - :chkpf_uid ("{9034BDEC-687B-4EF4-8BAB-CAA1A68CD94C}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{EB1EC9B3-2391-43F8-A82B-5E348A860A36}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Solaris") - :certified (true) - :product ("StoneBeat FullCluster") - :vendor (StoneSoft) - :version ("2.0 SP1a") - ) - :type (OPSEC_product) - ) - : (StoneBeat_FullCluster_2.0SP3a - :AdminInfo ( - :chkpf_uid ("{2AA5E5B8-1A6F-48FA-887E-89FA4F415013}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{25E4373E-366C-403F-BE37-A9966E229B4A}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Linux") - :certified (true) - :product ("StoneBeat FullCluster") - :vendor (StoneSoft) - :version ("2.0 SP3a") - ) - :type (OPSEC_product) - ) - : (Cluster_Module - :AdminInfo ( - :chkpf_uid ("{35B03287-3CFE-490D-AF3F-021C81290C0F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{5351C8A6-729A-4218-88C3-71F8DFFD3BD9}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Solaris") - :certified (true) - :product ("Cluster Module") - :vendor (Legato) - :version (4.5.1) - ) - :type (OPSEC_product) - ) - : (Rainwall_S_1.5SP3 - :AdminInfo ( - :chkpf_uid ("{5669559C-9DDE-47A6-8B7C-2C25B7AF1369}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{FAA94964-72A8-4A07-8CBF-36BEB80567A5}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Linux") - :certified (true) - :product ("Rainwall S") - :vendor (Rainfinity) - :version ("1.5 SP3") - ) - :type (OPSEC_product) - ) - : (Rainwall_S_1.6 - :AdminInfo ( - :chkpf_uid ("{E7805555-6AC4-415A-A52C-5136CD615825}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{62B33292-8DEA-4E1A-B00D-B2E8256454EA}") - :ClassName (OPSEC_product_info) - ) - :certification_info ("4.1 - Solaris") - :certified (true) - :product ("Rainwall S") - :vendor (Rainfinity) - :version ("1.6 (B17)") - ) - :type (OPSEC_product) - ) - : (StoneBeat_3.1.5 - :AdminInfo ( - :chkpf_uid ("{A3D052A0-6B29-4F16-84AC-FAEF14EE3032}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:47 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{E15026F1-B13D-4AC0-818E-D2647B9990E1}") - :ClassName (OPSEC_product_info) - ) - :certification_info (4.1) - :certified (true) - :product (StoneBeat) - :vendor (StoneSoft) - :version (3.1.5) - ) - :type (OPSEC_product) - ) - : (Enterprise_Agent_for_CP_FW-1 - :AdminInfo ( - :chkpf_uid ("{20299E8D-B931-4419-BAC7-0C24CC4EFF8F}") - :ClassName (OPSEC_product) - :table (products) - :LastModified ( - :Time ("Sun Dec 30 11:36:48 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{3E4FB236-21BF-495E-A34F-F88E23F5E5C9}") - :ClassName (OPSEC_product_info) - ) - :certification_info (4.1) - :certified (true) - :product ("Enterprise Agent for CP FW-1") - :vendor ("Veritas Software Corp") - :version (1.3) - ) - :type (OPSEC_product) - ) - : (UserDefinedProduct - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB58D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB58E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (false) - :product () - :vendor ("User defined") - :version () - ) - :type (OPSEC_product) - ) - : (Aladdin_ESafe_Gateway_2.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB590-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB591-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ESafe_Protect_Gateway) - :vendor (Aladdin_Knowledge_Systems) - :version (2.1) - ) - :type (OPSEC_product) - ) - : (Aliroo_PrivaWall_1.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB593-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB594-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (PrivaWALL) - :vendor (Aliroo) - :version (1.1) - ) - :type (OPSEC_product) - ) - : (CA_SafeGate_2.2 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB596-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB597-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SafeGate) - :vendor (Computer_Associates) - :version (2.2) - ) - :type (OPSEC_product) - ) - : (Finjan_SurfinGate_4.03_NT - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB599-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB59A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SurfinGate) - :vendor (Finjan_Software) - :version (4.03) - ) - :type (OPSEC_product) - ) - : (FSecure_AV_FireWall_4.01 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB59C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB59D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Anti_Virus_For_FireWall) - :vendor (F-Secure) - :version (4.01) - ) - :type (OPSEC_product) - ) - : (TM_AppletTrap_2.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB59F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5A0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_AppletTrap) - :vendor (Trend_Micro) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (TM_VirusWall_FTP_3.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5A2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5A3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_VirusWall_for_FTP) - :vendor (Trend_Micro) - :version (3.5) - ) - :type (OPSEC_product) - ) - : (TM_VirusWall_HTTP_3.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5A5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5A6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_VirusWall_for_HTTP) - :vendor (Trend_Micro) - :version (3.5) - ) - :type (OPSEC_product) - ) - : (TM_VirusWall_SMTP_3.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5A8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (true) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5A9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (InterScan_VirusWall_for_SMTP) - :vendor (Trend_Micro) - :version (3.5) - ) - :type (OPSEC_product) - ) - : (CPRS_NS_5.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5AB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5AC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Real_Secure_Network_Sensor) - :vendor (Check_Point) - :version (5.0) - ) - :type (OPSEC_product) - ) - : (CPRSM_5.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5AE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (true) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5AF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Real_Secure_Manager) - :vendor (Check_Point) - :version (5.0) - ) - :type (OPSEC_product) - ) - : (CA_SessionWall3_1.4 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5B1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5B2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SessionWall_3) - :vendor (Computer_Associates) - :version (1.4) - ) - :type (OPSEC_product) - ) - : (Securant_ClearTrust_SecureDetector_4.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5B4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5B5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (ClearTrust_SecureDetector) - :vendor (Securant_Technologies) - :version (4.5) - ) - :type (OPSEC_product) - ) - : (8e6_XStop_FW1_1.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5B7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5B8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (X-Stop_For_FireWall-1) - :vendor (8e6_Technologies) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (SecureComputing_SmartFilter_1.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5BA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5BB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Smart_Filter) - :vendor (Secure_Computing) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (SurfControl_SuperScout_FW1_2.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5BD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5BE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SuperScout_for_FireWall-1) - :vendor (SurfControl) - :version (2.0) - ) - :type (OPSEC_product) - ) - : (Symantec_IGear_FW1_3.02 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5C0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5C1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (I-Gear_for_FireWall-1) - :vendor (Symantec) - :version (3.02) - ) - :type (OPSEC_product) - ) - : (WebSense_FW1_4.24 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5C3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (true) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5C4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebSense_for_FireWall-1) - :vendor (WebSense) - :version (4.24) - ) - :type (OPSEC_product) - ) - : (BMC_Patrol_FW_1.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5C6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5C7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Patrol_for_Firewalls) - :vendor (BMC_Software) - :version (1.1) - ) - :type (OPSEC_product) - ) - : (BusinessLayers_eProvisionDayOne_1.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5C9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (false) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5CA-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (eProvision_Day_One) - :vendor (Business_Layers) - :version (1.1) - ) - :type (OPSEC_product) - ) - : (Micromuse_Netcool_FW1_1.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5CC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (true) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (true) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5CD-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (NetCool_for_FireWall-1) - :vendor (Micromuse) - :version (1.0) - ) - :type (OPSEC_product) - ) - : (OpenService_System_Watch_2.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5CF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5D0-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SystemWatch) - :vendor (OpenService) - :version (2.5) - ) - :type (OPSEC_product) - ) - : (ProactiveNet_Intelliscope_3.6 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5D2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5D3-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Intelliscope) - :vendor (ProactiveNet) - :version (3.6) - ) - :type (OPSEC_product) - ) - : (CP_Reporting_4.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5D5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (true) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5D6-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Reporting_Module) - :vendor (Check_Point) - :version (4.1) - ) - :type (OPSEC_product) - ) - : (OpenSystems_PrivateI_6.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5D8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5D9-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Private_I_Intelligence_Suite) - :vendor (OpenSystems.com) - :version (6.1) - ) - :type (OPSEC_product) - ) - : (SameSolutions_NetTracker_1.1 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5DB-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5DC-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (NetTracker_Enterprise) - :vendor ("Sane Solutions") - :version (1.1) - ) - :type (OPSEC_product) - ) - : (Telemate.Net_4.4 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5DE-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5DF-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (TELEMATE.Net) - :vendor (Telemate.Net_Software) - :version (4.4) - ) - :type (OPSEC_product) - ) - : (VeriSign_Firewall_HealthCHECK_1.5 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5E1-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (false) - :OMI (true) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5E2-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (Firewall_HealthCHECK) - :vendor (VeriSign) - :version (1.5) - ) - :type (OPSEC_product) - ) - : (VeriSign_SecureVIEW_3.0.28 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5E4-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5E5-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (SecureVIEW) - :vendor (VeriSign) - :version (3.0.28) - ) - :type (OPSEC_product) - ) - : (WebTrends_Firewall_2.0 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB5E7-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product) - :table (products) - ) - :NT_commands () - :commands () - :solaris_commands () - :AMON (false) - :AMON_class_name (default_opsec_status_object) - :CPMI (false) - :CVP (false) - :ELA (false) - :LEA (true) - :OMI (false) - :RTM (false) - :SAM (false) - :UAC (false) - :UFP (false) - :color (black) - :comments () - :product_info ( - :AdminInfo ( - :chkpf_uid ("{97AEB5E8-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (OPSEC_product_info) - ) - :certification_info () - :certified (true) - :product (WebTrends_Firewall_Suite) - :vendor (WebTrends) - :version (2.0) - ) - :type (OPSEC_product) - ) - ) - :serverobj (serverobj) - :resources (resources) - :translations (translations) - :tracks (tracks - : ("UserDefined 2" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB485-9AEA-21D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name ("UserDefined 2") - ) - :Name () - :alert (useralert2) - :color ("Dark Orchid") - :format (long) - :icon () - :icon-name (icon-user) - :text-rid (61470) - :type (alert) - ) - : ("UserDefined 3" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB485-9AEA-31D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name ("UserDefined 3") - ) - :Name () - :alert (useralert3) - :color ("Dark Orchid") - :format (long) - :icon () - :icon-name (icon-user) - :text-rid (61470) - :type (alert) - ) - : (VPNddcateDropLog - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB496-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (VPNddcateDropLog) - ) - :Name () - :color ("Navy Blue") - :format (long) - :icon-name (icon-log-long) - :macro (VPN_DEDICATED_DROP_LOG) - :text-rid (0) - :type (log) - ) - : (VPNddcateAcceptLog - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB497-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (VPNddcateAcceptLog) - ) - :Name () - :color ("Navy Blue") - :format (long) - :icon-name (icon-log-long) - :macro (VPN_DEDICATED_ACCEPT_LOG) - :text-rid (0) - :type (log) - ) - : (None - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (empty_track) - :table (tracks) - :name (None) - ) - :icon (empty) - :icon-name (icon-empty) - ) - : (Short - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (Short) - ) - :Name () - :color (Blue) - :format () - :icon-name (icon-log-short) - :macro () - :text-rid (61467) - :type (log) - ) - : (Long - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB47F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (Long) - ) - :Name () - :color ("Navy Blue") - :format () - :icon-name (icon-log-long) - :macro () - :text-rid (61466) - :type (log) - ) - : (Log - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (Log) - ) - :Name () - :color ("Navy Blue") - :format (long) - :icon-name (icon-log-long) - :macro () - :text-rid (61466) - :type (log) - ) - : (Account - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:08 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB481-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (account) - :table (tracks) - :name (Account) - ) - :Name () - :color (Magenta) - :format (long) - :icon-name (icon-account) - :macro (ACCOUNT) - :type (account) - ) - : (Alert - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB482-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (Alert) - ) - :Name () - :alert (alert) - :color (Red) - :format (long) - :icon () - :icon-name (icon-alert) - :text-rid (61469) - :type (alert) - ) - : (SnmpTrap - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB483-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (SnmpTrap) - ) - :Name () - :alert (snmptrap) - :color ("Medium Slate Blue") - :format (long) - :icon () - :icon-name (icon-snmp-trap) - :text-rid (61467) - :type (alert) - ) - : (Mail - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB484-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (Mail) - ) - :Name () - :alert (mail) - :color (FireBrick) - :format (long) - :icon () - :icon-name (icon-mail) - :text-rid (61468) - :type (alert) - ) - : (UserDefined - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB485-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (UserDefined) - ) - :Name () - :alert (useralert) - :color ("Dark Orchid") - :format (long) - :icon () - :icon-name (icon-user) - :text-rid (61470) - :type (alert) - ) - : (spoof - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB486-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (spoof) - ) - :Name () - :color ("Navy Blue") - :format (long) - :icon-name () - :macro () - :text-rid (0) - :type (log) - ) - : (spoofalert - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB487-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (spoofalert) - ) - :Name () - :alert (spoofalert) - :color (red) - :format (long) - :icon (alert.pr) - :icon-name () - :text-rid (0) - :type (alert) - ) - : ("IP Options" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB488-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name ("IP Options") - ) - :Name () - :color ("Dark Orchid") - :format (badip_form) - :icon-name () - :macro () - :text-rid (0) - :type (log) - ) - : ("IP Options Alert" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB489-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name ("IP Options Alert") - ) - :Name () - :alert (alert) - :color (Red) - :format (badip_form) - :icon (alert.pr) - :icon-name () - :text-rid (0) - :type (alert) - ) - : (Auth - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (Auth) - ) - :Name (Auth) - :color (Blue) - :format () - :icon-name () - :macro () - :text-rid (0) - :type (log) - ) - : (AuthAlert - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name (AuthAlert) - ) - :Name (AuthAlert) - :alert (userauthalert) - :color (Red) - :format (auth) - :icon (alert.pr) - :icon-name () - :text-rid (0) - :type (alert) - ) - : (Duplicate - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name (Duplicate) - ) - :Name () - :color ("Navy Blue") - :format () - :icon-name (icon-log-long) - :macro (DUP_LOG) - :text-rid (61466) - :type (log) - ) - : ("Exception Log" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48D-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (log) - :table (tracks) - :name ("Exception Log") - ) - :Name () - :color (Blue) - :format (long) - :icon-name () - :macro () - :text-rid (0) - :type (log) - ) - : ("Exception Alert" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (alert) - :table (tracks) - :name ("Exception Alert") - ) - :Name () - :alert (alert) - :color (Red) - :format (long) - :icon (alert.pr) - :icon-name () - :text-rid (0) - :type (alert) - ) - ) - :qos ( - : (Best_Effort - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB658-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (class_of_service) - :table (qos) - :Deleteable (false) - :Renameable (false) - ) - :class_of_service_type (best_effort) - :color (black) - :comments () - :dscp (0) - :type (fg_class_of_service) - ) - ) - :servgen () - :log-props () - :state-act ( - :comannd_notinst2inst () - :command_notinst2dis () - :command_ins2notinst (status_alert) - :command_inst2dis (status_alert) - :command_dis2inst () - :command_dis2notinst () - ) - :SPIobj () - :userdefaults (Default - :name (Default) - :type (template) - :auth_method (Undefined) - :fromhour ("00:00") - :tohour ("23:59") - :expiration_date (31-dec-2003) - :groups () - :SKEY_number (100) - :days (127) - :destinations ( - : (Any - :color (Blue) - ) - ) - :sources ( - : (Any - :color (Blue) - ) - ) - ) - :ldap ( - : (OPSEC_DS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB639-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy) - :table (ldap) - ) - :Common ( - :AdminInfo ( - :chkpf_uid ("{97AEB63A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_common) - ) - :AttributesTranslationMap ( - : ("uid=uid") - ) - :DateFormat (yyyymmdd) - :ListOfAttrsToAvoid () - :TemplateObjectClass ( - : (fw1template) - ) - :BadPwdCountAttr (fw1BadPwdCount) - :ClientSideCrypt (0) - :CryptedPasswordPrefix ("{CRYPT}") - :DefaultCryptAlgorithm (PLAIN) - :ExpirationDateAttr (fw1expiration-date) - :ExpirationDateFormat (CP) - :FetchBranchesEnabled (1) - :MainVersion (4) - :PhoneNumberAttr (internationalisdnnumber) - :PsswdDateAttr (fw1pwdLastMod) - :PsswdDateFormat (CP) - :ReadOnly (0) - :StrongAuthSupported (1) - :SubVersion (1) - :SupportOldSchema (0) - :UnbindMode (0) - :UserLoginAttr (uid) - :UserPasswordAttr (userPassword) - :Vendor (Other) - ) - :Read ( - :AdminInfo ( - :chkpf_uid ("{97AEB63B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_read) - ) - :BranchObjectClass ( - : (Organization) - : (OrganizationalUnit) - ) - :DomainObjectClass () - :GroupMembershipAttr ( - : (member) - : (uniqueMember) - ) - :GroupObjectClass ( - : (groupOfNames) - : (groupOfUniqueNames) - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :TemplateObjectClass ( - : (Organization) - ) - :UserMembershipAttr ( - : (memberOf) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :BranchOCOperator (One) - :FetchBranchesFrom () - :GroupMembership (Member) - :GroupOCOperator (One) - :Scope (sub) - :SizeLimit (2000) - :TemplateMembership (Member) - :TimeLimit (50) - :UserOCOperator (One) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :Write ( - :AdminInfo ( - :chkpf_uid ("{97AEB63C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_write) - ) - :AutomaticAttrs () - :DomainObjectClass () - :DomainRDN (dc) - :GroupObjectClass ( - : ("groupOfNames:member") - : ("groupOfUniqueNames:uniqueMember") - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :AllowReplaceOperation (1) - :DefaultGroupObjectClass (groupOfNames) - :GroupRDN (cn) - :OrgUnitRDN (ou) - :OrganizationRDN (o) - :SupportEmptyGroups (1) - :TemplateMembership (Member) - :UserMembershipAttr (memberOf) - :UserRDN (cn) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :color (Black) - :comments ("Default Directory Server") - :type (ldap_policy) - ) - : (Novell_DS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB640-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy) - :table (ldap) - ) - :Common ( - :AdminInfo ( - :chkpf_uid ("{97AEB641-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_common) - ) - :AttributesTranslationMap ( - : ("uid=uid") - ) - :DateFormat (yyyymmdd) - :ListOfAttrsToAvoid () - :TemplateObjectClass ( - : (fw1template) - ) - :BadPwdCountAttr (fw1BadPwdCount) - :ClientSideCrypt (0) - :CryptedPasswordPrefix ("{CRYPT}") - :DefaultCryptAlgorithm (PLAIN) - :ExpirationDateAttr (fw1expiration-date) - :ExpirationDateFormat (CP) - :FetchBranchesEnabled (1) - :MainVersion (4) - :PhoneNumberAttr (internationalisdnnumber) - :PsswdDateAttr (fw1pwdLastMod) - :PsswdDateFormat (CP) - :ReadOnly (0) - :StrongAuthSupported (1) - :SubVersion (1) - :SupportOldSchema (0) - :UnbindMode (0) - :UserLoginAttr (uid) - :UserPasswordAttr (userPassword) - :Vendor (Novell) - ) - :Read ( - :AdminInfo ( - :chkpf_uid ("{97AEB642-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_read) - ) - :BranchObjectClass ( - : (Organization) - : (OrganizationalUnit) - ) - :DomainObjectClass () - :GroupMembershipAttr ( - : (member) - : (uniqueMember) - ) - :GroupObjectClass ( - : (groupOfNames) - : (groupOfUniqueNames) - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :TemplateObjectClass ( - : (Organization) - ) - :UserMembershipAttr ( - : (memberOf) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :BranchOCOperator (One) - :FetchBranchesFrom () - :GroupMembership (Member) - :GroupOCOperator (One) - :Scope (sub) - :SizeLimit (2000) - :TemplateMembership (Member) - :TimeLimit (50) - :UserOCOperator (One) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :Write ( - :AdminInfo ( - :chkpf_uid ("{97AEB643-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_write) - ) - :AutomaticAttrs () - :DomainObjectClass () - :DomainRDN (dc) - :GroupObjectClass ( - : ("groupOfNames:member") - : ("groupOfUniqueNames:uniqueMember") - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :AllowReplaceOperation (1) - :DefaultGroupObjectClass (groupOfNames) - :GroupRDN (cn) - :OrgUnitRDN (ou) - :OrganizationRDN (o) - :SupportEmptyGroups (1) - :TemplateMembership (Member) - :UserMembershipAttr (memberOf) - :UserRDN (cn) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :color (Black) - :comments ("Novell Directory Server") - :type (ldap_policy) - ) - : (Netscape_DS - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB647-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy) - :table (ldap) - ) - :Common ( - :AdminInfo ( - :chkpf_uid ("{97AEB648-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_common) - ) - :AttributesTranslationMap ( - : ("uid=uid") - ) - :DateFormat (yyyymmdd) - :ListOfAttrsToAvoid () - :TemplateObjectClass ( - : (fw1template) - ) - :BadPwdCountAttr (fw1BadPwdCount) - :ClientSideCrypt (1) - :CryptedPasswordPrefix ("{CRYPT}") - :DefaultCryptAlgorithm (CRYPT) - :ExpirationDateAttr (fw1expiration-date) - :ExpirationDateFormat (CP) - :FetchBranchesEnabled (1) - :MainVersion (4) - :PhoneNumberAttr (internationalisdnnumber) - :PsswdDateAttr (fw1pwdLastMod) - :PsswdDateFormat (CP) - :ReadOnly (0) - :StrongAuthSupported (1) - :SubVersion (1) - :SupportOldSchema (0) - :UnbindMode (0) - :UserLoginAttr (uid) - :UserPasswordAttr (userPassword) - :Vendor (Netscape) - ) - :Read ( - :AdminInfo ( - :chkpf_uid ("{97AEB649-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_read) - ) - :BranchObjectClass ( - : (Organization) - : (OrganizationalUnit) - : (Domain) - ) - :DomainObjectClass () - :GroupMembershipAttr ( - : (member) - : (uniqueMember) - ) - :GroupObjectClass ( - : (groupOfNames) - : (groupOfUniqueNames) - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :TemplateObjectClass ( - : (Organization) - ) - :UserMembershipAttr ( - : (memberOf) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :BranchOCOperator (One) - :FetchBranchesFrom () - :GroupMembership (Member) - :GroupOCOperator (One) - :Scope (sub) - :SizeLimit (2000) - :TemplateMembership (Member) - :TimeLimit (50) - :UserOCOperator (One) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :Write ( - :AdminInfo ( - :chkpf_uid ("{97AEB64A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_write) - ) - :AutomaticAttrs () - :DomainObjectClass ( - : (domain) - : (top) - ) - :DomainRDN (dc) - :GroupObjectClass ( - : ("groupOfNames:member") - : ("groupOfUniqueNames:uniqueMember") - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :UserObjectClass ( - : (person) - : (organizationalPerson) - : (inetOrgPerson) - : (fw1Person) - ) - :AllowReplaceOperation (1) - :DefaultGroupObjectClass (groupOfNames) - :GroupRDN (cn) - :OrgUnitRDN (ou) - :OrganizationRDN (o) - :SupportEmptyGroups (1) - :TemplateMembership (Member) - :UserMembershipAttr (memberOf) - :UserRDN (cn) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :color (Black) - :comments ("Netscape Directory Server") - :type (ldap_policy) - ) - : (Microsoft_AD - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB64E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy) - :table (ldap) - ) - :Common ( - :AdminInfo ( - :chkpf_uid ("{97AEB64F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_common) - ) - :AttributesTranslationMap ( - : ("uid=uid") - ) - :DateFormat (yyyymmdd) - :ListOfAttrsToAvoid () - :TemplateObjectClass ( - : (fw1template) - ) - :BadPwdCountAttr (fw1BadPwdCount) - :ClientSideCrypt (0) - :CryptedPasswordPrefix ("{CRYPT}") - :DefaultCryptAlgorithm (PLAIN) - :ExpirationDateAttr (accountExpires) - :ExpirationDateFormat (MS) - :FetchBranchesEnabled (1) - :MainVersion (5) - :PhoneNumberAttr (internationalisdnnumber) - :PsswdDateAttr (pwdLastSet) - :PsswdDateFormat (MS) - :ReadOnly (0) - :StrongAuthSupported (1) - :SubVersion (0) - :SupportOldSchema (0) - :UnbindMode (0) - :UserLoginAttr (sAMAccountName) - :UserPasswordAttr (unicodePwd) - :Vendor (Microsoft) - ) - :Read ( - :AdminInfo ( - :chkpf_uid ("{97AEB650-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_read) - ) - :BranchObjectClass ( - : (Organization) - : (OrganizationalUnit) - : (Container) - ) - :DomainObjectClass () - :GroupMembershipAttr ( - : (member) - ) - :GroupObjectClass ( - : (group) - : (groupOfNames) - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - : (Container) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :TemplateObjectClass ( - : (Organization) - ) - :UserMembershipAttr ( - : (memberOf) - ) - :UserObjectClass ( - : (user) - ) - :BranchOCOperator (One) - :FetchBranchesFrom () - :GroupMembership (MemberOf) - :GroupOCOperator (One) - :Scope (sub) - :SizeLimit (2000) - :TemplateMembership (MemberOf) - :TimeLimit (50) - :UserOCOperator (One) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :Write ( - :AdminInfo ( - :chkpf_uid ("{97AEB651-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (LDAP_policy_write) - ) - :AutomaticAttrs ( - : ("user:userAccountControl:66048") - ) - :DomainObjectClass () - :DomainRDN (dc) - :GroupObjectClass ( - : ("group:member") - ) - :OrgUnitObjectClass ( - : (OrganizationalUnit) - ) - :OrganizationObjectClass ( - : (Organization) - ) - :TemplateMembershipAttr ( - : (member) - ) - :UserObjectClass ( - : (user) - ) - :AllowReplaceOperation (1) - :DefaultGroupObjectClass (group) - :GroupRDN (cn) - :OrgUnitRDN (ou) - :OrganizationRDN (o) - :SupportEmptyGroups (0) - :TemplateMembership (MemberOf) - :UserMembershipAttr (memberOf) - :UserRDN (cn) - :UserTemplateMembershipAttr (memberoftemplate) - ) - :color (Black) - :comments ("Microsoft Active Directory") - :type (ldap_policy) - ) - ) - :encryption ( - : (skip512 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB61A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (SKIP_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB61B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (F52AFF3CE1B1294018118D7C84A70A72D686C40319C807297ACA950CD9969FABD00A509B0246D3083D66A45D419F9C7CBD894B221926BAABA25EC355E92A055F) - ) - :modsize (0) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB61C-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (02) - ) - :rootsize (0) - :type (SKIP_DH_parameters) - ) - : (skip1024 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB61F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (SKIP_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB620-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212cb52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fabd00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7) - ) - :modsize (0) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB621-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (02) - ) - :rootsize (0) - :type (SKIP_DH_parameters) - ) - : ("Group 1 (768 bit)" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB624-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (IKE_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :DH_group_number (1) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB625-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff) - ) - :modsize (768) - :private_key_length (160) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB626-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (02) - ) - :rootsize (2) - :type (IKE_DH_parameters) - ) - : ("Group 2 (1024 bit)" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (IKE_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :DH_group_number (2) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB62A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff) - ) - :modsize (1024) - :private_key_length (192) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB62B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (02) - ) - :rootsize (2) - :type (IKE_DH_parameters) - ) - : ("Group 5 (1536 bit)" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB62E-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (IKE_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :DH_group_number (5) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB62F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF) - ) - :modsize (1536) - :private_key_length (256) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB630-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (02) - ) - :rootsize (2) - :type (IKE_DH_parameters) - ) - : (fwz512 - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB633-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (FWZ_Diffie_Hellman_parameters_object) - :table (encryption) - ) - :color (black) - :comments () - :mod ( - :AdminInfo ( - :chkpf_uid ("{97AEB634-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (9f57f60c98ba4f11468dfb4c2ecfd15b8861f48a88bd32cb2cb954c06cc01e25578102905691631266306444b1ef31de0c0091f468ecbccd70170b2d84fa637f) - ) - :modsize (0) - :root ( - :AdminInfo ( - :chkpf_uid ("{97AEB635-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (key_value) - ) - :value (0a552ee379202b40e79dca100dfb6501346307533c3ebef5e3ee0727e260489377981ae7c8b6124128437d4892fd632aafde6df3744f0351ec05f83130f74cfb) - ) - :rootsize (0) - :type (FWZ_DH_parameters) - ) - ) - :communities ( - : (MyExtranet - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB676-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (extranet_community) - :table (communities) - ) - :extranet_partners () - :extranet_resources () - :color (black) - :comments () - :type (extranet_community) - ) - : (RemoteAccess - :AdminInfo ( - :chkpf_uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (sr_community) - :table (communities) - :Deleteable (false) - :Wiznum (-1) - :LastModified ( - :Time ("Thu May 6 14:28:35 2004") - :By (andre) - :From (gateway) - ) - ) - :participant_gateways ( - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :participant_users_groups ( - : (ReferenceObject - :Name (Cactus-extern) - :Table (users) - :Uid ("{227D1A80-CC1E-4CD4-9576-4D46F271402F}") - ) - : (ReferenceObject - :Name (RAS-Test) - :Table (users) - :Uid ("{895BBAA2-096E-4DC6-A621-4A98B44EB63E}") - ) - : (ReferenceObject - :Name (vpn_user) - :Table (users) - :Uid ("{82847E1A-EF2C-4A75-9A9E-0034D70978DB}") - ) - ) - :ID (2) - :color (black) - :comments () - :ike_p1 ( - :AdminInfo ( - :chkpf_uid ("{64C9347A-414A-11D7-B538-7F0000014646}") - :ClassName (ike_p1) - ) - :ike_p1_dh_grp (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :ike_p1_enc_alg (3DES) - :ike_p1_hash_alg (MD5) - :ike_p1_rekey_time (1440) - :ike_p1_use_aggressive (false) - :ike_p1_use_shared_secret (false) - ) - :ike_p2 ( - :AdminInfo ( - :chkpf_uid ("{64C93A60-414A-11D7-B538-7F0000014646}") - :ClassName (ike_p2) - ) - :ike_p2_enc_alg (3DES) - :ike_p2_hash_alg (MD5) - :ike_p2_ipcomp (None) - :ike_p2_pfs_dh_grp (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :ike_p2_rekey_kbytes (50000) - :ike_p2_rekey_time (3600) - :ike_p2_use_pfs (false) - :ike_p2_use_rekey_kbytes (false) - :ike_p2_use_subnets (true) - ) - :type (sr_community) - ) - :next_number (7) - : (IsoAAAE-VPN - :AdminInfo ( - :chkpf_uid ("{3C7F216B-3FD1-4E6D-A65F-0EF3C500F865}") - :ClassName (intranet_community) - :table (communities) - :Wiznum (-1) - :LastModified ( - :Time ("Sat Nov 20 22:20:26 2004") - :By (tim) - :From (gateway) - ) - ) - :exclude_srv () - :participant_gateways ( - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :satellite_gateways () - :ID (5) - :allow_all_encrypted_traffic (false) - :color (black) - :comments () - :disable_NAT (false) - :ike_p1 ( - :AdminInfo ( - :chkpf_uid ("{CD67359F-4B08-41BD-8F72-E35BA5BCEA1E}") - :ClassName (ike_p1) - ) - :ike_p1_dh_grp (ReferenceObject - :Name ("Group 2 (1024 bit)") - :Table (encryption) - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :ike_p1_enc_alg (3DES) - :ike_p1_hash_alg (SHA1) - :ike_p1_rekey_time (1440) - :ike_p1_use_aggressive (false) - :ike_p1_use_shared_secret (false) - ) - :ike_p2 ( - :AdminInfo ( - :chkpf_uid ("{FB40B39A-590A-404E-A70D-A47D18DF4081}") - :ClassName (ike_p2) - ) - :ike_p2_enc_alg (3DES) - :ike_p2_hash_alg (SHA1) - :ike_p2_ipcomp (None) - :ike_p2_pfs_dh_grp (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :ike_p2_rekey_kbytes (50000) - :ike_p2_rekey_time (3600) - :ike_p2_use_pfs (false) - :ike_p2_use_rekey_kbytes (false) - :ike_p2_use_subnets (true) - ) - :meshed_in_center (false) - :route_through_center (none) - :topology (star) - :type (intranet_community) - ) - ) - :setup ( - : ("Single Sign On" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB48F-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (Impersonation) - :table (setup) - :name ("Single Sign On") - ) - :color (Blue) - :icon-name (ICON_WC_SSO) - :menu (true) - :sso_setting ( - :AdminInfo ( - :chkpf_uid ("{97AEB65A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (sso_setting) - ) - :application_name () - :authentication_domain () - :html_sso ( - :AdminInfo ( - :chkpf_uid ("{97AEB659-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (html_sso) - ) - :html_sso_type (logoff) - :login_url () - :logoff_url () - :submit_url () - ) - :sso_type (basic) - ) - :type (Impersonation) - ) - : (Redirection - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB490-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (Redirection) - :table (setup) - :name (Redirection) - ) - :color (Blue) - :icon-name (ICON_WC_REDIRECTION) - :menu (true) - :redirect_setting () - :type (Redirection) - ) - : ("Insert Header" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB491-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (ModifyHeader) - :table (setup) - :name ("Insert Header") - ) - :header_settings () - :color ("Navy Blue") - :icon-name (ICON_WC_MODIFY_HEADER) - :menu (true) - :type (ModifyHeader) - ) - : ("Delete Header" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB492-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (DeleteHeader) - :table (setup) - :name ("Delete Header") - ) - :header_settings () - :color ("Navy Blue") - :icon-name (ICON_WC_DELETE_HEADER) - :menu (true) - :type (DeleteHeader) - ) - : (Apply_To_Sub_Folders - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB493-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (outer_inheritance) - :table (setup) - :name (Apply_To_Sub_Folders) - ) - : (Yes - :AdminInfo ( - :chkpf_uid ("{97AEB660-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (inner_inheritance) - :table (setup) - ) - :color (Black) - :icon-name (ICON_WC_APPLY_TO_SF) - :type (RuleApplied) - ) - :nested_menu (true) - :type (RuleApplied) - ) - : (Do_Not_Apply_To_Sub_Folders - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB494-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (outer_inheritance) - :table (setup) - :name (Do_Not_Apply_To_Sub_Folders) - ) - : (No - :AdminInfo ( - :chkpf_uid ("{97AEB662-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (inner_inheritance) - :table (setup) - ) - :color (Black) - :icon-name (ICON_WC_NOT_APPLY_TO_SF) - :type (RuleNotApplied) - ) - :nested_menu (true) - :type (RuleNotApplied) - ) - : (RuleInherited - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB495-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (outer_inheritance) - :table (setup) - :name (RuleInherited) - ) - : (Inherited - :AdminInfo ( - :chkpf_uid ("{97AEB664-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (inner_inheritance) - :table (setup) - ) - :color (Black) - :icon-name (ICON_WC_INHERITED) - :type (RuleInherited) - ) - :nested_menu (true) - :type (RuleInherited) - ) - : (accept - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB360-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (accept_action) - :table (setup) - :name (accept) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - : (drop - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB361-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (drop_action) - :table (setup) - :name (drop) - ) - :action () - :macro () - :type (drop) - ) - : (reject - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB362-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (reject_action) - :table (setup) - :name (reject) - ) - :action () - :macro () - :type (reject) - ) - : ("User Auth" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB363-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (user_authenticate) - :table (setup) - :name ("User Auth") - ) - :action () - :dst_options ("Intersect with User Database") - :macro () - :src_options ("Intersect with User Database") - :type (auth_user) - ) - : ("Client Auth" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB364-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (client_authenticate) - :table (setup) - :name ("Client Auth") - ) - :accept_track (ReferenceObject - :Table (tracks) - :Name (None) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - :action () - :clauth_refreshable (false) - :clauth_to_hours (0) - :clauth_to_infinite (false) - :clauth_to_minutes (30) - :clauth_track (ReferenceObject - :Table (tracks) - :Name (None) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (PASS_CLNTAUTH) - :ruletype ("standard sign on") - :sessions (5) - :sessions_infinite (false) - :signon_method ("manual sign-on") - :src_options ("Intersect with User Database") - :type (auth_client) - ) - : ("Session Auth" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB365-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (session_authenticate) - :table (setup) - :name ("Session Auth") - ) - :accept_iff_encrypted (false) - :accept_track (ReferenceObject - :Table (tracks) - :Name (None) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - :action () - :authenticate_with_UA (false) - :dst_options ("Intersect with User Database") - :macro (PASS_SESSION_AUTH) - :ruletype () - :sessions (1) - :sessions_infinite (false) - :snauth.agent (Src) - :src_options ("Intersect with User Database") - :type (auth_session) - ) - : (encrypt - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB366-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (encrypt) - :table (setup) - :name (encrypt) - ) - :action () - :datam (DES) - :diagnostics-track ( - :AdminInfo ( - :chkpf_uid ("{97AEB66B-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (empty_track) - :table (tracks) - ) - :icon (empty) - :icon-name (icon-empty) - ) - :gateway () - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway () - :isakmp.phase2_DH_group (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (false) - :isakmp.useippools (false) - :keym (DES) - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - : ("Client Encrypt" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB367-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (client_encrypt) - :table (setup) - :name ("Client Encrypt") - ) - :action () - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - : (Gateways - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{1C1F246F-E707-11D4-A32B-0002B3168CEA}") - :ClassName (install_gateways) - :table (setup) - :name (Gateways) - ) - :type (gateways) - ) - : (Dst - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{1C1F2470-E707-11D4-A32B-0002B3168CEA}") - :ClassName (install_no_gateways) - :table (setup) - :name (Dst) - ) - :type (dst) - ) - : (Src - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{1C1F2471-E707-11D4-A32B-0002B3168CEA}") - :ClassName (install_no_gateways) - :table (setup) - :name (Src) - ) - :type (src) - ) - : ("OSE Devices" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{1C1F2472-E707-11D4-A32B-0002B3168CEA}") - :ClassName (install_no_gateways) - :table (setup) - :name ("OSE Devices") - ) - :type (routers) - ) - : ("Embedded Devices" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{1C1F2473-E707-11D4-A32B-0002B3168CEA}") - :ClassName (install_no_gateways) - :table (setup) - :name ("Embedded Devices") - ) - :type (blackboxes) - ) - ) - :methods ( - : (Read_GET - :AdminInfo ( - :chkpf_uid ("{FF4E493B-0014-4E7F-8B3B-7DA92C75041B}") - :ClassName (method) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{5397AE69-D63B-4A3A-8861-5FD3CE7E5A34}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:27 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :extensions ( - : () - ) - :http_methods ( - : (GET) - ) - :parameters ( - : () - ) - :color (blue) - :comments () - :headers () - :type (method) - ) - : (Write_POST - :AdminInfo ( - :chkpf_uid ("{93AE6EF6-37A8-4ED3-8914-BAE0BCD22935}") - :ClassName (method) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{B5DAD06B-8FDC-4BC5-B92D-CEC27B725051}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:44 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :extensions ( - : () - ) - :http_methods ( - : (POST) - ) - :parameters ( - : () - ) - :color ("dark green") - :comments () - :headers () - :type (method) - ) - : (Read_HEAD - :AdminInfo ( - :chkpf_uid ("{C5935CBF-2620-4102-9FFC-C28CB02AFC5D}") - :ClassName (method) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{D4ABA21C-0EC1-4EC5-A3A3-8E92EA404705}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:32 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :extensions ( - : () - ) - :http_methods ( - : (HEAD) - ) - :parameters ( - : () - ) - :color (blue1) - :comments () - :headers () - :type (method) - ) - : (Write_PUT - :AdminInfo ( - :chkpf_uid ("{C19254EF-93B0-451E-B272-D9BCE0F1239B}") - :ClassName (method) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{92593670-3E10-4095-A719-407D61AA020D}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:56 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :extensions ( - : () - ) - :http_methods ( - : (PUT) - ) - :parameters ( - : () - ) - :color (gold) - :comments () - :headers () - :type (method) - ) - : (Write_DELETE - :AdminInfo ( - :chkpf_uid ("{F1084137-B25B-4BCF-B8AB-A584D75DAA81}") - :ClassName (method) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{92B3E91B-DF55-4AD9-A509-8C0D07801DF8}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:50 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - :extensions ( - : () - ) - :http_methods ( - : (DELETE) - ) - :parameters ( - : () - ) - :color ("dark orchid") - :comments () - :headers () - :type (method) - ) - : (Read - :AdminInfo ( - :chkpf_uid ("{096BE591-0965-4554-A6C0-699304E494A3}") - :ClassName (method_group) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{51E29EA5-F068-420E-A6D4-30D5EFE0A4D7}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:03 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Read_GET) - :Table (methods) - :Uid ("{FF4E493B-0014-4E7F-8B3B-7DA92C75041B}") - ) - : (ReferenceObject - :Name (Read_HEAD) - :Table (methods) - :Uid ("{C5935CBF-2620-4102-9FFC-C28CB02AFC5D}") - ) - :color (black) - :comments () - :member_class (method) - :members_query () - :type (group) - ) - : (Write - :AdminInfo ( - :chkpf_uid ("{8597BE82-E4B9-4528-B5CA-8F636B028164}") - :ClassName (method_group) - :table (methods) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{95212127-F192-4BBB-8807-5692FA4466B5}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Dec 16 16:11:39 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - ) - : (ReferenceObject - :Name (Write_DELETE) - :Table (methods) - :Uid ("{F1084137-B25B-4BCF-B8AB-A584D75DAA81}") - ) - : (ReferenceObject - :Name (Write_POST) - :Table (methods) - :Uid ("{93AE6EF6-37A8-4ED3-8914-BAE0BCD22935}") - ) - : (ReferenceObject - :Name (Write_PUT) - :Table (methods) - :Uid ("{C19254EF-93B0-451E-B272-D9BCE0F1239B}") - ) - :color (cyan) - :comments () - :member_class (method) - :members_query () - :type (group) - ) - ) - :globals ( - : (VPN1NetLocalModule - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9ADF-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (VPN1NetLocalModule) - ) - :color (black) - ) - : ("VPN-1 Embedded devices defined as Remote Access" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{DDEDE17A-CC11-4710-9E0D-47CE7F9B7368}") - :ClassName (any_object) - :table (globals) - :name ("VPN-1 Embedded devices defined as Remote Access") - ) - :color (black) - ) - : ("All Users" - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9AEB-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name ("All Users") - ) - :color (black) - ) - : (All_Communities - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9AEC-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (All_Communities) - ) - :color (black) - ) - : (All_GwToGw - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9AED-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (All_GwToGw) - ) - :color (black) - ) - : (All_SR - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9AEE-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (All_SR) - ) - :color (black) - ) - : (LocalVpnDomain - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By (CheckPoint) - :From (CheckPoint) - ) - :chkpf_uid ("{97AEB36A-9ADD-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (LocalVpnDomain) - ) - :color (black) - ) - : (All - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB368-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (All) - ) - :color (black) - ) - : (Any - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (Any) - ) - :color (black) - ) - : (None - :AdminInfo ( - :LastModified ( - :Time ("Mon Aug 27 14:54:09 2001") - :By ("Upgrade Process") - :From (keepme) - ) - :chkpf_uid ("{97AEB36A-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (any_object) - :table (globals) - :name (None) - ) - :color (black) - ) - ) - :version (5.41) - :properties ( - : (firewall_properties - :AdminInfo ( - :chkpf_uid ("{97AEB653-9AEA-11D5-BD16-0090272CCB30}") - :ClassName (firewall_properties) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{7FBC9AD1-0BBA-4CD0-8C0D-14FF5A81EA14}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :table (properties) - :Wiznum (-1) - :LastModified ( - :Time ("Mon Jun 6 11:36:25 2005") - :By (andre) - :From (andres-laptop) - ) - ) - :desktop_active_test ( - :0 ( - :AdminInfo ( - :chkpf_uid ("{29C2307A-4E51-11D7-A39D-7F0000011616}") - :ClassName (active_test) - ) - :test_name (ping_loopback) - :test_parameters () - ) - :1 ( - :AdminInfo ( - :chkpf_uid ("{29C234DA-4E51-11D7-A39D-7F0000011616}") - :ClassName (active_test) - ) - :test_name (ping_def_gw) - :test_parameters () - ) - :2 ( - :AdminInfo ( - :chkpf_uid ("{29C238E0-4E51-11D7-A39D-7F0000011616}") - :ClassName (active_test) - ) - :test_name (dttunneltest) - :test_parameters () - ) - ) - :desktop_ike_p1_enc_algs ( - : (DES) - : (3DES) - : (AES-256) - ) - :desktop_ike_p1_hash_algs ( - : (SHA1) - : (MD5) - ) - :desktop_ike_p1_supported_dh_groups ( - : (ReferenceObject - :Name ("Group 2 (1024 bit)") - :Table (encryption) - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :http_netso_client () - :netso_selected_trusted_domains_list () - :private_ip_ranges ( - : ( - :AdminInfo ( - :chkpf_uid ("{64BC9ED6-414A-11D7-B538-7F0000014646}") - :ClassName (first_and_last_IP) - ) - :ipaddr_first (10.222.0.27) - :ipaddr_last (10.222.0.72) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{64BCA2BE-414A-11D7-B538-7F0000014646}") - :ClassName (first_and_last_IP) - ) - :ipaddr_first (10.222.0.73) - :ipaddr_last (10.222.0.74) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{64BCA660-414A-11D7-B538-7F0000014646}") - :ClassName (first_and_last_IP) - ) - :ipaddr_first (10.222.0.75) - :ipaddr_last (10.222.0.76) - ) - ) - :EnableUserMonitoring (false) - :GW_route_traffic_for_OM_address (false) - :IKE_wait4sync (2) - :IPSEC_SPI_alloc_max (ffff) - :IPSEC_SPI_alloc_min (100) - :PDU_sequence (16) - :SofawareLoader (SofawareLoader) - :VPN_configuration_mode (per_policy) - :accept_domain_tcp (false) - :accept_domain_udp (false) - :accept_fw1_connections (false) - :accept_icmp (false) - :accept_outgoing (false) - :accept_rip (false) - :acceptdecrypt (true) - :active_resolver (true) - :add_nt_groups (false) - :add_radius_groups (false) - :addresstrans (false) - :admin_lock_after_bad_attempts (3) - :admin_lock_after_bad_attempts_enable (false) - :admin_lock_auto_release_timeout (30) - :admin_lock_auto_release_timeout_enable (true) - :admin_lock_send_friendly_error_msg (true) - :adtr_skip_routing_msg (true) - :ahttpclientd_redirected_port () - :ahttpclientd_redirected_protocol () - :ahttpclientd_redirected_url () - :alertcertexpiry (432000) - :alertcmd () - :alertcmd_send_to_system_status (true) - :allow_PDU_sequence (false) - :allow_all_options (false) - :allow_clear_gettopo (false) - :allow_clear_traffic_while_disconnected (false) - :allow_encryption_outgoing_first (false) - :allow_h323_h245_tunneling (false) - :allow_h323_t120 (false) - :allow_h323_through_ras (false) - :allow_install_users_db_on_module (false) - :allow_remote_ra (false) - :allowed_suffix_for_internal_users ("OU=users,O=IsoAAAD.IsoAAAA-es.de..jnbkhk") - :as_failure_limit (5) - :as_radius_free_type (40) - :asm_synatk (false) - :asm_synatk_external_only (true) - :asm_synatk_log (log) - :asm_synatk_log_level (1) - :asm_synatk_threshold (200) - :asm_synatk_timeout (5) - :au_connect_timeout (10) - :au_timeout (15) - :auth_validity_days (14) - :auto_sync_on_install (true) - :auto_sync_on_save (false) - :auto_sync_scheduled (false) - :automatic_policy_update_frequency (10080) - :automatically_open_ca_rules (false) - :block_gtp_in_gtp (true) - :block_reverse_tcp (false) - :block_reverse_tcp_p (first) - :block_reverse_udp (false) - :block_reverse_udp_p (first) - :ca_matchbyname (false) - :ca_wait_mode (false) - :cert_req_ext_key_usage (0) - :cert_start_grace (7200) - :check_flow_labels (false) - :check_length (false) - :clauth_no_log_errors (false) - :clauth_no_resolve (false) - :clauth_tolower_users (false) - :client_max_auth_allowed (3) - :clnt_auth_msg () - :cluster_id_counter (7796) - :cluster_nburst (50) - :conn_limit_notify_interval (3600) - :conn_limit_reached_log (true) - :connections_hashsize (65536) - :connections_limit (25000) - :control_back_compatibility (false) - :cp_gw_default_profile () - :cpcufp_dont_clean_cache (false) - :cpcufp_hash_size (2048) - :cpcufp_timeout (300) - :cpridenable (true) - :cpridenable_p (first) - :create_version_on_install_policy (false) - :crl_end_grace (1800) - :crl_start_grace (1800) - :crlcache_timeout (86400) - :cvp_keep_alive (true) - :dagdhcpenable (true) - :dagdhcpenable_p (first) - :dataconn_pendingtimeout (60) - :dbload_program () - :default_installation (true) - :default_track (ReferenceObject - :Table (tracks) - :Name (AuthAlert) - :Uid ("{97AEB48B-9AEA-11D5-BD16-0090272CCB30}") - ) - :desktop_PS_HA (true) - :desktop_PS_LB (false) - :desktop_activate_ckp_scv (true) - :desktop_application_interception (true) - :desktop_authentication_timeout (60) - :desktop_build_number (0) - :desktop_build_number_9x (0) - :desktop_build_number_nt (0) - :desktop_build_number_w2k (0) - :desktop_cache_fwz_passwords (false) - :desktop_ike_hybrid_support (true) - :desktop_ike_ipcomp_support (true) - :desktop_ike_p2_prop (large) - :desktop_ike_p2_prop_size (small) - :desktop_ike_phase1_use_DH_group (ReferenceObject - :Name ("Group 2 (1024 bit)") - :Table (encryption) - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :desktop_ike_preshared_support (true) - :desktop_install_id_9x (0) - :desktop_install_id_nt (0) - :desktop_install_id_w2k (0) - :desktop_keep_alive (true) - :desktop_keep_alive_interval (20) - :desktop_password_expiry (120) - :desktop_perform_ckp_scv_merge (true) - :desktop_pol_frequency (0) - :desktop_policy_expire (60) - :desktop_post_connect_script () - :desktop_post_connect_script_show_window (false) - :desktop_retry_frequency (0) - :desktop_revert_to_backup (500) - :desktop_sda_implicit (false) - :desktop_sda_implicit_frequency (10080) - :desktop_security_non_ip_protocols (true) - :desktop_security_policy_code (2) - :desktop_security_policy_installed (true) - :desktop_security_protect_all_ifc (true) - :desktop_security_send_log (true) - :desktop_security_send_warning (true) - :desktop_silent_topo_update (false) - :desktop_site_default_tcp_ike (false) - :desktop_sw_url_path () - :desktop_sw_url_path_9x () - :desktop_sw_url_path_nt () - :desktop_sw_url_path_w2k () - :desktop_sw_version () - :desktop_to_expire_passwords (false) - :desktop_topology_over_IKE (true) - :desktop_update_at_start (false) - :desktop_update_frequency (0) - :disconnect_on_token_removal (false) - :domain_tcp (false) - :domain_tcp_p (first) - :domain_tcp_router (true) - :domain_tcp_router_p (first) - :domain_udp (false) - :domain_udp_p (first) - :domain_udp_router (true) - :domain_udp_router_p (first) - :dont_popup_hidden_folders_message (false) - :dontvalidatemycerts (false) - :download_community_properties_to_sbox (false) - :dynamic_objects_track (none) - :e2e_measure_interval (3000) - :e2e_poll_interval (5000) - :e2e_session_retrial_period (900) - :e2e_session_timeout (60000) - :e2e_sla_alert (log) - :e2e_statistics_interval (60) - :enable_active_conn_view (true) - :enable_automatic_policy_update (false) - :enable_if_resolving_third_party_clusters (false) - :enable_ip_options (true) - :enable_ip_pool (false) - :enable_ldap_queries (false) - :enable_mep_configuration (false) - :enable_objects_check (true) - :enable_propfind_method (false) - :enable_radius_queries (false) - :enable_remote_user_connect_logs (true) - :enable_reverse_connections (false) - :enable_ssh_conn_to_vpn1_net (false) - :enable_ssl_conn_to_vpn1_net (false) - :enable_tacacs_queries (false) - :enable_tcprpc (false) - :encrypt_dns (true) - :encryption_kernel_logging (true) - :encryption_rule_supports_ippool (false) - :enforce_desktop_config (false) - :enforce_install_on_all_cluster_objects (false) - :enforce_install_on_all_selected_objects (false) - :enforce_suffix_for_internal_users (true) - :entrustProtocolType (cms) - :entrust_renewal_limit (75) - :entrust_renewal_scan_period (0) - :established (true) - :established_p (first) - :established_router (true) - :established_router_p (first) - :export_pkg_on_install_policy (false) - :extranet_check_partners_status_interval (60) - :extranet_crl_grace_period (9000) - :fg_enable_multi_match (false) - :floodgate_preferences ( - :AdminInfo ( - :chkpf_uid ("{3E6FDEB4-414A-11D7-B738-7F0000010606}") - :ClassName (floodgate_properties) - ) - :auth_false_timeout (5) - :auth_query_timeout (3) - :auth_true_timeout (15) - :default_interface_rate (5898240) - :default_max_weight (1000) - :default_weight (10) - :llq_max_percent (20) - :rate_units (Bps) - :turn_on_logging (false) - ) - :flush_crl_cache_file_on_install (false) - :flush_crl_cache_on_install (true) - :force_encryption_on_all_users (false) - :force_udp_encapsulation_gw (false) - :ftp_allow_cmds_before_user (false) - :ftp_dont_accept_site_on_login (false) - :ftp_listen_timeout (3600) - :ftp_msg () - :ftp_msg_max_lines (100) - :ftp_use_cvp_reply_safe (false) - :ftp_use_fwnetso (true) - :ftpdata (true) - :ftppasv (true) - :fw1_enable_p (first) - :fw1enable (true) - :fw_allow_out_of_state_tcp (0) - :fw_clamp_tcp_mss (false) - :fw_dns_xlation (false) - :fw_drop_out_of_state_icmp (true) - :fw_drop_out_of_state_udp (true) - :fw_hmem_maxsize (30) - :fw_hmem_size (6) - :fw_ignore_session_rules (false) - :fw_light_verify (false) - :fw_listen_queue (200) - :fw_log_out_of_seq_tcp (true) - :fw_log_out_of_state_icmp (1) - :fw_log_out_of_state_other (0) - :fw_log_out_of_state_tcp (1) - :fw_log_out_of_state_udp (0) - :fw_salloc_total_alloc_limit (0) - :fwd_wait_for_child_up (true) - :fwfrag_limit (200) - :fwfrag_minsize (0) - :fwfrag_timeout (1) - :fwh323_allow_redirect (false) - :fwh323_force_src_phone (true) - :fwha_sync_outbound_sa (false) - :fwldap_ApplyPwdRulesOnMgmt (false) - :fwldap_CacheSize (1000) - :fwldap_CacheTimeout (900) - :fwldap_DisplayDN (display) - :fwldap_PasswordCheckMethod (1) - :fwldap_PasswordExpiration (90) - :fwldap_RequestTimeout (20) - :fwldap_SizeLimit (10000) - :fwldap_TemplateCacheSize (1000) - :fwldap_UseLDAP (false) - :fwldap_is_PasswordExpiration (false) - :fwldap_max_concurrent_queries (25) - :fwldap_num_of_retry (3) - :fwldap_server_down_time (60) - :fwldap_single_server_conf (false) - :fwldap_support_new_ObscureAuPw (false) - :fwsynatk_max (5000) - :fwsynatk_method (0) - :fwsynatk_timeout (10) - :fwsynatk_warning (1) - :fwurl_filter_pattern (".ida?") - :fwurl_filter_search_depth (0) - :fwurl_filter_url_left_len (0) - :fwurl_filter_url_total_len (0) - :fwz_encap_mtu (1) - :gatewaydir (eitherbound) - :generate_nat_log (true) - :genericd_use_fwnetso (true) - :gp_name () - :gp_type (none) - :gtp_allow_multi_if_ggsn (false) - :gtp_allow_recreate_pdpc (open) - :gtp_anti_spoofing (true) - :gtp_chk_hdr_len (true) - :gtp_code_alert (true) - :gtp_code_alert_p ("before last") - :gtp_delete_upon_error (false) - :gtp_echo_frequency (60) - :gtp_echo_requires_path_in_use (false) - :gtp_loggrace (10) - :gtp_match_any (true) - :gtp_max_req_retransmit (5) - :gtp_rate_limit_alert (true) - :gtp_rate_limit_drop (true) - :gtp_sam_close_upon_delete (false) - :gtp_sequence_deviation_alert (true) - :gtp_sequence_deviation_drop (false) - :gtp_track (log) - :h323_enforce_setup (false) - :h323_init_mem (true) - :h323_log_conn (true) - :h323_t120_timeout (3600) - :hclient_enable_new_interface (false) - :hide_alloc_attempts (50000) - :hide_ldap_size_limit_msg (false) - :hide_max_high_port (60000) - :hide_min_high_port (10000) - :hide_use_CP_GW_wizard (false) - :hide_wac_message (false) - :host_certs_key_size (1024) - :http_add_prev_connection_header (false) - :http_allow_content_disposition (false) - :http_allow_double_slash (false) - :http_allow_ranges (false) - :http_allow_store_reply (false) - :http_avoid_keep_alive (false) - :http_block_java_allow_chunked (false) - :http_block_non_http_response (false) - :http_buffers_size (4096) - :http_connection_method_proxy (false) - :http_connection_method_transparent (true) - :http_connection_method_tunneling (false) - :http_cvp_allow_chunked (false) - :http_disable_ahttpdhtml (false) - :http_disable_automatic_client_auth_redirect (false) - :http_disable_cab_check (false) - :http_disable_content_enc (false) - :http_disable_content_type (false) - :http_dns_cache_timeout (86400) - :http_dont_dns_when_star_port (false) - :http_dont_handle_next_proxy_pw (false) - :http_enable_resolve_by_ip (false) - :http_enable_uri_queries (true) - :http_failed_resolve_timeout (900) - :http_force_down_to_10 (0) - :http_handle_proxy_pw (true) - :http_header_detection ( - :AdminInfo ( - :chkpf_uid ("{29C31148-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_detection) - ) - :http_header_names ( - : ( - :AdminInfo ( - :chkpf_uid ("{29C3142C-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info () - :match_string (X-kazaa) - :pattern_mode (true) - :regular_exp (X-Kazaa) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C31828-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info () - :match_string (X-MSN-MESSENGER) - :pattern_mode (true) - :regular_exp (X-MSN-MESSENGER) - ) - ) - :http_header_names_values ( - : ( - :AdminInfo ( - :chkpf_uid ("{29C31C56-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info (KaZaA) - :match_string (Server) - :pattern_mode (true) - :regular_exp ("[kK]a[zZ]a[aA]") - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C32034-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info (KaZaA) - :match_string (Host) - :pattern_mode (true) - :regular_exp ("[kK]azaa") - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C32408-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info (Gnutella) - :match_string (User-Agent) - :pattern_mode (true) - :regular_exp ("[gG]nu") - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C327E6-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("AOL Messenger \ ICQ") - :match_string (User-Agent) - :pattern_mode (true) - :regular_exp ("Mozilla\/4\.08") - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C32BC4-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("AOL Messenger \ ICQ") - :match_string (Server) - :pattern_mode (true) - :regular_exp (AIM) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C32FA2-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("ICQ \ AIM") - :match_string (Content-Type) - :pattern_mode (true) - :regular_exp (AIM) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C33376-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("Msn Messenger") - :match_string (User-Agent) - :pattern_mode (true) - :regular_exp (MSMSGS) - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C33740-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("Yahoo Messenger") - :match_string (User-Agent) - :pattern_mode (true) - :regular_exp ("Mozilla\/4\.01") - ) - : ( - :AdminInfo ( - :chkpf_uid ("{29C33B14-4E51-11D7-A39D-7F0000011616}") - :ClassName (http_header_pattern) - ) - :log_info ("Msn Messenger") - :match_string (Content-Type) - :pattern_mode (true) - :regular_exp (x-msn-messenger) - ) - ) - :http_detect_header_pattern_log (alert) - :http_detect_header_pattern_mode (false) - ) - :http_log_every_connection (false) - :http_match_with_host_header (false) - :http_max_auth_password_num (1000) - :http_max_auth_redirect_num (1000) - :http_max_connection_num (4000) - :http_max_held_session_num (1000) - :http_max_realm_num (1000) - :http_max_server_num (10000) - :http_max_session_num (0) - :http_max_url_length (2048) - :http_next_proxy_host () - :http_next_proxy_port () - :http_no_content_length (false) - :http_old_auth_timeout (0) - :http_process_timeout (43200) - :http_proxied_connections_allowed (true) - :http_query_server_for_authorization (false) - :http_redirect_timeout (300) - :http_servers ( - :AdminInfo ( - :chkpf_uid ("{3E71410A-414A-11D7-B738-7F0000010606}") - :ClassName (http_servers) - ) - :ers () - ) - :http_session_timeout (300) - :http_skip_redirect_free (true) - :http_strict_url_parsing (true) - :http_use_cache_hdr (true) - :http_use_cvp_reply_safe (false) - :http_use_default_schemes (false) - :http_use_fwnetso (true) - :http_use_host_h_as_dst (false) - :http_use_proxy_auth_for_other (true) - :http_web_encoding (false) - :http_weeding_allow_chunked (false) - :ica_cert_op_timeout (120000) - :icmpcryptver (1) - :icmpenable (false) - :icmpenable_p ("before last") - :icmpenable_router (true) - :icmpenable_router_p ("before last") - :icmperrors (true) - :icmpreply (true) - :icmptimeout (30) - :ie_proxy_replacement (false) - :ie_proxy_replacement_limit_to_tcpt (true) - :ike_allow_unusual_id_types (false) - :ike_crash_recovery_dag (true) - :ike_crash_recovery_sr (true) - :ike_dos_max_puzzle_time_daip (500) - :ike_dos_max_puzzle_time_gw (500) - :ike_dos_max_puzzle_time_sr (5000) - :ike_dos_protection_identified_initiator (stateless) - :ike_dos_protection_unidentified_initiator (puzzles) - :ike_dos_puzzle_level_identified_initiator (19) - :ike_dos_puzzle_level_unidentified_initiator (19) - :ike_dos_supported_protection_sr (puzzles) - :ike_dos_threshold (70) - :ike_enable_dos_protection (false) - :ike_handle_initial_contact (true) - :ike_hybrid_force_preshared (false) - :ike_hybrid_user_timeout (0) - :ike_log_match_failure (true) - :ike_log_sr_match_failure (false) - :ike_negotiation_timeout (36) - :ike_nokia_crack_user_timeout (0) - :ike_send_initial_contact (false) - :ike_support_aes_128_p1 (false) - :ike_support_dos_protection (true) - :ike_support_nokia_crack (false) - :ike_support_nokia_internal_addr (false) - :ike_support_nokia_nat_traversal (false) - :ike_support_transport_mode (true) - :ike_use_largest_possible_subnets (true) - :imap_msg () - :implied_rule_for_gui_client_range (true) - :increase_hide_capacity (true) - :inform_site_changes (false) - :install_db_on_localhost (mgmt_only) - :interface_addr_anti_spoofing (true) - :ip_pool_log ("IP Exhaustion Log") - :ip_pool_securemote (false) - :ip_pool_unused_return_interval (60) - :ipoptslog (none) - :ipsec_disable_use_orig_if (false) - :isakmp.crlmaxsize (10000) - :isakmp.data.integrity (SHA1) - :isakmp.encryption (3DES) - :isakmp_buffer_recorder_size (256) - :isakmp_dh_exp (300) - :isakmp_force_sr_dh (false) - :isakmp_logging (true) - :isakmpphase1reneg (1440) - :isakmpphase2reneg (3600) - :isakmpphase2renegkbytes (0) - :keep_IKE_SAs (false) - :last_selected_community () - :lbalanced_load_history_percent (0) - :lbalanced_load_period_wakeup_sec (20) - :lbalanced_max_idle_measure_period (1200) - :lbalanced_period_wakeup_sec (30) - :lbalanced_roundtrip_history_percent (85) - :limited_broadcast_anti_spoofing (true) - :liveconns (false) - :load_program () - :load_service_port (18212) - :log_data_conns (false) - :log_default_rule (log) - :log_droped_non_ssl_v3 (true) - :log_established_tcp (true) - :log_implied_rules (true) - :log_ip_pool_allocation (none) - :log_keepalive_minute_to (300) - :log_scv_drops (log) - :log_ssh2_version (true) - :log_switch_size (10) - :loggrace (62) - :logical_servers_persistent_limit (25000) - :logical_servers_persistent_timeout (1800) - :logical_servers_resolve_redirect_url (false) - :logviewer_max_open_sessions_per_admin (5) - :logviewer_max_open_sessions_total (10) - :loopback_anti_spoofing (true) - :looptcp (true) - :looptcp_p (first) - :loopudp (true) - :loopudp_p (first) - :mail_disable_sendmail_CA2003_07 (false) - :mailcmd ("internal_sendmail -s alert -t mailer root") - :mailcmd_send_to_system_status (false) - :maintenance_notification (log) - :max_detail_view_community (7) - :max_num_negs (200) - :maxprocess (256) - :mdl_mismatch_action (ask) - :mdl_per_admin (false) - :mdq_error_mail_send_body (false) - :mdq_mx_ignore_nonauth_response (false) - :mdq_qp_encode_f (true) - :mdq_run_multi_threaded (true) - :mgmtha_active_management_check_period (60) - :mgmtha_alert_type (alert) - :multicast_anti_spoofing (true) - :nat_automatic_arp (true) - :nat_automatic_rules_merge (true) - :nat_dst_client_side (true) - :nat_dst_client_side_manual (false) - :nat_hashsize (16384) - :nat_limit (25000) - :netbios_nat (true) - :netso_trust_win_domains (all) - :network_addr_anti_spoofing (true) - :network_broadcast_anti_spoofing (true) - :new_ftp_interface (false) - :old_fwm_getkey_port (0) - :olderalertcmd () - :olderalertcmd_send_to_system_status (false) - :otherreply (false) - :othertimeout (60) - :outgoing (false) - :outgoing_p ("before last") - :page_timeout () - :pagetimeout (20) - :physical_server_availability_check_interval (20) - :physical_server_check_retries (3) - :pmap_connect_timeout (30) - :pop3_daemon () - :pop3_server () - :prefetch_crls_duration (7200) - :prefetch_crls_if_used_in_the_last_hours (24) - :prefetch_crls_if_used_more_then (1) - :prefetch_crls_on_install (true) - :problem_status_level (29) - :prompt_for_destination (false) - :psswd_min_length (6) - :psswd_min_num_of_lowercase (false) - :psswd_min_num_of_numbers (false) - :psswd_min_num_of_symbols (false) - :psswd_min_num_of_uppercase (false) - :r_access_enable_p (first) - :raccessenable (true) - :radius_connect_timeout (120) - :radius_groups_attr (25) - :radius_retrant_num (2) - :radius_retrant_timeout (5) - :radius_send_framed (false) - :radius_user_timeout (600) - :rate_limit_sampling_interval (1) - :reject_x11_in_any (true) - :remote_auth_group () - :remote_auth_server () - :renew_users_ica_cert (true) - :renew_users_ica_cert_days_before (60) - :resolve_interface_ranges (true) - :resolve_interface_ranges_GW (true) - :resolve_interface_ranges_nated_gw (false) - :resolver_1 ("sys (current system settings)") - :resolver_2 (none) - :resolver_3 (none) - :resolver_4 (none) - :resolver_session_interval (30) - :resolver_ttl (10) - :respawn_process_forever (true) - :respawn_process_interval (3600) - :restrict_fwm_to_gui_clients (true) - :retries (1) - :rip (false) - :rip_p (first) - :rip_router (true) - :rip_router_p (first) - :rlogin_max_auth_allowed (3) - :rlogin_msg () - :rlogin_use_fwnetso (true) - :rpcenable (true) - :rshstderr (false) - :rulebase_uids_in_log (false) - :sam_track (alert) - :save_as_assurance (false) - :save_assurance (false) - :scv_allow_4_1_clients (true) - :scv_client_connection_fail_on_notification (true) - :scv_client_diconnect_on_not_verified (true) - :scv_client_state_notification (silent) - :scv_gw_verify_only_mode (false) - :sdl_netlogon_timeout (0) - :secondary_auto_sync (true) - :secondary_sync_schedule () - :secure_update_package_sessions (10) - :securid_timeout (300) - :send_clear_except_for_address_group () - :send_clear_except_for_non_unique (false) - :send_clear_except_for_specific_addresses (false) - :send_clear_traffic_between_encryption_domains (false) - :session_max_auth_allowed (3) - :show_comm_rules (false) - :show_default_policy_message (false) - :show_old_install_policy (false) - :show_rule_column_through (false) - :show_wac_tab (false) - :show_what_is_new (true) - :silent_policy_update (false) - :silent_update_on_connect (false) - :sip_accept_unknown_messages (false) - :sip_allow_instant_messages (false) - :sip_allow_redirect (true) - :sip_allow_two_media_conns (false) - :sip_enforce_security_reinvite (true) - :sip_max_reinvite (3) - :skey_mdmethod (md4) - :skip_automatic_policy_update_if_authentication_required (true) - :smtp_allow_extended_relay (false) - :smtp_encoded_content_field (false) - :smtp_enforce_hex_encoding (true) - :smtp_exact_str_match (false) - :smtp_force_no_uu_begin_after_decode (true) - :smtp_force_no_uu_begin_before_decode (true) - :smtp_force_no_uu_begin_in_prolog_epilog (true) - :smtp_force_sender_domain (false) - :smtp_force_uu_syntax_check (true) - :smtp_limit_content_buf_size (true) - :smtp_mail_encoding (false) - :smtp_max_file_name_length (512) - :smtp_max_global_headers_size (32768) - :smtp_max_user_name_length (400) - :smtp_msg () - :smtp_rfc821 (true) - :smtp_rfc822 (true) - :smtp_strict_mime_header (true) - :sn_connect_timeout (10) - :sn_timeout (120) - :snauth_old_clients_message () - :snauth_protocol () - :snk_agent_id () - :snk_agent_key () - :snk_server_bkp_ip () - :snk_server_ip () - :snk_timeout (20) - :snmptrapcmd ("internal_snmp_trap localhost") - :snmptrapcmd_send_to_system_status (false) - :sofaware_gw_default_profile () - :spoofalertcmd () - :spoofalertcmd_send_to_system_status (true) - :sr_dont_check_crl (false) - :sr_grace_period (3600) - :sr_same_ip_block (false) - :sr_same_ip_log (true) - :stack_size (0) - :status_mgr_interval_seconds (60) - :stop_connect_when_silent_update_fails (false) - :strip_java (false) - :support_sofaware_HML (false) - :support_sofaware_profiles (true) - :suppress_dont_echo (false) - :sync_archive_timeout (1800) - :sync_outbound_sa_pkt_count (200000) - :tcp_reject (true) - :tcpendtimeout (50) - :tcpestb_grace_period (0) - :tcpstarttimeout (60) - :tcpt_outgoing_port (443) - :tcptimeout (3600) - :telnet_max_auth_allowed (3) - :telnet_msg () - :telnet_use_fwnetso (true) - :timeout (10) - :totally_disable_VPE (false) - :trust_all_capi_trusted_root_cas (false) - :type (firewall_properties) - :udp_encapsulation_by_qm_id (true) - :udp_reject (true) - :udpreply (true) - :udpreply_from_any_port (false) - :udptimeout (40) - :ufp_stat_log_time_interval (10) - :undo_msg (false) - :unify_ctl_data_acct_logs (false) - :upgrade_fp1_and_below_users_ica_cert (true) - :use_CP_GW_wizard (false) - :use_default_gw_profiles (false) - :use_desktop_profile (true) - :use_sites (false) - :use_zero_buf_len (false) - :user_certs_key_size (1024) - :useralert2cmd () - :useralert2cmd_send_to_system_status (true) - :useralert3cmd () - :useralert3cmd_send_to_system_status (true) - :useralertcmd () - :useralertcmd_send_to_system_status (true) - :userc_IKE_NAT (true) - :userc_NAT (true) - :userc_bind_user_to_IP (false) - :userc_crypt_ver (1) - :validate_desktop_security (false) - :version_directory_clear_internal (360) - :version_directory_keep_open (4320) - :vlog_switch_size (10) - :voip_allow_no_from (false) - :vpn_conf_n_key_exch_prob (log) - :vpn_log_spi_release (false) - :vpn_packet_handle_prob (log) - :vpn_peer_ls (false) - :vpn_peer_ls_GW (false) - :vpn_restrict_client_phase2_id (none) - :vpn_success_key_exch (log) - :vpn_tables_early_def (false) - :vpnddcate_nat (none) - :vpnddcate_policy (outbound_and_encrypted) - :vpnddcate_track_accept (log) - :vpnddcate_track_drop (log) - :warn_install_fg_pre_ng (false) - :warn_install_pseudo_rules (true) - :warncertexpiry (2592000) - :write_acct_to_db (false) - ) - ) - :opsec () - :graph_objects ( - : (internet - :AdminInfo ( - :chkpf_uid ("{3A201FF7-D304-4AB4-8913-9F6F86599A64}") - :ClassName (internet_cloud) - :table (graph_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{C19017E4-6B08-4129-9332-00F269C88EC6}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Feb 16 01:18:13 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :color (blue) - :comments () - :type (internet_cloud) - ) - : (Implied - :AdminInfo ( - :chkpf_uid ("{3ACFA416-22F8-4429-8721-D1CF97E3E3E0}") - :ClassName (provisory_network) - :table (graph_objects) - :Wiznum (-1) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{81B5D575-621B-4DCA-BBC9-17B6804317D6}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Feb 16 01:18:13 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :edges () - :NAT () - :add_adtr_rule (false) - :broadcast (allow) - :color (black) - :comments ("Created by Topology View") - :ipaddr (10.222.0.43) - :location (internal) - :netmask (255.255.255.255) - :operating_system ( - :AdminInfo ( - :chkpf_uid ("{D53BBC4E-3283-4015-9CE4-FFB9586C5970}") - :ClassName (operating_system) - ) - :name () - :sp () - :version () - ) - :type (provisory_network) - ) - : (Disconnected_Objects - :AdminInfo ( - :chkpf_uid ("{305AEB18-78DA-4726-952B-2E6F8088291B}") - :ClassName (folder) - :table (graph_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Thu Apr 1 17:09:19 2004") - :By (holger) - :From (dragonfly) - ) - ) - :color (40) - :comments () - :displayname ("Disconnected Objects") - :foldtype () - :source () - :type (folder) - ) - : (IsoAAAD_locale - :AdminInfo ( - :chkpf_uid ("{FC938747-B0AF-43CA-9406-1877F73AF477}") - :ClassName (folder) - :table (graph_objects) - :Wiznum (-1) - :LastModified ( - :Time ("Fri Apr 9 11:56:31 2004") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :color (40) - :comments () - :displayname ("IsoAAAD locale") - :foldtype ("Fold all") - :source (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - :type (folder) - ) - ) - :keys () - :svn () - :ce_properties () - :customers () - :accounting_schemes () - :statuses () - :securemote () - :credentials_manager () - :desktop_profiles () - :cp_administrators ( - : (guitest - :AdminInfo ( - :chkpf_uid ("{37594F54-C38A-4C4F-969D-6911FC311ECD}") - :ClassName (administrator_profile) - :table (cp_administrators) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 15 16:01:38 2003") - :By (stephan) - :From (vaio) - ) - ) - :LDAP_users_database (true) - :LDAP_users_database_permissions (read_and_write) - :QoS_policy (true) - :QoS_policy_permissions (read_and_write) - :check_point_users_database (true) - :check_point_users_database_permissions (read_and_write) - :color (black) - :comments ("zum wegwerfen") - :gateway_profiles (true) - :gateway_profiles_permissions (read_and_write) - :log_consolidator (true) - :log_consolidator_permissions (read_and_write) - :manage_administrators (true) - :monitoring (true) - :monitoring_permissions (read_and_write) - :objects_database (true) - :objects_database_permissions (read_and_write) - :permissions (read_and_write_all) - :reporting_tool (true) - :reporting_tool_permissions (read_and_write) - :secure_update (true) - :secure_update_permissions (read_and_write) - :security_policies (true) - :security_policies_permissions (read_and_write) - :type (administrator_profile) - :web_access (true) - :web_access_permissions (read_and_write) - :web_security (true) - :web_security_permissions (read_and_write) - ) - : (remotezugriff - :AdminInfo ( - :chkpf_uid ("{562674AF-B351-4239-9EBF-EA556F511C12}") - :ClassName (administrator_profile) - :table (cp_administrators) - :Wiznum (-1) - :LastModified ( - :Time ("Tue Jul 15 16:03:47 2003") - :By (stephan) - :From (vaio) - ) - ) - :LDAP_users_database (true) - :LDAP_users_database_permissions (read_and_write) - :QoS_policy (true) - :QoS_policy_permissions (read_and_write) - :check_point_users_database (true) - :check_point_users_database_permissions (read_and_write) - :color (black) - :comments () - :gateway_profiles (true) - :gateway_profiles_permissions (read_and_write) - :log_consolidator (true) - :log_consolidator_permissions (read_and_write) - :manage_administrators (true) - :monitoring (true) - :monitoring_permissions (read_and_write) - :objects_database (true) - :objects_database_permissions (read_and_write) - :permissions (read_and_write_all) - :reporting_tool (true) - :reporting_tool_permissions (read_and_write) - :secure_update (true) - :secure_update_permissions (read_and_write) - :security_policies (true) - :security_policies_permissions (read_and_write) - :type (administrator_profile) - :web_access (true) - :web_access_permissions (read_and_write) - :web_security (true) - :web_security_permissions (read_and_write) - ) - ) - :trusts () - :web_authority_must_rules () - :web_authority_allow_rules () - :web_authority_effect_rules () - :web_authority_URLs () - :web_sites () - :external_exported_domains () -) diff --git a/roles/sample-data/files/sample-configs/checkpoint_demo/rulebases_5_0.fws b/roles/sample-data/files/sample-configs/checkpoint_demo/rulebases_5_0.fws deleted file mode 100644 index a8d57dbfa..000000000 --- a/roles/sample-data/files/sample-configs/checkpoint_demo/rulebases_5_0.fws +++ /dev/null @@ -1,14750 +0,0 @@ -( - :version (5.41) - :rule-base ("##Standard" - :AdminInfo ( - :chkpf_uid ("{2E31C33C-79BB-43EF-AF63-BAEBD8BDEAED}") - :ClassName (firewall_policy) - :table (fw_policies) - :object_permissions ( - :AdminInfo ( - :chkpf_uid ("{16F8DFA4-A2B9-4B94-ADD0-66B7AD44210F}") - :ClassName (object_permissions) - ) - :manage ( - : (ReferenceObject - :Table (globals) - :Name (Any) - ) - ) - :read ( - : (any) - ) - :use ( - : (any) - ) - :write ( - : () - ) - :owner () - ) - :LastModified ( - :Time ("Sun Feb 16 01:18:23 2003") - :By (IsoAAAF) - :From (scratchy) - ) - ) - :queries () - :queries_adtr () - :collection (ReferenceObject - :Name (Standard) - :Table (policies_collections) - :Uid ("{2E49485A-61E2-4F55-A71C-85B9BF5CD9E1}") - ) - :default (0) - :use_VPN_communities (true) - ) - :rule-base ("##IsoAAAA_Simplified" - :AdminInfo ( - :chkpf_uid ("{3FABC5DB-B9FF-4100-BD75-FBC1DD43AF93}") - :ClassName (firewall_policy) - :table (fw_policies) - :LastModified ( - :Time ("Mon Jan 24 13:50:53 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :default (0) - :queries () - :queries_adtr () - :collection (ReferenceObject - :Name (IsoAAAA_Simplified) - :Table (policies_collections) - :Uid ("{26FF70B8-9599-49B4-B6F6-84B7AE0D2EBB}") - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A4029F61-9672-4AA3-B1D9-0FF4E8979971}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5EE13032-A1E1-4538-90BC-6295FD3DFE04}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{5560B804-6408-442F-903B-2B279AE6D9C2}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (test-rules) - :install ( - :AdminInfo ( - :chkpf_uid ("{0B1EB683-1A59-44FF-901C-5FDB9EA65A5E}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F8D6F7F5-4582-4256-A0A5-EBFDDB2EF590}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AF27380F-6548-4B83-81FD-1B5EAECAA8F6}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{ABC6E209-A440-42E2-A896-CF27A1CA2744}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{F09D1F04-CBE0-4E12-9454-54CCECE01A9B}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments (vpn_test) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{65F39402-76F2-45CC-A99C-0903FE70DF4C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C6DE2209-1A7B-4FCC-B7A7-A1D4EDD793D7}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{91BC0FDA-33F0-49D8-BC63-FFA85CBAFD40}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (NBT) - :Table (services) - :Uid ("{97AEB471-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{28C21DCF-D0A0-4F40-8017-BCD946EFF41D}") - :ClassName (rule_source) - ) - :compound ( - : (vpn_user@heag_off_upper - :AdminInfo ( - :chkpf_uid ("{ABBA5C5D-AE07-4CF6-A00E-3649064D0BDB}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (heag_off_upper) - :Table (network_objects) - :Uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{5AFB86A5-E247-411F-AAD7-A8EFDE97A0F5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{150ABA94-098B-4CC3-AF8A-BDFED81FC20E}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{5526AF1C-6E4F-4F71-A58E-A1E5F88B62DB}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Premier_Access) - :Table (network_objects) - :Uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - ) - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{7F41F235-2373-4F38-9141-29AB9CEAD2D8}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{C2DE3BB7-C1B7-49C9-BC21-97AB3CE81521}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{F8ECC436-D19B-4124-9BC3-31C1E3945A36}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - : (ReferenceObject - :Name (Premier_Access) - :Table (network_objects) - :Uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{38429C3B-05FE-49C8-9D8C-83F0AC9661CD}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{10F8BCF5-D4DD-4ACA-BEC3-1058298A9015}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("RAS - Test mit Premier-Access - Tokens") - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FEABA989-54EB-4D53-96C9-6841B9BBEB4B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{162F84EF-286D-4D55-B03F-8DC9F535553A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{130A495D-1435-441B-98CE-993791EBDA7A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{766EEA30-3B32-455D-A951-52D75F93E1D9}") - :ClassName (rule_source) - ) - :compound ( - : (test@Any - :AdminInfo ( - :chkpf_uid ("{C8439795-0347-401E-9663-4EBE924B0F4B}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{24DC38E2-D64D-40EC-B81B-BE3B27A12CED}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{23D057DA-D1AB-4FFD-B61A-806648650D75}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{690BE832-509A-4F4D-A0A2-C9E665129607}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE SecuRemote") - :install ( - :AdminInfo ( - :chkpf_uid ("{67EE9042-BF3D-4971-8346-FA36156A5F74}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4C231AF1-095C-4CAA-A12C-2EA5B88E76B9}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{F23B90BB-44A6-4F7D-8573-48E730D231EE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{4D877153-65A8-48A9-9D11-B30CA56946EF}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{D47EFCCA-13C6-4057-A28A-42DD438E32E4}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C2778755-3B4C-491C-85A7-E4523035CD2B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - : (ReferenceObject - :Name (gateway.local) - :Table (network_objects) - :Uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CA2D51EE-4A3F-4FE8-B21C-6532E9E7D2C6}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5D51CCD0-95A5-408B-83C0-6F18D2B9A460}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3B379A82-34F3-4A23-B77C-B50EAD80BD53}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{C7F9820A-4EDD-4187-98D9-CC655885E0D6}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{AC6B21DA-86AF-4EB3-B294-3387F815E66E}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{145513B1-FB45-4B30-9B14-5C07AF404141}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{B7130E5B-C62A-4BEF-A2B3-3A2306AE0E5A}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{58B74533-737D-4182-B405-F3EAC537960A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{115D6863-5E76-4339-B76F-8AF7B421C12F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (RAdmin-custom) - :Table (services) - :Uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4400E028-7BB5-405F-AE2C-CE84535C3D32}") - :ClassName (rule_source) - ) - :compound ( - : (IsoAAAG-g@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{23622C19-C400-4C6D-9BCA-E69C2217DE8E}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{73F2144F-4C58-4361-94B5-459B469A6541}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{C72BC9F4-E1B5-4701-AA37-780742F76043}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{8D75B038-29A6-4DFC-99BE-77BB50F0248D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{64D010BF-D0CB-4F9F-9B7A-DBAD17892364}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A9590BAB-F46F-4EB7-8125-A4EE6791DD5F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (squid) - :Table (services) - :Uid ("{91C0454D-F70C-44B3-8F2D-70C4A68E9594}") - ) - : (ReferenceObject - :Name (imap) - :Table (services) - :Uid ("{97AEB446-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{32C8D43F-D47D-4477-9217-8E249CBA8F9E}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{93AC11B4-FFD0-4DBB-BA60-321FE5E9AD32}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{6ADC5431-5B24-47FC-A9A6-F8DC912B0515}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BE23F2AE-BA4F-443C-9F3C-8742F71262A5}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{586E9FDE-3504-4C3C-B1B3-A73F6D3F379B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{067D0452-9D33-44EA-8433-DF53F0333503}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{656EA975-486E-43AA-B73C-209ED71366BC}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{028E2317-59C3-4783-AFA3-8121A808F9D8}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{3D633953-A379-43C2-BCD5-CFCE90A8F60D}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{09847FA8-6AD8-4196-A6BA-C2E5A4380CAF}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{A98C137A-E74F-4C98-8654-234FBD65C912}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{AE09F8C4-EE69-4874-A359-DE443685FA10}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{88454436-C062-4605-BADB-73FD6F534D0F}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{79BEA1F5-E14E-4C55-B7B2-4765F608CEC4}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7851EA21-542A-4587-B676-F7DD371446C5}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{4BC9D4D1-5EE4-45A3-9EE3-77D2B97D21EF}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{67784DF8-6440-4F4A-891C-C7062E0F32B0}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{DE137218-858A-4F21-8F15-2D8D7E4A2595}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{D29D3530-277E-4D41-86B8-CDFD1640107F}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - : (ReferenceObject - :Name (hpux) - :Table (network_objects) - :Uid ("{BF00A847-A0D6-4A75-BE1C-27E7D91EDB55}") - ) - : (ReferenceObject - :Name (sol8) - :Table (network_objects) - :Uid ("{86F22190-7D8D-435D-8906-A346CA12A17C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{35771DD3-A725-4A30-B8D1-2D4DE471A8AA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{65CD16B1-1526-40F3-9D70-2C6DE0FD27B8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (telnet) - :Table (services) - :Uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (ftp) - :Table (services) - :Uid ("{97AEB3D0-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3E20C184-B0AC-458B-AB58-17C5E8D0CB58}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{4BC9D4D1-5EE4-45A3-9EE3-77D2B97D21EF}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C6951C02-A10A-4757-A85F-5C197D6B95EB}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{565F4F4F-72D3-42A6-A633-369FEFEF44AF}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (RemoteAccess) - :Table (communities) - :Uid ("{97AEB677-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{953252BD-3073-4D69-B49A-86B012FEF76D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{019A9168-EF95-46C7-AFB5-B0788EBDAB4B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{63D8350C-2432-4909-91D6-4459C3054B4E}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{D6818DB3-CC9E-498A-B47D-DA9204F004F4}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{970C0D68-3CEC-47CA-B2C0-EB23C9B56AC8}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{84087B02-E15A-4E97-9204-F0F866206B75}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{C1A1378F-A974-41CF-BB10-A3F1D8205A3A}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6CF2DE51-FF05-4F78-A967-BA8F290325BF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE VPN-GW2GW") - :install ( - :AdminInfo ( - :chkpf_uid ("{478AEC09-B131-41B8-8756-A059E1E43421}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8F76A99B-E1AD-4595-B528-588D82877DDE}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{E356D6BD-676A-4587-90E7-C31B293579C1}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9BC6A630-0169-4289-962F-8E65E0503D01}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{B8BB89E7-6B1B-40B6-A600-D2B0066DFF00}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (All_GwToGw) - :Table (globals) - :Uid ("{97AEB36A-9AED-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{83858D79-EC2C-4812-9B9B-2346DFC72654}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{50CB20E0-39A1-42D5-9495-BA814B304829}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{938E9BAA-A4E0-42DE-B985-4FC332A0008A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{288657B3-E155-44B2-9023-5BDBB46EF52F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{B1C875B9-8C29-46BA-AECD-FF8869A04D9B}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{E8DEC8BB-827E-4253-9F56-CBCB1F0341F4}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("Block unencrypted traffic") - :dst ( - :AdminInfo ( - :chkpf_uid ("{29A8CC60-5F3D-4DD8-9F99-B46580505665}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{BA0E4CAF-31C0-45AE-A5AC-BD9DF0BD8FC0}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0A5CA41F-1516-447A-AFED-B41AB1BD4637}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2CF51880-2CD3-4553-9772-807B521B0EC2}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{6607FF6B-96E1-482D-BA53-0BF5182A7090}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{8577970A-781C-48C3-BE45-3E40A2CB5057}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{18B51CA6-7E67-4152-8DD6-9618130738CD}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Paybox) - :install ( - :AdminInfo ( - :chkpf_uid ("{CA5F1199-9F32-41DD-AD63-A613DC51AD11}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F22C4535-8983-42E8-A57D-302F96334404}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C58BFEC0-22AA-43E3-B5AA-A390065EDDE4}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{3B7F9B93-E229-49E0-B93C-87797CB2445E}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{74F856AC-BB86-4DBA-89A6-7F5F3A688179}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (All_GwToGw) - :Table (globals) - :Uid ("{97AEB36A-9AED-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FDB351D4-FAF2-46AD-A039-1F0074C8F532}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-raunheim) - :Table (network_objects) - :Uid ("{0A1725B4-534D-46F1-A8C0-02C3351C8312}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{F376EC61-0B15-4184-9B7C-42665CF487FA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{D7EAE07F-E937-4414-935E-4992058348A3}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{8A44B6BE-A911-435B-918F-FDEF668BDC0F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{0FC24606-8AB3-4136-9D11-AE640332B633}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{979F3CB1-04B9-429E-9B98-3FD1E474BDB5}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("Block unencrypted traffic") - :dst ( - :AdminInfo ( - :chkpf_uid ("{C9F76D81-A3CD-4EA3-980E-AB19B84A9816}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-raunheim) - :Table (network_objects) - :Uid ("{0A1725B4-534D-46F1-A8C0-02C3351C8312}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CB49F41A-7DB3-484E-85D0-760FE4933517}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{57FEBAF2-A9A2-4738-B311-1A980A23FA23}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{6F09B75D-4982-49B2-BDEF-89456CA71A33}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{01253F2A-C645-4A01-BE58-718F56FA3042}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{89C021CB-2CFF-42DB-81C0-E9C445E96219}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (All_GwToGw) - :Table (globals) - :Uid ("{97AEB36A-9AED-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{40845CD1-003B-4E2A-B3CE-268AADDFB0C3}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-frankfurt) - :Table (network_objects) - :Uid ("{463C45CA-0C86-42DC-9B02-E83E28764370}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{B9A528D6-C1C5-4BDB-A503-D1A75758AA29}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{6C61EA28-FE67-48D0-A2E8-2731F0A34C88}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AF6C276C-BA70-4D17-8940-210D00681C90}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{6CE90A16-2A7D-4447-B9B6-DB6C365BEEE0}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5FCD7357-7092-482B-9E11-4CEF1BC13361}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("Block unencrypted traffic") - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3D5ACDF1-4FEC-4064-A909-23877F7B69C3}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-frankfurt) - :Table (network_objects) - :Uid ("{463C45CA-0C86-42DC-9B02-E83E28764370}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{45F24052-D79F-4CA3-B198-ED301E6F360E}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E3DB1CE8-A31E-4F3A-95D8-E0141027E617}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{9B286C56-F6B8-4AE8-93B5-7003DC58F959}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7D822D25-45D2-4906-8C8E-72652A4E9C7C}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{8AEAF6EF-1859-4E89-A58F-4F275BF154AA}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{08B3D275-0F89-4C3F-B53E-1E3ECA583C23}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Internal-Connections) - :install ( - :AdminInfo ( - :chkpf_uid ("{CA6C0AAF-DBCE-4020-B529-4E4449A1EFAA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{6FB76A7B-3073-434B-ADDA-81C99060AEBA}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{79B42650-50CC-4AD9-A13E-A0E4AB4D7383}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{EACACDFF-02E7-4014-9DA7-1A5487AB8481}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{87CA79FF-466D-4BCF-B6C4-42FE6346885F}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{38233DD1-F39A-42F7-80B7-74A2F3C959BE}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{D4207D0B-4AA6-4438-A102-EAF2E08BCABC}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0D51549F-279B-4544-97E7-672C85874699}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C0F53557-6630-4779-8F85-30AA74C8BB3F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C5F973E3-CBB2-4C15-A735-52B51AC9DAE7}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{396BFDCC-A290-408E-9F92-791EA8CF3616}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{389DDDD2-29F4-4D0F-A969-726529DF0919}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (daba) - :Table (network_objects) - :Uid ("{94817CDB-EA8C-4213-B38D-F4417EA620C6}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{D76410C0-68C5-40EA-A75A-9FFB9B0EF2E8}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FCA57859-3422-4495-954F-E7D746378008}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (mysql) - :Table (services) - :Uid ("{08A07607-EAAA-4A45-AD6E-6020770BD519}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{B98DA2C1-079F-4EF2-A67D-5FCEC98B1FE8}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{0D4D75A0-8203-453F-9C3E-F68E1995DE88}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{317B8552-195E-4E2A-8EA7-CEE52B732C38}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C80F45A6-E7AD-4F87-89A8-31CC7D5A5E53}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{9D97B55B-160C-46D2-ADFA-6D235D7D9733}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8305714C-A6BA-4B6C-A1A9-2E54349BB3ED}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{398C5E6F-5E01-4646-ABAB-BF775B461AE6}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A1ACBE88-9F38-4947-B497-B34A2F3878B3}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{F8FE4FD5-50BE-4D6E-93FE-93071473FFF0}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{442DA9A3-9028-4077-88ED-F676CC39EA6A}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{22AF536A-CE60-42B9-8D92-B2B84B1B849A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FE031AD5-4408-419D-9CAC-E33FD47B4872}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{EA42965D-38DF-4E67-8A06-6BF107BEC1BE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{321D1155-8DB8-48D3-8F89-789456335EA5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{EF61D86E-D8BD-4E00-83C7-D4D6413AA826}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6ECE3813-9B88-4B95-8F48-35760521161D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{B6B3B97E-55C4-41CA-B951-91FBA42AD24D}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E4826F35-742D-4BE5-814E-5ECE6741D719}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (syslog) - :Table (services) - :Uid ("{97AEB3E0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{CBCA552F-5195-4594-8FCD-DB44E1E54E08}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{479DFC1D-FE51-4CFB-9A99-4FD1A532B7B4}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{575C62B8-634C-4115-9DF5-3C75BBFBFDEE}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{EF6C7FE7-9266-491E-8933-CC4429B97209}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to Spike") - :install ( - :AdminInfo ( - :chkpf_uid ("{CA20EBCF-96AC-402F-87BB-25C0EC09879B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5505712A-4BAB-46F8-BFAF-62A682802247}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3B75D561-22D8-4C61-9CA7-A843272AA499}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F18D892E-EED1-488B-A0D9-832B742CE27B}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BD096130-776F-4884-A5E3-66951FEDCAA1}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{69FBBF03-9653-4708-95E4-A3085DA3502E}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - : (ReferenceObject - :Name (ras.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{23B1E779-B8D5-4384-AD60-80E498B77196}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{58BE428C-CA30-4DD6-8D0C-DD21E8D5716A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{D45CFA85-C7A9-4770-BBA5-38DC95DE2E39}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (SpikeServices) - :Table (services) - :Uid ("{9D35FACE-289F-49A6-95C7-13417959BC9D}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{CEAC96CA-4B08-4E15-B8E5-F555868B9B9D}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{001AA0F0-DFE8-4CAD-9B62-C26E1A5CB9A0}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{339E1791-EB7E-4985-8B54-EBE0E6097CCB}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{A78DD97F-4A53-4494-8F90-EABA9B30D6B5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to DMZ") - :install ( - :AdminInfo ( - :chkpf_uid ("{209BE460-BB82-44DD-817D-FF2E22395B31}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E0D91B63-F2A0-4973-B07E-AEDD817454E5}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{9BD55163-1255-4D94-BE33-13A5569A02ED}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{00477CC9-4940-4C79-B2E6-A137781B1C25}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{47ACCCC4-3B42-4BE4-8E43-AF61E4E0FB86}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F16C6F8C-1F05-4B70-87D9-CECE46630C0C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus-DMZ1) - :Table (network_objects) - :Uid ("{62523F8E-9AE0-4CC0-82C6-BB41846BA2B7}") - ) - : (ReferenceObject - :Name (Cactus-DMZ2) - :Table (network_objects) - :Uid ("{61AB70E0-5514-43CF-9194-B37A13EC102D}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{E18116F6-2DF8-42C8-8F65-D00C902B23AB}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FFEF9B1D-B59B-4A07-AEDE-63918094EDB8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2D6919C8-EBF0-46B2-95CE-7FD2AFF8DBF0}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{2CDC82FD-6292-45D7-A4B8-6794C378A47B}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{DBFD040E-D17D-481F-B6E2-D9E5AE306BBD}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{AAADBB03-1A01-4136-8104-91B265E567A3}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus10.222.0.1) - :Table (network_objects) - :Uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{77D96FA7-8F8F-4F17-9F1C-868F1472C870}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A042A0B6-6CD8-4A84-90A5-B39B35590148}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (VNC) - :Table (services) - :Uid ("{9788B566-735E-4158-A169-8701B9624E47}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2F62C069-51CA-424D-A3EB-235DD9728611}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{8EDEBE48-F02B-4AEA-8337-FBE1E2079BE0}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{47CF3B75-BE35-45E1-B56E-B8A61ECE885B}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{7149B69F-E170-4FCC-B958-76AE0F704EA0}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{50C640DC-6413-458C-BD30-9E947F408315}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{3F4AF5D6-72D0-4C52-A1BD-29AB242927D0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{EA36998F-4F7C-4250-BECC-4CEBB36E9EAE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{0F6D252E-7562-457F-81A3-60192F3EC815}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{0CEE5A08-F53C-439A-8180-A62450938BA6}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C414C09F-B8D2-4DD6-8DD1-B5044B787753}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (MailServer) - :Table (network_objects) - :Uid ("{17935795-6ADC-4B45-8E2B-BEC361E6CAB1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{1ADD0F50-D00E-463E-AF4B-5F7B9602F8FB}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F89128E4-058B-45CC-8BE9-62261DDB22A0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{1265804A-4F79-416E-ABDC-2BC3BC6E9513}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A3B9D85B-AD6D-4991-8A9D-960939C491C2}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{C8749F14-4AE2-4544-B239-7CC349656359}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{A7BD46F5-7D1D-424F-BBB4-CCE8564D68C7}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{E6AF42B5-C12E-4E59-8C3E-5D231C5B0D34}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A22EE9B9-C603-4998-B273-1568DE4BB27A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{D0402416-F879-4AD4-88E6-A1DBFEA44546}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7C9A68ED-6420-4D5E-BE91-F7ACE4B90AA5}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{D4BF36D5-49FA-49BD-ADE1-87E488A684D6}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{251B6C16-21CB-4CCE-9B3B-62B66C6F6390}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to Internet") - :install ( - :AdminInfo ( - :chkpf_uid ("{A9221EAB-A00F-4E3F-83DF-D44CBC08AFBD}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{AECCDBA3-A006-464E-9BD9-691255CA5841}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{5B2CFCAD-0A44-4BA9-BFF7-6734B5644C85}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{E6AB0ADC-7E23-4B1D-B568-E47FF7B3D4F5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{5B685C0A-3095-483A-8DE1-F539677A7707}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{2C9F2F69-7532-4711-A950-C884E1AFD3F5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{EACA5120-76C3-48CE-AB41-59266A354E0A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{DB45ABD4-20F0-4BC8-BD73-294945142FB8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (T-online-classic) - :Table (services) - :Uid ("{738B04E5-09F7-44BF-9FEC-AEA0F15B7E9A}") - ) - : (ReferenceObject - :Name (HBCI) - :Table (services) - :Uid ("{336C93F8-5CC2-48BE-9328-2E92F61EFCF1}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{85CAFABE-730E-4DDB-A878-219BD2893B63}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{1F4E5C97-C290-48AF-84A5-C1A13178FDB7}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{DCDCFD96-219D-49B7-B817-8BB52C598AB8}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3A1A50EC-0F20-4C79-80D7-FDCBEDAF50AF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (t-onlineUpdate) - :Table (network_objects) - :Uid ("{99089D97-0EB3-4CE6-8C78-79BC61ECE307}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{4D0B21D7-8DA0-49D5-9AD2-3F7BBA001C56}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0C60636A-9D3B-44D2-9742-966C92ED77A2}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C9F5FA9C-6AE5-4A04-B68F-E3CFBE3C1043}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{8D43F752-841E-4B9E-B610-635F7C17D4D9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{7A10F249-7751-407A-A390-A6B878A85D56}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{B42E38C5-299A-4B0E-A7BE-6D87D1206A3C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (auth1.lhsystems.com) - :Table (network_objects) - :Uid ("{D60E902E-4BE8-43E0-95DC-BFE60E86965F}") - ) - : (ReferenceObject - :Name (LSYI-pptp) - :Table (network_objects) - :Uid ("{DF2F1A45-9938-4006-A550-0421F3DAA3E2}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{42DAAE37-A625-47E5-AC05-72E3E3A9F3FE}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F8D3DE95-02BB-43E8-B759-01E5AE00233C}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (FW1_clntauth_telnet) - :Table (services) - :Uid ("{97AEB38B-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (PPTP) - :Table (services) - :Uid ("{97AEB426-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{B2C3E31C-B79E-49A9-B7A8-2F38E3C21DCF}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{167BC623-43EB-405D-BC29-442298C96DC9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BB10481F-21F5-4244-A6BB-29318E780DF1}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{E9BE5C8E-9CAE-4D88-9235-F5AC9030CF0F}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Table (network_objects) - :Name (mail.light-life.netOld) - :Uid ("{DF004F13-7986-4569-811C-6EC7391A8764}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CDBC19FF-C00F-4304-9D1D-B5BBDAA5D15A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4BE203D0-3DE8-44FE-B942-E5E26C62E861}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pop-3) - :Table (services) - :Uid ("{97AEB3DB-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C3E9CE29-9F23-4857-B88F-E9949FAF2D5D}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (speedy2) - :Table (network_objects) - :Uid ("{B4DB2EF5-42D8-41DC-9A1C-33310FDFB184}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{11C81B0A-4266-4801-8858-E4D9AB54A830}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5E568AEF-0F52-4A93-AFA3-18E73A0D066A}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{366C4CAD-81FB-4025-8D13-601F4A6C8FF7}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Access from Spike & DMZ to Internal") - :install ( - :AdminInfo ( - :chkpf_uid ("{47C0018E-3514-4540-A4EA-659755890D6B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0073E27C-28E5-4EC1-9A4A-BD686F700281}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{BD3EBBCD-06DF-4313-A347-7097F5105671}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A8A57015-68D5-4341-ADD1-895EC21419DB}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BECC33F6-C362-41A4-BBD3-CBFA34A7C4E8}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{193E4DB4-BE9D-4444-BC95-C04C10D26D25}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - : (ReferenceObject - :Name (gateway.local) - :Table (network_objects) - :Uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{42CD50F6-AA17-4271-B684-DFF6E86E5649}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0B65BDFF-A77E-498D-8F6D-8B77068701D6}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (UPS-Monitor) - :Table (services) - :Uid ("{8C8DED7E-F3C9-4964-B9D3-063C23997020}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{5C3E75D6-41C1-4D28-A34C-D9F0C316599F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{5DEBDFAA-F691-4041-8E3A-EAF002F8B690}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{69531784-EAAE-4C1C-B792-86B14F8D015E}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FA61FCF6-FF1E-42C6-B329-B8E23A0EB35D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{21457A88-FFC3-45C2-A6AD-7ABC8CDD0232}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{7990665E-448A-420C-BF7D-3616ED9ECB53}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (RAdmin-custom) - :Table (services) - :Uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7A4BC3A5-EAB4-4CC3-8F06-5B3681A6A814}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{DC9D47B1-CEB2-43AB-B32E-5BFACD49181F}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{841A245A-0BBC-40D6-AFCD-FC0956945DFB}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{940B351D-CBB3-457B-AA5E-BF8EE4721229}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (daba) - :Table (network_objects) - :Uid ("{94817CDB-EA8C-4213-B38D-F4417EA620C6}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{6F3DCA16-ECC8-4DAE-8729-3D07CD35A492}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{6A906112-E832-480B-98E6-7C88D5768449}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (mysql) - :Table (services) - :Uid ("{08A07607-EAAA-4A45-AD6E-6020770BD519}") - ) - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{124122B3-1A04-4980-AA2E-18B01C4BA2A1}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{B706F7FA-C0AA-41E6-9BE1-99FAA2073339}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{23C4BFFE-0F58-4C89-9AC6-EE8475E30FB2}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3DEE2329-18AC-4C21-95A5-49D3F42BC058}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (hpux) - :Table (network_objects) - :Uid ("{BF00A847-A0D6-4A75-BE1C-27E7D91EDB55}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{31E7DAD2-17B6-484F-87B3-A9817437F6C3}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{645119AD-FF40-4617-BB77-CE2B7679B804}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (telnet) - :Table (services) - :Uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{A15D212E-0F94-4C31-82C3-83292476F567}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{2B48CB5C-959B-4212-83BA-D0C31C9E81FD}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{23DAD50B-1BFA-4B5A-BD07-91F594590169}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("SUS-Access 4 Stichling") - :dst ( - :AdminInfo ( - :chkpf_uid ("{401D98F2-0790-42A8-A27B-4CEF1B409D62}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C607E30B-AD42-4EB9-861C-3E1F17B01A58}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F70D3F8A-F47F-4E46-AC7C-6439659AD77F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{66A8B48D-384B-47C2-AE14-EFA8C5BD981F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus10.222.0.1) - :Table (network_objects) - :Uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{B63983F0-BF08-44F7-88EA-5DF0FA381C45}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{D47409A0-8070-4258-802B-E234DE03D219}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{34E31CD9-5F62-46B6-A5A2-2A25A3381BFF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Final-rules) - :install ( - :AdminInfo ( - :chkpf_uid ("{97A07F1F-7C42-469E-8976-4694BEA0C05F}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{AE52657F-1C63-427D-899A-2739B143874D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7D15F5BF-41C8-4674-A2A5-96AC297EB840}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{E079D5BF-271E-4004-B4C5-8372C37B4661}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{EBF89D8A-D923-4469-9179-4209815688BC}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{93E9E478-F918-450E-8D36-280C86415DB8}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{F546BB1C-8E90-4AEA-9C17-188FDA697E98}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5576A25C-181D-40DB-8978-F8E8B6D19C4E}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ICMPgute) - :Table (services) - :Uid ("{418C7C0A-956A-41FF-9BC1-5867B2265090}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4B989FE8-BC56-4B8C-BD37-C6050AAC2B28}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{89F7C56B-1A5F-4C4A-BC98-F777664BBEC9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BD3A43B7-179B-4A44-9E8E-BDA3C4D74428}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{787E51C4-3375-4608-A83C-CFF3D08628B5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C67E7D9D-F7A6-4B80-AB31-589BDF22583D}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E732300C-E9E8-4CC7-B0B1-1566947A92A0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (redirect) - :Table (services) - :Uid ("{97AEB409-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{DB1AE486-D8A3-44F0-AA73-AE22B0BA4A32}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F134ED1C-8FC1-4ED1-9751-39EE88C79BAA}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{619449DF-3B19-42EF-A640-40BF30E1E398}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F3772580-72F8-47FD-BEEF-64F0C4AE29AC}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{FF327589-E587-4324-B33B-EAEA6BF3D977}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{367A55E3-5596-40A1-A0C9-63CEA70F42C3}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Drop_nologServices) - :Table (services) - :Uid ("{495E1A16-2612-49D9-8F69-B00EB33699E8}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AFD6C077-CA8E-4C7D-A834-F781B7821B96}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7067EE72-61D1-4555-9832-8E9279772BCA}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{D06A4524-1DCA-4DD5-BCC2-54EE451C1777}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FFD672A3-65E6-4B19-B686-D40AC4299BCD}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Drop_nologDest) - :Table (network_objects) - :Uid ("{79369987-B128-4B3F-827C-3C936F7C3F53}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{0581A769-6452-42CD-9718-F226767D0287}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F037BEDF-CC8F-4792-9A21-103C9F5C2A51}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7B4EF795-BE09-45A2-86B9-1CE030756ECB}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A6F53BCD-748C-4585-B8FB-1DF23129F085}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{4F089C9B-C148-4A8A-8ED5-38618067B567}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{34CE5F02-44F0-4180-BE48-5CB31E82D728}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{7AD6114F-E8FF-4AE9-BAA8-6B72CA08F552}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{33DEA2EB-F713-400E-96E1-AACE576E28AB}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4F305BBD-E049-4054-BCEC-A0D4F832CD80}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (CactusDA) - :Table (network_objects) - :Uid ("{69DBB75C-7E6D-49AD-A814-96F1BAFF12F7}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9CD8CE05-32DB-483A-A44A-0C9131CCA022}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{ED025D2F-5D51-4310-AEF3-67A075F171EB}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{92629D3F-DD0B-4864-A91A-9809A211E481}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{92064B95-86EE-43B6-9410-C38676F3D964}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{C0176725-D8C5-412D-A5C3-65BA48662B1D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{FB79D7A9-F91C-40F7-8DA7-303B39A7DC33}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{795A2E9C-E2BD-4674-AB77-023F50036168}") - :ClassName (address_translation_rule) - ) - :comments () - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA_home_test_3) - :Table (network_objects) - :Uid ("{3B37A3DE-4411-4FFC-9E54-3ABC5C4F693B}") - ) - ) - :disabled (true) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{A735AA42-250D-4EA5-B52A-05685A6124C3}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{12B449F6-1F99-4060-BCB0-4A9DB5B463B3}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{55591259-4F5C-498E-BF64-59C9C7E941A1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Cactus_home_test_2) - :Table (network_objects) - :Uid ("{3CB93962-2930-41A7-8067-FC373151BB91}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{BBC0B2D9-0852-4DE8-AFB2-C27B6049C3AE}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-InternetTransfer) - :Table (network_objects) - :Uid ("{408C820D-33A1-4E25-B576-EC826F525DCD}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5DD7A06F-C26F-47A8-AFBC-2649EE40DAAF}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{D9D74C97-AC50-4633-A4BE-AD9DF32ED7B8}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{404CEBC7-55D9-4A9A-98AC-10A264BC9F08}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{795A2E9C-E2BD-4674-AB77-023F50036168}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (heag_off_upper) - :Table (network_objects) - :Uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5C6895F5-E9DC-4A23-8A54-0DFAB2B7BE72}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{4C474EB4-0463-4982-B6CE-2B5AF7708E63}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{50C50462-F4F4-4619-B04A-5C4DB56D0F6A}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{1D294F6F-03B3-4CAB-B5FF-5CAEB867C8D0}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (LSYI-WWA) - :Table (network_objects) - :Uid ("{3ECB1B79-1A26-41A3-90F9-71BE179A7211}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{8E14CB91-D19B-40A6-8784-8554E1B86BE4}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5E8C8FCF-5707-4638-81A3-B20DFB9C42C9}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{6A960E2C-D9AD-44BC-B3B2-F5F3DC5992DA}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{434891D2-F2AE-4B89-88AD-540EB2A0C83A}") - :ClassName (address_translation_rule) - ) - :comments () - :dst_adtr ( - : (ReferenceObject - :Name (t-online) - :Table (network_objects) - :Uid ("{C3D65C4B-6498-4E00-9BAF-15539231E8EE}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :disabled (true) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{02FA831E-4B9C-4943-9EDA-AEA384241460}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{6DC1B358-0DE4-49CF-B496-D0006744DA88}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{F1DC8420-40C4-4CAE-A612-C9EC4518BBCA}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{4BBFC8B5-8B70-4AE2-BC71-6BCF4B17F7B6}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{7AA3058F-6816-45D2-A6DE-B54CBB46BD08}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{ED35E27D-FA79-48B3-8AC5-27502A7FDB71}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{800AC60D-FE78-47F3-B9F1-8F8F468708C1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{5CF61260-14E3-42BB-81E6-EBE8EFE8AF4A}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{098ADCE5-568E-4F27-ABF9-682BBE442FE7}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{36B74AF0-631F-40BD-B592-5ED305639070}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{41B82ACB-215E-4320-B02C-A86A08EEEFC9}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{44B823A7-B08B-4A9F-BF4E-F895E1BAE762}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-Official) - :Table (network_objects) - :Uid ("{2136B4E8-3ABF-4931-BDB9-12CDF457D4A4}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{F9494163-1D8B-45BE-A547-0786801699CD}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{13C447D5-A284-4282-B584-A1B7ED1DE70C}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{007B4C50-EC16-45E9-8CD5-A3C71764175C}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{05A4371B-C62D-4CE9-AD5F-9818F9D852BE}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (allNet) - :Table (network_objects) - :Uid ("{8C20ECB8-A6DB-4C35-B79A-D12ECE559C77}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{39606C16-F893-466A-9D38-B01857A51FEB}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{19200950-6F5C-4AA2-939A-3CE7D6ACA81D}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{C74080E8-0E7B-4D2E-8FAA-346607D856EC}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{770C7861-8D4D-45BD-9A08-6D7412464847}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{323C02BB-1CA8-4AF0-B778-CE65AB57FDA1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{26E182C6-DB5F-462F-BD1B-8C37735E86F7}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{8FA593D7-47A4-4AAC-BA66-34C93515C7F0}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_extern) - :Table (network_objects) - :Uid ("{DB456CE7-0DCA-423F-A5E4-9FA976C0B594}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :use_VPN_communities (true) - ) - :rule-base ("##IsoAAAA-traditional" - :AdminInfo ( - :chkpf_uid ("{83E0AC16-D70B-4E9F-8694-9C50BA2DAE92}") - :ClassName (firewall_policy) - :table (fw_policies) - :LastModified ( - :Time ("Thu Jun 23 14:33:36 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :default (0) - :queries () - :queries_adtr () - :collection (ReferenceObject - :Name (IsoAAAA-traditional) - :Table (policies_collections) - :Uid ("{8EA5AF0F-7640-4BF9-8E5B-577091884205}") - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{55AED8D2-A87C-4234-8F39-3E462469A75E}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{A80DF4EA-A769-4C2F-AFFA-437000BAABF3}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{4AC2A92C-B41D-475E-BD2B-46F614A14D53}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE SecuRemote") - :install ( - :AdminInfo ( - :chkpf_uid ("{D2F4F31B-A96B-4CC3-AC8F-E42E4B0C6E38}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{28DCAD14-2A26-4980-A1EA-A328C525AA6D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{11AE059A-0887-4864-A96E-573D0AB9B8D1}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{6E78B459-91E5-4755-B4BF-CD7E19BFFF69}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{2AFD1828-E320-4ED5-BAC4-7B8B6977CD41}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{E71C16B9-A6B6-408C-80BA-5CF08A1F46CA}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - : (ReferenceObject - :Name (gateway.local) - :Table (network_objects) - :Uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C920DC45-AC36-4E6C-AE40-7D36535BCA8C}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{C01056E7-2861-40A0-B8B8-CFD83C4503E3}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (NBT) - :Table (services) - :Uid ("{97AEB471-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{54B4C9AE-D0A0-44CC-9966-6D3430A02560}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{06662A22-288E-4636-9C57-B2299E99F54C}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9691C5DE-A661-40D5-9755-E268DDE0F823}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{21A87FBC-F2C6-4847-8FC3-7ABC71306B80}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3109A085-1921-401A-BE72-8E7FE51BA775}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{1D278C64-5680-473F-B522-7F856EF2C114}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F7A6A2A3-6586-4954-9981-F5E206B1CC09}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (RAdmin-custom) - :Table (services) - :Uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{6BF46A79-3FF3-4F3B-BC85-9D71E0E932D6}") - :ClassName (rule_source) - ) - :compound ( - : (IsoAAAG-g@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{A304617F-CDA0-490D-A621-B62BB65F1C51}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{920B2304-B254-46E4-A051-F46580B0189A}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{9CA5DD8C-0AD0-4505-8782-69FDE2254C70}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{89FE302D-ED85-4024-892C-84457F49EF44}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{239E405F-12E7-4910-B44F-F3C59A3191B6}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{960A7691-DDC5-4F48-B5D0-7A7305561B32}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (squid) - :Table (services) - :Uid ("{91C0454D-F70C-44B3-8F2D-70C4A68E9594}") - ) - : (ReferenceObject - :Name (imap) - :Table (services) - :Uid ("{97AEB446-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{1625B6AD-2434-4325-8BE6-AE20F7C2C3CB}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{848CBF00-3FFF-47A2-8D54-5B7B8170EDAD}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{1BDEDFF9-7C57-4628-B09E-DAFFA27B0DAF}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{01B16C58-99BF-4C2A-9AA0-BF151981D6A8}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{55339727-6FEF-4B99-A17E-5890279876A6}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{58C83086-B23C-494C-AFBD-FF71DDE6D90B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{35745013-A0CF-4878-A5E5-60BFDD09DD4D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4A953FC6-7A97-4CF8-ADD2-8F557A1991E1}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{95BDA256-F40B-4BF0-9A9A-9647C2D4E758}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{70B5DC4A-1616-4047-AC26-5ED448A2CF00}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{F0786A55-1A99-404A-BDD6-9334E32B292C}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{0FDC8337-7A9D-47B2-8754-378FEB66B2ED}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{9D51C8CC-BC8E-441F-88E7-60CFB459EAE1}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4D81B00D-E763-4153-9338-1BFB8A9453EA}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{BFDF7F38-B703-4397-8CC9-1B544AEBA20D}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{4F5A4882-D84F-4250-B3BF-B1A3C5B468E4}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F5BDCBD0-AE0E-4DDD-BA77-488A126E9759}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{4910EDC7-E295-4B62-A57B-119D75B36211}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F1BC9B8B-757D-41B5-B5F2-6CF53E313CE1}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{EFEA2745-10C4-435C-8F75-3B02CAD44A1E}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{B0A24846-9037-4DB4-8A0E-6D154A3C446C}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{478016ED-E6A8-4C48-AAA0-0E48BB328C94}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{22D34F4D-CE34-4570-82C3-8264E061361C}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{E50EEFDD-9C20-4905-AC8B-6DD27D72792C}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{6E8942C2-E8EF-4C95-BC20-0AAFF144F063}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{80AD2FC1-9597-4DDB-89D1-EBB676C19FAB}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE VPN-GW2GW") - :install ( - :AdminInfo ( - :chkpf_uid ("{AA5B5D3B-09DC-4BF0-B844-2284691CE560}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{75EFCECD-5B98-4D68-90A8-993EBEB1D1AE}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{5DA88645-AB06-4001-8DDF-1D9F3C73AD4F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{328999EC-FEB5-48C3-B967-95F52EFEC462}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{033ED469-3968-422B-9F61-B859EAEF33A9}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{AA60725C-E01D-4383-9841-5DA71CD58498}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.phase2_DH_group (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (false) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{75DEA9A3-F776-46C2-AE83-708A874972DA}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{49CA8DBE-E6C1-41FE-960B-CD80875BD987}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{70722DA2-F39D-4785-B360-AE025E55A90F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AFFDB11C-0016-459C-B945-5B7C26F707A6}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Table (network_objects) - :Name (IsoAAAA_home_tim) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{4D25D596-31EB-463C-9AB3-D22A92AE4033}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{C80121D8-276E-46C7-912F-1ED756DD47A9}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6ADFAB36-2054-4BD4-9709-778A6D5CE14C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Paybox) - :install ( - :AdminInfo ( - :chkpf_uid ("{0D085BFB-9570-4635-ABC3-962C2E75BB5F}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5A631F4C-07E4-4AC9-A8E8-95CDBB5301A8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{E46AD7A5-D087-4086-925D-110926B6D8BE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C008C4CF-6F9D-42D6-A4AE-E187E2C52B9B}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{32F49A92-BCEF-4C40-9C82-A8DECB8B205F}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{E6CE55C2-2363-40C3-8497-78C64EAC556E}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway () - :isakmp.phase2_DH_group (ReferenceObject - :Name ("Group 1 (768 bit)") - :Table (encryption) - :Uid ("{97AEB624-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (true) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{29ACE304-9241-458B-AAF2-FC1081354711}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-raunheim) - :Table (network_objects) - :Uid ("{0A1725B4-534D-46F1-A8C0-02C3351C8312}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{AAC7238A-9B77-463C-93BB-F09881B9D900}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{43D4BFFE-96B2-4921-8DE3-8B0B9C3ACC3D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{1763B2EE-C7D8-44ED-A686-583DDB672508}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C64B3DE1-B85C-4902-B966-2BEA60840772}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{7F5A6984-04DC-43A4-AC1F-A6C3BD195426}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{F52E7C26-DF59-4818-B00C-B32AD2ABE2B3}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway () - :isakmp.phase2_DH_group (ReferenceObject - :Name ("Group 1 (768 bit)") - :Table (encryption) - :Uid ("{97AEB624-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (true) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{313A1B80-4748-40BC-A463-FA115C9A6410}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (paybox-frankfurt) - :Table (network_objects) - :Uid ("{463C45CA-0C86-42DC-9B02-E83E28764370}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C70D24DD-D5D5-4D6F-85C2-0A69F0EE5F48}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8AB172A4-28B0-4DA2-8028-6AD4F7DAE979}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{8119E980-7EFF-414E-810A-1368B4059E52}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{85A07116-6165-46A2-B646-BC65159C8498}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{0974D2A7-69A9-40E1-9150-87FF94433363}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{80880ABC-AA36-4ABB-8E93-72459383731B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Sting Internal-Connections") - :install ( - :AdminInfo ( - :chkpf_uid ("{D236CF92-C3A6-4139-9D74-836408A0AC42}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8213C158-8D6A-4146-8383-6B1BA2CDFFF7}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{6AED35BE-4E23-415A-BA81-8969B9E1DDEC}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{CF0994CE-EC9F-4A3A-90E0-42655C2D25A1}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{292BDC57-FA47-4464-B83C-7636555FB0E1}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{A71F1087-BFC1-414B-BAC9-5097E8FAA94F}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{9698EE11-9DFF-4C54-9166-7B6E9A35BF4B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F41085C4-3418-4B30-AB6E-5804AA7F8B4D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2D0924EE-FE00-4354-ADC1-033783E6AEBC}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Table (network_objects) - :Name (IsoAAAA_home_tim) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{113537AD-71C4-4CE4-BA28-679030EEA145}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{B772878E-BC0F-4DA3-8BEA-29B7E1F78BD0}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{17D6C85E-1919-4FDD-9AB6-17A7F06D6559}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{59E0D2EA-BD99-48FC-BA29-34C757D6C14C}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A9833372-0864-427C-B2CB-6A0F59DAF2F0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (apcupsd) - :Table (services) - :Uid ("{A1044CB4-439C-40C9-8489-FA5086134886}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{20AB74D2-BC69-440B-8B69-77C6F598D603}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{8D008C53-8D55-4C95-93FB-26FB028D1914}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{55DB4364-CA94-47E2-9C78-5874293C28DE}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6EC07E89-6359-4D43-959E-8834F1E1DC59}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{135B3221-B41A-49BA-A6A3-BF4A7662A2B4}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{11F787A5-B7C9-435C-AB4F-0851D2695778}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{1431CA26-6106-4592-B29A-5DB903350FBF}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{D81E3077-3930-4FF3-A15B-21B8B5398143}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{5BEBEB39-FED4-40D5-93A4-926D136985DF}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{AF0A8FB4-C470-4CF9-80A4-A02D65F17CB4}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{47FD7FA4-3EF7-494A-AFCC-A1175C1B7CB3}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{D6303579-2AD2-4EBA-BA32-3ED6EF192609}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2AB872E9-0292-4B06-8D86-6960AA66787F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{30829944-2BE4-46F0-A0A9-30E2DB0D85CF}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BEB334AD-F3D7-44EB-95DB-360CBA080106}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{DDF30249-4842-4453-9FF3-AA14C76B632C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{53000D56-F73A-45A8-8EA4-43F7DB7A16BB}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5587D19B-EB61-42ED-9531-F1F13E89FF99}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (syslog) - :Table (services) - :Uid ("{97AEB3E0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{CDBA6A5A-086E-4591-9FF0-87515BF4BD2E}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{77835D71-6333-4D9A-8DF4-CB427F59026F}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{FB12625B-C5FD-4D0C-9286-ABBD3F5D67D5}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C6EED839-1703-48FC-BAB5-CD26627C4E33}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Final-rules) - :install ( - :AdminInfo ( - :chkpf_uid ("{6A78BE94-D68A-4E5D-9D5C-7794E65BDA91}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{9B9BDA74-31AB-443E-B101-37DAB5C8363A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{FC4224DC-3D3E-4EFE-BD48-403FFD7EDEEF}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7D32EB1D-9DA2-479C-8E05-80A48B4D49B8}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{2664067C-FBB5-436C-9569-87F241215125}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{5AC35870-BE14-4BA8-B152-AAAD919EB93A}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{EE6F2F3F-B123-4BB0-9AA6-EA670224A920}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{711FD2F4-7BDC-4667-8F9B-37EA46D21468}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ICMPgute) - :Table (services) - :Uid ("{418C7C0A-956A-41FF-9BC1-5867B2265090}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{02294F3B-AF87-4FBE-9CE1-A3BB3434F19C}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9676DC19-81AB-4901-B03B-2B86DC876712}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{DFE03595-95BA-483C-B76C-14F842885448}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3EFDE682-11BD-4F54-B2CB-1E191C71351E}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{A5CD71BD-98D8-43C7-8FB0-1C43B1D63F18}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{679E7E39-AAC3-484E-977F-403FBC9A3701}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Table (services) - :Name (Drop_nologServices) - :Uid ("{495E1A16-2612-49D9-8F69-B00EB33699E8}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{9E442067-FFAB-4B9B-8CA4-FD5FF240416A}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{650D3396-E5C8-4FCD-AB0E-B2D867C631EC}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5A63985D-9381-4F03-8F35-5A6FA61836CD}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F0A383D4-E033-445F-87F7-679987F289F8}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CBAF3D5E-4D05-4D90-9278-B74D854765E4}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{55A4F666-58D1-4D21-97F0-6A66BE8A9A4E}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{D38D5022-5541-47F6-BEC1-D34D577D5B31}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{AEB9F3D3-F756-4622-8279-546EB4AEDA6D}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{27CFFB17-E049-4E32-BCCD-D8140703E33E}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{7236D86D-A66E-4FFA-8C32-BF31AA649665}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{D12593A4-D593-4DC7-A241-19915862D874}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{CE9E192B-7125-4C9B-9923-3CC0851ECF86}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-InternetTransfer) - :Table (network_objects) - :Uid ("{408C820D-33A1-4E25-B576-EC826F525DCD}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5B4D59AD-51B2-4FF4-BBE4-6004FDC2B0EB}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5AC7492C-C631-4E37-BCD5-AA50435F5477}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{0671F784-E9CC-423F-82E0-AC645A80560B}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{BC27101C-9BC5-4E5A-96FB-9C745A716EC6}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (heag_off_upper) - :Table (network_objects) - :Uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{FCA2AE6C-5BD9-43B0-BC7D-E0CA44B623D1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{CC48C8B8-7D7A-4958-964F-3CF28847B3B3}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{B11BD765-AEC0-4BF9-A63E-E8D829A3BC8C}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :use_VPN_communities (false) - ) - :rule-base ("##IsoAAAA" - :AdminInfo ( - :chkpf_uid ("{4DFA246F-BCB1-4283-B3D6-685FBF8DB89B}") - :ClassName (firewall_policy) - :table (fw_policies) - :LastModified ( - :Time ("Wed Jul 27 15:32:20 2005") - :By (IsoAAAF) - :From (IsoAAADray) - ) - ) - :default (0) - :queries () - :queries_adtr () - :collection (ReferenceObject - :Name (IsoAAAA) - :Table (policies_collections) - :Uid ("{462FD47E-BB4B-4DC4-95D6-E25D7E6C1E41}") - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A4029F61-9672-4AA3-B1D9-0FF4E8979971}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5EE13032-A1E1-4538-90BC-6295FD3DFE04}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{5560B804-6408-442F-903B-2B279AE6D9C2}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (test-rules) - :install ( - :AdminInfo ( - :chkpf_uid ("{0B1EB683-1A59-44FF-901C-5FDB9EA65A5E}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F8D6F7F5-4582-4256-A0A5-EBFDDB2EF590}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AF27380F-6548-4B83-81FD-1B5EAECAA8F6}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{ABC6E209-A440-42E2-A896-CF27A1CA2744}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{E9CD394B-3A31-4AA4-A8F5-D2120F53E780}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("intersect with user database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("intersect with user database") - :type (userc) - ) - ) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments (vpn_test) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{65F39402-76F2-45CC-A99C-0903FE70DF4C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C6DE2209-1A7B-4FCC-B7A7-A1D4EDD793D7}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{91BC0FDA-33F0-49D8-BC63-FFA85CBAFD40}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (NBT) - :Table (services) - :Uid ("{97AEB471-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{28C21DCF-D0A0-4F40-8017-BCD946EFF41D}") - :ClassName (rule_source) - ) - :compound ( - : (vpn_user@heag_off_upper - :AdminInfo ( - :chkpf_uid ("{ABBA5C5D-AE07-4CF6-A00E-3649064D0BDB}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (heag_off_upper) - :Table (network_objects) - :Uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{5AFB86A5-E247-411F-AAD7-A8EFDE97A0F5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{150ABA94-098B-4CC3-AF8A-BDFED81FC20E}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{5526AF1C-6E4F-4F71-A58E-A1E5F88B62DB}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Premier_Access) - :Table (network_objects) - :Uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - ) - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{7F41F235-2373-4F38-9141-29AB9CEAD2D8}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{C2DE3BB7-C1B7-49C9-BC21-97AB3CE81521}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{F8ECC436-D19B-4124-9BC3-31C1E3945A36}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - : (ReferenceObject - :Name (Premier_Access) - :Table (network_objects) - :Uid ("{B2BB20AA-B685-426B-96B6-1FB4D8D05135}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{38429C3B-05FE-49C8-9D8C-83F0AC9661CD}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{5F145F42-1609-4937-A766-0D8B67710BCC}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("intersect with user database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("intersect with user database") - :type (userc) - ) - ) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("RAS - Test mit Premier-Access - Tokens") - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FEABA989-54EB-4D53-96C9-6841B9BBEB4B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{162F84EF-286D-4D55-B03F-8DC9F535553A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{130A495D-1435-441B-98CE-993791EBDA7A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{766EEA30-3B32-455D-A951-52D75F93E1D9}") - :ClassName (rule_source) - ) - :compound ( - : (test@Any - :AdminInfo ( - :chkpf_uid ("{C8439795-0347-401E-9663-4EBE924B0F4B}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{24DC38E2-D64D-40EC-B81B-BE3B27A12CED}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{23D057DA-D1AB-4FFD-B61A-806648650D75}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{690BE832-509A-4F4D-A0A2-C9E665129607}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE SecuRemote") - :install ( - :AdminInfo ( - :chkpf_uid ("{67EE9042-BF3D-4971-8346-FA36156A5F74}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4C231AF1-095C-4CAA-A12C-2EA5B88E76B9}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{F23B90BB-44A6-4F7D-8573-48E730D231EE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{4D877153-65A8-48A9-9D11-B30CA56946EF}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{13A8B02C-F3C2-473D-A9E9-E49EA1DF3434}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C2778755-3B4C-491C-85A7-E4523035CD2B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - : (ReferenceObject - :Name (gateway.local) - :Table (network_objects) - :Uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CA2D51EE-4A3F-4FE8-B21C-6532E9E7D2C6}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5D51CCD0-95A5-408B-83C0-6F18D2B9A460}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3B379A82-34F3-4A23-B77C-B50EAD80BD53}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{C7F9820A-4EDD-4187-98D9-CC655885E0D6}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{AC6B21DA-86AF-4EB3-B294-3387F815E66E}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{557B0552-8CDC-40D8-8B63-00E30DC9681A}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("intersect with user database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("intersect with user database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{B7130E5B-C62A-4BEF-A2B3-3A2306AE0E5A}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{58B74533-737D-4182-B405-F3EAC537960A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{115D6863-5E76-4339-B76F-8AF7B421C12F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (RAdmin-custom) - :Table (services) - :Uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4400E028-7BB5-405F-AE2C-CE84535C3D32}") - :ClassName (rule_source) - ) - :compound ( - : (IsoAAAG-g@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{23622C19-C400-4C6D-9BCA-E69C2217DE8E}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{5289C1E3-9679-4537-AFD3-AA8663CA5F39}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{4572A69E-C640-4125-B38D-1EBEA7F257F0}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{68ABBD00-BD78-4112-A679-DC94A8CDB47B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{D26ADD37-6C0A-4402-BAC8-92A4CA9B11CA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{99E348A7-72A0-43EC-B728-58DED1B0ED1F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (T-online-classic) - :Table (services) - :Uid ("{738B04E5-09F7-44BF-9FEC-AEA0F15B7E9A}") - ) - : (ReferenceObject - :Name (HBCI) - :Table (services) - :Uid ("{336C93F8-5CC2-48BE-9328-2E92F61EFCF1}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{040245DC-1E6B-44D2-A0C5-C7D1A9FAFAF0}") - :ClassName (rule_source) - ) - :compound ( - : (IsoAAAG-g@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{23622C19-C400-4C6D-9BCA-E69C2217DE8E}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{73F2144F-4C58-4361-94B5-459B469A6541}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{79C1343A-9B8B-4AB8-8F0C-795A3C6985F8}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{8D75B038-29A6-4DFC-99BE-77BB50F0248D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{64D010BF-D0CB-4F9F-9B7A-DBAD17892364}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A9590BAB-F46F-4EB7-8125-A4EE6791DD5F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (squid) - :Table (services) - :Uid ("{91C0454D-F70C-44B3-8F2D-70C4A68E9594}") - ) - : (ReferenceObject - :Name (imap) - :Table (services) - :Uid ("{97AEB446-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (imaps) - :Table (services) - :Uid ("{B760A869-04DF-43E2-91F9-414C58F86F16}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{32C8D43F-D47D-4477-9217-8E249CBA8F9E}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{93AC11B4-FFD0-4DBB-BA60-321FE5E9AD32}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{6ADC5431-5B24-47FC-A9A6-F8DC912B0515}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{6CA48465-23C7-4B10-AAA3-AD9A9E4F8588}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{586E9FDE-3504-4C3C-B1B3-A73F6D3F379B}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{067D0452-9D33-44EA-8433-DF53F0333503}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{656EA975-486E-43AA-B73C-209ED71366BC}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{028E2317-59C3-4783-AFA3-8121A808F9D8}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{3D633953-A379-43C2-BCD5-CFCE90A8F60D}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{09847FA8-6AD8-4196-A6BA-C2E5A4380CAF}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{EFBB77A2-67A2-45E9-8D82-5DE40E64C792}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{AE09F8C4-EE69-4874-A359-DE443685FA10}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{88454436-C062-4605-BADB-73FD6F534D0F}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{79BEA1F5-E14E-4C55-B7B2-4765F608CEC4}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7851EA21-542A-4587-B676-F7DD371446C5}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{4BC9D4D1-5EE4-45A3-9EE3-77D2B97D21EF}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{67784DF8-6440-4F4A-891C-C7062E0F32B0}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{CD454805-68CD-42E4-98C3-0DBF82CB9BE6}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{D29D3530-277E-4D41-86B8-CDFD1640107F}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - : (ReferenceObject - :Name (hpux) - :Table (network_objects) - :Uid ("{BF00A847-A0D6-4A75-BE1C-27E7D91EDB55}") - ) - : (ReferenceObject - :Name (sol8) - :Table (network_objects) - :Uid ("{86F22190-7D8D-435D-8906-A346CA12A17C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{35771DD3-A725-4A30-B8D1-2D4DE471A8AA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{65CD16B1-1526-40F3-9D70-2C6DE0FD27B8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (telnet) - :Table (services) - :Uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (ftp) - :Table (services) - :Uid ("{97AEB3D0-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3E20C184-B0AC-458B-AB58-17C5E8D0CB58}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{4BC9D4D1-5EE4-45A3-9EE3-77D2B97D21EF}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C6951C02-A10A-4757-A85F-5C197D6B95EB}") - :ClassName (security_rule) - ) - :action ( - : ("Client Encrypt" - :AdminInfo ( - :chkpf_uid ("{8EFD07B3-1AE9-4498-A0EA-FFF0CAEC9824}") - :ClassName (client_encrypt) - :table (setup) - ) - :action (accept) - :dst_options ("Intersect with User Database") - :enforce_desktop_config (false) - :macro (USER_CLIENT_ENCRYPTION) - :src_options ("Intersect with User Database") - :type (userc) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{953252BD-3073-4D69-B49A-86B012FEF76D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{019A9168-EF95-46C7-AFB5-B0788EBDAB4B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{63D8350C-2432-4909-91D6-4459C3054B4E}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{D6818DB3-CC9E-498A-B47D-DA9204F004F4}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@vpn-sources-IsoAAAA - :AdminInfo ( - :chkpf_uid ("{970C0D68-3CEC-47CA-B2C0-EB23C9B56AC8}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (vpn-sources-IsoAAAA) - :Table (network_objects) - :Uid ("{26405A41-425C-4053-8002-497BB82D76B1}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{84087B02-E15A-4E97-9204-F0F866206B75}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{C1A1378F-A974-41CF-BB10-A3F1D8205A3A}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6CF2DE51-FF05-4F78-A967-BA8F290325BF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("IsoAAAE VPN-GW2GW") - :install ( - :AdminInfo ( - :chkpf_uid ("{478AEC09-B131-41B8-8756-A059E1E43421}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8F76A99B-E1AD-4595-B528-588D82877DDE}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{E356D6BD-676A-4587-90E7-C31B293579C1}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9BC6A630-0169-4289-962F-8E65E0503D01}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{0B19DE28-8BEC-4290-812D-9B5D4289D12D}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{4302BEE6-7E9D-46BE-A30A-7D5F42B951D0}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.phase2_DH_group (ReferenceObject - :Name ("Group 2 (1024 bit)") - :Table (encryption) - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (false) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{83858D79-EC2C-4812-9B9B-2346DFC72654}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{50CB20E0-39A1-42D5-9495-BA814B304829}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{938E9BAA-A4E0-42DE-B985-4FC332A0008A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (icmp-requests) - :Table (services) - :Uid ("{97AEB413-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{288657B3-E155-44B2-9023-5BDBB46EF52F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{1B421F3A-CCFB-4816-B5D0-2D69F5D98DC3}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{7B2AB0CD-8E90-4AED-B40D-57919CC85E3E}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{88330614-2043-4829-BE4E-9849E3E56931}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - :isakmp.phase2_DH_group (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (false) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{2E07BEF2-A8D2-420C-B73A-97F71499CF78}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{E4654732-4C19-4B16-B48E-9045187B0E7D}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{56D6CE5A-FD31-4622-BCD4-14B2B79E9831}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C698A8A9-97D7-477E-98FA-1A67C583F157}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (SonicLAN) - :Table (network_objects) - :Uid ("{587A029D-04EA-49A0-9DB2-93ADC651B7BF}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7F7BEC1D-4972-4E6B-9F74-2808D5D82A44}") - :ClassName (security_rule) - ) - :action ( - : (Encrypt - :AdminInfo ( - :chkpf_uid ("{DE69F779-E476-4D83-A45D-01E7AE697727}") - :ClassName (encrypt) - :table (setup) - ) - :action (accept) - :datam () - :diagnostics-track (CryptLog - :AdminInfo ( - :chkpf_uid ("{7B3D6F79-64C4-4E84-B374-D3F4FF4F6646}") - :ClassName (account) - :table (tracks) - ) - :Name () - :color ("Navy Blue") - :format (crypt) - :icon-name () - :macro () - :type (account) - ) - :gateway (ReferenceObject - :Table (globals) - :Name (Any) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.compression (None) - :isakmp.crlreq (false) - :isakmp.data.integrity (MD5) - :isakmp.encryption (3DES) - :isakmp.gateway (ReferenceObject - :Name (Sonic1) - :Table (network_objects) - :Uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - ) - :isakmp.phase2_DH_group (ReferenceObject - :Table (encryption) - :Name ("Group 2 (1024 bit)") - :Uid ("{97AEB629-9AEA-11D5-BD16-0090272CCB30}") - ) - :isakmp.transform (ESP) - :isakmp.use_pfs (false) - :isakmp.useippools (false) - :keym () - :macro (ENCRYPTION) - :mdm (MD5) - :menu_inactive (false) - :scheme (ISAKMP) - :type (encrypt) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{B08B1D30-7A98-4EB1-A10F-8A5EA4E5751D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (SonicLAN) - :Table (network_objects) - :Uid ("{587A029D-04EA-49A0-9DB2-93ADC651B7BF}") - ) - : (ReferenceObject - :Name (Sonic1) - :Table (network_objects) - :Uid ("{B2EBD57B-C94C-42E7-8F1A-17C861697403}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{A4D22342-EAE3-42F9-96A9-AA42177E4662}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4171D4D8-3AEE-4503-889B-2F2BB38E7E6B}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2E872EC3-8CCF-4263-92F7-5C0DFCF66ED7}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7D822D25-45D2-4906-8C8E-72652A4E9C7C}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{8AEAF6EF-1859-4E89-A58F-4F275BF154AA}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{08B3D275-0F89-4C3F-B53E-1E3ECA583C23}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Internal-Connections) - :install ( - :AdminInfo ( - :chkpf_uid ("{CA6C0AAF-DBCE-4020-B529-4E4449A1EFAA}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{6FB76A7B-3073-434B-ADDA-81C99060AEBA}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{79B42650-50CC-4AD9-A13E-A0E4AB4D7383}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{EACACDFF-02E7-4014-9DA7-1A5487AB8481}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{87CA79FF-466D-4BCF-B6C4-42FE6346885F}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{38233DD1-F39A-42F7-80B7-74A2F3C959BE}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{D4207D0B-4AA6-4438-A102-EAF2E08BCABC}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0D51549F-279B-4544-97E7-672C85874699}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C0F53557-6630-4779-8F85-30AA74C8BB3F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{C5F973E3-CBB2-4C15-A735-52B51AC9DAE7}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{396BFDCC-A290-408E-9F92-791EA8CF3616}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{389DDDD2-29F4-4D0F-A969-726529DF0919}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (daba) - :Table (network_objects) - :Uid ("{94817CDB-EA8C-4213-B38D-F4417EA620C6}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{D76410C0-68C5-40EA-A75A-9FFB9B0EF2E8}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FCA57859-3422-4495-954F-E7D746378008}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh) - :Table (services) - :Uid ("{18EC9EAA-1657-4240-AB97-5F234623336B}") - ) - : (ReferenceObject - :Name (mysql) - :Table (services) - :Uid ("{08A07607-EAAA-4A45-AD6E-6020770BD519}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{B98DA2C1-079F-4EF2-A67D-5FCEC98B1FE8}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - : (ReferenceObject - :Name (IsoAAAA_home_tim) - :Table (network_objects) - :Uid ("{BF8F69B9-87C2-464A-9404-239AE8DF66B3}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{0D4D75A0-8203-453F-9C3E-F68E1995DE88}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{317B8552-195E-4E2A-8EA7-CEE52B732C38}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C80F45A6-E7AD-4F87-89A8-31CC7D5A5E53}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{9D97B55B-160C-46D2-ADFA-6D235D7D9733}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{8305714C-A6BA-4B6C-A1A9-2E54349BB3ED}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{398C5E6F-5E01-4646-ABAB-BF775B461AE6}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A1ACBE88-9F38-4947-B497-B34A2F3878B3}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{F8FE4FD5-50BE-4D6E-93FE-93071473FFF0}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{442DA9A3-9028-4077-88ED-F676CC39EA6A}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{22AF536A-CE60-42B9-8D92-B2B84B1B849A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FE031AD5-4408-419D-9CAC-E33FD47B4872}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{EA42965D-38DF-4E67-8A06-6BF107BEC1BE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{321D1155-8DB8-48D3-8F89-789456335EA5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{EF61D86E-D8BD-4E00-83C7-D4D6413AA826}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{6ECE3813-9B88-4B95-8F48-35760521161D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{B6B3B97E-55C4-41CA-B951-91FBA42AD24D}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E4826F35-742D-4BE5-814E-5ECE6741D719}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (syslog) - :Table (services) - :Uid ("{97AEB3E0-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{CBCA552F-5195-4594-8FCD-DB44E1E54E08}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{479DFC1D-FE51-4CFB-9A99-4FD1A532B7B4}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{575C62B8-634C-4115-9DF5-3C75BBFBFDEE}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{EF6C7FE7-9266-491E-8933-CC4429B97209}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to Spike") - :install ( - :AdminInfo ( - :chkpf_uid ("{CA20EBCF-96AC-402F-87BB-25C0EC09879B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5505712A-4BAB-46F8-BFAF-62A682802247}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{3B75D561-22D8-4C61-9CA7-A843272AA499}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F18D892E-EED1-488B-A0D9-832B742CE27B}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BD096130-776F-4884-A5E3-66951FEDCAA1}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{69FBBF03-9653-4708-95E4-A3085DA3502E}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - : (ReferenceObject - :Name (ras.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{23B1E779-B8D5-4384-AD60-80E498B77196}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{58BE428C-CA30-4DD6-8D0C-DD21E8D5716A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{D45CFA85-C7A9-4770-BBA5-38DC95DE2E39}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (SpikeServices) - :Table (services) - :Uid ("{9D35FACE-289F-49A6-95C7-13417959BC9D}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{CEAC96CA-4B08-4E15-B8E5-F555868B9B9D}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{001AA0F0-DFE8-4CAD-9B62-C26E1A5CB9A0}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{339E1791-EB7E-4985-8B54-EBE0E6097CCB}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{A78DD97F-4A53-4494-8F90-EABA9B30D6B5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to DMZ") - :install ( - :AdminInfo ( - :chkpf_uid ("{209BE460-BB82-44DD-817D-FF2E22395B31}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E0D91B63-F2A0-4973-B07E-AEDD817454E5}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{9BD55163-1255-4D94-BE33-13A5569A02ED}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (expanded) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{00477CC9-4940-4C79-B2E6-A137781B1C25}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{47ACCCC4-3B42-4BE4-8E43-AF61E4E0FB86}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F16C6F8C-1F05-4B70-87D9-CECE46630C0C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus-DMZ1) - :Table (network_objects) - :Uid ("{62523F8E-9AE0-4CC0-82C6-BB41846BA2B7}") - ) - : (ReferenceObject - :Name (Cactus-DMZ2) - :Table (network_objects) - :Uid ("{61AB70E0-5514-43CF-9194-B37A13EC102D}") - ) - : (ReferenceObject - :Name (Cactus-DMZ4) - :Table (network_objects) - :Uid ("{9C2C49CE-5100-423C-BECB-08951751059F}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{E18116F6-2DF8-42C8-8F65-D00C902B23AB}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{FFEF9B1D-B59B-4A07-AEDE-63918094EDB8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - : (ReferenceObject - :Name (sshv2-24) - :Table (services) - :Uid ("{1DA78BCE-7ABC-4DBB-82AF-FDBE6B853493}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2D6919C8-EBF0-46B2-95CE-7FD2AFF8DBF0}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{2CDC82FD-6292-45D7-A4B8-6794C378A47B}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{DBFD040E-D17D-481F-B6E2-D9E5AE306BBD}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{AAADBB03-1A01-4136-8104-91B265E567A3}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus10.222.0.1) - :Table (network_objects) - :Uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{77D96FA7-8F8F-4F17-9F1C-868F1472C870}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A042A0B6-6CD8-4A84-90A5-B39B35590148}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (VNC) - :Table (services) - :Uid ("{9788B566-735E-4158-A169-8701B9624E47}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{2F62C069-51CA-424D-A3EB-235DD9728611}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{8EDEBE48-F02B-4AEA-8337-FBE1E2079BE0}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{47CF3B75-BE35-45E1-B56E-B8A61ECE885B}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{7149B69F-E170-4FCC-B958-76AE0F704EA0}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (itchy) - :Table (network_objects) - :Uid ("{3B4DF852-5064-4957-B95F-D469C5656467}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{50C640DC-6413-458C-BD30-9E947F408315}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{3F4AF5D6-72D0-4C52-A1BD-29AB242927D0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{EA36998F-4F7C-4250-BECC-4CEBB36E9EAE}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{0F6D252E-7562-457F-81A3-60192F3EC815}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{0CEE5A08-F53C-439A-8180-A62450938BA6}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{C414C09F-B8D2-4DD6-8DD1-B5044B787753}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (MailServer) - :Table (network_objects) - :Uid ("{17935795-6ADC-4B45-8E2B-BEC361E6CAB1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{1ADD0F50-D00E-463E-AF4B-5F7B9602F8FB}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F89128E4-058B-45CC-8BE9-62261DDB22A0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{1265804A-4F79-416E-ABDC-2BC3BC6E9513}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A3B9D85B-AD6D-4991-8A9D-960939C491C2}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{C8749F14-4AE2-4544-B239-7CC349656359}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{A7BD46F5-7D1D-424F-BBB4-CCE8564D68C7}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (wasp) - :Table (network_objects) - :Uid ("{098B2A74-E220-4AE8-A164-340FED79C9D5}") - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{E6AF42B5-C12E-4E59-8C3E-5D231C5B0D34}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A22EE9B9-C603-4998-B273-1568DE4BB27A}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ntp-udp) - :Table (services) - :Uid ("{97AEB404-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{D0402416-F879-4AD4-88E6-A1DBFEA44546}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7C9A68ED-6420-4D5E-BE91-F7ACE4B90AA5}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{D4BF36D5-49FA-49BD-ADE1-87E488A684D6}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{251B6C16-21CB-4CCE-9B3B-62B66C6F6390}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Intern to Internet") - :install ( - :AdminInfo ( - :chkpf_uid ("{A9221EAB-A00F-4E3F-83DF-D44CBC08AFBD}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{AECCDBA3-A006-464E-9BD9-691255CA5841}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{5B2CFCAD-0A44-4BA9-BFF7-6734B5644C85}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{E6AB0ADC-7E23-4B1D-B568-E47FF7B3D4F5}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{5B685C0A-3095-483A-8DE1-F539677A7707}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{2C9F2F69-7532-4711-A950-C884E1AFD3F5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{EACA5120-76C3-48CE-AB41-59266A354E0A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{DB45ABD4-20F0-4BC8-BD73-294945142FB8}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (T-online-classic) - :Table (services) - :Uid ("{738B04E5-09F7-44BF-9FEC-AEA0F15B7E9A}") - ) - : (ReferenceObject - :Name (HBCI) - :Table (services) - :Uid ("{336C93F8-5CC2-48BE-9328-2E92F61EFCF1}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{85CAFABE-730E-4DDB-A878-219BD2893B63}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F2D50B88-90A6-4BF1-A0F9-724F4FF20600}") - :ClassName (security_rule) - ) - :action ( - : ("Client Auth" - :AdminInfo ( - :chkpf_uid ("{E7112614-F673-492F-B41A-FA577FB7E844}") - :ClassName (client_authenticate) - :table (setup) - ) - :accept_track (ReferenceObject - :Name (Auth) - :Table (tracks) - :Uid ("{97AEB48A-9AEA-11D5-BD16-0090272CCB30}") - ) - :action (accept) - :clauth_refreshable (false) - :clauth_to_hours (6) - :clauth_to_infinite (false) - :clauth_to_minutes (30) - :clauth_track (ReferenceObject - :Table (tracks) - :Name (Auth) - :Uid ("{97AEB48A-9AEA-11D5-BD16-0090272CCB30}") - ) - :dst_options ("ignore user database") - :enforce_desktop_config (false) - :macro (PASS_CLNTAUTH) - :ruletype ("standard sign on") - :sessions (5) - :sessions_infinite (true) - :signon_method ("manual sign-on") - :src_options ("intersect with user database") - :type (auth_client) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{D9DB10FC-4DA0-4922-B0B0-5F8C87FE0135}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{62EE86DF-01FC-4628-8A25-70D69D61F7A9}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4C8E3C25-1695-4552-858C-90BA25E860CC}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - : (ReferenceObject - :Name (TeamSpeak) - :Table (services) - :Uid ("{D2BBEFB3-8450-4301-9040-2D305887A748}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7049EFF1-4FF7-42B0-B5EE-8F44579C07CB}") - :ClassName (rule_source) - ) - :compound ( - : (Cactus-extern@IsoAAAA-100 - :AdminInfo ( - :chkpf_uid ("{A376F981-E37A-4611-B925-1A141DC89FD8}") - :ClassName (rule_user_group) - ) - :at (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - :color (black) - :type (usrgroup) - ) - ) - :op () - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{1F4E5C97-C290-48AF-84A5-C1A13178FDB7}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{DCDCFD96-219D-49B7-B817-8BB52C598AB8}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3A1A50EC-0F20-4C79-80D7-FDCBEDAF50AF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (t-onlineUpdate) - :Table (network_objects) - :Uid ("{99089D97-0EB3-4CE6-8C78-79BC61ECE307}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{4D0B21D7-8DA0-49D5-9AD2-3F7BBA001C56}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0C60636A-9D3B-44D2-9742-966C92ED77A2}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (https) - :Table (services) - :Uid ("{97AEB443-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C9F5FA9C-6AE5-4A04-B68F-E3CFBE3C1043}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{8D43F752-841E-4B9E-B610-635F7C17D4D9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{7A10F249-7751-407A-A390-A6B878A85D56}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{B42E38C5-299A-4B0E-A7BE-6D87D1206A3C}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (auth1.lhsystems.com) - :Table (network_objects) - :Uid ("{D60E902E-4BE8-43E0-95DC-BFE60E86965F}") - ) - : (ReferenceObject - :Name (LSYI-pptp) - :Table (network_objects) - :Uid ("{DF2F1A45-9938-4006-A550-0421F3DAA3E2}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{42DAAE37-A625-47E5-AC05-72E3E3A9F3FE}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F8D3DE95-02BB-43E8-B759-01E5AE00233C}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (FW1_clntauth_telnet) - :Table (services) - :Uid ("{97AEB38B-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (PPTP) - :Table (services) - :Uid ("{97AEB426-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{B2C3E31C-B79E-49A9-B7A8-2F38E3C21DCF}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{167BC623-43EB-405D-BC29-442298C96DC9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BB10481F-21F5-4244-A6BB-29318E780DF1}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{E9BE5C8E-9CAE-4D88-9235-F5AC9030CF0F}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (mail.light-life.netOld) - :Table (network_objects) - :Uid ("{DF004F13-7986-4569-811C-6EC7391A8764}") - ) - : (ReferenceObject - :Name (mail.light-life.net) - :Table (network_objects) - :Uid ("{C534904C-317E-431D-BF6C-03977CC08203}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{CDBC19FF-C00F-4304-9D1D-B5BBDAA5D15A}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{4BE203D0-3DE8-44FE-B942-E5E26C62E861}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (smtp) - :Table (services) - :Uid ("{97AEB3D9-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (pop-3) - :Table (services) - :Uid ("{97AEB3DB-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{C3E9CE29-9F23-4857-B88F-E9949FAF2D5D}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (speedy2) - :Table (network_objects) - :Uid ("{B4DB2EF5-42D8-41DC-9A1C-33310FDFB184}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{11C81B0A-4266-4801-8858-E4D9AB54A830}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{5E568AEF-0F52-4A93-AFA3-18E73A0D066A}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{366C4CAD-81FB-4025-8D13-601F4A6C8FF7}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text ("Access from Spike & DMZ to Internal") - :install ( - :AdminInfo ( - :chkpf_uid ("{47C0018E-3514-4540-A4EA-659755890D6B}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0073E27C-28E5-4EC1-9A4A-BD686F700281}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{BD3EBBCD-06DF-4313-A347-7097F5105671}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A8A57015-68D5-4341-ADD1-895EC21419DB}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BECC33F6-C362-41A4-BBD3-CBFA34A7C4E8}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{193E4DB4-BE9D-4444-BC95-C04C10D26D25}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - : (ReferenceObject - :Name (gateway.local) - :Table (network_objects) - :Uid ("{7ED7EF12-A13E-4303-8A6E-C6CC28755C80}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{42CD50F6-AA17-4271-B684-DFF6E86E5649}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{0B65BDFF-A77E-498D-8F6D-8B77068701D6}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (rdp) - :Table (services) - :Uid ("{5BA0C83F-8D91-465B-9CF6-7DC6AEB84689}") - ) - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - : (ReferenceObject - :Name (UPS-Monitor) - :Table (services) - :Uid ("{8C8DED7E-F3C9-4964-B9D3-063C23997020}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{5C3E75D6-41C1-4D28-A34C-D9F0C316599F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{5DEBDFAA-F691-4041-8E3A-EAF002F8B690}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{69531784-EAAE-4C1C-B792-86B14F8D015E}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FA61FCF6-FF1E-42C6-B329-B8E23A0EB35D}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{21457A88-FFC3-45C2-A6AD-7ABC8CDD0232}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{7990665E-448A-420C-BF7D-3616ED9ECB53}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (RAdmin-custom) - :Table (services) - :Uid ("{4FB59153-8212-4A12-BC08-0297AA5F0815}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7A4BC3A5-EAB4-4CC3-8F06-5B3681A6A814}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{DC9D47B1-CEB2-43AB-B32E-5BFACD49181F}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{841A245A-0BBC-40D6-AFCD-FC0956945DFB}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{940B351D-CBB3-457B-AA5E-BF8EE4721229}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (daba) - :Table (network_objects) - :Uid ("{94817CDB-EA8C-4213-B38D-F4417EA620C6}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{6F3DCA16-ECC8-4DAE-8729-3D07CD35A492}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{6A906112-E832-480B-98E6-7C88D5768449}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (mysql) - :Table (services) - :Uid ("{08A07607-EAAA-4A45-AD6E-6020770BD519}") - ) - : (ReferenceObject - :Name (ssh_version_2) - :Table (services) - :Uid ("{CD082D9A-44A6-4CEF-A17D-5541029ADFB3}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{124122B3-1A04-4980-AA2E-18B01C4BA2A1}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{B706F7FA-C0AA-41E6-9BE1-99FAA2073339}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{23C4BFFE-0F58-4C89-9AC6-EE8475E30FB2}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{3DEE2329-18AC-4C21-95A5-49D3F42BC058}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (hpux) - :Table (network_objects) - :Uid ("{BF00A847-A0D6-4A75-BE1C-27E7D91EDB55}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{31E7DAD2-17B6-484F-87B3-A9817437F6C3}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{645119AD-FF40-4617-BB77-CE2B7679B804}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (telnet) - :Table (services) - :Uid ("{97AEB3CF-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{A15D212E-0F94-4C31-82C3-83292476F567}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{FFAB5EA6-1C92-49CA-B971-6739815B346B}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{45995732-1869-4EBC-A799-5684F4266AF3}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{9C8B3BB2-5681-413A-855A-C8409935AA08}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (SecOVID_Authserver) - :Table (network_objects) - :Uid ("{DB220C3D-763C-46AB-A7D1-1F9C7C45910E}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{121D0209-7E3D-40C0-AFD1-E5F45BC9728E}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{2EFB1265-AB14-401F-8157-1F4FD814C850}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (NEW-RADIUS) - :Table (services) - :Uid ("{97AEB41E-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{6CA9E964-C64D-470B-B2F5-C8D9481E1309}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - : (ReferenceObject - :Name (ITSecOrg-dev) - :Table (network_objects) - :Uid ("{18122B8C-51F8-4102-B143-72DA4E57367D}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{2B48CB5C-959B-4212-83BA-D0C31C9E81FD}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{23DAD50B-1BFA-4B5A-BD07-91F594590169}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments ("SUS-Access 4 Stichling") - :dst ( - :AdminInfo ( - :chkpf_uid ("{401D98F2-0790-42A8-A27B-4CEF1B409D62}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C607E30B-AD42-4EB9-861C-3E1F17B01A58}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F70D3F8A-F47F-4E46-AC7C-6439659AD77F}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (http) - :Table (services) - :Uid ("{97AEB3D4-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{66A8B48D-384B-47C2-AE14-EFA8C5BD981F}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Cactus10.222.0.1) - :Table (network_objects) - :Uid ("{6CD51061-638B-4B2F-9092-7E1E4A5F0ADD}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A4D7B2E7-4461-41FD-BBFB-F7A4738CE081}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{7BE16ABA-CEF4-4B95-9BC0-8753FE0D3DC5}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :comments (WLAN-DNS) - :dst ( - :AdminInfo ( - :chkpf_uid ("{7E03AA57-58BE-42C9-8861-8395F9879960}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{BC2EEAE6-2829-44CE-99E2-1A86D9EBCE52}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{A109C25F-2754-404D-966B-FA7DB64E670C}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (domain-udp) - :Table (services) - :Uid ("{97AEB3FA-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{612801AE-42D3-4B29-9305-AE3BC60D7C1E}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (wlan-router) - :Table (network_objects) - :Uid ("{426CC3AD-BE7D-45B6-AAAB-22BA0680EE21}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{B63983F0-BF08-44F7-88EA-5DF0FA381C45}") - :ClassName (security_header_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{D47409A0-8070-4258-802B-E234DE03D219}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :disabled (true) - :dst ( - :AdminInfo ( - :chkpf_uid ("{34E31CD9-5F62-46B6-A5A2-2A25A3381BFF}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :header_text (Final-rules) - :install ( - :AdminInfo ( - :chkpf_uid ("{97A07F1F-7C42-469E-8976-4694BEA0C05F}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{AE52657F-1C63-427D-899A-2739B143874D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7D15F5BF-41C8-4674-A2A5-96AC297EB840}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :state (collapsed) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{E079D5BF-271E-4004-B4C5-8372C37B4661}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{EBF89D8A-D923-4469-9179-4209815688BC}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{93E9E478-F918-450E-8D36-280C86415DB8}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{F546BB1C-8E90-4AEA-9C17-188FDA697E98}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{5576A25C-181D-40DB-8978-F8E8B6D19C4E}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (ICMPgute) - :Table (services) - :Uid ("{418C7C0A-956A-41FF-9BC1-5867B2265090}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4B989FE8-BC56-4B8C-BD37-C6050AAC2B28}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{89F7C56B-1A5F-4C4A-BC98-F777664BBEC9}") - :ClassName (security_rule) - ) - :action ( - : (accept - :AdminInfo ( - :chkpf_uid ("{BD3A43B7-179B-4A44-9E8E-BDA3C4D74428}") - :ClassName (accept_action) - :table (setup) - ) - :action () - :macro (RECORD_CONN) - :type (accept) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{787E51C4-3375-4608-A83C-CFF3D08628B5}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{C67E7D9D-F7A6-4B80-AB31-589BDF22583D}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{E732300C-E9E8-4CC7-B0B1-1566947A92A0}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (redirect) - :Table (services) - :Uid ("{97AEB409-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{DB1AE486-D8A3-44F0-AA73-AE22B0BA4A32}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAD) - :Table (network_objects) - :Uid ("{29C40B0A-414C-11D7-AEB8-7F0000013C3C}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{F134ED1C-8FC1-4ED1-9751-39EE88C79BAA}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{619449DF-3B19-42EF-A640-40BF30E1E398}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{F3772580-72F8-47FD-BEEF-64F0C4AE29AC}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{FF327589-E587-4324-B33B-EAEA6BF3D977}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{367A55E3-5596-40A1-A0C9-63CEA70F42C3}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Drop_nologServices) - :Table (services) - :Uid ("{495E1A16-2612-49D9-8F69-B00EB33699E8}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{AFD6C077-CA8E-4C7D-A834-F781B7821B96}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{7067EE72-61D1-4555-9832-8E9279772BCA}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{D06A4524-1DCA-4DD5-BCC2-54EE451C1777}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (None) - :Table (tracks) - :Uid ("{97AEB47D-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{FFD672A3-65E6-4B19-B686-D40AC4299BCD}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Drop_nologDest) - :Table (network_objects) - :Uid ("{79369987-B128-4B3F-827C-3C936F7C3F53}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{0581A769-6452-42CD-9718-F226767D0287}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{F037BEDF-CC8F-4792-9A21-103C9F5C2A51}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{7B4EF795-BE09-45A2-86B9-1CE030756ECB}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{A6F53BCD-748C-4585-B8FB-1DF23129F085}") - :ClassName (security_rule) - ) - :action ( - : (reject - :AdminInfo ( - :chkpf_uid ("{4F089C9B-C148-4A8A-8ED5-38618067B567}") - :ClassName (reject_action) - :table (setup) - ) - :action () - :macro () - :type (reject) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{34CE5F02-44F0-4180-BE48-5CB31E82D728}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{7AD6114F-E8FF-4AE9-BAA8-6B72CA08F552}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{33DEA2EB-F713-400E-96E1-AACE576E28AB}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{4F305BBD-E049-4054-BCEC-A0D4F832CD80}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (CactusDA) - :Table (network_objects) - :Uid ("{69DBB75C-7E6D-49AD-A814-96F1BAFF12F7}") - ) - ) - ) - :rule ( - :AdminInfo ( - :chkpf_uid ("{9CD8CE05-32DB-483A-A44A-0C9131CCA022}") - :ClassName (security_rule) - ) - :action ( - : (drop - :AdminInfo ( - :chkpf_uid ("{ED025D2F-5D51-4310-AEF3-67A075F171EB}") - :ClassName (drop_action) - :table (setup) - ) - :action () - :macro () - :type (drop) - ) - ) - :comments () - :disabled (false) - :global_location (middle) - :through ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :time ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :track ( - : (ReferenceObject - :Name (Log) - :Table (tracks) - :Uid ("{97AEB480-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :dst ( - :AdminInfo ( - :chkpf_uid ("{92629D3F-DD0B-4864-A91A-9809A211E481}") - :ClassName (rule_destination) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :install ( - :AdminInfo ( - :chkpf_uid ("{92064B95-86EE-43B6-9410-C38676F3D964}") - :ClassName (rule_install) - ) - :compound () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :services ( - :AdminInfo ( - :chkpf_uid ("{C0176725-D8C5-412D-A5C3-65BA48662B1D}") - :ClassName (rule_services) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src ( - :AdminInfo ( - :chkpf_uid ("{FB79D7A9-F91C-40F7-8DA7-303B39A7DC33}") - :ClassName (rule_source) - ) - :compound () - :op () - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{795A2E9C-E2BD-4674-AB77-023F50036168}") - :ClassName (address_translation_rule) - ) - :comments () - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (CIFS) - :Table (services) - :Uid ("{2A469820-B502-434C-9340-A377677A6A60}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA_home_test_3) - :Table (network_objects) - :Uid ("{3B37A3DE-4411-4FFC-9E54-3ABC5C4F693B}") - ) - ) - :disabled (true) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{A735AA42-250D-4EA5-B52A-05685A6124C3}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{12B449F6-1F99-4060-BCB0-4A9DB5B463B3}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{55591259-4F5C-498E-BF64-59C9C7E941A1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Cactus_home_test_2) - :Table (network_objects) - :Uid ("{3CB93962-2930-41A7-8067-FC373151BB91}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{BBC0B2D9-0852-4DE8-AFB2-C27B6049C3AE}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-InternetTransfer) - :Table (network_objects) - :Uid ("{408C820D-33A1-4E25-B576-EC826F525DCD}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5DD7A06F-C26F-47A8-AFBC-2649EE40DAAF}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{D9D74C97-AC50-4633-A4BE-AD9DF32ED7B8}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{404CEBC7-55D9-4A9A-98AC-10A264BC9F08}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{795A2E9C-E2BD-4674-AB77-023F50036168}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAADray.local) - :Table (network_objects) - :Uid ("{75EDBC62-7EB1-4D37-8295-684903FDA75A}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (heag_off_upper) - :Table (network_objects) - :Uid ("{A58E3E67-0517-485F-AA04-97A12BC119C3}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5C6895F5-E9DC-4A23-8A54-0DFAB2B7BE72}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{4C474EB4-0463-4982-B6CE-2B5AF7708E63}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{50C50462-F4F4-4619-B04A-5C4DB56D0F6A}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{1D294F6F-03B3-4CAB-B5FF-5CAEB867C8D0}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (LSYI-WWA) - :Table (network_objects) - :Uid ("{3ECB1B79-1A26-41A3-90F9-71BE179A7211}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{8E14CB91-D19B-40A6-8784-8554E1B86BE4}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5E8C8FCF-5707-4638-81A3-B20DFB9C42C9}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{6A960E2C-D9AD-44BC-B3B2-F5F3DC5992DA}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{434891D2-F2AE-4B89-88AD-540EB2A0C83A}") - :ClassName (address_translation_rule) - ) - :comments () - :dst_adtr ( - : (ReferenceObject - :Name (t-online) - :Table (network_objects) - :Uid ("{C3D65C4B-6498-4E00-9BAF-15539231E8EE}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :disabled (true) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{02FA831E-4B9C-4943-9EDA-AEA384241460}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{6DC1B358-0DE4-49CF-B496-D0006744DA88}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{F1DC8420-40C4-4CAE-A612-C9EC4518BBCA}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{4BBFC8B5-8B70-4AE2-BC71-6BCF4B17F7B6}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (spike.local) - :Table (network_objects) - :Uid ("{4ABDD8DE-0DA2-46E5-B129-85E3977CBD18}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{7AA3058F-6816-45D2-A6DE-B54CBB46BD08}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{ED35E27D-FA79-48B3-8AC5-27502A7FDB71}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{800AC60D-FE78-47F3-B9F1-8F8F468708C1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{5CF61260-14E3-42BB-81E6-EBE8EFE8AF4A}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{098ADCE5-568E-4F27-ABF9-682BBE442FE7}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{36B74AF0-631F-40BD-B592-5ED305639070}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{41B82ACB-215E-4320-B02C-A86A08EEEFC9}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{32620515-7BA6-4223-8C0A-83C23601451E}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (scratchy.local) - :Table (network_objects) - :Uid ("{CFABE50C-C1F6-4FF1-8AC3-3161A3779708}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (mg.IsoAAAA-es.com) - :Table (network_objects) - :Uid ("{E5BF8260-3615-4476-B638-53CA3A24FEF1}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{5C1D3DFD-A07D-49DA-B3B5-B6927EC4E8FA}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{D670057B-5491-4A66-93BB-6FA84BA374AC}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{B06D37B0-374A-4D36-847F-360C802BF268}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{44B823A7-B08B-4A9F-BF4E-F895E1BAE762}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-Official) - :Table (network_objects) - :Uid ("{2136B4E8-3ABF-4931-BDB9-12CDF457D4A4}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{F9494163-1D8B-45BE-A547-0786801699CD}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{13C447D5-A284-4282-B584-A1B7ED1DE70C}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{007B4C50-EC16-45E9-8CD5-A3C71764175C}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{05A4371B-C62D-4CE9-AD5F-9818F9D852BE}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (allNet) - :Table (network_objects) - :Uid ("{8C20ECB8-A6DB-4C35-B79A-D12ECE559C77}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{39606C16-F893-466A-9D38-B01857A51FEB}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{19200950-6F5C-4AA2-939A-3CE7D6ACA81D}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{C74080E8-0E7B-4D2E-8FAA-346607D856EC}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_intern) - :Table (network_objects) - :Uid ("{40831AE2-CB84-46D2-9522-F987BC10BDB9}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{D980F7C0-D2FA-4ACA-904E-34D328EF1C19}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (Cactus-Wlan) - :Table (network_objects) - :Uid ("{FFB3BAC5-FD79-4D0B-911A-7413DA524723}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{EA2291B3-5DED-41D9-9AC1-E7E98C8A7157}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{0427645F-6265-4CD1-9E5D-918261EF1A8A}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{DB4F178F-D470-4EB9-BE8D-98EC3DCAA267}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_extern) - :Table (network_objects) - :Uid ("{DB456CE7-0DCA-423F-A5E4-9FA976C0B594}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :rule_adtr ( - :AdminInfo ( - :chkpf_uid ("{770C7861-8D4D-45BD-9A08-6D7412464847}") - :ClassName (address_translation_rule) - ) - :comments () - :disabled (false) - :dst_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :global_location (middle) - :install ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :rule_block_number (1) - :services_adtr ( - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - ) - :src_adtr ( - : (ReferenceObject - :Name (IsoAAAA-100) - :Table (network_objects) - :Uid ("{BF1C6029-8D5D-4A05-A3AD-4B67E6E7A7AA}") - ) - ) - :dst_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{323C02BB-1CA8-4AF0-B778-CE65AB57FDA1}") - :ClassName (translate_static) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :services_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{26E182C6-DB5F-462F-BD1B-8C37735E86F7}") - :ClassName (service_translate) - ) - : (ReferenceObject - :Name (Any) - :Table (globals) - :Uid ("{97AEB369-9AEA-11D5-BD16-0090272CCB30}") - ) - :adtr_method (adtr_method_static) - ) - :src_adtr_translated ( - :AdminInfo ( - :chkpf_uid ("{8FA593D7-47A4-4AAC-BA66-34C93515C7F0}") - :ClassName (translate_hide) - ) - : (ReferenceObject - :Name (IsoAAAD_extern) - :Table (network_objects) - :Uid ("{DB456CE7-0DCA-423F-A5E4-9FA976C0B594}") - ) - :adtr_method (adtr_method_hide) - ) - ) - :use_VPN_communities (false) - ) -) diff --git a/roles/sample-data/files/sample-configs/fortinet_demo/fortigate.cfg b/roles/sample-data/files/sample-configs/fortinet_demo/fortigate.cfg deleted file mode 100644 index 62a2bf0e6..000000000 --- a/roles/sample-data/files/sample-configs/fortinet_demo/fortigate.cfg +++ /dev/null @@ -1,6048 +0,0 @@ -#config-version=FWF60E-5.04-FW-build1111-161216:opmode=0:vdom=0:user=tim -#conf_file_ver=0 -#buildno=5873 -#global_vdom=1 -config system global - set admin-scp enable - set admintimeout 480 - set alias "FGT60D4615073961" - set fgd-alert-subscription advisory latest-threat - set gui-certificates enable - set gui-ipv6 enable - set hostname "fg60e" - set switch-controller enable - set timezone 26 -end -config system accprofile - edit "prof_admin" - set mntgrp read-write - set admingrp read-write - set updategrp read-write - set authgrp read-write - set sysgrp read-write - set netgrp read-write - set loggrp read-write - set routegrp read-write - set fwgrp read-write - set vpngrp read-write - set utmgrp read-write - set endpoint-control-grp read-write - set wifi read-write - next - edit "config_reader" - set comments "read-only" - set mntgrp read - set admingrp read - set updategrp read - set authgrp read - set sysgrp read - set netgrp read - set loggrp read - set routegrp read - set fwgrp read - set vpngrp read - set utmgrp read - set endpoint-control-grp read - set wifi read - next -end -config wireless-controller vap - edit "wlan0" - set vdom "root" - set ssid "wch60e" - set schedule "always" - set passphrase ENC MwT7qzDW4UeSHEbobSoaaK8K4cvCZUKd4HC35zlxyuiWcxmaFlp0H6LzZXpt12dHBW2tLsNl3leiRa71BJNl5SYF2r/qKhItybJJPTo262YEFf2DBgX8HHysA79p49FbjX+UTQJC+CIVVNrVjKi86wBHIoZNyG1jnUWR6Zd5ib1us3iKd6t2liRfoVhLJ5PNSR5FxA== - next - edit "kids-wifi" - set vdom "root" - set max-clients 4 - set ssid "nfm" - set security wpa2-only-personal+captive-portal - set portal-message-override-group "captive-portal-kids-wifi" - set selected-usergroups "Kinder-group" - set security-exempt-list "kids-wifi-exempt-list" - set schedule "always" - set passphrase ENC MnT0ZIwJyRBgfyKIYpgQUbyrPkWPUGMUgzBwwBXrhnZDAfutxqryXfJGfrGZnbOy9cOpCny/wplhCuaHapxxIc4+LROepDNgITwFSq8NeOWfyV5KapLSBa/V6aFJztI609UUVb7dS6HLic9iYYCvrqoUvbd6TXxZ1knElT7lPclyQ6a5j4X2phEjkzHAHf9yP8phNw== - next - edit "gpunkt" - set vdom "root" - set ssid "gpoint" - set security wpa2-only-personal+captive-portal - set selected-usergroups "gastgruppe" - set intra-vap-privacy enable - set schedule "always" - set passphrase ENC DDTtFNHZXJQk9tLy4h0bDUDriEp2araA+JTVqa+E1nEJPgNm2xK0zaCxljEF591wRmcXUBGXjW/zxqsI3wW4Kvr3y2PMwd8GQPWubcSQPNs9jLkITD6guROTxp5Y0U4Muw4NcG7OHgRcHJBP+IMqiG7ToiIzNMqNsHlj6rkWyxU8sR6MyLRcMWSF7+LHQljp1x25xw== - next - edit "GWS" - set vdom "root" - set ssid "GWS" - set intra-vap-privacy enable - set schedule "always" - set passphrase ENC iblG3LP6Qex6jozN/MXDTZCLJZkhv3msWDEEDwfSgwG5o0ScpsxMNFjuTBkHpCX/rMigYgM0KI6KaEeqZQAO0Oddby5TwHdD0aftbwx28DRRcwl6aenEH+F0b4cXpCyfB1Vd9kAGcxZmkla0nRA+0lkeyPg+y1P1qd9TOaIJ4ZhhMtBzLgRXQHHvW63+qXwTYlcmRw== - next -end -config system interface - edit "wan1" - set vdom "root" - set ip 10.0.0.1 255.255.255.255 - set allowaccess ping - set type physical - set scan-botnet-connections block - set role wan - set snmp-index 2 - config ipv6 - set ip6-allowaccess capwap - end - next - edit "wan2" - set vdom "root" - set mode dhcp - set status down - set type physical - set snmp-index 3 - config ipv6 - set ip6-allowaccess capwap - end - next - edit "dmz" - set vdom "root" - set ip 10.0.0.2 255.255.255.255 - set allowaccess ping - set type physical - set scan-botnet-connections block - set description "gameserver lan" - set role dmz - set snmp-index 1 - config ipv6 - set ip6-allowaccess capwap - end - next - edit "internal5" - set vdom "root" - set ip 10.0.0.3 255.255.255.255 - set allowaccess ping https ssh - set type physical - set scan-botnet-connections block - set alias "eltern-keller" - set device-identification enable - set role lan - set snmp-index 5 - next - edit "npu0_vlink0" - set vdom "root" - set type physical - set snmp-index 11 - next - edit "npu0_vlink1" - set vdom "root" - set type physical - set snmp-index 12 - next - edit "modem" - set vdom "root" - set mode pppoe - set type physical - set snmp-index 4 - next - edit "ssl.root" - set vdom "root" - set type tunnel - set alias "SSL VPN interface" - set snmp-index 7 - next - edit "wlan0" - set vdom "root" - set ip 10.0.0.4 255.255.255.255 - set allowaccess ping https ssh fgfm - set type vap-switch - set scan-botnet-connections block - set device-identification enable - set snmp-index 13 - next - edit "kids-wifi" - set vdom "root" - set ip 10.0.0.5 255.255.255.255 - set allowaccess ping - set type vap-switch - set scan-botnet-connections block - set device-identification enable - set snmp-index 14 - next - edit "gpunkt" - set vdom "root" - set ip 10.0.0.6 255.255.255.255 - set type vap-switch - set scan-botnet-connections block - set device-identification enable - set snmp-index 15 - next - edit "internal" - set vdom "root" - set ip 10.0.0.7 255.255.255.255 - set allowaccess ping https ssh http fgfm capwap - set type hard-switch - set scan-botnet-connections block - set device-identification enable - set role lan - set snmp-index 8 - config ipv6 - set ip6-allowaccess capwap - end - next - edit "server-lan2" - set vdom "root" - set ip 10.0.0.8 255.255.255.255 - set allowaccess ping - set type hard-switch - set scan-botnet-connections block - set description "for knappe and printer" - set device-identification enable - set role lan - set snmp-index 6 - config ipv6 - set ip6-allowaccess capwap - end - next - edit "Forticlient-VPN" - set vdom "root" - set ip 10.0.0.9 255.255.255.255 - set type tunnel - set remote-ip 10.0.0.9 - set snmp-index 9 - set interface "wan1" - next - edit "Cactus-DA" - set vdom "root" - set type tunnel - set snmp-index 10 - set interface "wan1" - next - edit "GWS" - set vdom "root" - set ip 10.0.0.10 255.255.255.255 - set allowaccess ping - set type vap-switch - set scan-botnet-connections block - set device-identification enable - set snmp-index 16 - config ipv6 - set ip6-allowaccess ping - end - next -end -config system physical-switch - edit "sw0" - set age-val 0 - next -end -config system virtual-switch - edit "internal" - set physical-switch "sw0" - config port - edit "internal1" - next - edit "internal2" - next - edit "internal3" - next - edit "internal4" - next - end - next - edit "server-lan2" - set physical-switch "sw0" - config port - edit "internal6" - next - edit "internal7" - next - end - next -end -config system password-policy - set status enable - set apply-to admin-password ipsec-preshared-key - set min-lower-case-letter 1 - set min-upper-case-letter 1 - set min-number 1 -end -config system custom-language - edit "en" - set filename "en" - next - edit "fr" - set filename "fr" - next - edit "sp" - set filename "sp" - next - edit "pg" - set filename "pg" - next - edit "x-sjis" - set filename "x-sjis" - next - edit "big5" - set filename "big5" - next - edit "GB2312" - set filename "GB2312" - next - edit "euc-kr" - set filename "euc-kr" - next -end -config system admin - edit "admin" - set accprofile "super_admin" - set vdom "root" - set ssh-public-key1 "" - config dashboard - edit 1 - set column 1 - next - edit 2 - set widget-type licinfo - set column 1 - next - edit 3 - set widget-type jsconsole - set column 1 - next - edit 4 - set widget-type sysres - set column 2 - next - edit 6 - set widget-type alert - set column 2 - set top-n 10 - next - end - set password ENC AK1HBkKGj1Gm/kNrRfKuC6gfgxO9UtB0rq9RXcytAn34EY= - next - edit "tim" - set accprofile "super_admin" - set vdom "root" - config dashboard - edit 2 - set widget-type licinfo - set column 1 - next - edit 4 - set widget-type sysres - set column 1 - next - edit 10 - set widget-type sysop - set column 1 - next - edit 1 - set column 1 - next - edit 6 - set widget-type alert - set column 1 - set top-n 10 - next - edit 9 - set widget-type jsconsole - set column 1 - next - edit 8 - set widget-type tr-history - set column 1 - set interface "wan1" - set refresh enable - next - end - set email-to "tmp@cactus.de" - set password ENC AK1+SCz+Sd9qAuxaPTCowdDopQdGMAclzQeAs8D51/QboY= - next - edit "fmanager" - set accprofile "super_admin" - set vdom "root" - set password ENC SH2l0MdIF/9Zwhx76DxPrsdVXZp9LdIZtdAZ69uBjCmvwQm2WuqWSvujAWF3wo= - next - edit "fworch" - set accprofile "config_reader" - set vdom "root" - set ssh-public-key1 "" - set ssh-public-key2 "" - set ssh-public-key3 "" - set password ENC xxxxxxxx+Cx0dY= - next -end -config system ha - set override disable -end -config system dns - set primary 10.0.0.11 - set secondary 10.0.0.12 - set domain "ffm.cactus.de" -end -config system ddns - edit 1 - set ddns-server FortiGuardDDNS - set ddns-domain "hier.float-zone.com" - set use-public-ip enable - set monitor-interface "wan1" - next -end -config system replacemsg-image - edit "logo_fnet" - set image-type gif - set image-base64 '' - next - edit "logo_fguard_wf" - set image-type gif - set image-base64 '' - next - edit "logo_fw_auth" - set image-type png - set image-base64 '' - next - edit "logo_v2_fnet" - set image-type png - set image-base64 '' - next - edit "logo_v2_fguard_wf" - set image-type png - set image-base64 '' - next - edit "logo_v2_fguard_app" - set image-type png - set image-base64 '' - next -end -config system replacemsg mail "email-block" -end -config system replacemsg mail "email-dlp-subject" -end -config system replacemsg mail "email-dlp-ban" -end -config system replacemsg mail "email-filesize" -end -config system replacemsg mail "partial" -end -config system replacemsg mail "smtp-block" -end -config system replacemsg mail "smtp-filesize" -end -config system replacemsg http "bannedword" -end -config system replacemsg http "url-block" -end -config system replacemsg http "urlfilter-err" -end -config system replacemsg http "infcache-block" -end -config system replacemsg http "http-block" -end -config system replacemsg http "http-filesize" -end -config system replacemsg http "http-dlp-ban" -end -config system replacemsg http "http-archive-block" -end -config system replacemsg http "http-contenttypeblock" -end -config system replacemsg http "https-invalid-cert-block" -end -config system replacemsg http "http-client-block" -end -config system replacemsg http "http-client-filesize" -end -config system replacemsg http "http-client-bannedword" -end -config system replacemsg http "http-post-block" -end -config system replacemsg http "http-client-archive-block" -end -config system replacemsg http "switching-protocols-block" -end -config system replacemsg webproxy "deny" -end -config system replacemsg webproxy "user-limit" -end -config system replacemsg webproxy "auth-challenge" -end -config system replacemsg webproxy "auth-login-fail" -end -config system replacemsg webproxy "auth-authorization-fail" -end -config system replacemsg webproxy "http-err" -end -config system replacemsg webproxy "auth-ip-blackout" -end -config system replacemsg ftp "ftp-dl-blocked" -end -config system replacemsg ftp "ftp-dl-filesize" -end -config system replacemsg ftp "ftp-dl-dlp-ban" -end -config system replacemsg ftp "ftp-explicit-banner" -end -config system replacemsg ftp "ftp-dl-archive-block" -end -config system replacemsg nntp "nntp-dl-blocked" -end -config system replacemsg nntp "nntp-dl-filesize" -end -config system replacemsg nntp "nntp-dlp-subject" -end -config system replacemsg nntp "nntp-dlp-ban" -end -config system replacemsg fortiguard-wf "ftgd-block" -end -config system replacemsg fortiguard-wf "http-err" -end -config system replacemsg fortiguard-wf "ftgd-ovrd" -end -config system replacemsg fortiguard-wf "ftgd-quota" -end -config system replacemsg fortiguard-wf "ftgd-warning" -end -config system replacemsg spam "ipblocklist" -end -config system replacemsg spam "smtp-spam-dnsbl" -end -config system replacemsg spam "smtp-spam-feip" -end -config system replacemsg spam "smtp-spam-helo" -end -config system replacemsg spam "smtp-spam-emailblack" -end -config system replacemsg spam "smtp-spam-mimeheader" -end -config system replacemsg spam "reversedns" -end -config system replacemsg spam "smtp-spam-bannedword" -end -config system replacemsg spam "smtp-spam-ase" -end -config system replacemsg spam "submit" -end -config system replacemsg alertmail "alertmail-virus" -end -config system replacemsg alertmail "alertmail-block" -end -config system replacemsg alertmail "alertmail-nids-event" -end -config system replacemsg alertmail "alertmail-crit-event" -end -config system replacemsg alertmail "alertmail-disk-full" -end -config system replacemsg admin "pre_admin-disclaimer-text" -end -config system replacemsg admin "post_admin-disclaimer-text" -end -config system replacemsg auth "auth-disclaimer-page-1" -end -config system replacemsg auth "auth-disclaimer-page-2" -end -config system replacemsg auth "auth-disclaimer-page-3" -end -config system replacemsg auth "auth-reject-page" -end -config system replacemsg auth "auth-login-page" - set buffer " - - - - - - Firewall Authentication - - - -
    -
    -
    - - - -

    - Papa: Authentication Required -

    -

    - %%QUESTION%% -

    -
    - - - -
    -
    -
    - - - -
    -
    - -
    -
    -
    -
    - -" -end -config system replacemsg auth "auth-login-failed-page" -end -config system replacemsg auth "auth-token-login-page" -end -config system replacemsg auth "auth-token-login-failed-page" -end -config system replacemsg auth "auth-success-msg" -end -config system replacemsg auth "auth-challenge-page" -end -config system replacemsg auth "auth-keepalive-page" -end -config system replacemsg auth "auth-portal-page" -end -config system replacemsg auth "auth-password-page" -end -config system replacemsg auth "auth-fortitoken-page" -end -config system replacemsg auth "auth-next-fortitoken-page" -end -config system replacemsg auth "auth-email-token-page" -end -config system replacemsg auth "auth-sms-token-page" -end -config system replacemsg auth "auth-email-harvesting-page" -end -config system replacemsg auth "auth-email-failed-page" -end -config system replacemsg auth "auth-cert-passwd-page" -end -config system replacemsg auth "auth-guest-print-page" -end -config system replacemsg auth "auth-guest-email-page" -end -config system replacemsg auth "auth-success-page" -end -config system replacemsg auth "auth-block-notification-page" -end -config system replacemsg sslvpn "sslvpn-login" -end -config system replacemsg sslvpn "sslvpn-header" -end -config system replacemsg sslvpn "sslvpn-limit" -end -config system replacemsg sslvpn "hostcheck-error" -end -config system replacemsg ec "endpt-download-portal" -end -config system replacemsg ec "endpt-download-portal-mac" -end -config system replacemsg ec "endpt-download-portal-ios" -end -config system replacemsg ec "endpt-download-portal-aos" -end -config system replacemsg ec "endpt-download-portal-other" -end -config system replacemsg ec "endpt-quarantine-portal" -end -config system replacemsg device-detection-portal "device-detection-failure" -end -config system replacemsg nac-quar "nac-quar-virus" -end -config system replacemsg nac-quar "nac-quar-dos" -end -config system replacemsg nac-quar "nac-quar-ips" -end -config system replacemsg nac-quar "nac-quar-dlp" -end -config system replacemsg nac-quar "nac-quar-admin" -end -config system replacemsg nac-quar "nac-quar-app" -end -config system replacemsg traffic-quota "per-ip-shaper-block" -end -config system replacemsg utm "virus-html" -end -config system replacemsg utm "client-virus-html" -end -config system replacemsg utm "virus-text" -end -config system replacemsg utm "dlp-html" -end -config system replacemsg utm "dlp-text" -end -config system replacemsg utm "appblk-html" -end -config system replacemsg utm "ipsblk-html" -end -config system replacemsg utm "exe-text" -end -config system replacemsg utm "waf-html" -end -config system autoupdate push-update - set status enable -end -config system autoupdate schedule - set time 01:60 -end -config system central-management - set type fortimanager - set serial-number "FMG-VM0000000000" - set fmg "10.0.0.13" -end -config user device-category - edit "android-phone" - next - edit "android-tablet" - next - edit "blackberry-phone" - next - edit "blackberry-playbook" - next - edit "forticam" - next - edit "fortifone" - next - edit "fortinet-device" - next - edit "gaming-console" - next - edit "ip-phone" - next - edit "ipad" - next - edit "iphone" - next - edit "linux-pc" - next - edit "mac" - next - edit "media-streaming" - next - edit "printer" - next - edit "router-nat-device" - next - edit "windows-pc" - next - edit "windows-phone" - next - edit "windows-tablet" - next - edit "other-network-device" - next - edit "collected-emails" - next - edit "all" - next -end -config system cluster-sync -end -config system fortiguard - set sdns-server-ip "10.0.0.14" -end -config ips global - set database extended - set traffic-submit enable - set default-app-cat-mask 18446744073642442751 -end -config ips dbinfo - set version 1 -end -config log syslogd setting - set status enable - set server "10.0.0.15" -end -config system email-server - set reply-to "tim@cactus.de" - set server "gware.cactus.de" - set port 465 - set security smtps -end -config gui console - unset preferences -end -config system session-helper - edit 1 - set name pptp - set protocol 6 - set port 1723 - next - edit 2 - set name h323 - set protocol 6 - set port 1720 - next - edit 3 - set name ras - set protocol 17 - set port 1719 - next - edit 4 - set name tns - set protocol 6 - set port 1521 - next - edit 5 - set name tftp - set protocol 17 - set port 69 - next - edit 6 - set name rtsp - set protocol 6 - set port 554 - next - edit 7 - set name rtsp - set protocol 6 - set port 7070 - next - edit 8 - set name rtsp - set protocol 6 - set port 8554 - next - edit 9 - set name ftp - set protocol 6 - set port 21 - next - edit 10 - set name mms - set protocol 6 - set port 1863 - next - edit 11 - set name pmap - set protocol 6 - set port 111 - next - edit 12 - set name pmap - set protocol 17 - set port 111 - next - edit 13 - set name sip - set protocol 17 - set port 5060 - next - edit 14 - set name dns-udp - set protocol 17 - set port 53 - next - edit 15 - set name rsh - set protocol 6 - set port 514 - next - edit 16 - set name rsh - set protocol 6 - set port 512 - next - edit 17 - set name dcerpc - set protocol 6 - set port 135 - next - edit 18 - set name dcerpc - set protocol 17 - set port 135 - next - edit 19 - set name mgcp - set protocol 17 - set port 2427 - next - edit 20 - set name mgcp - set protocol 17 - set port 2727 - next -end -config system auto-install - set auto-install-config enable - set auto-install-image enable -end -config system console - set mode batch - set output standard -end -config system ntp - set ntpsync enable - set syncinterval 60 -end -config system settings - set inspection-mode flow - set gui-dns-database enable - set gui-dos-policy enable - set gui-local-in-policy enable - set gui-sslvpn-personal-bookmarks enable - set gui-sslvpn-realms enable - set gui-ips enable - set gui-switch-controller disable - set gui-traffic-shaping disable - set gui-wan-load-balancing disable - set gui-domain-ip-reputation enable - set compliance-check enable -end -config system replacemsg-group - edit "web-filter-undefined" - set comment "System Generated" - set group-type utm - next - edit "captive-portal-kids-wifi" - set comment "System Generated" - set group-type auth - config auth - edit "auth-login-page" - set buffer " - - - - - - Firewall Authentication - - - -
    -
    -
    - - - -

    - Papa: bitte anmelden für 2h Internet -

    -

    - %%QUESTION%% -

    -
    - - - -
    -
    -
    - - - -
    -
    - -
    -
    -
    -
    - -" - set header http - set format html - next - end - next -end -config system dhcp server - edit 1 - set dns-service local - set ntp-service default - set default-gateway 10.0.0.7 - set netmask 255.255.255.255 - set interface "internal" - config ip-range - edit 1 - set start-ip 10.0.0.16 - set end-ip 10.0.0.17 - next - end - set timezone-option default - config reserved-address - edit 1 - set ip 10.0.0.16 - set mac c8:2a:14:14:f1:eb - next - edit 2 - set ip 10.0.0.18 - set mac 9c:c7:a6:23:18:58 - next - edit 3 - set mac 3c:bd:d8:fa:d8:d4 - set action assign - set description "Fernseher" - next - edit 4 - set mac 00:24:fe:b9:18:42 - set action assign - set description "10.0.0.19" - next - end - next - edit 2 - set dns-service default - set ntp-service default - set default-gateway 10.0.0.4 - set netmask 255.255.255.255 - set interface "wlan0" - config ip-range - edit 1 - set start-ip 10.0.0.20 - set end-ip 10.0.0.21 - next - end - set timezone-option default - next - edit 3 - set ntp-service default - set default-gateway 10.0.0.5 - set netmask 255.255.255.255 - set interface "kids-wifi" - config ip-range - edit 1 - set start-ip 10.0.0.22 - set end-ip 10.0.0.23 - next - end - set timezone-option default - set dns-server1 10.0.0.24 - next - edit 4 - set dns-service default - set default-gateway 10.0.0.6 - set netmask 255.255.255.255 - set interface "gpunkt" - config ip-range - edit 1 - set start-ip 10.0.0.25 - set end-ip 10.0.0.26 - next - end - set timezone-option default - next - edit 5 - set dns-service default - set ntp-service default - set default-gateway 10.0.0.8 - set netmask 255.255.255.255 - set interface "server-lan2" - config ip-range - edit 1 - set start-ip 10.0.0.27 - set end-ip 10.0.0.28 - next - end - set timezone-option default - next - edit 6 - set dns-service default - set default-gateway 10.0.0.10 - set netmask 255.255.255.255 - set interface "GWS" - config ip-range - edit 1 - set start-ip 10.0.0.29 - set end-ip 10.0.0.30 - next - end - set timezone-option default - next - edit 7 - set dns-service default - set ntp-service default - set default-gateway 10.0.0.3 - set netmask 255.255.255.255 - set interface "internal5" - config ip-range - edit 1 - set start-ip 10.0.0.31 - set end-ip 10.0.0.32 - next - end - set timezone-option default - next -end -config firewall address - edit "SSLVPN_TUNNEL_ADDR1" - set uuid b7647270-5975-51e5-6f5a-65cd955669b6 - set type iprange - set start-ip 10.0.0.33 - set end-ip 10.0.0.34 - next - edit "all" - set uuid 72cdb5ba-d63c-51e5-c303-5835388f9b9a - next - edit "apple" - set uuid b7ce5f8c-5975-51e5-5bc3-0449fdc61391 - set type wildcard-fqdn - set wildcard-fqdn "*.apple.com" - next - edit "dropbox.com" - set uuid b7ced89a-5975-51e5-ea5b-6b089bbeb104 - set type wildcard-fqdn - set wildcard-fqdn "*.dropbox.com" - next - edit "Gotomeeting" - set uuid b7cf43a2-5975-51e5-dc5f-944da5f662b2 - set type wildcard-fqdn - set wildcard-fqdn "*.gotomeeting.com" - next - edit "icloud" - set uuid b7cfbb5c-5975-51e5-be59-10e7bed404b1 - set type wildcard-fqdn - set wildcard-fqdn "*.icloud.com" - next - edit "itunes" - set uuid b7d03244-5975-51e5-aaea-3ca78f34fc64 - set type wildcard-fqdn - set wildcard-fqdn "*itunes.apple.com" - next - edit "android" - set uuid b7d09b94-5975-51e5-806e-e3caa907c2dd - set type wildcard-fqdn - set wildcard-fqdn "*.android.com" - next - edit "skype" - set uuid b7d112e0-5975-51e5-35a3-d3c6055900b5 - set type wildcard-fqdn - set wildcard-fqdn "*.messenger.live.com" - next - edit "swscan.apple.com" - set uuid b7d18a72-5975-51e5-5589-182f772d273c - set type fqdn - set fqdn "swscan.apple.com" - next - edit "update.microsoft.com" - set uuid b7d1f408-5975-51e5-0442-6fd89994de88 - set type fqdn - set fqdn "update.microsoft.com" - next - edit "appstore" - set uuid b7d26c1c-5975-51e5-e889-443c320f8ee7 - set type wildcard-fqdn - set wildcard-fqdn "*.appstore.com" - next - edit "eease" - set uuid b7d2e35e-5975-51e5-9ff8-986220853d7e - set type wildcard-fqdn - set wildcard-fqdn "*.eease.com" - next - edit "google-drive" - set uuid b7d35aa0-5975-51e5-e4fc-f07aa20f53c4 - set type wildcard-fqdn - set wildcard-fqdn "*drive.google.com" - next - edit "google-play" - set uuid b7d3c7b0-5975-51e5-07d2-490a00ed247f - set type fqdn - set fqdn "play.google.com" - next - edit "google-play2" - set uuid b7d43f06-5975-51e5-45aa-3a5031794d4d - set type wildcard-fqdn - set wildcard-fqdn "*.ggpht.com" - next - edit "google-play3" - set uuid b7d4b6ca-5975-51e5-a49c-de545ced1d59 - set type wildcard-fqdn - set wildcard-fqdn "*.books.google.com" - next - edit "microsoft" - set uuid b7d5207e-5975-51e5-3e6b-fb39bc646ae4 - set type wildcard-fqdn - set wildcard-fqdn "*.microsoft.com" - next - edit "adobe" - set uuid b7d5977a-5975-51e5-b7e2-6e8952d82c87 - set type wildcard-fqdn - set wildcard-fqdn "*.adobe.com" - next - edit "Adobe Login" - set uuid b7d60e80-5975-51e5-9ccb-162cd8863fc9 - set type wildcard-fqdn - set wildcard-fqdn "*.adobelogin.com" - next - edit "fortinet" - set uuid b7d685f4-5975-51e5-a4f4-5e14a67b9a1d - set type wildcard-fqdn - set wildcard-fqdn "*.fortinet.com" - next - edit "googleapis.com" - set uuid b7d6f002-5975-51e5-9c23-99858226b9f8 - set type wildcard-fqdn - set wildcard-fqdn "*.googleapis.com" - next - edit "citrix" - set uuid b7d7674e-5975-51e5-3d04-893f33ecea8b - set type wildcard-fqdn - set wildcard-fqdn "*.citrixonline.com" - next - edit "verisign" - set uuid b7d7deb8-5975-51e5-9da3-39752ce8c999 - set type wildcard-fqdn - set wildcard-fqdn "*.verisign.com" - next - edit "Windows update 2" - set uuid b7d84880-5975-51e5-1f81-7f4b3d7a106f - set type wildcard-fqdn - set wildcard-fqdn "*.windowsupdate.com" - next - edit "*.live.com" - set uuid b7d8c076-5975-51e5-5fcd-0dcc80626a45 - set type wildcard-fqdn - set wildcard-fqdn "*.live.com" - next - edit "auth.gfx.ms" - set uuid b7d937c2-5975-51e5-7e01-cd153118d73b - set type fqdn - set fqdn "auth.gfx.ms" - next - edit "autoupdate.opera.com" - set uuid b7d9a1bc-5975-51e5-aebe-4d6e1f702411 - set type fqdn - set fqdn "autoupdate.opera.com" - next - edit "softwareupdate.vmware.com" - set uuid b7da199e-5975-51e5-610a-b85801cb3a41 - set type fqdn - set fqdn "softwareupdate.vmware.com" - next - edit "firefox update server" - set uuid b7da91bc-5975-51e5-ff76-9b8ba864bbc9 - set type wildcard-fqdn - set wildcard-fqdn "aus*.mozilla.org" - next - edit "klaut.cactus.de" - set uuid 80150e34-743b-51e5-321f-e0721eb97511 - set type fqdn - set associated-interface "wan1" - set fqdn "klaut.cactus.de" - next - edit "internal-10.0.0.35_24" - set uuid f0e86136-a9c1-51e5-162a-4ddd2614c9e1 - set subnet 10.0.0.35 255.255.255.255 - next - edit "knappe_10.0.0.15" - set uuid 3f815a8c-a9c2-51e5-52a8-f990f6a6ee9c - set subnet 10.0.0.15 255.255.255.255 - next - edit "tims-macbook" - set uuid 76ca1c2c-aa3f-51e5-e338-6004940e36d1 - set associated-interface "internal" - set subnet 10.0.0.16 255.255.255.255 - next - edit "fritzbox_inet_10.0.0.24" - set uuid aa4c4f1c-bc7c-51e5-cdc6-92416c4f0f96 - set associated-interface "wan1" - set subnet 10.0.0.24 255.255.255.255 - next - edit "wlan_10.0.0.36_24" - set uuid 7d34e11e-bc7d-51e5-4ff4-a8dbfcf4d69d - set associated-interface "internal" - set subnet 10.0.0.36 255.255.255.255 - next - edit "macantha_wlan_10.0.0.37" - set uuid acff38a0-bc81-51e5-fa5d-c38d9414dcc9 - set associated-interface "internal" - set subnet 10.0.0.37 255.255.255.255 - next - edit "fritzbox_oben_nat_10.0.0.18" - set uuid 628f0ddc-bc85-51e5-3066-8de8550bc50b - set associated-interface "internal" - set subnet 10.0.0.18 255.255.255.255 - next - edit "drucker-10.0.0.38" - set uuid 69748926-bc88-51e5-b230-ffb853253374 - set associated-interface "server-lan2" - set subnet 10.0.0.38 255.255.255.255 - next - edit "security.ubuntu.com" - set uuid 1f96dc4e-bcf3-51e5-4cf6-06f71acd88fd - set type fqdn - set associated-interface "wan1" - set fqdn "security.ubuntu.com" - next - edit "de.archive.ubuntu.com" - set uuid 44871eca-bd10-51e5-733c-52c7e5419906 - set type fqdn - set fqdn "de.archive.ubuntu.com" - next - edit "extras.ubuntu.com" - set uuid 8ac0c012-bd10-51e5-c5a7-fc8cd9abba09 - set type fqdn - set associated-interface "wan1" - set fqdn "extras.ubuntu.com" - next - edit "qnap_update_net_10.0.0.39/32" - set uuid 99bd890e-bd2b-51e5-668e-184a9fa02ae4 - set associated-interface "wan1" - set subnet 10.0.0.39 255.255.255.255 - next - edit "www.avm.de" - set uuid e8773fda-bd59-51e5-9feb-d8846d9e9d76 - set type fqdn - set associated-interface "wan1" - set fqdn "www.avm.de" - next - edit "SSl-VPN-10.0.0.40_24" - set uuid 0a8d295c-be1a-51e5-4d4a-e7ff7f94edba - set type iprange - set associated-interface "ssl.root" - set start-ip 10.0.0.40 - set end-ip 10.0.0.41 - next - edit "qnap-update-akamai-10.0.0.42_24" - set uuid 9e1330be-bee6-51e5-4dd2-1a08a875c08f - set associated-interface "wan1" - set subnet 10.0.0.42 255.255.255.255 - next - edit "FG_10.0.0.1" - set uuid f02bb98a-bfa8-51e5-dac7-3e56e1ffe165 - set subnet 10.0.0.1 255.255.255.255 - next - edit "gware.cactus.de_10.0.0.43" - set uuid 201b269e-c1ca-51e5-1e34-7606a8d04098 - set comment "mailserver cactus" - set associated-interface "wan1" - set subnet 10.0.0.43 255.255.255.255 - next - edit "geo-china" - set uuid 2516f030-c204-51e5-9841-1f4a0d2396d7 - set type geography - set associated-interface "wan1" - set country "CN" - next - edit "geo-russia" - set uuid 384a0e76-c204-51e5-05a3-07d31ab3dcb8 - set type geography - set associated-interface "wan1" - set country "RU" - next - edit "fg_internal_10.0.0.7" - set uuid e0650d98-c283-51e5-0279-0c7e5576c87a - set subnet 10.0.0.7 255.255.255.255 - next - edit "LG Fernseher 10.0.0.44" - set uuid d679f9f4-cb5e-51e5-5ec6-6997b7ebd9c4 - set associated-interface "internal" - set subnet 10.0.0.44 255.255.255.255 - next - edit "LG Server 10.0.0.45_24" - set uuid fcb90146-cb5e-51e5-6dae-65477abe574e - set associated-interface "wan1" - set subnet 10.0.0.45 255.255.255.255 - next - edit "google-dns-10.0.0.46" - set uuid 59e13f02-cc1b-51e5-951d-08418456a672 - set associated-interface "wan1" - set subnet 10.0.0.46 255.255.255.255 - next - edit "google-dns-10.0.0.47" - set uuid 62c2caaa-cc1b-51e5-8ee1-d9833983d0fa - set associated-interface "wan1" - set subnet 10.0.0.47 255.255.255.255 - next - edit "opendns_10.0.0.48" - set uuid 518ff984-cdb4-51e5-a65e-a6fbf1dfb098 - set associated-interface "wan1" - set subnet 10.0.0.48 255.255.255.255 - next - edit "broadcast" - set uuid 50c335a0-d09a-51e5-3a94-eba077948081 - set subnet 255.255.255.255 255.255.255.255 - next - edit "valve_10.0.0.49" - set uuid f2de672c-d583-51e5-fff6-ebceb1d50599 - set comment "steam" - set associated-interface "wan1" - set subnet 10.0.0.49 255.255.255.255 - next - edit "valve_10.0.0.50" - set uuid bf3d3b5c-d58b-51e5-4524-7bf9fcb1bb9b - set associated-interface "wan1" - set subnet 10.0.0.50 255.255.255.255 - next - edit "ubuntu-gameserver-10.0.0.51" - set uuid 8b52bd5a-dccd-51e5-8d64-a044e5227624 - set comment "kinder gameserver" - set associated-interface "dmz" - set subnet 10.0.0.51 255.255.255.255 - next - edit "pi_10.0.0.52" - set uuid 914b073a-e218-51e5-a581-faea5587417f - set associated-interface "internal" - set subnet 10.0.0.52 255.255.255.255 - next - edit "wlan_pi_10.0.0.53_24" - set uuid bf3f1222-e235-51e5-88c8-03433bdb0cf2 - set associated-interface "internal" - set subnet 10.0.0.53 255.255.255.255 - next - edit "macantha_at_pi_10.0.0.54" - set uuid b04dffc2-e23e-51e5-4b8d-67cc608d58a5 - set associated-interface "internal" - set subnet 10.0.0.54 255.255.255.255 - next - edit "fb7240_10.0.0.55" - set uuid 7dc2a46c-e852-51e5-84b8-38d00387c72a - set associated-interface "internal" - set subnet 10.0.0.55 255.255.255.255 - next - edit "fritzbox_10.0.0.24_global" - set uuid 8c33963c-0b89-51e6-1241-f0b862831862 - set subnet 10.0.0.24 255.255.255.255 - next - edit "www.cactus.de" - set uuid 11f62ee6-1072-51e6-04aa-7a7606d08773 - set associated-interface "wan1" - set subnet 10.0.0.56 255.255.255.255 - next - edit "gast-wlan-10.0.0.57/32" - set uuid 34991480-3008-51e6-6c11-a6617dbfd69e - set associated-interface "internal" - set subnet 10.0.0.57 255.255.255.255 - next - edit "10.0.0.58_local_subnet_1" - set uuid acee9a08-be0c-51e6-ff4c-d05b94eb2810 - set subnet 10.0.0.35 255.255.255.255 - next - edit "10.0.0.58_remote_subnet_1" - set uuid ad2cbf0e-be0c-51e6-fb9f-d6d0d8c44063 - set subnet 10.0.0.59 255.255.255.255 - next - edit "Cactus-DA_local_subnet_1" - set uuid 8d985a16-be27-51e6-7b4d-a68a60e625af - set subnet 10.0.0.35 255.255.255.255 - next - edit "Cactus-DA_remote_subnet_1" - set uuid 8dadea7a-be27-51e6-06b7-37fa239b17b7 - set subnet 10.0.0.60 255.255.255.255 - next - edit "fwf60-wlan-client-net" - set uuid 7a836eae-be57-51e6-6cd9-57a7bcb8a8ad - set associated-interface "wlan0" - set subnet 10.0.0.61 255.255.255.255 - next - edit "wlan-kids" - set uuid b95fc070-bf0e-51e6-ba04-52463c963ff7 - set associated-interface "kids-wifi" - set subnet 10.0.0.62 255.255.255.255 - next - edit "wifi-kids-wlan-router-ip" - set uuid d80a7804-bfa8-51e6-9012-2be19829673e - set associated-interface "kids-wifi" - set subnet 10.0.0.5 255.255.255.255 - next - edit "wikipedia.org" - set uuid 0018303a-bfad-51e6-3d63-8e86b91e8ce4 - set type fqdn - set comment "for allowing access to wikipedia" - set associated-interface "wan1" - set fqdn "wikipedia.org" - next - edit "google.de" - set uuid 8a9e357c-bfb4-51e6-6ac3-81356d5bb0b5 - set type fqdn - set associated-interface "wan1" - set fqdn "google.de" - next - edit "woehlerschule.de" - set uuid b0128b5a-bfb4-51e6-b707-a0ea0e397828 - set type fqdn - set associated-interface "wan1" - set fqdn "woehlerschule.de" - next - edit "windowsupdate.com" - set uuid e71eadfe-bfb4-51e6-3b29-9df418a8f2bf - set type fqdn - set associated-interface "wan1" - set fqdn "windowsupdate.com" - next - edit "whatsapp.com" - set uuid 10d3e9b6-bfb5-51e6-e599-37b91de688b5 - set type fqdn - set associated-interface "wan1" - set fqdn "whatsapp.com" - next - edit "VPN_local_10.0.0.61" - set uuid 62637d14-c159-51e6-c58c-5f47d2fc035b - set subnet 10.0.0.61 255.255.255.255 - next - edit "VPN_local_10.0.0.63" - set uuid 750b9b40-c159-51e6-0e2c-cae0351e0f4e - set subnet 10.0.0.63 255.255.255.255 - next - edit "net_10.0.0.64_24" - set uuid 7966a47a-c38c-51e6-e4cd-9ef79b13ca72 - set subnet 10.0.0.64 255.255.255.255 - next - edit "vpn-gw-cactus-ffm" - set uuid fcfebd16-f3a9-51e6-9ba2-0a591dd3ff21 - set associated-interface "wan1" - set subnet 10.0.0.65 255.255.255.255 - next - edit "eltern-keller-10.0.0.66_24" - set uuid a36086c4-fa6e-51e6-54c2-7854906b1e8e - set associated-interface "internal5" - set subnet 10.0.0.66 255.255.255.255 - next -end -config firewall multicast-address - edit "all" - set start-ip 10.0.0.67 - set end-ip 10.0.0.68 - next -end -config firewall address6 - edit "SSLVPN_TUNNEL_IPv6_ADDR1" - set uuid b76480a8-5975-51e5-f0d1-b5b0ba854ec4 - set ip6 fdff:ffff::/120 - next - edit "all" - set uuid 72cef204-d63c-51e5-8746-4c0140b699b5 - next - edit "test-ipv6addr" - set uuid ce3a1a84-1065-51e6-fa4a-86517298a194 - set ip6 1::/128 - next - edit "www.cactus.de" - set uuid 2827ec4a-1072-51e6-fd76-346058c066b4 - set ip6 1::3/128 - next -end -config firewall multicast-address6 - edit "all" - set ip6 ff00::/8 - set visibility disable - next -end -config firewall addrgrp - edit "G-google-dns-srv" - set uuid 8c9785c8-cc1b-51e5-dfd9-d129f0df2cf1 - set member "google-dns-10.0.0.47" "google-dns-10.0.0.46" - next - edit "group1test" - set uuid 9510100e-0fa4-51e6-af2b-a73f820b7ef3 - set member "android" "de.archive.ubuntu.com" - set comment "test comment" - next - edit "10.0.0.58_local" - set uuid ad22f6ae-be0c-51e6-f919-40cbf9bfaa1c - set member "10.0.0.58_local_subnet_1" - set comment "VPN: 10.0.0.58 (Created by VPN wizard)" - next - edit "10.0.0.58_remote" - set uuid ad5f2110-be0c-51e6-7669-02c657a3f5ac - set member "10.0.0.58_remote_subnet_1" - set comment "VPN: 10.0.0.58 (Created by VPN wizard)" - next - edit "Cactus-DA_local" - set uuid 8da653fa-be27-51e6-905a-d2c47472178f - set member "Cactus-DA_local_subnet_1" "VPN_local_10.0.0.63" "VPN_local_10.0.0.61" - set comment "VPN: Cactus-DA (Created by VPN wizard)" - next - edit "Cactus-DA_remote" - set uuid 8dbce926-be27-51e6-ce37-835cb6d31f1e - set member "Cactus-DA_remote_subnet_1" - set comment "VPN: Cactus-DA (Created by VPN wizard)" - next - edit "kids-allowed-internet" - set uuid b5c63d9e-bfb4-51e6-c815-aee3bb9739e7 - set member "google.de" "wikipedia.org" "woehlerschule.de" - next -end -config firewall addrgrp6 - edit "ipv6-testgroup" - set uuid d8d64e08-1066-51e6-1721-60ca3eb7141a - set comment "commentar334" - set member "SSLVPN_TUNNEL_IPv6_ADDR1" "test-ipv6addr" - next -end -config firewall service category - edit "General" - set comment "General services." - next - edit "Web Access" - set comment "Web access." - next - edit "File Access" - set comment "File access." - next - edit "Email" - set comment "Email services." - next - edit "Network Services" - set comment "Network services." - next - edit "Authentication" - set comment "Authentication service." - next - edit "Remote Access" - set comment "Remote access." - next - edit "Tunneling" - set comment "Tunneling service." - next - edit "VoIP, Messaging & Other Applications" - set comment "VoIP, messaging, and other applications." - next - edit "Web Proxy" - set comment "Explicit web proxy." - next -end -config firewall service custom - edit "ALL" - set category "General" - set protocol IP - next - edit "DNS" - set category "Network Services" - set tcp-portrange 53 - set udp-portrange 53 - next - edit "HTTP" - set category "Web Access" - set tcp-portrange 80 - next - edit "HTTPS" - set category "Web Access" - set tcp-portrange 443 - next - edit "IMAP" - set category "Email" - set tcp-portrange 143 - next - edit "IMAPS" - set category "Email" - set tcp-portrange 993 - next - edit "LDAP" - set category "Authentication" - set tcp-portrange 389 - next - edit "NTP" - set category "Network Services" - set tcp-portrange 123 - set udp-portrange 123 - next - edit "PING" - set category "Network Services" - set protocol ICMP - set icmptype 8 - unset icmpcode - next - edit "DCE-RPC" - set category "Remote Access" - set tcp-portrange 135 - set udp-portrange 135 - next - edit "POP3" - set category "Email" - set tcp-portrange 110 - next - edit "POP3S" - set category "Email" - set tcp-portrange 995 - next - edit "SAMBA" - set category "File Access" - set tcp-portrange 139 - next - edit "SMTP" - set category "Email" - set tcp-portrange 25 - next - edit "SMTPS" - set category "Email" - set tcp-portrange 465 - next - edit "SSH" - set category "Remote Access" - set tcp-portrange 22 - next - edit "SQUID" - set category "Tunneling" - set tcp-portrange 3128 - next - edit "KERBEROS" - set category "Authentication" - set tcp-portrange 88 464 - set udp-portrange 88 464 - next - edit "LDAP_UDP" - set category "Authentication" - set udp-portrange 389 - next - edit "SMB" - set category "File Access" - set tcp-portrange 445 - next - edit "webproxy" - set explicit-proxy enable - set category "Web Proxy" - set protocol ALL - set tcp-portrange 0-65535:0-65535 - next - edit "ARK-7777-7778-udp" - set comment "ark beta main ports" - set udp-portrange 7777-7778 - next - edit "minecraft-25565" - set tcp-portrange 25565 - next - edit "afp_548_tcp" - set tcp-portrange 548 - next - edit "bittorrent" - set category "General" - set udp-portrange 6881 - next - edit "tcp-8011-to-avm" - set fqdn "www.avm.de" - set tcp-portrange 8011 - next - edit "tcp_40000_up" - set tcp-portrange 40000-40100 - next - edit "tcp_8081_phpfreechat" - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 8081 - next - edit "steam-udp-27000-27050" - set udp-portrange 27000-27050 - next - edit "valve_udp_52626-52627" - set udp-portrange 52626-52627 - next - edit "valve_udp_45993" - set udp-portrange 45993 - next - edit "valve_udp_45433" - set udp-portrange 45433 - next - edit "valve_udp_3478-3480" - set udp-portrange 3478-3480 - next - edit "udp-high-ports" - set comment "1024-65535" - set udp-portrange 1024-65535 - next - edit "ark-udp-32768-65535" - set comment "dynamic port used for user session to ark server" - set color 1 - set udp-portrange 32768-65535 - next - edit "steam-tcp-27015-27020" - set comment "steam update?" - set color 1 - set tcp-portrange 27015-27020 - next - edit "test_service_multi-port" - set comment "test comment1123" - set tcp-portrange 22:1024-65535 143:100-200 22123 - set udp-portrange 68 889 789-891 - next - edit "apple-netscan" - set category "Network Services" - set udp-portrange 192 - next - edit "fortinet-captive-portal-auth" - set tcp-portrange 1003 - next - edit "tcp14013-fb" - set comment "fritzbox parental stuff" - set tcp-portrange 14013 - next - edit "tcp_5357_samsung_printer" - set tcp-portrange 5357 - next - edit "ARK-7777-7778-tcp" - set tcp-portrange 7777-7778 - next -end -config firewall service group - edit "Email Access" - set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" - next - edit "Web Access" - set member "DNS" "HTTP" "HTTPS" - next - edit "Windows AD" - set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" - next - edit "Exchange Server" - set member "DCE-RPC" "DNS" "HTTPS" - next - edit "valve_ports" - set member "valve_udp_3478-3480" "valve_udp_45433" "valve_udp_45993" "valve_udp_52626-52627" - set comment "valve game download plattform" - next -end -config webfilter ftgd-local-cat - edit "custom1" - set id 140 - next - edit "custom2" - set id 141 - next -end -config ips sensor - edit "sniffer-profile" - set comment "Monitor IPS attacks." - config entries - edit 1 - set severity high critical - next - end - next - edit "default" - set comment "Prevent critical attacks." - config entries - edit 2 - set rule 29519 - set status enable - set action block - set rate-count 1000 - set rate-duration 10 - next - edit 3 - set rule 20940 - set status enable - set action block - set rate-count 60 - next - edit 4 - set rule 35662 - set status enable - set action block - set rate-count 200 - set rate-duration 10 - next - edit 5 - set rule 12090 - set status enable - set action block - set rate-count 500 - next - edit 6 - set rule 42016 - set status enable - set action block - set rate-count 35 - set rate-duration 10 - next - edit 7 - set rule 20954 - set status enable - set action block - set rate-count 60 - next - edit 8 - set rule 20946 - set status enable - set action block - set rate-count 60 - set rate-duration 10 - next - edit 9 - set rule 22909 - set status enable - set action block - set rate-count 200 - set rate-duration 10 - next - edit 10 - set rule 17991 - set status enable - set action block - set rate-count 275 - set rate-duration 1 - next - edit 11 - set rule 38273 - set status enable - set action block - set rate-count 20 - set rate-duration 1 - next - edit 12 - set rule 31464 - set status enable - set log disable - set action pass - next - edit 13 - set rule 29707 - set status enable - set log disable - set action pass - next - edit 14 - set rule 31101 - set status enable - set log disable - set action pass - next - edit 15 - set rule 29020 - set status enable - set log disable - set action pass - next - edit 16 - set rule 29695 - set status enable - set log disable - set action pass - next - edit 17 - set rule 31433 - set status enable - set log disable - set action pass - next - edit 18 - set rule 29808 - set status enable - set log disable - set action pass - next - edit 19 - set rule 14558 - set status enable - set log disable - set action pass - next - edit 20 - set rule 29929 - set status enable - set log disable - set action pass - next - edit 21 - set rule 24608 - set status enable - set log disable - set action pass - next - edit 22 - set rule 29651 - set status enable - set log disable - set action pass - next - edit 23 - set rule 32130 - set status enable - set log disable - set action pass - next - edit 24 - set rule 32852 - set status enable - set log disable - set action pass - next - edit 25 - set rule 28070 - set status enable - set log disable - set action pass - next - edit 1 - set severity medium high critical - next - end - next -end -config web-proxy global - set proxy-fqdn "proxy.gelbeshaus" -end -config application list - edit "sniffer-profile" - set comment "Monitor all applications." - unset options - config entries - edit 1 - set action pass - next - end - next - edit "default" - set comment "Monitor all applications." - config entries - edit 1 - set application 17459 17244 - set action pass - set log disable - next - edit 2 - set category 2 19 - next - edit 3 - set category 6 22 - set action pass - next - end - next -end -config application casi profile - edit "default" - set comment "Monitor all applications." - config entries - edit 1 - set action pass - next - end - next - edit "sniffer-profile" - set comment "Monitor all applications." - config entries - edit 1 - set action pass - next - end - next -end -config dlp sensor - edit "sniffer-profile" - set comment "Log a summary of email and web traffic." - set flow-based enable - set summary-proto smtp pop3 imap http-get http-post - next - edit "default" - set comment "Log a summary of email and web traffic." - set summary-proto smtp pop3 imap http-get http-post - next -end -config webfilter urlfilter - edit 1 - set name "default" - config entries - edit 1 - set url "r.adc-srv.net" - set action allow - next - edit 2 - set url "mzstatic.com" - set action allow - next - end - next -end -config log threat-weight - config web - edit 1 - set category 26 - set level high - next - edit 2 - set category 61 - set level high - next - edit 3 - set category 86 - set level high - next - edit 4 - set category 1 - set level medium - next - edit 5 - set category 3 - next - edit 6 - set category 4 - set level medium - next - edit 7 - set category 5 - set level medium - next - edit 8 - set category 6 - set level medium - next - edit 9 - set category 12 - set level high - next - edit 10 - set category 59 - set level high - next - edit 11 - set category 62 - set level medium - next - edit 12 - set category 83 - set level high - next - edit 13 - set category 72 - next - edit 14 - set category 14 - next - end - config application - edit 1 - set category 2 - next - edit 2 - set category 6 - set level medium - next - edit 3 - set category 19 - set level critical - next - end -end -config icap profile - edit "default" - next -end -config vpn certificate ca - edit "CA_Cert_1" - set ca "-----BEGIN CERTIFICATE----- -MIIC0jCCAbqgAwIBAgIEalWQfzANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j -YS5jcC5jYWN0dXMuZGUwHhcNMTUxMjAzMTAzMTI1WhcNMjIxMjAzMTAzMTI1WjAa -MRgwFgYDVQQDEw9jYS5jcC5jYWN0dXMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQCP1TLAqe2zZ3kc5QMQZw0sztoXtGBU7910QdQReiuEDjN+Mlbg -/2COaMPcZH5nhaSib2+R/LNdWhfJvw6zObgrRjhMcWoivOXmnQH52fkPrvJtIBBx -VWvtrI6/M4uU4meOm/4F2JeBA6JAuaLnMAIjF+DPtmABGmn4ntufGUg9Y78QI3cE -22etSR0uNFs13xx1JOtSwY2MjcyPDOedxEyJBR8f1MsMqZhWCUArWkb18VmGhSz1 -EYHya4FYx+o6IBU8ysuFvs8fjUBW+7EYaBbcqLZD9wHCdb+VKxXn+eO+z4IlO+al -XlChLXbZbTRlVp32WoY/ZdhCQuPspmT9vwh7AgMBAAGjIDAeMA8GA1UdEwEB/wQF -MAMBAf8wCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAbBA2jqOIaTQsq -eIUUtpXz5wYlUkfDwlOEhwWlvAlGAnlvYP6f3ZqCMYal4cNgpAUfDI7YHJ4L0Uoy -uhi5Mj5wQ7tVVaNZvNsBc73Q9c5gD2YBmtObO2GVDPqSMR8g4aTSqPb7QDBOO1yI -U3u5H2FlVB1+h/YpRFqm1AdlgdbzlwOvVdH7/5uOB5+DwGK73pZ5mwh2Dkm3fNzk -eRqd3SwmJReK771UWU8tSS6PNzw6WupA+SdLWlRvWiqDkoXB8jkPcOGrWHepYb5D -F3DMYVbmp+ivB465+N8a4BJ06MytEaJAPj0sDM9R88xNPt4ss90AKIEWGKgLb66p -cvJH+/AS ------END CERTIFICATE-----" - set range global - next - edit "CA_Cert_2" - set ca "-----BEGIN CERTIFICATE----- -MIIFtjCCA56gAwIBAgIIbO9Gi4dAwVQwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UE -BhMCREUxDzANBgNVBAgMBkhlc3NlbjEeMBwGA1UECgwVQ2FjdHVzIGVTZWN1cml0 -eSBHbWJIMRUwEwYDVQQDDAxjYS5jYWN0dXMuZGUxGzAZBgkqhkiG9w0BCQEWDGNh -QGNhY3R1cy5kZTAeFw0xNDA5MDgxNTQ1MTlaFw0yOTA5MDQxNTQ1MTlaMHIxCzAJ -BgNVBAYTAkRFMQ8wDQYDVQQIDAZIZXNzZW4xHjAcBgNVBAoMFUNhY3R1cyBlU2Vj -dXJpdHkgR21iSDEVMBMGA1UEAwwMY2EuY2FjdHVzLmRlMRswGQYJKoZIhvcNAQkB -FgxjYUBjYWN0dXMuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDV -KexJ4XeQTxPDNEPMKmu6ahgJIc8BPlCdV9zWskGcgvSxlNY43lOZGBYuu5Kb3y8T -TC/ikGFcHccmC0xaGwpZcxhFyElKgFbKVf8BrjKBgSVoHE7yMDI03NGipxcAZw94 -SX96Ys8QlxpV7xfGVloVMgKxmEZTE6oR2IGmG7JZMDGGs4j773kzkkCgTzgSbp4B -TJsiZFOmL81x7Bf9KCuPT7Yb+OQmo2F8sPHr6ucxW21Z2Xe1WJVmuNoSShlFrwWE -RaMlGt3+Db3NxFQetWIrTrjKbqDJLCXhcK3Rmdy86zBTrPMhscT1lQb3Dvm+YC7a -ZBXnagZhogPeTT7Gx05THTsDZtWoPyFTkgIMvMXy26sBcfq9VnBD/o2kxIi3Aqs9 -0tDgiQAsb/jci4yH7VGJT/TAo10HiBthqEDPYk60ro1w7oniDsxAA3acUaA+R/4F -mJ/BSfIvaRFGwMUCy80/qnxY3IwoVTpeuJysGHG6rbjPkjJUvtmmYTSeF3RmYJnK -fbchO0tc4Ug8VFuK4k2quNvAAR3FJIOxXNbr3I7RKNKMeGtF/HixeM0htylN9euM -0myw1IqsaHrnuNwsNvyfuL9NncdAOwkG/iVdAC+FFDodFWoR0+KlJoAZ801KNf7L -JBp+eStkQsQE5DuvS+Mcf6+BxhNBWuyICPIlUcFEkQIDAQABo1AwTjAdBgNVHQ4E -FgQUfh8NIoEhiLCObeE3WPZ3iUSo6kYwHwYDVR0jBBgwFoAUfh8NIoEhiLCObeE3 -WPZ3iUSo6kYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAsVigHPVq -jc+vipxME7p4GZbHYDaURMBdKRhngvgY9K+04VdP4c8quhgJAZYtTkiWKkl4vB98 -7M8K3vlShJSTqkqJ4Fu7iuotBuircqk+ALGvSOeTdnt4hXf9t0OxjDRY+lCI2dx3 -PH/aa5TMLJ/ZAvHf13o041wLa1pzvDDt7u2RbRy62GqRHXuuA82QAtdYznJ221Rq -QalD7+XORU20jmLW9muS9Khre9IELOnyE+m9XzfttD8bjgGEi/coxBVZ/rYTrvIG -USdQge2vYY3+d3+49vh9tKP/Gd0amiTfs1LyabQtQK9lJviOob4g+/zVbu26Aymy -LZ295T4+uzTYow2+IKRMjnhOVwufqPz5Ooo5ZZ1QgCevSne0392TPveXkGiskIXr -T1e1Pqh2zXBgeHUkbSbJ7/YqrZGqE7mxYc+yGnQAacqxBoMnvLTZVjW9rHkZT6Ad -l57RoG95v0AEAGqcoP9NJ7hidevSYxY6AQ4Fz5ec9kS+qmsXB4kQzk+pYH2dSFv9 -ieM8bSPXYSKRgISS9m2VMItaZ/YQKGdE4OpAaYIAMkfOTrRXdU8cphUnb2/dUwAF -IQisaaSrn+XCkOB1c5kEnFSw/B/HJRPoxIw6gbD3i9cq7YrcAFg54rm/CS6s4CMd -iaqgMESu2NxnaC7tpme/G4lpI63vKtGO1nk= ------END CERTIFICATE-----" - set range global - next -end -config vpn certificate local - edit "Fortinet_CA_SSL" - set password ENC WsTjIWD+q5eqie5SnqV07g6Ut0/KI8al3XS292qN2xd0in3dGS+pks8w+N4MrBW9TitbAuc3q2MHWtfIAKflvwRlnKpwSaaWsJ+lQjDPOZ9dO7Dymzn+wp6JOClcUcQVLDTwBFPFfvYe0UUNIsZBEaNWuEtgyYJrNPDkpR5dP8ETM/2NSykQV7g8D1DxSDsJL23Whg== - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqxPd/BHhF4ECAggA -MBQGCCqGSIb3DQMHBAi5wpLR+Ve1hwSCBMiPBW0sp/HIZpAVX5ITik2mHwlpE+CO -aF6qlaCyWLpI566u/syZgOQ/JRuEDzddyo9vsTILRNCJwlrWFlSFHPrFCql/hrXG -MwbhsCWa/56mqcyyUAY73niPAvcmBNATueHe2RNWDYEJWDTghfQatbaKhhUDKojz -OYv1PDjibFcUNNnyu/26ud9Ad8vzxH/oD0uI3jOadEr9YLubWioFeahel9qidOPi -QDT0fqD8skaRIXSVQrpwLguFrtNANPOBVoRAOiKcWlBRSPuaQ4obfmrL3eAVUr3U -LCMIDBSJfd0v62bMGa9VZFf3XF+7giN9tg7OWV6yGtSdnsnF/6imtnb6bUuGzdUO -Y/8XrWjZE5a5vyQwqTn0kI6wsVLx6JVMthyZkaOXll8F88Qkjuw8h8cmZvIcv6k8 -CrYU41LXezTHDCD3pq8inQVA6VKpdKiKOmsD0qH/wfAGBKdUIfo8p5tmpJrdhA92 -MDJrmjmulvg+CTbb6g3ovuHrJY6hGk0o+RV/bTneNwj2wPMclF/t1tjX7b8pwgoq -zLPuk72UuC6C/4p3MjiMEItCynIOPsALFBSQ9kvnhPXTdXfrh6L8Qn0Tn+FRTpC7 -pNt4hDO4PReUrOtFousswOnuqoV9XiXLppEGrX20soip24TDsLS+W6haiO14T8/h -cR/Uts9Uy/AXeKeH7D6agde4LHPvfpMizRrlDHx3OBQ4aJ7AasTz8vEsyfQ498cV -iy2bMIBp7yUCFzzomu5rrik3QZgoTIDgkKl6O1CUTUlMMeNDJYyAAqSN+9O6VL+b -mLyFNZ9BO3Xth+KWypeqrCDsa/PJi3bhjJ7pIuNgt87av2I/5E9B1kNmkXlloOvk -UpQAoMcwVJuYoqTWtaCxVcMrUr6x+08qiWqh309pp4RLQnCHDshhaCuMQ4YZyD8X -kYp7frX55RAwyXdAyQWk2sT8x74qUWF6aigPSESzFji45UmrgxQMAMm7KRDSxGG2 -xt9OJuDCipCC6CP4dCNQRfT7mzshg6QTGdemJBbNBAqbjukMFbXutmEdtazwh+fX -ZkfNqT29IoceXdb/p3apGO9OZAXzw0Nwzj3UU8iCFu4y9DGQ0LfwovvdGCaCDx7y -LBpMMRhhBQxnuiHHt0WfBOp5Z/bK4KL+4Fgo3oUg29sDI+KBegS7b/s6+7d0201e -IdavbTWLjwzizaAvf9mUvyCZ5HWHzS25QHm6xCSFSUvxOJWl1YJ46CjftFH3c8qv -56gu62Ycsm2h4FojP5ASOKxCEQv3WweDvF1iieeZnm1SWv/1zn2WBo86N8W12hhx -h7dkjfRJ5304w/Tx0wLXGTQ8c8iPclElR5rXfCydnHz8NhTuP689OOx3iEIyJN62 -dsonSsvB7NEWpHSwqcL33iG4FUCqoQrtAhmstxrV+0EQY4ZvWWU8qqATUKS/n/hh -g3sinr8EGWxCDiefJVuR3yc6QkDYCaRFXBorb7uZGJEDadxmqJN2TIg+9g4OY9eQ -v/BbdFjnmuwTPzF6euKW7YAosVM8Dm6hhHOZG2bu9JLIvZ27fsgFKuHUoNHAVg7x -jEs0NdPh8y8QwDkS+ld5ev7sT499jeyJetZC+ZtUj0Db77VmUdBPGPrf7iyY5eqW -op4= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIID4TCCAsmgAwIBAgIDTFGwMA0GCSqGSIb3DQEBCwUAMIGpMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYD -VQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRkw -FwYDVQQDDBBGR1Q2MEQ0NjE1MDczOTYxMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0 -QGZvcnRpbmV0LmNvbTAeFw0xNjAxMzAwNzQ4NTZaFw0yNjAxMzAwNzQ4NTZaMIGp -MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vu -bnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUg -QXV0aG9yaXR5MRkwFwYDVQQDDBBGR1Q2MEQ0NjE1MDczOTYxMSMwIQYJKoZIhvcN -AQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANj9KNZIvtds0RW3A9EaUXjW4HWNKbN0J/zdQVyGID0GNezz9Gnl -wTpCV9o8rXc6g2Us/5ZrXY3tSUU9wkpMs0wSiqbSNutq/Xci2957JEw7Lp7D+MpG -tkkmqxK/ZLGjhHVrYQgzH1p74KK6jqtCvJ9My/vj4t8YHWHVh4fxV3M+/NdgVwRI -7+FqXQHpuHoV5P7/tSMLQts7JEXujeBKO1eFGTNItUoayeWdq9bUM3hdiadHLfdO -SrpudtO2wc4TQ5qvaC/nDzMjBq8tP+t99r8A0veyXbdG2jEtIFNJfg38Kj3fQ/5/ -ZNhtrJ3LgyrbC9bgeKIkQ0Nwr+sHUFmWmlsCAwEAAaMQMA4wDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAzljgZ5CmiIAlNuuFnjCdDDZZTgTobweNxtPl -qVxUWSefR9NeQ/WC9sZVd0+rp1QCfZYJacrISdpwXfROmjALJve8cSS0ovqPw/ZB -XAVsDXfQ55SASIy9fsXOiemJJHSbXG9amZmbwCCcZPeTqZb4gmHnWxrZsJ2hzWh2 -soxsquPagZg+3bvxJQlkl3Gxo1dyTDzzEe46DVTYVPhbADyvFYwooXc4EUMZ+EIA -nz3k3pfXTnITDESWqQa/Vv2xlHuyqYrniwW4oyQyo90syVsDBP5QCsXL7IuwJ771 -LSaT4apGhhgPqvzPi8Pi4kWEcNQKgvARHh2L+oSssVMtzvc0xA== ------END CERTIFICATE-----" - set range global - set source factory - next - edit "Fortinet_CA_Untrusted" - set password ENC PixT+x8i3Z8Mbf9PJ6cXSnP6SZax2wrpiAS37c352bOJk8IJIbC2bpB7WDeR80hibXI9QBmr0lS2m1Dh0oqE5sNZWMzGfHCy99wN/QihFaaobpS3NkTs35xqMcr0zKc6ktdRo2N3+SHjKwUp1wCT3kIBJZ+PDa3uFd6hOlF4MsZg4EiAvY54+9HdPE7fhTsz4Hc9hA== - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIM7p4tJeK7xwCAggA -MBQGCCqGSIb3DQMHBAjtkT/PqvBKmwSCBMiVMM7QB4tdRG9sBcrO+xoEKA+3oLCH -MLHIt2fzm2zp8KHacS6hAAzH6D0kKHmh9aviTPVT3E+gLmeyjJio4OehtuIiWV+f -Cv8eWuqsi1XjuX8QFwZblXRBJeQORLIEWM+Yc1JTN+aGDLpEVrb2eRns6N/vKWmB -4kjgObazsTuDld5vzOZyoScmrXEOBqBVbeYDRFnKjbIDk47hD6p8ufXkdipONgu+ -B3G11CZ6AVguy7ZutJNJW8qJpE4GzX7NBIqcLkDzW5AQl8ncBOP5ya5OsG+MEDQh -3pTBJkNiqpODoeqDQxiUGHWHDSEBtj2tKLC8mGJ7Lyz0s7kzj0cYDPITzYAB9N7t -lTGfoIV4f8Hv6ExoNP+dlkHnwu/ZWK41M/U3ehfHnyqj6rqKtnSB2H5AaEyajn+q -mMCUuEw9o9DMGlYOHfJC6eRYVqrMO8FGNFDQIB0GBka3rOapnb3bsfqIVu1kwyMe -YKWbu+GbAoLBKDcylg1JLdSoWOSnEU3d/VxX9isJOlBQ0IqsjjYesFDDWjfJZinm -OeCY8eg/AKINdBoVOLvmdItDQvD9UAaqMRcL9Zu18hucF57422Mz/x8kBdYKjRdY -7VkXeJEXcM/8niSgzDT/AClPUYM1Oe/k1tMgYiBZ6IB8HpU/AnlN9nl+LgbcRCS1 -ykcxOAVoBySffsKOy5P2jYvkA7j+5iAjX6UuCxt4/XRL0wwBhbdrbrWqVD2svl59 -Ri+8wTChBP9HjWIP+jvO0OJbaWTqy3IBX9Yooo7jY1MIHYf+smxgklmfEwB1jv7Y -+wxH8RE+3YZU7nxpD5Ew12QKAlstMBKr5uj/XPSF3GB8FlnBgrdFKK/OI0copRZX -44ShcPqtTVqg+YQw8/eEhDVZAd5SMEO/K7q2lTi4EI612RyLP1h66JMK46rwv+fU -L4VBsS5h/9NEgB0bp/hVGCStXOadxrhFe7vsVzWhQ1Q0OhWHMwq19qQksrbMvn0v -NyeT+6p++/uUxEbe9IHq1jdEXNLs+hyz0pPccUcGehKbSIdS0pbCK1Z0cerWh6g5 -jyO4ZEYtchcHl/DJyS3BfdiGRWYsb5yD33WSMXhZ+sYecAN5NhN+Bg23j2fF7P25 -fHHAB6VW7XqnqOuVqA2h+4BqrmBz3yzr7DxjvVSncVwd/m4xby1F6tGnSYNvIqeG -8Tyi2x1aqDd2qepjBEqsRjyZsyDoESz4FohBdoufgkHDuG+8GKqjIc040cUnD9NU -umjKpnPAuw7XcHkYHnGI9Sy+RZE+fEp8n4lZ59L/Hi1thIS4aEhvf2lAQaoT3PqV -GLxR0fkOhwIhZXK8ph85SpAHCT2qZy7R+GLLfXqtN1Eb4TCJkPCtDC5etXprkf83 -rV9QopafgoekYHLY+8hRCbzfQ117Q3VphFsL8f7c5q97Tu5h40YkGveML1N+oNdz -0G45JV/i8uOMq8TNdVNacS+VFctyUV4U7LjbU+5MzbYXYQ9UEAEooRUSDHKMtlYh -nmEJ+xzXQyJjEp30/fDvC2mMCRpjQczuL1E3Ta5mbDvEJcjXxRAr1Wv9YZsZjfL1 -NBaJvHOLFITZN7kSa9FOUIna9WfphsDrLyeW72rkdvl1fjaNM46srt+LtlT2g9rT -VPE= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIEHuEGzzANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe -MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz -dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjAxMzAwNzQ5MDNaFw0yNjAxMzAwNzQ5 -MDNaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE -BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm -aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex -IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jqUKDC7Zl7pw+Sq6aYUIzONSsOAd+V4B3rS -WeBoJWu57BiabRwf3eXeNpyFVvKWvUECUNdG92fJJHX9p9yW/+EjMUhwFX85cC1O -b78O/n4Y2N8jr318Wl8GGtdoCSsXVvJuUm3DIF8BexkjSYoIqzPgSAutH+ZaMssx -lw5u328YWq9VTTJCi1jZMkfSIMAdIerJtvnX4gwSLATJ2Z9Ganav/9+/iyzgUiD8 -395z5hCxLh8Kgn23jGV/V3AXZgQ2tBCsZ0dH4YswzFSs9CpMbYOIy57AGUaiMPeo -0/kDOybSHeFfLN2IQXil0kwcYCQX8lCrsA6F9ER5XVuJ5XpDywIDAQABoxAwDjAM -BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAItgnIjTXno8Z8ilLP2+db -e2tAL/mpNjfHIG/Na/Kx+T8Wou3iswP+AapBXx/kD5mPpylGcozHpBD62V7XK/V+ -Grgfa3bhosBof8CZtQyiTdj0+ZCiXbAOlcyoxZTxcfmzCZXAKu0QVCjvbBbAOUf0 -KEVzzIeG5QkS1v5nINqDVxAiEuYS/B1ky4UwgbEQAKNxKypBg+yCczRAY/99RbCu -qt2ikwgMFAhY4esGlb3Eb1UYcqqdweXroWcnPm55v+XeQi6fI05UU3UwUuldAytW -75lX+KFW/+TV6MQPf0SziWET/jB+tOOkhZzqpbJABdXH4NNHAxngKVAE30dFcZAt ------END CERTIFICATE-----" - set range global - set source factory - next - edit "Fortinet_SSL" - set password ENC P9hD2nZ/Kf4eA8aFylZyFOPEZf+fqR6ae3Hsc3fRjws/sicBxq7BozMNlM+Zi9OQQdCrLgqqyvYIo10ksqyiISSrWgCSLwRJEAMrbFy8UiafrgC/34+RtAWcDjCUPcinSEnF7VPunlAfFlOHFjXO+shnweI0GcgSko3M4C0yhd/7W6rEcZePld+oKlHUDoC3HQRz3Q== - set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIy19/6owCFSgCAggA -MBQGCCqGSIb3DQMHBAihRF7XfH0WEASCBMhQQYcF7oZEw1GTvWHYBgnR7MaD/vsX -VjRBDDhaY5Z9F9AN/y7zWrpUau/qkswAGfzirH1eHXBpnTLpc8L5dQvEyddN4Amn -PBXEy6iX3iK6S93bzmgHhaj+CWSGkeoNcwAm20jbWnrN0eUzkZm5eX0s48IeO7Kx -cGHBd5HkqHbIHJR97UYD+L1aTPgIR1V9Ejp7Fd2x29dCkknfKXU4oG2Jw2o4D0dM -tmk0yqSLtTYDfOvlKCIK1GyKfNOOAS0AzPF630wKk3q353dpza6pbDETqaNu4Nt4 -Le3WqiJ2pNwJvAcowoshraOsB6uY1botwoT6bHnYuILLeP6+cMtRJEYi2NoaPhIu -Ga89vPzNdHlge6qSaDmRY+4xpoxXnV0Q0wa2sOWooWcpwH/3LwwkeZn0g3ZbMESs -lUu9x1U3Qcn4eOAzsA66XuvxITSq760hOYtaCmE9vXTIPJOfjnmpo67elwfzavj+ -UWtZ0QHChCu1p9Tt1BA73byrlqLUHIxHU774qh/ObvhkOqfVZGz/g688wvlh8/p4 -5M23HIpf4swOiS/d31iV9r3i7hvEDh86o9LQv3355wnPAYD7v0XzkPwcIy5+YW06 -Yt2qdbITGlrHyDnpDHcK7rorsV0WPATykoOqDOd5cg7vwtM6O90vxNxTaWe/rlEi -3JmltWV4eczW3hNls2MV5dNrlXCT5RZ/g+HmyDiMGdc9se3QAPN2uxJ86Gm6/xN4 -pKfwZ5/RUeD6sJ2p7NOTbz0Yud7j3Vr4DusRoPnwY1on8T9YTMjckodKdDxFUnGr -uzqU1GPiJSLVvvH5Jy9xCSjPGCSnDS/Pq+vR1WBW9ppJ12mBLeYZgQiQpKHplZ2m -NvAKEIzRNtsyawkN9CwnA9koIKpNT4HqOu9k7fT2bgNgLMFpRXolNXtm7C4xOkDm -rKef3PE2jPeZUfEoF8u7gsdZoJ7o22zw8VWmLrkXgesR7fxkydHf/uUXtqooktJZ -PQ+qFXP3EJXPkCcqz/lGO/uvM2w6fOQw4BeEL//+KsqihDXVm+4cr9RpB3nTBCPY -lJM2nylOgQpbuKOAnUuaTT8sfucIXNqk1/6Q6MwTM5W2oPNxMaeYRt7yYWaYk6Uj -tjEPUn0ezv1q/8DcPtVOMOZ5a6y8glw7GAUbs8uDzkfpQMoihW+8wR4Z5N5b+STS -4pzl8NLTl44F730dnPqo1J6wKcx44N5/GiA8FZbGGkWVBMBHRYOvoESbpgiT/X6i -ct735lbWYI864s3uITLl2mBOh8lBp65V/1BZEucJiK3cGLfVOCJUGnT4sF0CNgIL -kWIo/qq2j2YhEQTgV1ob2CXei8PfChmgMCBgolugnQnvXW2yFLL4T/edA5fqkjp6 -I1LM8xWnyTIB37bWfbEzrzCfb+Fq2CShBuVtfWMWp3GwPwbsA349YcNnQhDEqkEy -JOrQog4+rPijaYnOqnyIl9XcyzGs+BISYbHbIYc6FwhfSh4UVCdlbuScQ0fKTvey -na6p8IkAFzReGA61lwTFcsZ+s3ii8u0VTJhJj03NKvwQnDwgWl6tKd95KpNFu+Th -P+r2QY/3JQ0Rvb4hGNLTJ+TPGGmxY+ORPuz1DIiF021hTRtlRGDVqXVOulNNca3I -pYU= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIIDxzCCAq+gAwIBAgIERFx4ojANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU -NjBENDYxNTA3Mzk2MTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j -b20wHhcNMTYwMTMwMDc0OTE1WhcNMjYwMTMwMDc0OTE1WjCBnTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU -NjBENDYxNTA3Mzk2MTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j -b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFNki7okrg0rYLvQd1 -IUaW1cPdlbzkYVrU56xA9S1HeQfb0u7AAoukwP9oL4qWzeQaywF6/XM/6UurtEZ8 -JjKZ9z1NxbfFmWnBQL7U2z8EnBgz/LS57c5sstbHau+c/RxO5fM+Tg3Jo32S1yu+ -ahihH41YLMDOKG2rCrqeW+Tlrp5vyHM9kFT+AGsrCzO1dGBS8cHpBFhiUqk145zD -qP6L5S+bh9ON0b4e2fkDdx2O3fNUmVswwYVSSgKXqrCtKViirWIRQ2ey4uIXqFw9 -FzLRbqUUOq2qYC/vLz7tYig/OYt/GXze5zM/bxKA0ls43s9xPo8NOlvSBD6jRX9g -wDfbAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ9x2m/c -cePINfGCc6KDwpmDQp+2iibM2MLU6HSzZjsEBVhIa1nxWt+Z33IUS5d+ctHVdNUR -WX9U2Q7SB2P/KPSnwigBhgI0bOP8ovS+ZP6r5f2lLGrRrq20GPEO35TQQDocBljg -090Mdu9z/40aaGHk7iyMOd9Q7UrmzEJvN3TNr4A8rLcauakzN4wosi8zxq4l2ks8 -300BViatR52qis0AT8p5mYVO1J7TtWRUp2LgxP25+pEQRH0x8lKrIXTfX5Q3QKh1 -OF7RFW0URqz0mf6lhoXSAaejz6EtgxeAXtz542H7/6HVhjc8eTPpQyilhNrKuNGx -Ho3i2nIZIWJ1RJg= ------END CERTIFICATE-----" - set range global - set source factory - next - edit "Fortinet_CA_SSLProxy" - set password ENC m6TdlpCFptM4uvBmJFUCaH84GImxIEFw/qmpWl4s5Mmv7MmUjDvoCklNhXrd7r9PXe5BzW132Ybn0DllaQO0wsOybVC0JEWU1NTvt+3bwl800779+Gfn9dOj6LdyjbBKcEvB+a4GFSzU0IKShN6lYsku1KPdkMK8X3b3sjW0bj0UwDrXdY81gtzh5It+WVYxD4w7qw== - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBP2rB5RxmaACAggA -MBQGCCqGSIb3DQMHBAjy6HWtzSM4mgSCBMjegRXb2qew1cB3Yzj3VyrE8eMNXBC6 -83qOoI3tOSdYjfSaxGl2AA59PaEM6GslLtj0rC3unjzTk0qiVG2Irv5JGaKrxCJ/ -i4hAcVDEdlrmFSJ3AwULn14Ia6XiPmyy4Hs2gex/LQKBmETKbSpEUu/b0PwJkyqI -V2jJclYWzoPIBGeNU7F1KjYMZu504LiswhxqIHttdye+I9JtmKbCJlRpdln5FMM6 -NOKbc/xby4Wdyyl1bityo85t8UOG9nI9SRHct3GET7sWoiZg2Az65CRvMLS3o5// -3uk9qEatfszUpnmZWTODO23B9g6tCrf57So0LjYE3m4PniW9LYxVWVOiQdqNsVWx -7V8IrscykoxhsdIuhosdFkscsi4wXMWhNopD1gN/cRKCx0yaU0h5fhvSGILuG/Zx -lId7KAIrBnuMHLGdBrhPlIOszghRPPcqiRUGbt1Qr2VkYG3WwYZDvhpdKT67TJid -+zZQOEzr9nhOIcw57xdRUjjcAAINsWa/3cduR1RYWxyyg/xeNHDr5+1SFhL4FPV6 -B9dt7grgTKZ69/1a32ticfh22dhv6FzoeQQqDdOpquvvdOJOScGl/IdO8vZH+2+E -sanwRiFj5eO9tTZkYxU7gY8VY2PLC8FE33yEvxarUj1DE2dV5cUMYXBkslylKwqi -NXHOPinRkDTb9X51tZlbssqbjFUOahcwcR/g1VRjV5AAOEvpsisSYyAx+HDrcPsq -JeGbr5fVhTIQGVMOld4EETsqrSIWQ6gZmFqr7BYXD70OeS8xnFJZ4mfxFHwVB0Gq -6jvvhnB+q/VqMYuohJuo9i7lQPJGcSM824JaEG2sdmt5BJekm5nqybd8KFMuwhzV -CDhDtyaWzZnm6dHqEHnXp7P5ohmb6BRYW0KIEQkwbyB8/pQTmtv6m+Qjb4NiJbl8 -/xcCZS1t/n0MngmQHnOZysQ0yxlEegRCNcHGxaWMJJJ0w3cAldy7VTHMbOqvWAtd -jHrhep6GA6wgqLRYfrY08kZV2wpzaRyIMqE7MKlw3UnOBAVHwMoVtLhDAS89Y+bR -JBwZ7k5in652gAO+bGxnNSkmZJJJRt0Z8ngjKR4Ez6iaicz0NlLE2J4Ku+6LfgI4 -A+nBYzA/6ybntm4PvBLDo9ZPoZfuCKPLmvmywV61FprRNdebhxk8btlTSzeguVng -bMjgyYp791coe9HV00HzETe5EWl8s38DrsSZ7U26oYIoYBolgaFLENdFNJn1i3/j -CkXYaHtVj2BsVMPKu5zqzF83THX6LY+RDGUcQWboO1fbu+L83B7/P4DtLCotHabA -iXO9EP97D4o126nSe9lc0xVg3NQFXk9ngHchEKZabpUDFPY0wPz/GPhL+mtz5zqb -IHZfdvooJ1JLHdLt8tOBOmBhSy5SrpXfQSvx/VmL4+AnSp98a5gGgbIvxsU/5NbQ -zgwT8lCtTtuAZm1oM2O+wkBYnrjR6MpYu7XD9Au9NC++amXdknlCHgTmNJHdFv7S -AN/Uv4BpTUtEm0ZCzTb106sUBSmUOsV6LaoSjvsdql9gyPtFfEnIpf80y1v6TaKX -uqCSIaVPaw+m5QAiAmB1gti2z5RWBS3yJU+W6Ybb7Aw9FWQN7c0YiKjfz/QZhdWk -21o= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIID2jCCAsKgAwIBAgIEDokOXTANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEV -MBMGA1UEAwwMRm9ydGlHYXRlIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZv -cnRpbmV0LmNvbTAeFw0xNTA5MTIxNzQzMjJaFw0yNTA5MTIxNzQzMjJaMIGlMQsw -CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2 -YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0 -aG9yaXR5MRUwEwYDVQQDDAxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 -cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAv1BkGNu1LqeNzbZOYubi6hKstJQgVQuIE1EWsd3luzEnyz6lGefbf65Xad6c -gH4zN17QtDy2JSS9Ccmt8KxQjtdMQeHvFvXXvKEXzfwyIrTrFAbyCp2S42AQ0tHK -+NRaRE/HOjx4kV/vLMqDHgWocuJWPPKfSkKtn1+chn4/sLbuygSXtGjDsiFd+wSu -MnLrpEPSOEVQtU3M5HZZKDdT7HG1sP7gnHsg/kHr1+8PXna6rKktBq59geCu0XCd -uNSFM+wU954dKrYS21XO3fyHLIy6tHP+P3+qg6/dmHjX8LXRBTJX2eRirq+NLSis -tG7ZZeIHGv9SVl1B0yk8HbK0IwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBBQUAA4IBAQAOQdcBqZlQ9QabxwRK56bFfy8Kyv9MStkFrMG/bqaXEeTY -AIcDOZidGihTjH127kGOIA4Rl6dzC/ck1z8ylqRhMi0MkX8VdyY1vxFAKmu8buN/ -HhQA0fJptGDaYScGFDb0wOnyoo80dwosaZvXVrvl4WLbDek4et/knhe8TohsqfuZ -sEwh4uatiemQWFjPcqRJSa3UiJjQGqr9ufbP8dsGT8kCsoZPED/H9Ot1P6RFrZiC -wsfiXWX2XWPSft594qnv349oPjzyLmQh1E4BWVIhMqk92k73abZszG0fGFrEY2i+ -HG/8qCkgnGAbA3rZuQGd6ElRa+cET73+VNemXabr ------END CERTIFICATE-----" - set range global - next - edit "Fortinet_SSLProxy" - set password ENC zDbw3CZpYvJ5oI2l88MhOicytFx8v01Trhs6qpH+pnN89BPNcTSLRnJVJQopwi00yYka/1qr0+52h2mTRovzpAp7ucZdMnOe0HKcnW3t6+JzilkuU6b+N301JVmQ5EWc6wb6ai4DH8J8a7s5rat+GsXcENbnfAFrD7+LRvj9GGsJBsy+YO6g3zf1mpQrZM3nz/AaSA== - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIi5rGNa43QmACAggA -MBQGCCqGSIb3DQMHBAh7pmECUoPrCASCBMhPH0QROOPNoVhjSMmYrLt+zm3oW2Jh -QpyoO/w8jV1r4GY0qFI0dp+T6ZyfBqwMl3jdSqjSgghb1tlKsFcr1dQ4NdKGYt6v -RCT02+S0TxD94JPcyPlEK4FjkBdE3bXII9nxTGTXg3Nkbam90cUYOw6JW84BkxUH -Q72jksM95VpFfNz+ib0X4yyBy39wFxdQHic+uU36nRf0qf5E9ndTUO8vNHNP9Pow -vnXZLIp4Qpv9DnTMjwCIwfU1iIP+2fNXd6BWHYbIsmnlkIYgJi3KOgwN5c7L6wmA -nzZwo15lX5ivvgyryzVdmzCboDfb50Bk3kLVLRn1b0uppFqYA8Gfild5Rl70m+wC -N5btmNZ2PRdW8eRsPGRXbTyoEZacYeFPT/fNMUUJFKo3EEOgVKMIczaKrdARd4jX -FcnZP20W7ThR7AlZsHeooiM2/PRIx53eRtRohfXFCT+D0QZ4iTXx5CPPCKsvHTrX -ZFg9s7zYXtEIcGe0n3SUe7Xz8e7zngBQPub21LtpF6pH8kRFOnrUCR3yr0W+5B/O -nz2S8s6yieWckEiyODP3V2jELVoczzAlI4lWxsF8Iu5JG5qVOawH+ruUxFZp9Q80 -8AsT4geaYO+IBNcCTXescp7RxoQIc2n3BxC+GteZ0SEbjAFiIqSlEhh6Bn/fPgib -iiXeeiwL2ypvPb6NWmS3lFNnruX0g6pAUNRrPLkXqIP1g+gE479wWYzFRoJG2W+r -BWxcn3w5B+MlURQfejCbGPBw4z1CqgmgHqhsXIimyNtG5yORaXHQjjssHOiZKujA -bwjUtavydZLeoSQAurIoUUqOPSDMQ6Ijuc+nnpGyEIyr/9ryDaqMBH0zAaDn05sb -PhSHlYNlSboD0onPIQ4Yle6IBTH8ORsZuzhb7GJzNku3dYY70iXl3FcIdZy6LDbV -TVdWEiKCU5CR1z3t2LE/+J6jsLhLmxlAYEo9DsMWiAP4nAnfuDKoRCSKDkavxCNK -LjAe3vPsLz01BuL4/9r8yfjAWwyJrto939RMHprzIyocXcJPCVUajc5g9ylbFoiT -DPr8Wb/26kAazKQj+2zBhgQO/aJiwp/Iw+mK6smm9ifIvhi1vTeYa/sTkOElCz2o -Vf5Rzdp0L48jmpVkEWQpwkd6RRclyQDUtrE81C+ok6XHqZ0TSww1rr8Mxx+aAWT1 -cvP4bp0nymK+xrGN2TgbfW/SCVoYeH6MxWnn6VfnazR/mbnFzg2ULm4lYnNUoLxV -0Br/rqlufMzIa0owGzPtDhb497PBiBvhvHjE5IkPUic88c285BKuvX9GbrbH2EiQ -ZNEYJQ5CkJWTW1m5tBINzO30fMpC/oqpojdmSEKZ1wP/Aq1T+caEZn0QDe9qN6Tu -oWemDalTfXt947fUCC2vpNAE4+zt8AiinqevO0zgtsEcwAzKpUmwFXI90wEyMjsk -LphgMJE04zCgLS7YWSw0snAgAhv00ucCKGUNhC78Uk1hL2h4KB64aaKNl7GwfjnQ -y3XpNGjOKWJDMCGmN9w50mWo+28gu2CCiVE2aY8wp5oUzH4MlyprbsefJJLFugDi -zDe0xJ/InvTYUXrM2E0ukyTTaBBT4IGz2pLoTTlKZxNUcdhWLXfIvd5FjiuJ9MTr -B8w= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIIDxzCCAq+gAwIBAgIEHLWG5zANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y -dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j -b20wHhcNMTUwOTEyMTc0MzMxWhcNMjUwOTEyMTc0MzMxWjCBnTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G -A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y -dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j -b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbdA1aeDvH1lx+81bi -oBn5s4J0w95jAKCt+E1BsFnFMEO4uXpbN9RC49OU277X0an5o0oCbZ1kERp/23Qs -VkAGX6Y8rjzWCHc+Uuw/2b3WdjEqcQnDbIEQnl9N57F4EAc/wX60BN08jng5n8lW -SYZbgECdCq6frFdRGCa1oHKd8fHgyzEC0lcsLJnSu+A51oINfcqV3Ggsl/sgZahC -mP4L8OkHbcpD+mJio+8bZ+DG490+oPaN05WSPQ3kjw6B50f3yrXSYsjPoLBlOlah -GSz3bXZc7uZZyBPXsd/CaA5ivEPUNmh9HNq6alu3rjM1UPB1VfuMhRS2TOJ/ljpt -/LUDAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBABJetvs4 -hk44A5rCbg6Cq3l+Vf+dxgqDTyC2Yt3TMIW8RQYqYDDvRJIGND4G12cmuE6w4mxB -GcS7K+nCcFk/fvSnHc7Ec0RSxUoDqiOlspAi3NNcyCw/dekOXIjnEdgSY8gNt+eS -lAw65pjSBBbUpLYXQEEpx7oxQZv2Sv/LopdLu6mJ4a3xOS7jYMFf6ienb9upxKzz -xTptBUNelN30G4YDFMUQANVZ+o6MyjaJIo7RgpuJb1HQwTcb+hANK2SIzHxcok3B -3I6ndjJ4xZwYROIYcVv9MKMYj47XTqVdVJNncrU1M9u4fjCVuVB5wTTgzdr5XJ8I -qJsp2d+xby5kqc0= ------END CERTIFICATE-----" - set range global - next - edit "fg60d.ffm.cactus.de" - set password ENC oe4jR7h4vdsf42sgI0Tp9Zir68hqWLA4CQg1jxrqJzyusHNY6+KQSz5S5ZkFKLeNyLWtPWIdHw1F64Q0GPfuqIa3X1T3vhgYAeU6KUHddMAoO2gYPJyIS9r9BZpVIk/xnvK9OTJ9hldHKic+Fj3pO/Wjuy1fYtsV3XkTigDDDDr417+hH8xPuYi7xpZL4gomRzPSUw== - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIhSBPRUCeXD8CAggA -MBQGCCqGSIb3DQMHBAieKjGDjC24iwSCCUhmUuR1rCvczjIuyDBVgdAifltipnPF -DXD446RtwywSFws1jYSDMXNRx4E73TWPJxR7LD5wME6fXhiDCu2Js/qJS/FefAnh -GKkg02UwQs/pewvyEq1SXCjdXBHapBGi+sSuACpvS833bJi8qxeB9PWKhqwrvyyt -LRyToZjcnOYtjwN8NCTUr2vG68MZ+Hp2k8DsffQEr2k6dteFtMaNHJj86l0frYhA -2JIEhFHo9qPjlK1nvSoojUdPQy0CWSZPOscwOXMCGmvy++RxmqqDOwLHO3CKToTg -BRsnDUTckS2S7pos5CXilLv294yzGcxywvR5urTvp10IXE5ssrgfKE0yll+XquKZ -7Qhni1Mqear5oLKF/iZFEgSICJT13wfzmWvFY9motGAu/Hr4/izFS2Lcd1nIRZua -1JaTdqJnOOiBlmjdAEfV3uE2RfioqBWvEp1NJB1WkNx+lCXfGpVyiIVuoFSKkmQz -sPIcuHPnE2F1nxPiZEsziHCYD+V1mwMsW5CNr8Hs+Saw/nsqKWzk+iHRC9FAzvtN -T1zrJ6aBx3efOHHs/ZU+7smwVZA46nbqEk/gVTND+1f8jfDUIdn0RQRkLv0ENT4I -tRFPLP0oi/IM3bNLUPPwSrSVTt1fuFxP0C62z9md/cBT8hOjHmMMrdn8kf0BsGXU -1XLgNIhOIr82cBxxZ2hwBg0zXo5fDHR+1ytC/Ox72zLmIT79uC+1vWeugPr/gm5P -zHMPnlv97XBJqOrvQbYODp1GWcHx9brUmD3665AhcGaCtfBJhd0bZjS/Ze+QyCwe -CLEY6LKXkgPbgNkNR43iJFmB7LY04/3JQ4PNLAz+LJCv925aPQMGXZzgzWR7me3q -Fvcbrrb6u3IO8LSQ1ojJCltG/WEM/pLV1g0mktflCtoH7sgToMRMNCYSf8WU9b/b -B5LI9Or3jpYdJklUM7rKGXq0vi2to6K8nJi/DFKaPDq0iXv7QSY8YgT+wzNO4Ejv -GdbAIEWwWVftjs8GoihYsnBqzcqvxcP7WWhK1hQ/k1/kihcvtlsecp3zWXFg8heb -8Dn5xreMui0oe4/sKAw/57HJjxByW7FxlIKszaLxYGqZ8eRrLVJKSkssYd55pdV+ -gzz04cIgK5z09DxdDFI7DCS2CAilhPiDnHyLjD0ts3wOPAJvtO0Bvq2Xqodu+FMa -RqCcdtFBWTuY60jPcsgOnsp7iMmzjcCL7CALJvapybBoCHyGL51n1o/Yg4NbMGAA -ZatThpB3egw3G4sV95tPE+rjrDbxgdfjUDeDkBZl8gUanSBuOZpiJ4rLrut2qsgw -xREN/W9rTm51TWjOmBmxLJU2Z3ym+IArURQNoYM1MN1DpROY5sWf42HXNIhad2Zf -fnhWfai+LpvIy/mYuvGB+6So/+2DiGha7ltmXiUTkDgsM/ir8WbJ4kWpRzjQ5kIn -F/TCUTRF580zMqJXh/fKLCXnncgkxBE5YwO/xUuvgszsstcsgT50qB8oPw/12M5F -Ncnd7NBJvQulM9MD2fnx0eyAnYSp9mw7BlDFTNpXL/QLaG5p3t++Lnr+rJ+rwGL2 -EuFdcN/q9RL3kWGICWtGBRJN1H4dGXlGelnqIKbkgNH/80koV32yjdXPgdgqs0R3 -RZNbxazskfgeyAT6hOkNNxv+C0bG+JNY6PNveV1q5kzy/KsHV//l4V6iN1VbiZEu -T/TPR81RgbiJScfOjQ+L3EsyAvLJW5kVnTWsChfFnJyIPHboYG6K32C7KcKDLNB6 -3fKNfgOLieFhfmc5gIBE85C0QX5Z7q5vz8VqjHx8Z2P43PrA0ujWPUl0BOt2Bfj4 -+nbDTj4p+Tu4sjHTLJO+3LlzHxUQu+G75KdgNsOsPI6hO+WUPNaSvF9HoG/eWpJN -0RiBxg62LdRauoeFBt78QN8qW84c+gnxk/QUkjbon02hTL+1MSjZIt11bdrXXbBP -djgFquzulwoCJDBOWbZyVkZ+tHhrMm43CLCh3sBqy8Va23B7nLoc5yvXZ8KoPLCM -wk4Fxc9eWE7ZRo7gUolIcj38UDcRvyRa1rMc5SZP+3JaY/QhDD5id4kwToW+TVSP -ayDCrY1L+PjjZIWKMNbd+D19ndLJOhs2f2KvzQCDZ+Q4t+KkJqF3ULqmV+yICVzS -xUEZUJMMRItpPh5VCSnPYusXUo2ycYNwH1kcjXuAU3jJcOmVwRidr6FA9UshG0hH -F6Wxrtqpw0onTm0HEvtQd/LkjhplNpriZW40w+T79ytXWdLgTQzIeFrQtNXm/Lfc -uCWsnPbDtMcD+7icAZhubikaCfgkVdtVFQWcm0e1C353ZAsFZKD0NTe67QqoLcaL -3uke+dt1ysuGHXD75zqIfFrZUuT45ICKprOotL9tLM6cBLHZ5NONTBIsOAJ/2XvT -tjNAU3PQeQGaE9LTab5RWXZ7Lpjd1lU9kpdFhOIE7rA/b8GsD3N/7Q3AnRtZ/hIl -FYWAaMKsrbZBksYXVfUcCJ3CHU9Fo2bD/hA4ClGNo1pdfyf/yLchBUj4vCOKeILD -NP/8vIu4+B6MoNou98n1lMfFpmj1yalJ6NHB/vba5gXlzWHGJ+QUaYS4PNr9Z8gB -8SAckgAwb4wbi9yiQ+vJWBc/1EgDHqhZUm6RHWsNy3YphBqllRTLJbB6bSdS1lvn -+42jUWYxA7Z5droRfdXdPSwYNsODyHkyFlfDDWw+o9PeFcDZdXmdr8s5k+IXUUIW -KSlLdKMdKznYsOmcv0vRb0AhaWniOnyRC5SAl+AoKVPJrcQbF+8t9atgy9ldp2mq -5M51FXoHoQuLf6orQtMBiycoZ/Jgv60/aNZEdkE2kVltLYY2C+9xhBtzQAC93kg4 -Rq4Ao8LSocARl4zjl7i3/STozQLkzSisIPxioPcnIJMIMWnXpBrXiHg49TPBZ+SP -clDht7aoXAtA12P32ITNG4Kdh+fO4E7XlcGizTHO0Rtg7vjnkqcfFsKoG4R75Wyg -xztcgrlYLov5l/0XDh0O1baTaDtJHN0QswOI658/IlGTrnouZsvpxejAKM64yPcL -dH5bm2GOuduptwXnKYiZNgbUu/U+/Y4eMxrfykMH/GuK4Q/FaF/2sxhI0rNX8BxO -F9e9j2rZjOnF/SjB+k+Ph5OTQEYT6Wb3Oi6UQgoo8Wtqxs4DoiuqsExUgo0EePku -hNc= ------END ENCRYPTED PRIVATE KEY-----" - set certificate "-----BEGIN CERTIFICATE----- -MIIGGjCCBAKgAwIBAgIIbO9Gi4dAwWIwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UE -BhMCREUxDzANBgNVBAgMBkhlc3NlbjEeMBwGA1UECgwVQ2FjdHVzIGVTZWN1cml0 -eSBHbWJIMRUwEwYDVQQDDAxjYS5jYWN0dXMuZGUxGzAZBgkqhkiG9w0BCQEWDGNh -QGNhY3R1cy5kZTAeFw0xNjAxMjkyMzQ2MTFaFw0xOTAxMjgyMzQ2MTFaMIGVMQsw -CQYDVQQGEwJERTEPMA0GA1UECAwGSGVzc2VuMRowGAYDVQQHDBFGcmFua2Z1cnQg -YS4gTWFpbjEeMBwGA1UECgwVQ2FjdHVzIGVTZWN1cml0eSBHbWJIMRwwGgYDVQQD -DBNmZzYwZC5mZm0uY2FjdHVzLmRlMRswGQYJKoZIhvcNAQkBFgxjYUBjYWN0dXMu -ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLPrjx1WlQ0v0thXjd -r92CCAfO/3GTr3O/NM4gAwSQil1Qd/lP6/t09wZk3Jwsw7uqCyRRmHF7xb2zH7VL -rvAKjWKjuuw5oT/ze1yPqubMf9ONcyx7jW2m+GycpokqjiYs7sIxELaHRoiwtS2w -jzq/Sc4OrEMZROUPhn7FQ6nhaxd88CN7D0TzRgg1A4O8/snyNNuKc25UYQtQmH4h -tIKqwoVSET1m3tHD7w/gKgcx1P7mW3dmTYJJ4HkIeHqC8QjixEl/v0vZw4acTFps -o49QyDENn9X3rZs9fOlKr+79a8/kURDjzeE/6a8GvmfY7tw1yq7zHmbBhCBCVME3 -ZtIW00aEfUFoJwPFM3ZJRTDUXwW9vPLl74QzSCE0CjDdIrNnoH2J5CzdMcKQbzmx -4MWOJ3ilwTxHq1mzaIa/5vTjowzWN6tN8udERaWJf88Z3T/7TKqoI/KLxdR387/Y -EmtHnXlg4wcFqEtF+9d41t6Ks1etMWAA4xzynda9oltWcD39otrsPGSVyxQJ8soV -jq5sltk+guvm153QviXcBPxXE3Fm6XGYxwUihna0xrDXWD74gZ8d2ofd2RitMqxe -vMX3HJbkWxUYnWGNPPboa/J9780BlKVREGQyuoeXZP3MUZi+uKKXC2sqqoxbPlAr -gwRCHBGmqbgSxH3enFC3UK63PQIDAQABo4GPMIGMMAkGA1UdEwQCMAAwEQYJYIZI -AYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT -ZXJ2ZXIgQ2VydGlmaWNhdGUwKgYDVR0lBCMwIQYIKwYBBQUHAwEGCWCGSAGG+EIE -AQYKKwYBBAGCNwoDAzALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAG5d -PzEgwm4oyrFemE0FYsL9YBZ0wVSpTcbDAcgozD2huudaZDop1MVAN4rf2onRQNOA -WooQOk3cufG4CbRg+I3LLCqUJnVgsADx4SwdFXaKucu214I1UvmGRTItFMgXNLLT -ONGPyDe/BObYNrt2UZqqRGrJV/1ZXzFjF8U0AoORm4c5ueT99NhbHdcZRQ+WCgrs -Q7HWfjIgYXiaIr7gMiBMJBbVOwgIuuaC2dTv7uAtbPKWOM3rowOOv7GxupJFhtnv -AnLcwV8jHFnmVO5CqLFF6NnkaSppnaTK1yvjHM/S2JoMyUtKw7SrjYvnDd+mZwuD -incaKq0XduuraKEDmuBvWg2zgg0tr1niVJu16R2mwPJN+0jF5Q3upcQsDPM8NOOh -mnzPYTbdJI+oda0zo1mdYgmzTPnxLD11YHMTjDgO/RdRLojB5L2i5BgpZ0LpeHat -b9M4iiGDCWIC8JmYdYrQCh5gQDALGwb4lX1bonzlrYJU72yG6cL82gi1HsHgzOeF -EYQ6htRZ7Z1rUelsF+mqPyu6Y3KtsJVqjMoyY7ROto4PwN+Gv69E3P8tmRZrBa9Y -HeOEbOGxUir/NYxDHw5RIwX+DJ0LwGM1HUkRPFtORDwgv9L5Uj7qACYa6mSDhmfm -BcUdOQYaR10psPNtFd9LT7HY72JyCy33BtWsD5gq ------END CERTIFICATE-----" - set range global - next - edit "tim-4tinet-ssl1" - set password ENC eZUz9j9Nvu0I2FNWAZ9K8h8cKAmKia6ghWsWMfdeBX/JMLUwQD+9C8cNPGJqjkH2Fk8F2DiceIXDm7vfNXQ7CmB5j9mINol7qscJJwEiBub3bfWU9lNkcpsYIwXbmzkI6D43HOky0IQ5uO3OmbWhxDpNO6kVeV+3h/mHEQdbzACUoP81APPxPZl8C35Sm4Cf73NKzg== - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuHyL33KIHU8CAggA -MBQGCCqGSIb3DQMHBAirZnW2LXL5WASCBMgKsGd5Gvf0Weeo8yuMQsOEuaawcXj6 -RLkNRqlT48NYcTG6zD97tGhtI1shPnXNq/KqNHVMPoF9QQbyw5/iXdYCrlZT6e0e -g+/UfiaMWwSfloiuF8Yz+MWxNSiUoEt857Dz2PTeib8ERMuxdXKHrLizHPWMxbKT -KCuvUlHCecNi0yDQ9eFd9qVb1fZdqybiDHvdxres4Ikl+wW4sA90kqRRbJBZu66x -bwhjqAFWjHOC+d6FLapqorXx3eCtarjmTDQN5G6m41HY74atWpcdOfS9Z9ZdMvR4 -52fKnfvOuzMccmnJaGXBZlh/aELbgYObtHVBLMvcT3yVAs/yXA5ltUzTaGkO56DY -5ANZ/g2UPzhd6nuxd00xC2ZWJd33D6uPxnlk3C9wcFrPTcIqePExuYWqg6lNbKfZ -eXrR0Cj9gOVT9gVSuh7uNUoqxQYtXFroBuwypOnxKBYDFo0VB5SZAopSZpi1m/Mo -SUEYER/TKURFwMFdRkJR5TR6Zl6YZpu0MDwTDiGOv4lQHI1HxhqLshcWRpT75CZ8 -jNEKp0YfiipXCbYf4ygqqBJDfdUqBHzob4QGuWyX+SYMexugLBoCsQW8cb57Me1h -viF73KGTM27CNJoe+ICoA5j4QmpDG+dw/6BeKlbn7xmrizvGcqcKtS0nk/+MKJVy -GZN1osalXSeRkIh7iWK1Bb9HRaCCcfkRdF78KGX065SCHa/0GVRv9t7DmoCfbjes -WgqhvUR2ZpwOLcnFYRKud5g8yne3PtSjLZ9uAIRCbCP8TucXLPhyDuzR+VLi35OW -8J3VSOBPhOZMP8iWTpcriDJJ83ZiCl8ZPnvjWnAcS9qAoTUp+L9/AOKdh5asz7h0 -70uxGZ8nNjafCPZJsBzYBniB1YhiiIOCe0IPYkF4c06s7EEXu3FzvNq1GKVQPx8E -0lFjEawiDhk8vqLCA9pbRMlN/bNNnPVxiAkkaLytiSDPeK8QjuiCg3r1+aDkkA3O -5Pbutn4ZrPiUIu2g0qJ+p0l4gL0rMP1Jhjcwlh1t3Fk4Exuh5VhlWeURkkIqJdcE -RuyW/LbyYyqDm0Wm+pnxjmqUO3tsBEggjuMAMEOzoqQJenRws4z9jPYHt/n9iutN -UiYLZ+xV5nQ5N7wIgQC6Ub6wi3UhPdHjrLWGKuPZzCxnHQwLWszw+SAYGLn/Qb41 -473vBXPZIXZV7IkerKCrjtxDWyg/dOvaxLODrr+7nSW6W3Dd20c17M+5EpqcdQg+ -UBI6l52faBP9CVCQOY44i/sSwaG0dca5eZDKMdEoVKSZjAj4gpsY1x4naFysKGJ6 -ilTQsGznqd95Txg8VWOITNcAnNkxmVe2a6YYRNf3+M1+bnALiv/CuIfns57HriZ+ -kS9wbU78olazGZ2tZUFl9vBmJC48gsuiX8mdgp4b8g2uJ0ACEaXjn8aVKHF3iOEZ -34+6q0SMu3OuN/kXm+BVyBNXdnOSkyZtE//eZYPrlTbYdDlb5nHJVC+t3+C2Z1/0 -3Iy8iBW8Jycb7xbR48zdOjI3IJUccblXlgvWIb2pMbdZ8V298IYlsv+lkXcIah5k -KOprIQgyDgegd5rN+oQkUDEeHfM2N9mkXNihPG3uIASCAjy7S4O44CopFvEM39ZU -4uU= ------END ENCRYPTED PRIVATE KEY-----" - set csr "-----BEGIN CERTIFICATE REQUEST----- -MIIC8TCCAdkCAQAwgYIxCzAJBgNVBAYTAkRFMQ4wDAYDVQQIEwVIZXNzZTESMBAG -A1UEBxMJRnJhbmtmdXJ0MRkwFwYDVQQKExBDYWN0dXMgZVNlY3VyaXR5MRYwFAYD -VQQDFA10bXBAY2FjdHVzLmRlMRwwGgYJKoZIhvcNAQkBFg10bXBAY2FjdHVzLmRl -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6pScH267ei/D0n1OtTX -U7kufbnz4tgPer3sDFyr/PuNkNG6Vd1YSQG3wa5SVAMwvmOuuRaEPMaYAao7NlYp -ZRXHY4oVgEIfnEIp8u/N5duLgssy/go1p8bRp0szcfHAtP9j8aQPzAAwKD5YFUlw -IqnvF/fpqW/e3pDTqrj8hYTy7oD3TGjf8JXLFXPSNaB7UCDf04nRGBW61ww+gn7A -85OvK/E/smUjps0GTo5vFBe3h3nqvnUUSRnNpibW1PKpDuPKr0DwbZvbbTpYoWR2 -qcnhqFXkoR84HaITxzj9r0WfIWaG1inJ0iIhfRg1kx3f/9tvLNRb/0/fZUV/FDC6 -jQIDAQABoCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF -oDANBgkqhkiG9w0BAQsFAAOCAQEAPo0HtKAD1U6B+wG9PsEsGuRGQ95ze5Y6XUlT -1UsJK6idiXNhETRVu2RbGUJqP6Exq3cXoQZp9Y9uMEirg+fQvF05ijYqlAIoyqci -aPjkBvunmrwqcXsCgd1igxypCRv/8snhO9Jh6URL/gVo/uS0xvbnTc5TsfDP3yJx -XSL+FofPTptPviSnN6dR9Ytsc2lg5v2oJLiUhGZqZJnXTJzeBQLjC4KQYG5Tj2mX -BLmY6CoblZXcvPJ3I3StxX4oRZDHqwpnAxFTlKJpwbHWEdU/gDYl6MdH9bF3uPDB -mG8My7ERT4QvQPdZV3aPbDTVVx2RFQcNRmO+hRvj2ACioUlasQ== ------END CERTIFICATE REQUEST-----" - set range global - next -end -config user fortitoken - edit "FTKMOB5C9735814C" - set seed "b4sEIgq5IpWpq54cspZ7m8giOaIShxjmzxPkyVDOg1UK8nykvCpkq2e+e8DmM0d3cc2GLKe6RNCO93YE+PfE7H8Gk8ZE87U/K3etCj8hZLRqVq/qAnlI8WOrAwr+AxXDDIfvpPfSd0S6BIJR3WMc3Pa+Q+pST0X1/A/C376VZgQmb2Hd" - set comments "test" - set license "FTMTRIAL00728937" - set activation-code "DEIHMHRHYOP23OL2" - set activation-expire 1451220873 - next -end -config user local - edit "tim" - set type password - set email-to "tim@purschke.de" - set sms-phone "+4901715047437" - set passwd-time 2015-12-24 14:54:50 - set passwd ENC uPYS5M2jJe3r+9xUZ6hCiHCVlPIQOuGFAxUfz7IAa2dpyQCkxxe1Aygm5fDSLNQ6la02d3Gd8OwKD95ooXPS3oZFiCu8W+PdQJ8gU8kvfYZhiquP9FIWQbxBWCirvfw7Wv4Y8RznwCp2LZgEpnFjF4cdTSscdn3t+7DCjIYGTt3H3mKffhA4zJSHAjn+yGfhM7MoHA== - next - edit "finn" - set type password - set email-to "finn@purschke.de" - set passwd-time 2016-01-13 19:38:14 - set passwd ENC U0w6SfXwm57pSLh81hgtcZP2zsiW47HCygV6Af8mOsfd3z0czuTfrr/CC/C0HteqCGPQ4F3r9pewwjoQc81APQdq7QjqMnsgcyKcmwZ2FTMRNLynmrWCUEDHnWOMfn33evfYQmyMt5Jnu7FyjLUNY7HHQ2g/zHZ7PZK2bKjdEHLviLjR/V/MTFCtkDki2e6jaE1sGw== - next - edit "tadmin" - set type password - set email-to "tim@cactus.de" - set passwd-time 2016-09-19 15:00:38 - set passwd ENC gZ5x6oIzP7HCpiHhrlaoqGMdb8FVrK2g+7jdZOqb/ceRiu2iTO7i1PEQkoX5UYaJMPtKL7ScjwxIiLG0AP8/LoLLae92a8tN2c2Nt+MWmJZH5XjWNkFaSy0rNVKiUSnRLktEwQealickyQFLmwBLcCE58ISMFHzNOfZUZ3dxeI8547ivEgZzQntBdYjFaqfv5+z5xQ== - next - edit "nils" - set type password - set email-to "nils@purschke.de" - set passwd-time 2016-12-10 20:09:33 - set passwd ENC 6ye5I6kJr6VIYCa83l+CEiKFpA3FbKyVlIFA/2RTPceVs6op0UpSTsV0J0JV0BzT6WizRqgjWekzWXxygiKz1HgmmSSorHl6nSiTntu6WpuWnGkC97AU+Y6TSPF4AUuGXgo9r2TcBrttyrdhPh+Hk+ZQmmnkXVxaW/kEC4W1LNwJ7ZhzEtO7ymQOCwKanTBJ4BYNIA== - next - edit "mia" - set type password - set passwd-time 2016-12-10 20:09:49 - set passwd ENC KvuSh9QZS6A4yXCHh+n+X8KMBEV8f2HYeuu0vSyjT1SxZyuSu79UtqK43Zwn0TE0ehQb6c2hBgRJSx4j4rF8wi/MIVTFXB+8A4/5iNM28Xjg2fUOgJ6GTfOgDr+WfwLVgchMJ3fgARIdlYHbVWT65nfG0LaQSs0uaOAe/msAIu1PfcM6x4OnbC1xiI9ia+0HOFjRHw== - next - edit "timk" - set type password - set email-to "tim@purschke.de" - set sms-phone "+491715047437" - set passwd-time 2016-12-11 15:13:11 - set passwd ENC 29uOZR4WUGY3FK2pSLmYtZxiEsIRDaqQ3rFvQLVtKotGt2VY6ZoZnl2M4nnWEWK0nGWm7xWpSOAWv627rd4tTP4keDLSW3wUih0NJAiBJcyKMCBDKMkFCdxMMkouwxyp/htz92unwZlftmaa0olF7MzyBcPcwTRCENjWYTGx84NPOuEYlkKXYryvP9LXTVKnNS2axQ== - next -end -config user setting - set auth-type http https - set auth-cert "Fortinet_Factory" - set auth-secure-http enable -end -config user group - edit "SSO_Guest_Users" - next - edit "Admins" - set member "tim" - next - edit "Kinder-group" - set member "finn" "nils" "mia" "timk" - next - edit "gast" - set group-type guest - set expire 7200 - set multiple-guest-add enable - next - edit "gastgruppe" - set group-type guest - set expire 7200 - next -end -config user device - edit "tims-macbook-lan" - set mac c8:2a:14:14:f1:eb - set type mac - next - edit "macantha-wlan" - set mac e0:f8:47:03:c2:9a - next - edit "PI" - set mac b8:27:eb:5b:f4:3b - set type linux-pc - next - edit "fb7240" - set mac 00:24:fe:b9:18:42 - next - edit "Drucker" - set mac 00:15:99:b3:5e:fd - next - edit "QNAP Knappe" - set mac 00:08:9b:c4:ac:c1 - next -end -config user device-group - edit "Eltern-Device" - set member "tims-macbook-lan" "macantha-wlan" "PI" - next -end -config user security-exempt-list - edit "kids-wifi-exempt-list" - config rule - edit 1 - set dstaddr "drucker-10.0.0.38" - next - edit 2 - set dstaddr "fritzbox_inet_10.0.0.24" - next - edit 3 - set dstaddr "knappe_10.0.0.15" - next - edit 4 - set dstaddr "wlan-kids" - next - edit 5 - set dstaddr "kids-allowed-internet" - next - edit 6 - set service "PING" - next - end - next -end -config vpn ssl web realm - edit "test" - set login-page " - - - - - - - - Please Login - - - -
    -
    -
    -
    - - -
    - Cactus FFM Login -
    -
    -
    -
    - %%SSL_LOGIN%% -
    -
    - -
    -
    -
    -
    -
    - - %%SSL_HIDDEN%% - -" - next -end -config vpn ssl web portal - edit "tunnel-access" - set tunnel-mode enable - set ip-pools "SSl-VPN-10.0.0.40_24" - set split-tunneling-routing-address "knappe_10.0.0.15" "internal-10.0.0.35_24" - next - edit "test-token-auth-vpn-profile" - set tunnel-mode enable - set ip-pools "SSl-VPN-10.0.0.40_24" - set split-tunneling-routing-address "knappe_10.0.0.15" - next -end -config vpn ssl settings - set servercert "fg60d.ffm.cactus.de" - set idle-timeout 0 - set tunnel-ip-pools "SSl-VPN-10.0.0.40_24" - set port 60320 - set source-interface "wan1" - set source-address "all" - set source-address6 "all" - set default-portal "tunnel-access" -end -config voip profile - edit "default" - set comment "Default VoIP profile." - next -end -config webfilter profile - edit "sniffer-profile" - set comment "Monitor web traffic." - set inspection-mode flow-based - config ftgd-wf - config filters - edit 1 - next - edit 2 - set category 1 - next - edit 3 - set category 2 - next - edit 4 - set category 3 - next - edit 5 - set category 4 - next - edit 6 - set category 5 - next - edit 7 - set category 6 - next - edit 8 - set category 7 - next - edit 9 - set category 8 - next - edit 10 - set category 9 - next - edit 11 - set category 11 - next - edit 12 - set category 12 - next - edit 13 - set category 13 - next - edit 14 - set category 14 - next - edit 15 - set category 15 - next - edit 16 - set category 16 - next - edit 17 - set category 17 - next - edit 18 - set category 18 - next - edit 19 - set category 19 - next - edit 20 - set category 20 - next - edit 21 - set category 23 - next - edit 22 - set category 24 - next - edit 23 - set category 25 - next - edit 24 - set category 26 - next - edit 25 - set category 28 - next - edit 26 - set category 29 - next - edit 27 - set category 30 - next - edit 28 - set category 31 - next - edit 29 - set category 33 - next - edit 30 - set category 34 - next - edit 31 - set category 35 - next - edit 32 - set category 36 - next - edit 33 - set category 37 - next - edit 34 - set category 38 - next - edit 35 - set category 39 - next - edit 36 - set category 40 - next - edit 37 - set category 41 - next - edit 38 - set category 42 - next - edit 39 - set category 43 - next - edit 40 - set category 44 - next - edit 41 - set category 46 - next - edit 42 - set category 47 - next - edit 43 - set category 48 - next - edit 44 - set category 49 - next - edit 45 - set category 50 - next - edit 46 - set category 51 - next - edit 47 - set category 52 - next - edit 48 - set category 53 - next - edit 49 - set category 54 - next - edit 50 - set category 55 - next - edit 51 - set category 56 - next - edit 52 - set category 57 - next - edit 53 - set category 58 - next - edit 54 - set category 59 - next - edit 55 - set category 61 - next - edit 56 - set category 62 - next - edit 57 - set category 63 - next - edit 58 - set category 64 - next - edit 59 - set category 65 - next - edit 60 - set category 66 - next - edit 61 - set category 67 - next - edit 62 - set category 68 - next - edit 63 - set category 69 - next - edit 64 - set category 70 - next - edit 65 - set category 71 - next - edit 66 - set category 72 - next - edit 67 - set category 75 - next - edit 68 - set category 76 - next - edit 69 - set category 77 - next - edit 70 - set category 78 - next - edit 71 - set category 79 - next - edit 72 - set category 80 - next - edit 73 - set category 81 - next - edit 74 - set category 82 - next - edit 75 - set category 83 - next - edit 76 - set category 84 - next - edit 77 - set category 85 - next - edit 78 - set category 86 - next - edit 79 - set category 87 - next - edit 80 - set category 88 - next - edit 81 - set category 89 - next - end - end - next - edit "default" - set comment "Default web filtering." - set inspection-mode flow-based - set ovrd-perm bannedword-override urlfilter-override fortiguard-wf-override contenttype-check-override - config override - set ovrd-user-group "Admins" - set profile "flow-monitor-all" - end - config web - set urlfilter-table 1 - set blacklist enable - set safe-search url header - end - config ftgd-wf - set options error-allow http-err-detail rate-server-ip - set category-override 140 141 - set ovrd 1 4 5 6 12 59 62 83 14 15 16 67 72 26 61 86 - config filters - edit 3 - set category 8 - next - edit 6 - set category 12 - set action block - next - edit 7 - set category 13 - next - edit 8 - set category 14 - set action block - next - edit 9 - set category 15 - set action block - next - edit 10 - set category 16 - set action block - next - edit 11 - next - edit 14 - set category 64 - next - edit 17 - set category 67 - set action block - next - edit 18 - set category 26 - set action block - next - edit 19 - set category 61 - set action block - next - edit 20 - set category 86 - set action block - next - edit 47 - set category 1 - set action block - next - edit 49 - set category 4 - set action block - next - edit 50 - set category 5 - set action block - next - edit 51 - set category 6 - set action block - next - edit 52 - set category 59 - set action block - next - edit 53 - set category 62 - set action block - next - edit 55 - set category 83 - set action block - next - edit 56 - set category 72 - set action block - next - edit 57 - set category 140 - next - edit 58 - set category 141 - next - end - end - next - edit "flow-monitor-all" - set comment "Monitor and log all visited URLs, flow-based." - set inspection-mode flow-based - config ftgd-wf - unset options - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - edit 80 - set category 89 - next - end - end - set log-all-url enable - set web-content-log disable - set web-filter-activex-log disable - set web-filter-command-block-log disable - set web-filter-cookie-log disable - set web-filter-applet-log disable - set web-filter-jscript-log disable - set web-filter-js-log disable - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-referer-log disable - set web-filter-cookie-removal-log disable - set web-url-log disable - set web-invalid-domain-log disable - set web-ftgd-err-log disable - set web-ftgd-quota-usage disable - next -end -config webfilter ftgd-local-rating - edit "10.0.0.24" - set rating 81 - next - edit "r.adc-srv.net" - set rating 0 - next -end -config webfilter search-engine - edit "google" - set hostname ".*\\.google\\..*" - set url "^\\/((custom|search|images|videosearch|webhp)\\?)" - set query "q=" - set safesearch url - set safesearch-str "&safe=active" - next - edit "yahoo" - set hostname ".*\\.yahoo\\..*" - set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" - set query "p=" - set safesearch url - set safesearch-str "&vm=r" - next - edit "bing" - set hostname ".*\\.bing\\..*" - set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" - set query "q=" - set safesearch header - next - edit "yandex" - set hostname ".*\\.yandex\\..*" - set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" - set query "text=" - set safesearch url - set safesearch-str "&family=yes" - next - edit "youtube" - set hostname ".*\\.youtube\\..*" - set safesearch header - next - edit "baidu" - set hostname ".*\\.baidu\\.com" - set url "^\\/s?\\?" - set query "wd=" - next - edit "baidu2" - set hostname ".*\\.baidu\\.com" - set url "^\\/(ns|q|m|i|v)\\?" - set query "word=" - next - edit "baidu3" - set hostname "tieba\\.baidu\\.com" - set url "^\\/f\\?" - set query "kw=" - next -end -config vpn ipsec phase1-interface - edit "Cactus-DA" - set interface "wan1" - set peertype any - set proposal aes256-sha384 - set comments "VPN: Cactus-DA (Created by VPN wizard)" - set dhgrp 20 - set remote-gw 10.0.0.69 - set psksecret ENC vl9TmbxHqUB+b9MrAk312iitWlVPYXT//JQxCwYKGmll+4tbvwwa1BS1jxwSJiAcwiN+lI6agSytyTMSNqwvskfVyHp37ypmwTWvbodHlR5U8cfjpw8qtmSFoAGum6eyJqYePce0iWvqyjaOgz370qQAdSlFBQHQ5PwNegC11nSfr2oeSmosF+4R1x+h/kh1t7PJYQ== - next -end -config vpn ipsec phase2-interface - edit "Cactus-DA" - set phase1name "Cactus-DA" - set proposal aes256-sha384 - set dhgrp 20 - set auto-negotiate enable - set comments "VPN: Cactus-DA (Created by VPN wizard)" - set src-subnet 10.0.0.35 255.255.255.255 - set dst-subnet 10.0.0.60 255.255.255.255 - next - edit "DA-LAN 2 FFM-Server" - set phase1name "Cactus-DA" - set proposal aes256-sha384 - set dhgrp 20 - set auto-negotiate enable - set src-subnet 10.0.0.63 255.255.255.255 - set dst-subnet 10.0.0.60 255.255.255.255 - next - edit "wch60" - set phase1name "Cactus-DA" - set proposal aes256-sha384 - set dhgrp 20 - set auto-negotiate enable - set src-subnet 10.0.0.61 255.255.255.255 - set dst-subnet 10.0.0.60 255.255.255.255 - next - edit "fg2splunk" - set phase1name "Cactus-DA" - set proposal aes256-sha384 - set dhgrp 20 - set auto-negotiate enable - set comments "allow fortigate to log to splunk" - set src-addr-type ip - set src-start-ip 10.0.0.1 - set dst-subnet 10.0.0.70 255.255.255.255 - next -end -config system dns-database - edit "ffm.cactus.de" - set domain "ffm.cactus.de" - set view public - set ttl 86000 - config dns-entry - edit 1 - set hostname "proxy" - set ip 10.0.0.7 - next - edit 2 - set hostname "fg60d" - set ip 10.0.0.7 - next - end - set primary-name "fg60d" - set contact "tmp@cactus.de" - next -end -config system dns-server - edit "server-lan2" - next - edit "internal" - next -end -config antivirus settings - set grayware enable -end -config antivirus profile - edit "sniffer-profile" - set comment "Scan files and monitor viruses." - config http - set options scan - end - config ftp - set options scan - end - config imap - set options scan - set executables virus - end - config pop3 - set options scan - set executables virus - end - config smtp - set options scan - set executables virus - end - next - edit "default" - set comment "Scan files and block viruses." - config http - set options scan - end - config ftp - set options scan - end - config imap - set options scan - end - config pop3 - set options scan - end - config smtp - set options scan - end - next -end -config spamfilter profile - edit "sniffer-profile" - set comment "Malware and phishing URL monitoring." - set flow-based enable - next - edit "default" - set comment "Malware and phishing URL filtering." - set flow-based enable - set spam-filtering enable - set options spamfsip spamfssubmit spamfschksum spamfsurl spamhelodns spamraddrdns spamfsphish - next -end -config firewall schedule recurring - edit "always" - set day sunday monday tuesday wednesday thursday friday saturday - next - edit "kids-all-day" - set start 11:00 - set end 23:00 - set day sunday monday tuesday wednesday thursday friday saturday - next - edit "kids-late" - set start 07:00 - set end 23:00 - set day friday saturday - next -end -config firewall schedule group - edit "Kids-all-times-group" - set member "kids-all-day" "kids-late" - next -end -config firewall ippool - edit "test-v4-pool" - set startip 10.0.0.71 - set endip 10.0.0.72 - set comments "afasd fasd f" - next -end -config firewall ippool6 - edit "test-v6-pool" - set startip ::34 - set endip ::45 - set comments "asdfa sdf" - next -end -config firewall vip - edit "test-virtual-ip-v4" - set uuid e27fe466-17ad-51e6-6f8c-9c54c678584e - set comment "tasdfas dasd fas" - set extip 10.0.0.73-10.0.0.74 - set extintf "internal" - set portforward enable - set mappedip "10.0.0.75-10.0.0.76" - set extport 1-23 - set mappedport 23-45 - next -end -config firewall vip6 - edit "test-virtual-ip-v6" - set uuid 2b50ee56-17ae-51e6-a950-ff8c65749b11 - set comment "df asdfasdf" - set extip 13::-14:: - set mappedip 18::-19:: - set portforward enable - set extport 234-2388 - set mappedport 33-2187 - next -end -config firewall vipgrp - edit "test-virtual-ip-v4-group" - set uuid f89dde92-17ad-51e6-ac5d-be107e1fca94 - set interface "internal" - set comments "asd f" - set member "test-virtual-ip-v4" - next -end -config firewall vipgrp6 - edit "test-virtual-ip-v6-group" - set uuid 3b76459c-17ae-51e6-202d-ed3c29bd3e7b - set comments "asdf asdfasdf" - set member "test-virtual-ip-v6" - next -end -config firewall profile-protocol-options - edit "default" - set comment "All default services." - set oversize-log enable - config http - set ports 80 - set options clientcomfort - unset post-lang - end - config ftp - set ports 21 - set options clientcomfort splice - end - config imap - set ports 143 - set options fragmail - end - config mapi - set ports 135 - set options fragmail - end - config pop3 - set ports 110 - set options fragmail - end - config smtp - set ports 25 - set options fragmail splice - end - config nntp - set ports 119 - set options splice - end - config dns - set ports 53 - end - next - edit "default_default_sc" - set comment "All default services." - set oversize-log enable - config http - set ports 80 - set options clientcomfort servercomfort - unset post-lang - end - config ftp - set ports 21 - set options clientcomfort splice - end - config imap - set ports 143 - set options fragmail - end - config mapi - set ports 135 - set options fragmail - end - config pop3 - set ports 110 - set options fragmail - end - config smtp - set ports 25 - set options fragmail splice - end - config nntp - set ports 119 - set options splice - end - config dns - set ports 53 - end - next -end -config firewall ssl-ssh-profile - edit "deep-inspection" - set comment "Deep inspection." - config https - set ports 443 - end - config ftps - set ports 990 - end - config imaps - set ports 993 - end - config pop3s - set ports 995 - end - config smtps - set ports 465 - end - config ssl-exempt - edit 1 - set fortiguard-category 31 - next - edit 2 - set fortiguard-category 33 - next - edit 3 - set fortiguard-category 87 - next - edit 4 - set type address - set address "apple" - next - edit 5 - set type address - set address "appstore" - next - edit 6 - set type address - set address "dropbox.com" - next - edit 7 - set type address - set address "Gotomeeting" - next - edit 8 - set type address - set address "icloud" - next - edit 9 - set type address - set address "itunes" - next - edit 10 - set type address - set address "android" - next - edit 11 - set type address - set address "skype" - next - edit 12 - set type address - set address "swscan.apple.com" - next - edit 13 - set type address - set address "update.microsoft.com" - next - edit 14 - set type address - set address "eease" - next - edit 15 - set type address - set address "google-drive" - next - edit 16 - set type address - set address "google-play" - next - edit 17 - set type address - set address "google-play2" - next - edit 18 - set type address - set address "google-play3" - next - edit 19 - set type address - set address "microsoft" - next - edit 20 - set type address - set address "adobe" - next - edit 21 - set type address - set address "Adobe Login" - next - edit 22 - set type address - set address "fortinet" - next - edit 23 - set type address - set address "googleapis.com" - next - edit 24 - set type address - set address "citrix" - next - edit 25 - set type address - set address "verisign" - next - edit 26 - set type address - set address "Windows update 2" - next - edit 27 - set type address - set address "*.live.com" - next - edit 28 - set type address - set address "auth.gfx.ms" - next - edit 29 - set type address - set address "autoupdate.opera.com" - next - edit 30 - set type address - set address "softwareupdate.vmware.com" - next - edit 31 - set type address - set address "firefox update server" - next - end - set caname "Fortinet_CA_SSLProxy" - set certname "Fortinet_SSLProxy" - next - edit "certificate-inspection" - set comment "SSL handshake inspection." - config https - set ports 443 - set status certificate-inspection - set allow-invalid-server-cert enable - end - config ftps - set ports 990 - set status disable - set allow-invalid-server-cert enable - end - config imaps - set ports 993 - set status disable - set allow-invalid-server-cert enable - end - config pop3s - set ports 995 - set status disable - set allow-invalid-server-cert enable - end - config smtps - set ports 465 - set status disable - set allow-invalid-server-cert enable - end - set caname "Fortinet_CA_SSLProxy" - set certname "Fortinet_SSLProxy" - set ssl-invalid-server-cert-log enable - next -end -config firewall policy - edit 76 - set name "eltern keller to inet1" - set uuid 1a3b9474-fa6e-51e6-8066-477298fe055a - set srcintf "internal5" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "gware.cactus.de_10.0.0.43" - set action accept - set schedule "always" - set service "PING" "SMTPS" "HTTPS" "IMAPS" - set comments "Clone of quiet mail gware" - next - edit 78 - set name "keller2inet-main" - set uuid 7b405f16-fa6e-51e6-b6fe-4bc9d0cd9ac7 - set srcintf "internal5" - set dstintf "wan1" - set srcaddr "eltern-keller-10.0.0.66_24" - set dstaddr "all" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic all - set comments "Clone of WLAN to Internet" - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set profile-protocol-options "default" - next - edit 77 - set name "eltern2klautquiet" - set uuid 579b6b6e-fa6e-51e6-bace-9e8914986ac0 - set srcintf "internal5" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "klaut.cactus.de" - set action accept - set schedule "always" - set service "PING" "HTTPS" - set comments "Clone of 37" - next - edit 33 - set name "quiet mail gware" - set uuid 0298a2ea-c1ca-51e5-5da8-61bf55ac3079 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "gware.cactus.de_10.0.0.43" - set action accept - set schedule "always" - set service "PING" "SMTPS" "HTTPS" "IMAPS" - set comments "silent mail@cactus" - next - edit 37 - set uuid 546461e8-c299-51e5-c788-1ccacb1fbacc - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "klaut.cactus.de" - set action accept - set schedule "always" - set service "PING" "HTTPS" - set comments "silent klaut.cactus.de" - next - edit 32 - set name "internal 2 dns" - set uuid b875cb0c-c1c9-51e5-9179-bfb5080a3d9e - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "fritzbox_inet_10.0.0.24" "opendns_10.0.0.48" - set action accept - set schedule "always" - set service "DNS" "PING" - set comments "silent dns" - next - edit 16 - set uuid e2416cd8-bc7f-51e5-2708-ccfa8b1e4480 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "tims-macbook" "macantha_wlan_10.0.0.37" - set dstaddr "fritzbox_inet_10.0.0.24" - set action accept - set status disable - set schedule "always" - set service "ALL" - set logtraffic all - set devices "Eltern-Device" - next - edit 14 - set uuid 95493190-bc7f-51e5-ca8b-5cd7f064f885 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "fritzbox_inet_10.0.0.24" - set status disable - set schedule "always" - set service "ALL" - set logtraffic all - next - edit 6 - set name "eltern internal LAN to Inet" - set uuid d8d71542-aa3e-51e5-49bc-a1d2b82d27cc - set srcintf "internal" - set dstintf "wan1" - set srcaddr "tims-macbook" "pi_10.0.0.52" "macantha_at_pi_10.0.0.54" - set dstaddr "all" - set action accept - set status disable - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic all - set devices "Eltern-Device" - set comments "disabled - exploited by mac spoofing" - set scan-botnet-connections block - set av-profile "default" - set profile-protocol-options "default" - next - edit 40 - set name "LG Fernseher to LG" - set uuid 44675e94-cb5e-51e5-3c6c-ff29dda7aeae - set srcintf "internal" - set dstintf "wan1" - set srcaddr "LG Fernseher 10.0.0.44" - set dstaddr "LG Server 10.0.0.45_24" - set action accept - set schedule "always" - set service "HTTP" - set utm-status enable - set logtraffic all - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - next - edit 41 - set name "LG Fernseher to Mediatheken" - set uuid 28e57196-cb5f-51e5-679f-b8e1d3460fce - set srcintf "internal" - set dstintf "wan1" - set srcaddr "LG Fernseher 10.0.0.44" - set dstaddr "all" - set action accept - set schedule "always" - set service "HTTP" "HTTPS" "PING" "NTP" - set utm-status enable - set logtraffic all - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - next - edit 39 - set name "WLAN to Internet" - set uuid 499260b4-ca85-51e5-9aa1-d9124b6595db - set srcintf "internal" - set dstintf "wan1" - set srcaddr "fritzbox_oben_nat_10.0.0.18" "wlan_pi_10.0.0.53_24" "fb7240_10.0.0.55" - set dstaddr "all" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic all - set comments "Standard Access from wlan to internet" - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set profile-protocol-options "default" - next - edit 38 - set name "drop kids without fritzbox" - set uuid 3acce722-ca79-51e5-baa1-994c1a43ac1d - set srcintf "internal" - set dstintf "wan1" - set srcaddr "internal-10.0.0.35_24" - set dstaddr "all" - set schedule "always" - set service "ALL" - set logtraffic all - set comments "drop all traffic not passing fritzbox checks" - set scan-botnet-connections block - next - edit 10 - set uuid 518c99fa-ba23-51e5-d393-45d387149eec - set srcintf "internal" - set dstintf "wan1" - set srcaddr "internal-10.0.0.35_24" - set dstaddr "all" - set action accept - set status disable - set schedule "Kids-all-times-group" - set service "ALL" - set utm-status enable - set logtraffic all - set groups "Kinder-group" - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default_default_sc" - next - edit 1 - set uuid 77e8dc72-86c9-51e5-9dc3-544dc707dc81 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set action accept - set status disable - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic all - set comments "with tls break-up" - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default_default_sc" - set ssl-ssh-profile "certificate-inspection" - next - edit 25 - set uuid c9d3562c-bd59-51e5-5f2a-1698c0490655 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "fritzbox_oben_nat_10.0.0.18" - set dstaddr "www.avm.de" - set action accept - set schedule "always" - set service "tcp-8011-to-avm" - set logtraffic disable - set comments "8011 to avm, nolog" - set label "test sect" - next - edit 35 - set uuid 199cc77e-c205-51e5-9d2f-765affac991a - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set schedule "always" - set service "tcp_40000_up" - set logtraffic all - set comments "block suspicious ports" - set label "test sect" - next - edit 34 - set name "block traffic to russia and india" - set uuid f32caa9c-c203-51e5-e204-71228e45c9b2 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "geo-china" "geo-russia" - set schedule "always" - set service "ALL" - set logtraffic all - set comments "block suspicious geo dest" - set label "test sect" - next - edit 15 - set name "standard internet out" - set uuid bc18243e-bc7f-51e5-e874-cdd9e86159a7 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set action accept - set status disable - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic all - set comments "standard internet outbound" - set label "test sect" - set scan-botnet-connections block - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - next - edit 3 - set name "internet to gameserver" - set uuid af3df160-a9c1-51e5-07b7-2d57727326f2 - set srcintf "wan1" - set dstintf "dmz" - set srcaddr "all" - set dstaddr "ubuntu-gameserver-10.0.0.51" - set action accept - set schedule "always" - set service "ARK-7777-7778-udp" "minecraft-25565" "PING" "steam-udp-27000-27050" "ark-udp-32768-65535" - set utm-status enable - set logtraffic all - set comments "internet to gameserver" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - next - edit 70 - set name "fb drop scans" - set uuid 22b0b712-e0c2-51e6-330e-d42a4bb3d9ed - set srcintf "wan1" - set dstintf "dmz" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "ubuntu-gameserver-10.0.0.51" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "silent drop fb2internal" - next - edit 4 - set name "game server access" - set uuid bbfddc4e-a9c1-51e5-2694-d0f5c44275a0 - set srcintf "internal" - set dstintf "dmz" - set srcaddr "internal-10.0.0.35_24" "wlan_pi_10.0.0.53_24" - set dstaddr "ubuntu-gameserver-10.0.0.51" - set action accept - set schedule "always" - set service "ARK-7777-7778-udp" "minecraft-25565" "SSH" "PING" "steam-udp-27000-27050" "ark-udp-32768-65535" - set logtraffic all - set comments "internal to gameserver" - next - edit 48 - set name "udp high ports to ark" - set uuid de60d372-d58b-51e5-8fd3-93e18d731cea - set srcintf "internal" - set dstintf "dmz" - set srcaddr "internal-10.0.0.35_24" "wlan_pi_10.0.0.53_24" - set dstaddr "ubuntu-gameserver-10.0.0.51" - set action accept - set schedule "always" - set service "udp-high-ports" - set logtraffic all - set comments "fucking ark server using dynamic ports for user sessions" - next - edit 20 - set name "gameserver ubuntu updates" - set uuid 419fb5c8-bcf2-51e5-303a-950b2339b9f4 - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "security.ubuntu.com" "de.archive.ubuntu.com" "extras.ubuntu.com" - set action accept - set schedule "always" - set service "HTTP" "HTTPS" "PING" - set logtraffic disable - set comments "ubuntu updates" - next - edit 42 - set name "temp steam update" - set uuid 1902acca-cc19-51e5-3ae2-d6508fed8fbb - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "all" - set action accept - set schedule "always" - set service "HTTP" "HTTPS" "PING" "steam-udp-27000-27050" "valve_ports" "steam-tcp-27015-27020" - set utm-status enable - set logtraffic disable - set comments "temp rule" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 75 - set name "ARK - temp test 2017-02-17" - set uuid d42e9a08-f53b-51e6-2a32-589092093ffe - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "all" - set action accept - set schedule "always" - set service "udp-high-ports" "ARK-7777-7778-tcp" "ARK-7777-7778-udp" - set utm-status enable - set comments "Clone of temp steam update" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 46 - set name "outbound 2 10.0.0.49" - set uuid c9502a94-d583-51e5-cd09-9c9887ffafbc - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "valve_10.0.0.49" - set action accept - set status disable - set schedule "always" - set service "PING" "valve_ports" - set utm-status enable - set logtraffic disable - set comments "Clone of temp ubuntu steam update" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 47 - set name "temp outbound all to valve" - set uuid 84e03cde-d58b-51e5-7e5a-5562db3da154 - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "valve_10.0.0.49" "valve_10.0.0.50" - set action accept - set status disable - set schedule "always" - set service "ALL" - set utm-status enable - set logtraffic disable - set comments "Clone of outbound 2 10.0.0.49" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 21 - set name "game-server to dns-inet" - set uuid bdefc324-bd0c-51e5-16af-8449c799c4e2 - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "fritzbox_10.0.0.24_global" "G-google-dns-srv" - set action accept - set schedule "always" - set service "DNS" - set logtraffic disable - set comments "dns" - next - edit 83 - set name "gameserver ntp" - set uuid 4d9e56b2-00b8-51e7-1680-479939b2ed12 - set srcintf "dmz" - set dstintf "wan1" - set srcaddr "ubuntu-gameserver-10.0.0.51" - set dstaddr "all" - set action accept - set schedule "always" - set service "NTP" - set logtraffic disable - set comments "Clone of game-server to dns-inet" - next - edit 54 - set name "wlan2serverlan" - set uuid 4f83d548-be63-51e6-a06a-b589fa6823c4 - set srcintf "wlan0" - set dstintf "server-lan2" - set srcaddr "fwf60-wlan-client-net" - set dstaddr "knappe_10.0.0.15" - set action accept - set schedule "always" - set service "HTTPS" "SMB" "afp_548_tcp" "PING" "tcp_8081_phpfreechat" "SQUID" "SSH" "HTTP" - set utm-status enable - set logtraffic all - set comments "Clone of internal to knappe" - set scan-botnet-connections block - next - edit 80 - set name "eltern-keller-2-knappe" - set uuid fd4eed4c-fa6e-51e6-e6a3-05d4b593e7d6 - set srcintf "internal5" - set dstintf "server-lan2" - set srcaddr "eltern-keller-10.0.0.66_24" - set dstaddr "knappe_10.0.0.15" - set action accept - set schedule "always" - set service "HTTPS" "SMB" "afp_548_tcp" "PING" "tcp_8081_phpfreechat" "SQUID" "SSH" "HTTP" - set utm-status enable - set logtraffic all - set comments "Clone of internal to knappe" - set scan-botnet-connections block - next - edit 5 - set name "internal to knappe" - set uuid 5fd8bdb6-a9c2-51e5-5169-46ffaf0999b8 - set srcintf "internal" - set dstintf "server-lan2" - set srcaddr "internal-10.0.0.35_24" "wlan_10.0.0.36_24" "wlan_pi_10.0.0.53_24" - set dstaddr "knappe_10.0.0.15" - set action accept - set schedule "always" - set service "HTTPS" "SMB" "afp_548_tcp" "PING" "tcp_8081_phpfreechat" "SQUID" "SSH" "HTTP" - set utm-status enable - set logtraffic all - set comments "knappe standard access" - set scan-botnet-connections block - next - edit 65 - set name "silently drop 139/tcp" - set uuid f977fcdc-c381-51e6-c875-ee13adc7114e - set srcintf "internal" - set dstintf "server-lan2" - set srcaddr "internal-10.0.0.35_24" - set dstaddr "knappe_10.0.0.15" - set schedule "always" - set service "SAMBA" - set logtraffic disable - set comments "Clone of internal to knappe" - set scan-botnet-connections block - next - edit 66 - set name "drop 139/tcp from wch60e2knappe" - set uuid 26d1beac-c382-51e6-1bc5-81fee87dfd6b - set srcintf "wlan0" - set dstintf "server-lan2" - set srcaddr "fwf60-wlan-client-net" - set dstaddr "knappe_10.0.0.15" - set schedule "always" - set service "SAMBA" - set logtraffic disable - set comments "Clone of silently drop 139/tcp" - set scan-botnet-connections block - next - edit 55 - set name "wlan2printer" - set uuid 75eee1e6-be63-51e6-42cc-9973ac16e83e - set srcintf "wlan0" - set dstintf "server-lan2" - set srcaddr "fwf60-wlan-client-net" - set dstaddr "drucker-10.0.0.38" - set action accept - set schedule "always" - set service "ALL" - set logtraffic all - set comments "wlan to printer" - next - edit 63 - set name "drop internal cross-nw traffic" - set uuid 32265eac-c2a1-51e6-6acd-4193bb50eb00 - set srcintf "wlan0" - set dstintf "internal" - set srcaddr "fwf60-wlan-client-net" - set dstaddr "all" - set schedule "always" - set service "ALL" - set logtraffic disable - set comments "silent ignore" - next - edit 81 - set name "keller-printing" - set uuid 408dbad4-fa6f-51e6-b648-29f7127d0276 - set srcintf "internal5" - set dstintf "server-lan2" - set srcaddr "eltern-keller-10.0.0.66_24" - set dstaddr "drucker-10.0.0.38" - set action accept - set schedule "always" - set service "ALL" - set logtraffic all - set comments "Clone of internal to printer" - next - edit 19 - set name "internal to printer" - set uuid 488528d8-bc88-51e5-b8b9-3d9ff009fc03 - set srcintf "internal" - set dstintf "server-lan2" - set srcaddr "internal-10.0.0.35_24" "wlan_10.0.0.36_24" "wlan_pi_10.0.0.53_24" - set dstaddr "drucker-10.0.0.38" - set action accept - set schedule "always" - set service "ALL" - set logtraffic all - set comments "printing" - next - edit 51 - set name "test ssl vpn portal" - set uuid 452d358e-7e4a-51e6-6a15-c4a5e43ebd4e - set srcintf "ssl.root" - set dstintf "server-lan2" - set srcaddr "SSl-VPN-10.0.0.40_24" - set dstaddr "knappe_10.0.0.15" - set action accept - set status disable - set schedule "always" - set service "HTTPS" "tcp_8081_phpfreechat" - set utm-status enable - set groups "Admins" - set comments "Clone of SSL VPN access to knappe" - set scan-botnet-connections block - set av-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 26 - set name "SSL VPN access to knappe" - set uuid 509b3f4c-be1a-51e5-b177-86d105e69d94 - set srcintf "ssl.root" - set dstintf "server-lan2" - set srcaddr "SSl-VPN-10.0.0.40_24" - set dstaddr "knappe_10.0.0.15" - set action accept - set schedule "always" - set service "SAMBA" "HTTPS" "SMB" "afp_548_tcp" "PING" - set utm-status enable - set groups "Admins" - set comments "knappe vpn access" - set scan-botnet-connections block - set av-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 45 - set name "silently drop broadcasts" - set uuid dcf4ed44-d099-51e5-2b6e-a1c0f2a25ef1 - set srcintf "ssl.root" - set dstintf "server-lan2" - set srcaddr "all" - set dstaddr "broadcast" - set schedule "always" - set service "ALL" - set logtraffic disable - set groups "Admins" - set scan-botnet-connections block - next - edit 69 - set name "silently drop http" - set uuid 22fe7418-d8af-51e6-fd9e-d11227f5d41e - set srcintf "ssl.root" - set dstintf "server-lan2" - set srcaddr "all" - set dstaddr "all" - set schedule "always" - set service "HTTP" - set logtraffic disable - set groups "Admins" - set comments "silently drop http" - set scan-botnet-connections block - next - edit 36 - set name "admin FG and FB via ssl-VPN" - set uuid c29c9b50-c283-51e5-a66f-5c69302e8a3f - set srcintf "ssl.root" - set dstintf "internal" - set srcaddr "SSl-VPN-10.0.0.40_24" - set dstaddr "fg_internal_10.0.0.7" "pi_10.0.0.52" - set action accept - set schedule "always" - set service "HTTPS" "PING" "SSH" - set groups "Admins" - set comments "fw admin via ssl vpn" - next - edit 71 - set name "access to gameserver via ssl" - set uuid 254fae5e-e14b-51e6-c5e7-f5b61bc26a77 - set srcintf "ssl.root" - set dstintf "dmz" - set srcaddr "SSl-VPN-10.0.0.40_24" - set dstaddr "ubuntu-gameserver-10.0.0.51" - set action accept - set schedule "always" - set service "HTTPS" "PING" "SSH" - set groups "Admins" - set comments "Clone of admin FG and FB via ssl-VPN" - next - edit 44 - set name "admin fb internet via vpn" - set uuid 876f8672-ce69-51e5-8cb4-ff22dce238d9 - set srcintf "ssl.root" - set dstintf "wan1" - set srcaddr "SSl-VPN-10.0.0.40_24" - set dstaddr "fritzbox_inet_10.0.0.24" - set action accept - set schedule "always" - set service "HTTPS" "PING" "HTTP" - set groups "Admins" - set comments "Clone of admin FG and FB via ssl-VPN" - set nat enable - next - edit 79 - set name "ping-back-connect-keller" - set uuid c08bfb52-fa6e-51e6-4b24-f50c7c651800 - set srcintf "server-lan2" - set dstintf "internal5" - set srcaddr "drucker-10.0.0.38" - set dstaddr "eltern-keller-10.0.0.66_24" - set action accept - set schedule "always" - set service "PING" "tcp_5357_samsung_printer" - set logtraffic disable - set comments "Clone of samsung to print clients" - next - edit 64 - set name "samsung to print clients" - set uuid 9403e594-c360-51e6-683c-bb3cf21f60bb - set srcintf "server-lan2" - set dstintf "wlan0" - set srcaddr "drucker-10.0.0.38" - set dstaddr "fwf60-wlan-client-net" - set action accept - set schedule "always" - set service "PING" "tcp_5357_samsung_printer" - set logtraffic disable - next - edit 13 - set uuid c9d19496-bc7c-51e5-8f38-9fcc5d3e92e3 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" "drucker-10.0.0.38" - set dstaddr "fritzbox_inet_10.0.0.24" - set action accept - set schedule "always" - set service "PING" "DNS" - set logtraffic disable - set comments "dns" - next - edit 22 - set uuid fe25aff8-bd2a-51e5-b3a5-c967c81fe1b8 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" "drucker-10.0.0.38" - set dstaddr "all" - set action accept - set schedule "always" - set service "PING" "NTP" - set comments "get time" - next - edit 23 - set uuid 0369314c-bd2b-51e5-8216-09ca5ec33f19 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" - set dstaddr "qnap_update_net_10.0.0.39/32" "qnap-update-akamai-10.0.0.42_24" - set action accept - set schedule "always" - set service "PING" "HTTP" - set comments "qnap update" - next - edit 43 - set name "drop strange printer traffic" - set uuid 33097a18-cda4-51e5-543e-58f6ff7c576f - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "drucker-10.0.0.38" - set dstaddr "net_10.0.0.64_24" - set schedule "always" - set service "ALL" - set logtraffic disable - set comments "strange printer requests" - next - edit 68 - set name "drop printer2google https" - set uuid c330df82-c475-51e6-fdba-5704cc720bbd - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "drucker-10.0.0.38" - set dstaddr "all" - set schedule "always" - set service "HTTPS" - set logtraffic disable - set comments "2. drop strange printer traffic" - next - edit 49 - set name "qnap apps download" - set uuid a186a968-de0a-51e5-5de3-0806a9cf06c0 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" - set dstaddr "all" - set action accept - set schedule "always" - set service "HTTP" "HTTPS" "PING" - set utm-status enable - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 67 - set name "knappe2gware" - set uuid 840c4934-c44a-51e6-a848-1016a845713e - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" - set dstaddr "gware.cactus.de_10.0.0.43" - set action accept - set schedule "always" - set service "SMTPS" - set utm-status enable - set comments "Clone of qnap apps download" - next - edit 24 - set uuid 29f14b50-bd2c-51e5-d55d-25bb38896c90 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "knappe_10.0.0.15" - set dstaddr "all" - set schedule "always" - set service "bittorrent" - set logtraffic disable - set comments "silently drop bittorent" - next - edit 27 - set name "drop fb http scan" - set uuid edf5ef38-be1c-51e5-e704-8d8feddecfea - set srcintf "wan1" - set dstintf "server-lan2" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "knappe_10.0.0.15" "drucker-10.0.0.38" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "fritzbox http autodiscover" - next - edit 62 - set name "silent drop fb 2 wch60e" - set uuid ec4b0c5e-c104-51e6-7075-2f0318f1675d - set srcintf "wan1" - set dstintf "wlan0" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "fwf60-wlan-client-net" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "Clone of silent drop fb2wlan" - next - edit 82 - set name "drop fb probes to keller" - set uuid 9a17bfd2-fa74-51e6-bdc6-69e5d816dc51 - set srcintf "wan1" - set dstintf "internal5" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "eltern-keller-10.0.0.66_24" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "Clone of silent drop fb2internal" - next - edit 61 - set name "silent drop fb2internal" - set uuid a5683b72-c104-51e6-7dc7-b8b399b077a2 - set srcintf "wan1" - set dstintf "internal" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "internal-10.0.0.35_24" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "Clone of drop fritzbox http scan" - next - edit 74 - set name "ipsec-vpn-cactus" - set uuid 8aa3bfbe-f3a9-51e6-d7c1-130d2eaf52f8 - set srcintf "wan1" - set dstintf "wan1" - set srcaddr "vpn-gw-cactus-ffm" - set dstaddr "FG_10.0.0.1" - set action accept - set schedule "always" - set service "ALL" - set logtraffic all - set comments "allow ipsec vpn cactus" - next - edit 73 - set name "stealth-rule" - set uuid 1e8401d6-f3a9-51e6-b504-978dc345a496 - set srcintf "wan1" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "FG_10.0.0.1" - set schedule "always" - set service "ALL" - set logtraffic all - set comments "Clone of silent drop fb2internal" - next - edit 28 - set name "drop fritzbox 2 nfm" - set uuid 55633b3e-be1e-51e5-83c5-f350309e6012 - set srcintf "wan1" - set dstintf "kids-wifi" - set srcaddr "fritzbox_inet_10.0.0.24" - set dstaddr "wlan-kids" - set schedule "always" - set service "HTTP" "tcp14013-fb" - set logtraffic disable - set comments "fritzbox autodiscover and parental filter stuff" - next - edit 50 - set name "vpn_Cactus-DA_local" - set uuid 8dcf255a-be27-51e6-2623-209817195490 - set srcintf "internal" - set dstintf "Cactus-DA" - set srcaddr "Cactus-DA_local" - set dstaddr "Cactus-DA_remote" - set action accept - set schedule "always" - set service "ALL" - set comments "VPN: Cactus-DA (Created by VPN wizard)" - next - edit 52 - set name "vpn_Cactus-DA_remote" - set uuid 8ded7e92-be27-51e6-6666-fda6a84b25c3 - set srcintf "Cactus-DA" - set dstintf "internal" - set srcaddr "Cactus-DA_remote" - set dstaddr "Cactus-DA_local" - set action accept - set schedule "always" - set service "PING" - set logtraffic all - set comments "VPN: Cactus-DA (Created by VPN wizard)" - next - edit 53 - set name "fwf-wlan-to-internet" - set uuid bef31b02-be57-51e6-fce6-4c8e659c802e - set srcintf "wlan0" - set dstintf "wan1" - set srcaddr "fwf60-wlan-client-net" - set dstaddr "all" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set comments "test" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 72 - set name "guest2inet" - set uuid 8231abd6-e533-51e6-7d55-652097c7e4c8 - set srcintf "GWS" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set comments "guest2internet" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set profile-protocol-options "default" - set nat enable - next - edit 60 - set name "wlan-kids auth" - set uuid b5c55e30-bfa8-51e6-f6e8-f97ba63319ab - set srcintf "kids-wifi" - set dstintf "kids-wifi" - set srcaddr "all" - set dstaddr "wifi-kids-wlan-router-ip" - set action accept - set schedule "always" - set service "fortinet-captive-portal-auth" - set utm-status enable - set comments "auth kids" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set profile-protocol-options "default" - next - edit 56 - set name "kids2internet" - set uuid 71756a8a-bf0e-51e6-81ae-a93b64520de6 - set srcintf "kids-wifi" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set application-list "default" - set casi-profile "default" - set profile-protocol-options "default" - set ssl-ssh-profile "certificate-inspection" - next - edit 57 - set name "wifikids2knappe" - set uuid 1934cdba-bf0f-51e6-e0d3-e5656c281c1a - set srcintf "kids-wifi" - set dstintf "server-lan2" - set srcaddr "wlan-kids" - set dstaddr "knappe_10.0.0.15" - set action accept - set schedule "always" - set service "PING" "SMB" - set utm-status enable - set av-profile "default" - set ips-sensor "default" - set profile-protocol-options "default" - next - edit 58 - set name "wlankids2printer" - set uuid 349f6d44-bf0f-51e6-2de4-2b77a9a17a03 - set srcintf "kids-wifi" - set dstintf "server-lan2" - set srcaddr "wlan-kids" - set dstaddr "drucker-10.0.0.38" - set action accept - set schedule "always" - set service "ALL" - set utm-status enable - set comments "Clone of wifikids2serverlan" - set av-profile "default" - set ips-sensor "default" - set profile-protocol-options "default" - next - edit 59 - set name "wlan-kids 2 dns" - set uuid 90cb4230-bfa7-51e6-4d22-23886941b8d4 - set srcintf "kids-wifi" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "fritzbox_inet_10.0.0.24" - set action accept - set schedule "always" - set service "DNS" - next -end -config firewall policy6 - edit 1 - set name "test ipv6 policy1" - set uuid ae80e358-1065-51e6-a820-06154a13edca - set srcintf "internal" - set dstintf "wan1" - set srcaddr "all" - set dstaddr "all" - set action accept - set schedule "always" - set service "HTTP" "HTTPS" "PING" "test_service_multi-port" - set utm-status enable - set logtraffic all - set comments "v6 comment" - set av-profile "default" - set webfilter-profile "default" - set ips-sensor "default" - set profile-protocol-options "default" - next - edit 2 - set name "test-v6-nw-obj:1" - set uuid 003ece9e-1066-51e6-0540-15d6d9e4a6a8 - set srcintf "server-lan2" - set dstintf "wan1" - set srcaddr "ipv6-testgroup" - set dstaddr "test-ipv6addr" - set action accept - set schedule "always" - set service "PING" - set comments "comment33" - next - edit 3 - set name "test virtual ipv6 ips" - set uuid 81a3a9d8-17ae-51e6-1f16-38db7b448fd5 - set srcintf "internal" - set dstintf "wan1" - set srcaddr "test-ipv6addr" - set dstaddr "test-ipv6addr" - set action accept - set status disable - set schedule "kids-all-day" - set service "ARK-7777-7778-udp" - set devices "macantha-wlan" - set nat enable - set ippool enable - set poolname "test-v6-pool" - next -end -config firewall DoS-policy - edit 1 - set interface "wan1" - set srcaddr "all" - set dstaddr "FG_10.0.0.1" - set service "ALL" - config anomaly - edit "tcp_syn_flood" - set status enable - set log enable - set threshold 2000 - next - edit "tcp_port_scan" - set status enable - set log enable - set threshold 1000 - next - edit "tcp_src_session" - set status enable - set log enable - set threshold 5000 - next - edit "tcp_dst_session" - set status enable - set log enable - set threshold 5000 - next - edit "udp_flood" - set status enable - set log enable - set threshold 2000 - next - edit "udp_scan" - set status enable - set log enable - set threshold 2000 - next - edit "udp_src_session" - set status enable - set log enable - set threshold 5000 - next - edit "udp_dst_session" - set status enable - set log enable - set threshold 5000 - next - edit "icmp_flood" - set status enable - set log enable - set threshold 250 - next - edit "icmp_sweep" - set status enable - set log enable - set threshold 100 - next - edit "icmp_src_session" - set status enable - set log enable - set threshold 300 - next - edit "icmp_dst_session" - set status enable - set log enable - set threshold 1000 - next - edit "ip_src_session" - set status enable - set log enable - set threshold 5000 - next - edit "ip_dst_session" - set status enable - set log enable - set threshold 5000 - next - edit "sctp_flood" - set status enable - set log enable - set threshold 2000 - next - edit "sctp_scan" - set status enable - set log enable - set threshold 1000 - next - edit "sctp_src_session" - set status enable - set log enable - set threshold 5000 - next - edit "sctp_dst_session" - set status enable - set log enable - set threshold 5000 - next - end - next - edit 2 - set interface "wan1" - set srcaddr "all" - set dstaddr "all" - set service "ALL" - config anomaly - edit "tcp_syn_flood" - set status enable - set log enable - set action block - set threshold 2000 - next - edit "tcp_port_scan" - set status enable - set log enable - set action block - set threshold 1000 - next - edit "tcp_src_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "tcp_dst_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "udp_flood" - set status enable - set log enable - set action block - set threshold 2000 - next - edit "udp_scan" - set status enable - set log enable - set action block - set threshold 2000 - next - edit "udp_src_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "udp_dst_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "icmp_flood" - set status enable - set log enable - set action block - set threshold 250 - next - edit "icmp_sweep" - set status enable - set log enable - set action block - set threshold 100 - next - edit "icmp_src_session" - set status enable - set log enable - set action block - set threshold 300 - next - edit "icmp_dst_session" - set status enable - set log enable - set action block - set threshold 1000 - next - edit "ip_src_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "ip_dst_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "sctp_flood" - set status enable - set log enable - set action block - set threshold 2000 - next - edit "sctp_scan" - set status enable - set log enable - set action block - set threshold 1000 - next - edit "sctp_src_session" - set status enable - set log enable - set action block - set threshold 5000 - next - edit "sctp_dst_session" - set status enable - set log enable - set action block - set threshold 5000 - next - end - next -end -config endpoint-control profile - edit "default" - config forticlient-winmac-settings - set forticlient-av enable - set av-realtime-protection enable - set forticlient-application-firewall enable - set forticlient-application-firewall-list "default" - set forticlient-log-upload disable - set forticlient-wf enable - set forticlient-wf-profile "default" - end - config forticlient-android-settings - end - config forticlient-ios-settings - end - next -end -config switch-controller switch-profile - edit "default" - next -end -config wireless-controller wids-profile - edit "default" - set comment "Default WIDS profile." - set ap-scan enable - set wireless-bridge enable - set deauth-broadcast enable - set null-ssid-probe-resp enable - set long-duration-attack enable - set invalid-mac-oui enable - set weak-wep-iv enable - set auth-frame-flood enable - set assoc-frame-flood enable - set spoofed-deauth enable - set asleap-attack enable - set eapol-start-flood enable - set eapol-logoff-flood enable - set eapol-succ-flood enable - set eapol-fail-flood enable - set eapol-pre-succ-flood enable - set eapol-pre-fail-flood enable - next - edit "default-wids-apscan-enabled" - set ap-scan enable - next -end -config wireless-controller wtp-profile - edit "FAP423E-default" - config platform - set type 423E - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAP421E-default" - config platform - set type 421E - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS423E-default" - config platform - set type S423E - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS422E-default" - config platform - set type S422E - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS421E-default" - config platform - set type S421E - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS323CR-default" - config platform - set type S323CR - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS322CR-default" - config platform - set type S322CR - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS321CR-default" - config platform - set type S321CR - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS313C-default" - config platform - set type S313C - end - set ap-country US - config radio-1 - set band 802.11ac - end - config radio-2 - set mode disabled - end - next - edit "FAPS311C-default" - config platform - set type S311C - end - set ap-country US - config radio-1 - set band 802.11ac - end - config radio-2 - set mode disabled - end - next - edit "FAPS323C-default" - config platform - set type S323C - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS322C-default" - config platform - set type S322C - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAPS321C-default" - config platform - set type S321C - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit "FAP321C-default" - config platform - set type 321C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11ac - set vap-all disable - end - next - edit "FAP223C-default" - config platform - set type 223C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11ac - set vap-all disable - end - next - edit "FAP112D-default" - config platform - set type 112D - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP24D-default" - config platform - set type 24D - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP21D-default" - config platform - set type 21D - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FK214B-default" - config platform - set type 214B - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP224D-default" - config platform - set type 224D - end - set ap-country US - config radio-1 - set band 802.11n-5G - set vap-all disable - end - config radio-2 - set band 802.11n - set vap-all disable - end - next - edit "FAP222C-default" - config platform - set type 222C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11ac - set vap-all disable - end - next - edit "FAP25D-default" - config platform - set type 25D - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP221C-default" - config platform - set type 221C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11ac - set vap-all disable - end - next - edit "FAP320C-default" - config platform - set type 320C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11ac - set vap-all disable - end - next - edit "FAP28C-default" - config platform - set type 28C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP223B-default" - config platform - set type 223B - end - set ap-country US - config radio-1 - set band 802.11n-5G - set vap-all disable - end - config radio-2 - set band 802.11n - set vap-all disable - end - next - edit "FAP14C-default" - config platform - set type 14C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP11C-default" - config platform - set type 11C - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP320B-default" - config platform - set type 320B - end - set ap-country US - config radio-1 - set band 802.11n-5G - set vap-all disable - end - config radio-2 - set band 802.11n - set vap-all disable - end - next - edit "FAP112B-default" - config platform - set type 112B - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP222B-default" - config platform - set type 222B - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set band 802.11n-5G - set vap-all disable - end - next - edit "FAP210B-default" - config platform - set type 210B - end - set ap-country US - config radio-1 - set band 802.11n - set vap-all disable - end - config radio-2 - set mode disabled - end - next - edit "FAP220B-default" - set ap-country US - config radio-1 - set band 802.11n-5G - set vap-all disable - end - config radio-2 - set band 802.11n - set vap-all disable - end - next - edit "AP-11N-default" - config platform - set type AP-11N - end - set ap-country US - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit "11n-only" - config platform - set type FWF - end - set ap-country US - config radio-1 - set band 802.11ac - end - config radio-2 - set mode disabled - end - next - edit "all-wifi-5ghz" - config platform - set type FWF - end - set ap-country US - config radio-1 - set band 802.11ac - set channel "36" "44" "149" "157" "165" - end - config radio-2 - set mode disabled - end - next - edit "2.4GHz-all" - config platform - set type FWF - end - set ap-country US - config radio-1 - set band 802.11n - set channel "1" "2" "3" "4" "5" "6" "7" "8" "9" "10" "11" - end - config radio-2 - set mode disabled - end - next -end -config wireless-controller wtp - edit "FWF60E-WIFI0" - set wtp-profile "2.4GHz-all" - config radio-1 - set override-channel enable - set channel "1" "2" "6" "10" "11" - end - next -end -config log memory setting - set status enable -end -config log null-device setting - set status disable -end -config log setting - set fwpolicy-implicit-log enable - set local-in-allow enable - set local-in-deny-unicast enable - set local-in-deny-broadcast enable - set local-out enable -end -config log gui-display - set fortiview-unscanned-apps enable - set fortiview-local-traffic enable -end -config alertemail setting - set username "fg60d@ff.cactus.de" - set mailto1 "tmp@cactus.de" - set IPS-logs enable - set IPsec-errors-logs enable - set sslvpn-authentication-errors-logs enable - set webfilter-logs enable - set violation-traffic-logs enable - set admin-login-logs enable - set FDS-license-expiring-warning enable -end -config router rip - config redistribute "connected" - end - config redistribute "static" - end - config redistribute "ospf" - end - config redistribute "bgp" - end - config redistribute "isis" - end -end -config router ripng - config redistribute "connected" - end - config redistribute "static" - end - config redistribute "ospf" - end - config redistribute "bgp" - end - config redistribute "isis" - end -end -config router static - edit 1 - set gateway 10.0.0.24 - set device "wan1" - next - edit 2 - set dst 10.0.0.36 255.255.255.255 - set gateway 10.0.0.18 - set device "internal" - next - edit 3 - set dst 10.0.0.53 255.255.255.255 - set gateway 10.0.0.52 - set device "internal" - set comment "wlan pi" - next - edit 4 - set dst 10.0.0.60 255.255.255.255 - set device "Cactus-DA" - set comment "VPN: Cactus-DA (Created by VPN wizard)" - next -end -config router ospf - config redistribute "connected" - end - config redistribute "static" - end - config redistribute "rip" - end - config redistribute "bgp" - end - config redistribute "isis" - end -end -config router ospf6 - config redistribute "connected" - end - config redistribute "static" - end - config redistribute "rip" - end - config redistribute "bgp" - end - config redistribute "isis" - end -end -config router bgp - config redistribute "connected" - end - config redistribute "rip" - end - config redistribute "ospf" - end - config redistribute "static" - end - config redistribute "isis" - end - config redistribute6 "connected" - end - config redistribute6 "rip" - end - config redistribute6 "ospf" - end - config redistribute6 "static" - end - config redistribute6 "isis" - end -end -config router isis - config redistribute "connected" - end - config redistribute "rip" - end - config redistribute "ospf" - end - config redistribute "bgp" - end - config redistribute "static" - end -end -config router multicast -end diff --git a/roles/sample-data/files/sample-configs/screenos_demo/ns_sys_config b/roles/sample-data/files/sample-configs/screenos_demo/ns_sys_config deleted file mode 100644 index 0a4cb0087..000000000 --- a/roles/sample-data/files/sample-configs/screenos_demo/ns_sys_config +++ /dev/null @@ -1,164 +0,0 @@ -set clock timezone 1 -set vrouter trust-vr sharable -unset vrouter "trust-vr" auto-route-export -set service "GRE" protocol 47 src-port 0-65535 dst-port 0-65535 -set service "PIM" protocol 103 src-port 0-65535 dst-port 0-65535 -set service "SQL*Net V1" timeout 480 -set service "SQL*Net V2" timeout 480 -set service "SSH" timeout 480 -set service "tcp" protocol tcp src-port 1-65535 dst-port 1-1023 timeout 480 -set service "TCP_10000" protocol tcp src-port 0-65535 dst-port 10000-10000 -set service "TELNET" timeout 480 -set service "UDP_520" protocol udp src-port 0-65535 dst-port 520-520 -set service "UDP_53" protocol udp src-port 0-65535 dst-port 53-53 -set service "UDP_ALL" protocol udp src-port 0-65535 dst-port 0-65535 -set service "group_of_svcs" protocol tcp src-port 0-65535 dst-port 12-12 -set service "group_of_svcs" + tcp src-port 0-65535 dst-port 15-15 -set auth-server "Local" id 0 -set auth-server "Local" server-name "Local" -set auth default auth server "Local" -set admin name "cactus" -set admin password "nJvMCvrRKkuJcGRFrsEPAQCttjDIMn" -set admin user "fwcp" password "nO9FCHr2ASPJcl+FgsJKTGDtyPFcPn" privilege "all" -set admin user "readonly" password "nO7dB9rQOh7JcRABQs0DBeFt3CCp2n" privilege "read-only" -set admin manager-ip 192.168.1.0 255.255.255.0 -set admin auth timeout 60 -set admin auth server "Local" -set admin format unix -set zone "Trust" vrouter "trust-vr" -set zone "Untrust" vrouter "untrust-vr" -set zone "DMZ" vrouter "trust-vr" -set zone "VLAN" vrouter "trust-vr" -set zone "Trust" tcp-rst -set zone "Untrust" block -unset zone "Untrust" tcp-rst -set zone "MGT" block -set zone "DMZ" tcp-rst -set zone "VLAN" block -set zone "VLAN" tcp-rst -set zone "Untrust" screen tear-drop -set zone "Untrust" screen syn-flood -set zone "Untrust" screen ping-death -set zone "Untrust" screen ip-filter-src -set zone "Untrust" screen land -set zone "V1-Untrust" screen tear-drop -set zone "V1-Untrust" screen syn-flood -set zone "V1-Untrust" screen ping-death -set zone "V1-Untrust" screen ip-filter-src -set zone "V1-Untrust" screen land -set interface ethernet1 phy half 100mb -set interface ethernet2 phy full 100mb -set interface ethernet3 phy full 100mb -set interface ethernet4 phy full 100mb -set interface "ethernet1" zone "Trust" -set interface "ethernet2" zone "DMZ" -set interface "ethernet3" zone "Untrust" -set interface "ethernet4" zone "Trust" -unset interface vlan1 ip -set interface ethernet1 ip 192.168.1.3/24 -set interface ethernet1 route -set interface ethernet1 mtu 1500 -set interface ethernet3 mtu 1500 -unset interface vlan1 bypass-others-ipsec -unset interface vlan1 bypass-non-ip -set interface ethernet1 manage-ip 192.168.1.6 -set interface ethernet1 ip manageable -set interface ethernet3 manage ping -unset flow tcp-syn-check -set console page 20 -set hostname screenos_demo -set address "Trust" "1.1.1.1/32" 1.1.1.1 255.255.255.255 -set address "Trust" "10.1.1.4/30" 10.1.1.4 255.255.255.252 -set address "Trust" "Trust_1.2.3.0-24" 1.2.3.0 255.255.255.0 -set address "Trust" "Trust_1.2.3.4_hugo" 1.2.3.4 255.255.255.255 -set address "Trust" "Trust_1.2.3.6" 1.2.3.6 255.255.255.255 -set address "Trust" "Trust_1.2.3.8" 1.2.3.8 255.255.255.255 -set address "Trust" "Trust_1.2.3.9" 1.2.3.9 255.255.255.255 -set address "Untrust" "212.1.1.0/24" 212.1.1.0 255.255.255.0 -set address "Untrust" "47.11.47.11/32" 47.11.47.11 255.255.255.255 -set address "Untrust" "27.11.47.11/32" 27.11.47.11 255.255.255.255 -set address "Untrust" "Untrust_9.8.8.0-24" 9.8.8.0 255.255.255.0 -set address "Global" "211.0.0.0/8" 211.0.0.0 255.0.0.0 -set address "DMZ" "222.4.4.4/32" 222.4.4.4 255.255.255.255 -set address "DMZ" "DMZ_222.1.0.0-16_Webserver_Farm" 222.1.0.0 255.255.0.0 -set user "tim" uid 1 -set user "tim" type auth -set user "tim" hash-password "02HD1uCmBKnju9gbb+LZQ5hrydbuBZdVaJv0k=" -set user "tim" "enable" -set user-group "testgroup1" id 1 -set user-group "testgroup1" user "tim" -set ike respond-bad-spi 1 -set pki authority default scep mode "auto" -set pki x509 default cert-path partial -set pki x509 dn state-name "Germany" -set pki x509 dn local-name "Hesse" -set pki x509 dn org-name "FischkoppAG" -set pki x509 dn org-unit-name "oe666" -set pki x509 dn name "firewall1" -set pki x509 dn phone "+494711-0" -set group address "Trust" "Trust_group_intern_all" -set group address "Trust" "Trust_group_intern_all" add "Trust_1.2.3.6" -set group address "Trust" "Trust_group_intern_all" add "Trust_1.2.3.8" -set group address "Trust" "Trust_group_intern_all" add "Trust_1.2.3.9" -set group service "new-group" -set group service "new-group" add "GRE" -set url protocol sc-cpa -exit -set policy id 2 name "Access to web server" from "Untrust" to "DMZ" "Any" "DMZ_222.1.0.0-16_Webserver_Farm" "HTTP" permit log -set policy id 2 -set service "HTTPS" -exit -set policy id 1 name "von innen nach aussen" from "Trust" to "Untrust" "Trust_group_intern_all" "Any" "DNS" permit log -set policy id 1 -set service "FTP" -set service "H.323" -set service "HTTP" -set service "HTTPS" -set service "ICMP-ANY" -exit -set policy id 3 name "intern zu den webservern" from "Trust" to "DMZ" "Trust_group_intern_all" "DMZ_222.1.0.0-16_Webserver_Farm" "FTP" permit log -set policy id 3 -set service "HTTP" -set service "HTTPS" -set service "ICMP-ANY" -exit -set policy id 4 name "Access to mail server" from "Untrust" to "DMZ" "27.11.47.11/32" "222.4.4.4/32" "SMTP" permit log -set policy id 5 name "sending mail from internal net" from "Trust" to "DMZ" "Trust_group_intern_all" "222.4.4.4/32" "SMTP" permit -set policy id 6 name "getting time" from "DMZ" to "Untrust" "Any" "Any" "NTP" permit -set policy id 7 from "Trust" to "Global" "Trust_group_intern_all" "Any" "GRE" permit log -set policy id 8 from "DMZ" to "Trust" "DMZ_222.1.0.0-16_Webserver_Farm" "10.1.1.4/30" "SQL*Net V2" permit log -set policy id 9 name "news feed" from "Trust" to "Untrust" "Trust_group_intern_all" "212.1.1.0/24" "NNTP" permit log -set policy id 10 name "cheffe" from "Trust" to "Untrust" "1.1.1.1/32" "47.11.47.11/32" "GNUTELLA" permit -set policy id 11 name "stealth" from "Untrust" to "Global" "Any" "211.0.0.0/8" "ANY" deny log -set nsmgmt report alarm traffic enable -set nsmgmt report alarm attack enable -set nsmgmt report alarm other enable -set nsmgmt report alarm di enable -set nsmgmt report log config enable -set nsmgmt report log info enable -set nsmgmt report log self enable -set nsmgmt report log traffic enable -set nsmgmt init id D617233021D082F8C9D3AE9CE43E29EAF684283A00 -set nsmgmt server primary 192.168.1.1 port 7800 -set nsmgmt bulkcli reboot-timeout 60 -set nsmgmt hb-interval 20 -set nsmgmt hb-threshold 5 -set nsmgmt enable -set ssh version v2 -set ssh enable -set ssh pka-dsa user-name fwcp pka-key-id F817A719179A3CCB0C68 -set scp enable -set config lock timeout 5 -set dl-buf size 4718592 -set snmp port listen 161 -set snmp port trap 162 -set vrouter "untrust-vr" -exit -set vrouter "trust-vr" -unset add-default-route -exit -set vrouter "untrust-vr" -exit -set vrouter "trust-vr" -exit - diff --git a/roles/sample-data/tasks/add_second_ldap_db.yml b/roles/sample-data/tasks/add_second_ldap_db.yml index 7383bb798..2d2aaab85 100644 --- a/roles/sample-data/tasks/add_second_ldap_db.yml +++ b/roles/sample-data/tasks/add_second_ldap_db.yml @@ -18,7 +18,7 @@ template: src: "{{ item }}" dest: "{{ middleware_ldif_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - force: yes + force: true with_fileglob: - ../templates/*.j2 @@ -33,4 +33,4 @@ - ext_roles - ext_add_user - become: yes \ No newline at end of file + become: true \ No newline at end of file diff --git a/roles/sample-data/tasks/create-demo-credentials.yml b/roles/sample-data/tasks/create-demo-credentials.yml new file mode 100644 index 000000000..11fb34f50 --- /dev/null +++ b/roles/sample-data/tasks/create-demo-credentials.yml @@ -0,0 +1,13 @@ +- name: insert demo import credentials + postgresql_query: + db: "{{ fworch_db_name }}" + query: > + DO $do$ BEGIN + IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='credential01_demo') THEN + insert into import_credential + (id,credential_name,username,secret,is_key_pair) + VALUES (0,'credential01_demo','{{ sample_config_user }}','dummy secret',false); + END IF; END $do$ + become: true + become_user: postgres + \ No newline at end of file diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml index ce8dac4c1..fe0aeb2f6 100644 --- a/roles/sample-data/tasks/create-devices.yml +++ b/roles/sample-data/tasks/create-devices.yml @@ -1,100 +1,93 @@ # this playbook sets up some sample devices with configs to play around with -- name: read ssh_priv_key into var - slurp: - src: "{{ sample_config_user_home }}/.ssh/id_rsa.{{ sample_config_user }}" - register: sample_ssh_priv_key_dict - become: yes - -- name: decode key - set_fact: - sample_ssh_priv_key: "{{ sample_ssh_priv_key_dict['content'] | b64decode }}" - - name: change importer hostname when it is localhost set_fact: importer_hostname: "{{ hostvars[inventory_hostname].ansible_hostname }}" when: importer_hostname == 'localhost' -- block: +- name: default credential id = -1 (test) + set_fact: + credential_id: -1 - - name: insert demo import credentials - postgresql_query: - db: "{{ fworch_db_name }}" - query: > - DO $do$ BEGIN - IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='credential01_demo') THEN - insert into import_credential - (id,credential_name,username,secret,is_key_pair) - VALUES (0,'credential01_demo','{{ sample_config_user }}','{{ sample_ssh_priv_key }}',true); - END IF; END $do$ +- name: set do_not_import + set_fact: + do_not_import: false + +- name: set do_not_import to false for all tests to prevent lock due to simultaneous import attempts + set_fact: + do_not_import: true + when: sample_role_purpose is match('test') + +- name: pick the correct credential id + set_fact: + credential_id: 0 + when: sample_role_purpose is not match('test') + +- block: # demo & test - - name: insert test fortinet management + - name: insert sample fortiOS management postgresql_query: db: "{{ fworch_db_name }}" query: > - DO $do$ BEGIN + DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_fortigate_name }}') THEN - insert into management - (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,config_path,importer_hostname) - VALUES (4,'{{ sample_fortigate_name }}',0,'{{ importer_hostname }}',false,'sample-configs/fortinet_demo/','{{ importer_hostname }}'); + insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) + VALUES (24,'{{ sample_fortigate_name }}',{{ credential_id }},'{{ demo_fos_uri }}',{{ do_not_import }},'{{ importer_hostname }}'); END IF; END $do$ - - name: insert test fortinet gateway + - name: insert sample fortiOS gateway postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN - IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}') THEN - insert into device (mgm_id,dev_name,local_rulebase_name,dev_typ_id) - VALUES ((select mgm_id from management where mgm_name='{{ sample_fortigate_name }}'),'{{ sample_fortigate_name }}','{{ sample_fortigate_name }}',10); + IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ sample_fortigate_name }}') THEN + insert into device (mgm_id,dev_name,local_rulebase_name,dev_typ_id) + VALUES ((select mgm_id from management where mgm_name='{{ sample_fortigate_name }}'),'{{ sample_fortigate_name }}','access_rules',25); END IF; END $do$ - - name: insert test check point R7x management + become: true + become_user: postgres + + +- block: # demo only + - name: insert demo check point R81 management {{ sample_checkpoint_name }} postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN - IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='checkpoint_demo') THEN - insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,config_path,importer_hostname) - VALUES (7,'checkpoint_demo',0,'{{ importer_hostname }}',false, 'sample-configs/checkpoint_demo/','{{ importer_hostname }}'); - END IF; END $do$ - when: sample_role_purpose is not match('test') + IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN + insert into management + (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) + VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ demo_cpr8x_uri }}',{{ do_not_import }},'{{ importer_hostname }}'); + END IF; + END $do$ - - name: insert test CPR7x gateway + - name: insert demo check point R81 gateway {{ sample_checkpoint_name }} postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN - IF NOT EXISTS (SELECT * FROM device WHERE dev_name='checkpoint_demo') THEN - insert into device (mgm_id,dev_name,local_rulebase_name,dev_typ_id) - VALUES ((select mgm_id from management where mgm_name='checkpoint_demo'),'checkpoint_demo','IsoAAAA',7); + IF NOT EXISTS (SELECT * FROM device WHERE dev_name='{{ demo_cpr8x_name }}') THEN + insert into device (mgm_id,dev_name,local_rulebase_name,dev_typ_id,package_name) + VALUES ((select mgm_id from management where mgm_name='{{ sample_checkpoint_name }}'),'{{ demo_cpr8x_name }}','AnonAAAB_Security_neu',9,'AnonAAAA_New'); END IF; END $do$ - when: sample_role_purpose is not match('test') - - name: insert dummy test import credentials - postgresql_query: - db: "{{ fworch_db_name }}" - query: > - DO $do$ BEGIN - IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='{{ test_credential_name }}') THEN - insert into import_credential - (id,credential_name,username,secret,is_key_pair) - VALUES (-1,'{{ test_credential_name }}','{{ sample_config_user }}','{{ sample_ssh_priv_key }}',true); - END IF; END $do$ - when: sample_role_purpose is match('test') + become: true + become_user: postgres + when: sample_role_purpose is not match('test') - - name: insert test check point R8x management +- block: # testing only + - name: insert test check point R8x management {{ sample_checkpoint_name }} postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) - VALUES (9,'{{ sample_checkpoint_name }}',-1,'{{ importer_hostname }}',false,'{{ importer_hostname }}'); + VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ sample_checkpoint_uri }}',{{ do_not_import }},'dummy importer hostname'); END IF; END $do$ - when: sample_role_purpose is match('test') - - name: insert test check point R8x gateway + - name: insert test check point R8x gateway {{ sample_checkpoint_name }} postgresql_query: db: "{{ fworch_db_name }}" query: > @@ -103,7 +96,7 @@ insert into device (mgm_id,dev_name,local_rulebase_name,dev_typ_id,package_name) VALUES ((select mgm_id from management where mgm_name='{{ sample_checkpoint_name }}'),'{{ sample_checkpoint_name }}','FirstLayer shared with inline layer',9,'TestPolicyWithLayers'); END IF; END $do$ - when: sample_role_purpose is match('test') - become: yes + become: true become_user: postgres + when: sample_role_purpose is match('test') diff --git a/roles/sample-data/tasks/create-test-credentials.yml b/roles/sample-data/tasks/create-test-credentials.yml new file mode 100644 index 000000000..f07fa59f7 --- /dev/null +++ b/roles/sample-data/tasks/create-test-credentials.yml @@ -0,0 +1,13 @@ +- name: insert dummy test import credentials + postgresql_query: + db: "{{ fworch_db_name }}" + query: > + DO $do$ BEGIN + IF NOT EXISTS (SELECT * FROM import_credential WHERE credential_name='{{ test_credential_name }}') THEN + insert into import_credential + (id,credential_name,username,secret,is_key_pair) + VALUES (-1,'{{ test_credential_name }}','{{ sample_config_user }}','dummy secret',true); + END IF; END $do$ + become: true + become_user: postgres + \ No newline at end of file diff --git a/roles/sample-data/tasks/main.yml b/roles/sample-data/tasks/main.yml index 4d9ca599f..baafdce9d 100644 --- a/roles/sample-data/tasks/main.yml +++ b/roles/sample-data/tasks/main.yml @@ -1,45 +1,17 @@ # this playbook sets up some sample devices with configs to play around with -- name: create import sample user and copy configs - include_tasks: setup-sample-import.yml - when: "installation_mode=='new' or sample_role_purpose is match('test')" +- name: create demo credentials + include_tasks: create-demo-credentials.yml + when: add_demo_data|bool and (installation_mode=='new' or sample_role_purpose is match('test')) -- name: install package postgresql-client for adding sample devices to db - package: - name: "{{ item }}" - state: present - loop: - - postgresql-client - - cron - become: yes - -- name: add localhost hostkey to known_hosts - known_hosts: - name: localhost - key: "{{ lookup('pipe', 'ssh-keyscan localhost') }}" - become: yes - become_user: "{{ fworch_user }}" +- name: create test credentials + include_tasks: create-test-credentials.yml + when: installation_mode=='new' or sample_role_purpose is match('test') - name: create sample devices in database include_tasks: create-devices.yml when: installation_mode=='new' or sample_role_purpose is match('test') -- name: scan and add ssh keys to known_hosts automatically to avoid ssh connections issues for sample imports - known_hosts: - name: "{{ item }}" - key: "{{ lookup('pipe', 'ssh-keyscan -H ' + item) }}" - become: yes - become_user: "{{ fworch_user }}" - loop: - - "127.0.0.1" - - "localhost" - - "{{ sample_hostname }}" - - "{{ importer_hostname }}" - -- name: establish cron job to simulate changes to configs (only demo and new installation) - include_tasks: setup-config-changes.yml - when: installation_mode=='new' and sample_role_purpose is not match('test') - - name: add second ldap database include_tasks: add_second_ldap_db.yml when: (second_ldap_db | bool) and (sample_role_purpose is not match('test')) diff --git a/roles/sample-data/tasks/setup-sample-import.yml b/roles/sample-data/tasks/setup-sample-import.yml index b005c99f4..ed6d47c0d 100644 --- a/roles/sample-data/tasks/setup-sample-import.yml +++ b/roles/sample-data/tasks/setup-sample-import.yml @@ -6,7 +6,7 @@ home: "{{ sample_config_user_home }}" shell: /bin/bash group: "{{ fworch_group }}" - generate_ssh_key: yes + generate_ssh_key: true ssh_key_bits: 4096 ssh_key_file: "{{ sample_config_user_home }}/.ssh/id_rsa.{{ sample_config_user }}" @@ -19,7 +19,7 @@ lineinfile: path: "{{ sample_config_user_home }}/.ssh/authorized_keys" line: "{{ user_pub_key['content'] | b64decode | trim }}" - create: yes + create: true state: present regex: "ansible-generated" @@ -46,5 +46,5 @@ owner: "{{ sample_config_user }}" group: "{{ fworch_group }}" - become: yes + become: true \ No newline at end of file diff --git a/roles/sample-data/tasks/setup-config-changes.yml b/roles/sample-data/tasks/unused_setup-config-changes.yml similarity index 99% rename from roles/sample-data/tasks/setup-config-changes.yml rename to roles/sample-data/tasks/unused_setup-config-changes.yml index 8eaa64e51..940558a1a 100644 --- a/roles/sample-data/tasks/setup-config-changes.yml +++ b/roles/sample-data/tasks/unused_setup-config-changes.yml @@ -39,4 +39,4 @@ cron_file: "{{ product_name }}_sample_data_enlarge_rule" when: "sample_data_rate != 'high'" - become: yes + become: true diff --git a/roles/test/files/FWO.Test/AesEncryptionTest.cs b/roles/test/files/FWO.Test/AesEncryptionTest.cs new file mode 100644 index 000000000..2cffd0874 --- /dev/null +++ b/roles/test/files/FWO.Test/AesEncryptionTest.cs @@ -0,0 +1,41 @@ +using FWO.Encryption; +using NUnit.Framework; +using NUnit.Framework.Legacy; +using System.Text; +using Assert = NUnit.Framework.Assert; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class AesDecryptTest + { + + private static readonly Random random = new Random(); + private const string printableChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"; + + public static string GenerateRandomString(int minLength, int maxLength) + { + int length = random.Next(minLength, maxLength + 1); + StringBuilder stringBuilder = new StringBuilder(length); + + for (int i = 0; i < length; i++) + { + char randomChar = printableChars[random.Next(printableChars.Length)]; + stringBuilder.Append(randomChar); + } + + return stringBuilder.ToString(); + } + [Test] + public void TestEncryptDecryptRandomData() + { + string tempKey = GenerateRandomString(32,32); + string randomPlaintext = GenerateRandomString(15, 100); + string encryptedString = AesEnc.Encrypt(randomPlaintext, tempKey); + string decryptedString = AesEnc.Decrypt(encryptedString, tempKey); + ClassicAssert.AreEqual(randomPlaintext, decryptedString); + } + + } +} diff --git a/roles/test/files/FWO.Test/ApiConfigTest.cs b/roles/test/files/FWO.Test/ApiConfigTest.cs index 2e95237e1..43507b385 100644 --- a/roles/test/files/FWO.Test/ApiConfigTest.cs +++ b/roles/test/files/FWO.Test/ApiConfigTest.cs @@ -1,6 +1,7 @@ using FWO.Api.Client; using FWO.Config.Api; using NUnit.Framework; +using NUnit.Framework.Legacy; using System; using System.Collections.Generic; using System.Linq; diff --git a/roles/test/files/FWO.Test/ApiTest.cs b/roles/test/files/FWO.Test/ApiTest.cs index 882358966..facadc1ff 100644 --- a/roles/test/files/FWO.Test/ApiTest.cs +++ b/roles/test/files/FWO.Test/ApiTest.cs @@ -2,6 +2,8 @@ using System.Threading.Tasks; using FWO.Api.Client; using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; using FWO.Api.Data; using FWO.Config.File; using FWO.Middleware.Client; @@ -12,6 +14,7 @@ namespace FWO.Test { [TestFixture] + [Parallelizable] public class ApiTest { ApiConnection apiConnection; @@ -62,7 +65,7 @@ public async Task QueryTestIpProto() // NetworkProtocol networkProtocol = new NetworkProtocol(); // networkProtocol = (await apiConnection.SendQueryAsync(query, new { }))[0]; - // Assert.AreEqual(networkProtocol.Name, "TCP", "wrong result of protocol API query"); + // ClassicAssert.AreEqual(networkProtocol.Name, "TCP", "wrong result of protocol API query"); } } } diff --git a/roles/test/files/FWO.Test/ConfigFileTest.cs b/roles/test/files/FWO.Test/ConfigFileTest.cs index fb4d0c412..fa80bf644 100644 --- a/roles/test/files/FWO.Test/ConfigFileTest.cs +++ b/roles/test/files/FWO.Test/ConfigFileTest.cs @@ -2,6 +2,7 @@ using FWO.Logging; using Microsoft.IdentityModel.Tokens; using NUnit.Framework; +using NUnit.Framework.Legacy; using System; using System.Collections.Generic; using System.Linq; @@ -13,6 +14,7 @@ namespace FWO.Test { [TestFixture] + [Parallelizable] internal class ConfigFileTest { private const string configFileTestPath = "config_file.test"; @@ -107,71 +109,77 @@ internal class ConfigFileTest [Test] public void CorrectConfigFile() { - CreateAndReadConfigFile(correctConfigFile); - Assert.AreEqual("http://127.0.0.3:8880/", ConfigFile.MiddlewareServerNativeUri); - Assert.AreEqual("http://127.0.0.1:8880/", ConfigFile.MiddlewareServerUri); - Assert.AreEqual("https://127.0.0.1:9443/api/v1/graphqlo/", ConfigFile.ApiServerUri); - Assert.AreEqual("500", ConfigFile.ProductVersion); + CreateAndReadConfigFile(0, correctConfigFile); + ClassicAssert.AreEqual("http://127.0.0.3:8880/", ConfigFile.MiddlewareServerNativeUri); + ClassicAssert.AreEqual("http://127.0.0.1:8880/", ConfigFile.MiddlewareServerUri); + ClassicAssert.AreEqual("https://127.0.0.1:9443/api/v1/graphqlo/", ConfigFile.ApiServerUri); + ClassicAssert.AreEqual("500", ConfigFile.ProductVersion); } [Test] public void IncorrectSyntaxConfigFile() { - Assert.Catch(typeof(TargetInvocationException), () => CreateAndReadConfigFile(incorrectSyntaxConfigFile)); + Assert.Catch(typeof(TargetInvocationException), () => CreateAndReadConfigFile(1, incorrectSyntaxConfigFile)); } [Test] public void MissingValueConfigFile() { - CreateAndReadConfigFile(missingValueConfigFile); - Assert.AreEqual("http://127.0.0.3:8880/", ConfigFile.MiddlewareServerNativeUri); + CreateAndReadConfigFile(2, missingValueConfigFile); + ClassicAssert.AreEqual("http://127.0.0.3:8880/", ConfigFile.MiddlewareServerNativeUri); Assert.Catch(typeof(ApplicationException), () => { var _ = ConfigFile.MiddlewareServerUri; }); Assert.Catch(typeof(ApplicationException), () => { var _ = ConfigFile.ApiServerUri; }); - Assert.AreEqual("500", ConfigFile.ProductVersion); + ClassicAssert.AreEqual("500", ConfigFile.ProductVersion); } [Test] public void CorrectPublicKey() { - CreateAndReadConfigFile(correctConfigFile, "", correctPublicKey); - Assert.AreEqual(KeyImporter.ExtractKeyFromPem(correctPublicKey, isPrivateKey: false)!.KeyId, ConfigFile.JwtPublicKey.KeyId); + CreateAndReadConfigFile(3, correctConfigFile, "", correctPublicKey); + ClassicAssert.AreEqual(KeyImporter.ExtractKeyFromPem(correctPublicKey, isPrivateKey: false)!.KeyId, ConfigFile.JwtPublicKey.KeyId); } [Test] public void CorrectPrivateKey() { - CreateAndReadConfigFile(correctConfigFile, correctPrivateKey, ""); - Assert.AreEqual(KeyImporter.ExtractKeyFromPem(correctPrivateKey, isPrivateKey: true)!.KeyId, ConfigFile.JwtPrivateKey.KeyId); + CreateAndReadConfigFile(4, correctConfigFile, correctPrivateKey, ""); + ClassicAssert.AreEqual(KeyImporter.ExtractKeyFromPem(correctPrivateKey, isPrivateKey: true)!.KeyId, ConfigFile.JwtPrivateKey.KeyId); } [Test] public void IncorrectPublicKey() { - CreateAndReadConfigFile(correctConfigFile, "", incorrectPublicKey); + CreateAndReadConfigFile(5, correctConfigFile, "", incorrectPublicKey); Assert.Catch(typeof(ApplicationException), () => { var _ = ConfigFile.JwtPublicKey; }); } [Test] public void IncorrectPrivateKey() { - CreateAndReadConfigFile(correctConfigFile, incorrectPrivateKey, ""); + CreateAndReadConfigFile(6, correctConfigFile, incorrectPrivateKey, ""); Assert.Catch(typeof(ApplicationException), () => { var _ = ConfigFile.JwtPrivateKey; }); } [OneTimeTearDown] public void OnFinish() { - File.Delete(configFileTestPath); - File.Delete(privateKeyTestPath); - File.Delete(publicKeyTestPath); + for (int uniqueId = 0; uniqueId < 7; uniqueId++) + { + File.Delete(configFileTestPath + uniqueId); + File.Delete(privateKeyTestPath + uniqueId); + File.Delete(publicKeyTestPath + uniqueId); + } } - private static void CreateAndReadConfigFile(string fileContent, string privateKey = "", string publicKey = "") + private static void CreateAndReadConfigFile(int uniqueId, string fileContent, string privateKey = "", string publicKey = "") { - File.WriteAllText(configFileTestPath, fileContent); - File.WriteAllText(privateKeyTestPath, privateKey); - File.WriteAllText(publicKeyTestPath, publicKey); - TestHelper.InvokeMethod("Read", new object[] { configFileTestPath, privateKeyTestPath, publicKeyTestPath }); + string uniqueConfigFilePath = configFileTestPath + uniqueId; + string uniquePrivateKeyTestPath = privateKeyTestPath + uniqueId; + string uniquepublicKeyTestPath = publicKeyTestPath + uniqueId; + File.WriteAllText(uniqueConfigFilePath, fileContent); + File.WriteAllText(uniquePrivateKeyTestPath, privateKey); + File.WriteAllText(uniquepublicKeyTestPath, publicKey); + TestHelper.InvokeMethod("Read", new object[] { uniqueConfigFilePath, uniquePrivateKeyTestPath, uniquepublicKeyTestPath }); } } } diff --git a/roles/test/files/FWO.Test/DisplayBaseTest.cs b/roles/test/files/FWO.Test/DisplayBaseTest.cs new file mode 100644 index 000000000..967c08ad5 --- /dev/null +++ b/roles/test/files/FWO.Test/DisplayBaseTest.cs @@ -0,0 +1,70 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class DisplayBaseTest + { + + static readonly string ip1 = "1.0.0.0"; + static readonly string ip2 = "1.0.0.0/32"; + static readonly string ip3 = "1.0.0.3/32"; + static readonly string ip4 = "1.0.1.3/32"; + static readonly string ip5 = "1.0.0.0/24"; + static readonly string ip6 = "1.0.0.0/31"; + static readonly string ip7 = "1.0.0.2/31"; + + static readonly string ip11 = ":a:"; + static readonly string ip12 = ":a:/128"; + static readonly string ip13 = ":a:/111"; + + static readonly NetworkService serv1 = new(){ Name = "Serv1", DestinationPort = 1000, Protocol = new(){ Name="TCP" }}; + static readonly NetworkService serv2 = new(){ Name = "Serv2", DestinationPort = 1000, DestinationPortEnd = 2000, Protocol = new(){ Name="UDP" }}; + static readonly NetworkService serv3 = new(){ Name = "Serv3", Protocol = new(){ Name="ESP" }}; + + [SetUp] + public void Initialize() + {} + + [Test] + public void TestGetNetmask() + { + ClassicAssert.AreEqual("", DisplayBase.GetNetmask(ip1)); + ClassicAssert.AreEqual("32", DisplayBase.GetNetmask(ip2)); + ClassicAssert.AreEqual("24", DisplayBase.GetNetmask(ip5)); + ClassicAssert.AreEqual("", DisplayBase.GetNetmask(ip11)); + ClassicAssert.AreEqual("111", DisplayBase.GetNetmask(ip13)); + } + + [Test] + public void TestAutoDetectType() + { + ClassicAssert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip1, ip1)); + ClassicAssert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip1, ip2)); + ClassicAssert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip2, ip3)); + ClassicAssert.AreEqual(ObjectType.IPRange, DisplayBase.AutoDetectType(ip2, ip4)); + ClassicAssert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip5, ip5)); + // ClassicAssert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip6, ip7)); // should detect this? + ClassicAssert.AreEqual(ObjectType.IPRange, DisplayBase.AutoDetectType(ip6, ip7)); + + ClassicAssert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip11, ip11)); + ClassicAssert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip11, ip12)); + ClassicAssert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip13, ip13)); + } + + [Test] + public void TestDisplayService() + { + ClassicAssert.AreEqual("Serv1 (1000/TCP)", DisplayBase.DisplayService(serv1, false).ToString()); + ClassicAssert.AreEqual("Serv2 (1000-2000/UDP)", DisplayBase.DisplayService(serv2, false).ToString()); + ClassicAssert.AreEqual("Serv3 (ESP)", DisplayBase.DisplayService(serv3, false).ToString()); + ClassicAssert.AreEqual("NewName (1000/TCP)", DisplayBase.DisplayService(serv1, false, "NewName").ToString()); + ClassicAssert.AreEqual("1000-2000/UDP", DisplayBase.DisplayService(serv2, true).ToString()); + ClassicAssert.AreEqual("ESP", DisplayBase.DisplayService(serv3, true).ToString()); + } + } +} diff --git a/roles/test/files/FWO.Test/DistNameTest.cs b/roles/test/files/FWO.Test/DistNameTest.cs new file mode 100644 index 000000000..51c718c39 --- /dev/null +++ b/roles/test/files/FWO.Test/DistNameTest.cs @@ -0,0 +1,51 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class DistNameTest + { + + static readonly DistName dn1 = new(""); + static readonly DistName dn2 = new("uid=intuser2,ou=users,ou=tenant2,dc=fworch,dc=internal"); + static readonly DistName dn3 = new("cn=usergroup3,ou=groups,dc=somewhere,dc=de"); + + [SetUp] + public void Initialize() + {} + + [Test] + public void TestDistName() + { + ClassicAssert.AreEqual("", dn1.UserName); + ClassicAssert.AreEqual("", dn1.Role); + ClassicAssert.AreEqual("", dn1.Group); + ClassicAssert.AreEqual(0, dn1.Root.Count); + ClassicAssert.AreEqual(0, dn1.Path.Count); + ClassicAssert.AreEqual("", dn1.GetTenantNameViaLdapTenantLevel()); + ClassicAssert.AreEqual(false, dn1.IsInternal()); + + ClassicAssert.AreEqual("intuser2", dn2.UserName); + ClassicAssert.AreEqual("", dn2.Role); + ClassicAssert.AreEqual("", dn2.Group); + ClassicAssert.AreEqual(2, dn2.Root.Count); + ClassicAssert.AreEqual(4, dn2.Path.Count); + ClassicAssert.AreEqual("tenant2", dn2.GetTenantNameViaLdapTenantLevel(3)); + ClassicAssert.AreEqual(true, dn2.IsInternal()); + + ClassicAssert.AreEqual("usergroup3", dn3.UserName); + ClassicAssert.AreEqual("usergroup3", dn3.Role); + ClassicAssert.AreEqual("usergroup3", dn3.Group); + ClassicAssert.AreEqual(2, dn3.Root.Count); + ClassicAssert.AreEqual("somewhere", dn3.Root[0]); + ClassicAssert.AreEqual(3, dn3.Path.Count); + ClassicAssert.AreEqual("groups", dn3.Path[0]); + ClassicAssert.AreEqual("", dn3.GetTenantNameViaLdapTenantLevel(0)); + ClassicAssert.AreEqual(false, dn3.IsInternal()); + } + } +} diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs new file mode 100644 index 000000000..fb55a0272 --- /dev/null +++ b/roles/test/files/FWO.Test/ExportTest.cs @@ -0,0 +1,1343 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.Logging; +using FWO.Report; +using FWO.Report.Filter; +using FWO.GlobalConstants; +using FWO.Api.Data; + + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class ExportTest + { + static NetworkObject TestIp1 = new NetworkObject(){ Id = 1, Name = "TestIp1", IP = "1.2.3.4/32", IpEnd = "1.2.3.4/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }}; + static NetworkObject TestIp2 = new NetworkObject(){ Id = 2, Name = "TestIp2", IP = "127.0.0.1/32", IpEnd = "127.0.0.1/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }}; + static NetworkObject TestIpRange = new NetworkObject(){ Id = 3, Name = "TestIpRange", IP = "1.2.3.4/32", IpEnd = "1.2.3.5/32", Type = new NetworkObjectType(){ Name = ObjectType.IPRange }}; + static NetworkObject TestIpNew = new NetworkObject(){ Id = 4, Name = "TestIpNew", IP = "10.0.6.0/32", IpEnd = "10.0.6.255/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }}; + static NetworkObject TestIp1Changed = new NetworkObject(){ Id = 5, Name = "TestIp1Changed", IP = "2.3.4.5/32", IpEnd = "2.3.4.5/32", Type = new NetworkObjectType(){ Name = ObjectType.Host }}; + + static NetworkService TestService1 = new NetworkService(){ Id = 1, DestinationPort = 443, DestinationPortEnd = 443, Name = "TestService1", Protocol = new NetworkProtocol { Name = "TCP" }}; + static NetworkService TestService2 = new NetworkService(){ Id = 2, DestinationPort = 6666, DestinationPortEnd = 7777, Name = "TestService2", Protocol = new NetworkProtocol { Name = "UDP" }}; + + static NetworkUser TestUser1 = new NetworkUser(){ Id = 1, Name = "TestUser1" }; + static NetworkUser TestUser2 = new NetworkUser(){ Id = 2, Name = "TestUser2", Type = new NetworkUserType() { Name = ObjectType.Group} }; + + static Rule Rule1 = new Rule(); + static Rule Rule1Changed = new Rule(); + static Rule Rule2 = new Rule(); + static Rule Rule2Changed = new Rule(); + static Rule NatRule = new Rule(); + static Rule RecertRule1 = new Rule(); + static Rule RecertRule2 = new Rule(); + + SimulatedUserConfig userConfig = new SimulatedUserConfig(); + DynGraphqlQuery query = new DynGraphqlQuery("TestFilter") + { + ReportTimeString = "2023-04-20T17:50:04", + QueryVariables = new Dictionary() + { + {"start","2023-04-19T17:00:04"}, + {"stop","2023-04-20T17:00:04"} + } + }; + + [SetUp] + public void Initialize() + { + } + + + [Test] + public void RulesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting rules report html generation"); + ReportRules reportRules = new (query, userConfig, ReportType.Rules) + { + ReportData = ConstructRuleReport(false) + }; + + string expectedHtmlResult = "Rules Report" + + "" + + "" + + "

    Rules Report

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    1TestRule1srczn TestIp1 (1.2.3.4/32)
     TestIp2 (127.0.0.1/32)    		dstzn TestIpRange (1.2.3.4-1.2.3.5) TestService1 (443/TCP)acceptnoneYuid1comment1
    2TestRule2not
     TestUser1@ TestIp1 (1.2.3.4/32)
     TestUser1@ TestIp2 (127.0.0.1/32)    		not
     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)    		not
     TestService2 (6666-7777/UDP)    		denynoneYuid2:123comment2
    " + + "

    Network Objects

    " + + "" + + "" + + "" + + "" + + "
    No.NameTypeIP AddressMembersUidComment
    1TestIp1Network1.2.3.4/32
    2TestIp2Network127.0.0.1/32
    3TestIpRangeIP Range1.2.3.4-1.2.3.5
    " + + "

    Network Services

    " + + "" + + "" + + "" + + "
    No.NameTypeProtocolPortMembersUidComment
    1TestService1TCP443
    2TestService2UDP6666-7777
    " + + "

    Users

    " + + "" + + "" + + "" + + "
    No.NameTypeMembersUidComment
    1TestUser1
    2TestUser2Group
    "; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true))); + } + + [Test] + public void ResolvedRulesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting rules report resolved html generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedHtmlResult = "Rules Report (resolved)" + + "" + + "" + + "

    Rules Report (resolved)

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    1TestRule1srcznTestIp1 (1.2.3.4/32)
    TestIp2 (127.0.0.1/32)    		dstznTestIpRange (1.2.3.4-1.2.3.5)TestService1 (443/TCP)acceptnoneYuid1comment1
    2TestRule2not
    TestUser1@TestIp1 (1.2.3.4/32)
    TestUser1@TestIp2 (127.0.0.1/32)    		not
    TestUser2@TestIpRange (1.2.3.4-1.2.3.5)    		not
    TestService2 (6666-7777/UDP)    		denynoneYuid2:123comment2
    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true))); + } + + [Test] + public void ResolvedRulesTechGenerateHtml() + { + Log.WriteInfo("Test Log", "starting rules report resolved html generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedHtmlResult = "Rules Report (technical)" + + "" + + "" + + "

    Rules Report (technical)

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.NameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    1TestRule1srczn1.2.3.4/32
    127.0.0.1/32    		dstzn1.2.3.4-1.2.3.5443/TCPacceptnoneYuid1comment1
    2TestRule2not
    TestUser1@1.2.3.4/32
    TestUser1@127.0.0.1/32    		not
    TestUser2@1.2.3.4-1.2.3.5    		not
    6666-7777/UDP    		denynoneYuid2:123comment2
    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true))); + } + + [Test] + public void UnusedRulesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting unused rules report html generation"); + ReportRules reportRules = new (query, userConfig, ReportType.UnusedRules) + { + ReportData = ConstructRuleReport(false) + }; + + string expectedHtmlResult = "Unused Rules Report" + + "" + + "" + + "

    Unused Rules Report

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.Last HitNameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    12022-04-19TestRule1srczn TestIp1 (1.2.3.4/32)
     TestIp2 (127.0.0.1/32)    		dstzn TestIpRange (1.2.3.4-1.2.3.5) TestService1 (443/TCP)acceptnoneYuid1comment1
    2TestRule2not
     TestUser1@ TestIp1 (1.2.3.4/32)
     TestUser1@ TestIp2 (127.0.0.1/32)    		not
     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)    		not
     TestService2 (6666-7777/UDP)    		denynoneYuid2:123comment2
    " + + "

    Network Objects

    " + + "" + + "" + + "" + + "" + + "
    No.NameTypeIP AddressMembersUidComment
    1TestIp1Network1.2.3.4/32
    2TestIp2Network127.0.0.1/32
    3TestIpRangeIP Range1.2.3.4-1.2.3.5
    " + + "

    Network Services

    " + + "" + + "" + + "" + + "
    No.NameTypeProtocolPortMembersUidComment
    1TestService1TCP443
    2TestService2UDP6666-7777
    " + + "

    Users

    " + + "" + + "" + + "" + + "
    No.NameTypeMembersUidComment
    1TestUser1
    2TestUser2Group
    "; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true))); + } + + [Test] + public void RecertReportGenerateHtml() + { + Log.WriteInfo("Test Log", "starting recert report html generation"); + ReportRules reportRecerts = new (query, userConfig, ReportType.Recertification) + { + ReportData = ConstructRecertReport() + }; + + string expectedHtmlResult = "Recertification Report" + + "" + + "" + + "

    Recertification Report

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + $"" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + $"" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.Next Recertification DateOwnerIP address matchLast HitNameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    1

    1. {DateOnly.FromDateTime(DateTime.Now.AddDays(5)).ToString("yyyy-MM-dd")}

    2. {DateOnly.FromDateTime(DateTime.Now.AddDays(-5)).ToString("yyyy-MM-dd")}

    1. TestOwner1

    2. TestOwner2

    1. TestIp1

    2. TestIp2

    		2022-04-19TestRule1srczn TestIp1 (1.2.3.4/32)
     TestIp2 (127.0.0.1/32)    		dstzn TestIpRange (1.2.3.4-1.2.3.5) TestService1 (443/TCP)acceptnoneYuid1comment1
    2

    {DateOnly.FromDateTime(DateTime.Now).ToString("yyyy-MM-dd")}

    TestOwner1

    TestIpRange

    		TestRule2not
     TestUser1@ TestIp1 (1.2.3.4/32)
     TestUser1@ TestIp2 (127.0.0.1/32)    		not
     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)    		not
     TestService2 (6666-7777/UDP)    		denynoneYuid2:123comment2
    " + + "

    Network Objects

    " + + "" + + "" + + "" + + "
    No.NameTypeIP AddressMembersUidComment
    1TestIp1Network1.2.3.4/32
    2TestIp2Network127.0.0.1/32
    3TestIpRangeIP Range1.2.3.4-1.2.3.5
    " + + "

    Network Services

    " + + "" + + "" + + "
    No.NameTypeProtocolPortMembersUidComment
    1TestService1TCP443
    2TestService2UDP6666-7777
    " + + "

    Users

    " + + "" + + "" + + "
    No.NameTypeMembersUidComment
    1TestUser1
    2TestUser2Group
    "; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRecerts.ExportToHtml(), true))); + } + + [Test] + public void NatRulesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting nat rules report html generation"); + ReportNatRules reportNatRules = new (query, userConfig, ReportType.NatRules) + { + ReportData = ConstructNatRuleReport() + }; + + string expectedHtmlResult = "NAT Rules Report" + + "" + + "" + + "

    NAT Rules Report

    " + + "

    Time of configuration: 2023-04-20T15:50:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    No.NameSource ZoneSourceDestination ZoneDestinationServicesTranslated SourceTranslated DestinationTranslated ServicesEnabledUidComment
    1TestRule1srczn TestIp1 (1.2.3.4/32)
     TestIp2 (127.0.0.1/32)    		dstzn TestIpRange (1.2.3.4-1.2.3.5) TestService1 (443/TCP) TestUser2@ TestIp1Changed (2.3.4.5)not
     TestIp1Changed (2.3.4.5)
     TestIpNew (10.0.6.0/24)    		 TestService1 (443/TCP)
     TestService2 (6666-7777/UDP)    		Yuid1comment1
    " + + "

    Network Objects

    " + + "" + + "" + + "" + + "" + + "" + + "
    No.NameTypeIP AddressMembersUidComment
    1TestIp1Network1.2.3.4/32
    2TestIp2Network127.0.0.1/32
    3TestIpRangeIP Range1.2.3.4-1.2.3.5
    4TestIpNewNetwork10.0.6.0/24
    5TestIp1ChangedHost2.3.4.5
    " + + "

    Network Services

    " + + "" + + "" + + "
    No.NameTypeProtocolPortMembersUidComment
    1TestService1TCP443
    2TestService2UDP6666-7777
    " + + "

    Users

    " + + "" + + "
    No.NameTypeMembersUidComment
    1TestUser2Group
    "; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportNatRules.ExportToHtml(), true))); + } + + [Test] + public void ChangesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting changes report html generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.Changes) + { + ReportData = ConstructChangeReport(false) + }; + + string expectedHtmlResult = "Changes Report" + + "" + + "" + + "

    Changes Report

    " + + "

    Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    Change TimeChange TypeNameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    05.04.2023 12:00:00Rule added

    TestRule1

    srczn

     TestIp1 (1.2.3.4/32)
     TestIp2 (127.0.0.1/32)

    dstzn

     TestIpRange (1.2.3.4-1.2.3.5)

     TestService1 (443/TCP)

    accept

    none

    Y

    uid1

    comment1

    05.04.2023 12:00:00Rule modifiedTestRule1srczn

     TestIp2 (127.0.0.1/32)

    " + + "deleted:

     TestIp1 (1.2.3.4/32)

    " + + "added:

     TestIp1Changed (2.3.4.5)

    		dstzn

     TestIpRange (1.2.3.4-1.2.3.5)

    " + + "added:

     TestIpNew (10.0.6.0/24)

    		deleted:

     TestService1 (443/TCP)

    " + + "added:

    not
     TestService1 (443/TCP)

    		acceptnoneYdeleted:

    uid1

    		deleted:

    comment1

    added:

    new comment

    05.04.2023 12:00:00Rule modifiedTestRule2not
     TestUser1@ TestIp1 (1.2.3.4/32)
    " + + " TestUser1@ TestIp2 (127.0.0.1/32)    		deleted:

    not
     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)

    " + + "added:

     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)

    		deleted:

    not
     TestService2 (6666-7777/UDP)

    " + + "added:

     TestService2 (6666-7777/UDP)

    		denynonedeleted:

    Y

    added:

    N

    		uid2:123comment2
    05.04.2023 12:00:00Rule deleted

    TestRule2

    not
     TestUser1@ TestIp1 (1.2.3.4/32)
    " + + " TestUser1@ TestIp2 (127.0.0.1/32)

    not
     TestUser2@ TestIpRange (1.2.3.4-1.2.3.5)

    not
     TestService2 (6666-7777/UDP)

    deny

    none

    Y

    uid2:123

    comment2

    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true))); + } + + [Test] + public void ResolvedChangesGenerateHtml() + { + Log.WriteInfo("Test Log", "starting changes report resolved html generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedHtmlResult = "Changes Report (resolved)" + + "" + + "" + + "

    Changes Report (resolved)

    " + + "

    Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    Change TimeChange TypeNameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    05.04.2023 12:00:00Rule added

    TestRule1

    srczn

    TestIp1 (1.2.3.4/32)
    TestIp2 (127.0.0.1/32)

    dstzn

    TestIpRange (1.2.3.4-1.2.3.5)

    TestService1 (443/TCP)

    accept

    none

    Y

    uid1

    comment1

    05.04.2023 12:00:00Rule modifiedTestRule1srczn

    TestIp2 (127.0.0.1/32)

    deleted:

    TestIp1 (1.2.3.4/32)

    " + + "added:

    TestIp1Changed (2.3.4.5)

    		dstzn

    TestIpRange (1.2.3.4-1.2.3.5)

    added:

    TestIpNew (10.0.6.0/24)

    		deleted:

    TestService1 (443/TCP)

    " + + "added:

    not
    TestService1 (443/TCP)

    		acceptnoneYdeleted:

    uid1

    		deleted:

    comment1

    added:

    new comment

    05.04.2023 12:00:00Rule modifiedTestRule2not
    TestUser1@TestIp1 (1.2.3.4/32)
    TestUser1@TestIp2 (127.0.0.1/32)    		deleted:

    not
    TestUser2@TestIpRange (1.2.3.4-1.2.3.5)

    added:

    TestUser2@TestIpRange (1.2.3.4-1.2.3.5)

    		deleted:

    not
    TestService2 (6666-7777/UDP)

    added:

    TestService2 (6666-7777/UDP)

    		denynonedeleted:

    Y

    added:

    N

    		uid2:123comment2
    05.04.2023 12:00:00Rule deleted

    TestRule2

    not
    TestUser1@TestIp1 (1.2.3.4/32)
    TestUser1@TestIp2 (127.0.0.1/32)

    not
    TestUser2@TestIpRange (1.2.3.4-1.2.3.5)

    not
    TestService2 (6666-7777/UDP)

    deny

    none

    Y

    uid2:123

    comment2

    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true))); + } + + [Test] + public void ResolvedChangesTechGenerateHtml() + { + Log.WriteInfo("Test Log", "starting changes report tech html generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedHtmlResult = "Changes Report (technical)" + + "" + + "" + + "

    Changes Report (technical)

    " + + "

    Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)

    " + + "

    Generated on: Z (UTC)

    " + + "

    Devices: TestMgt [TestDev]

    " + + "

    Filter: TestFilter

    " + + "

    TestMgt

    " + + "

    TestDev

    " + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "
    Change TimeChange TypeNameSource ZoneSourceDestination ZoneDestinationServicesActionTrackEnabledUidComment
    05.04.2023 12:00:00Rule added

    TestRule1

    srczn

    1.2.3.4/32
    127.0.0.1/32

    dstzn

    1.2.3.4-1.2.3.5

    443/TCP

    accept

    none

    Y

    uid1

    comment1

    05.04.2023 12:00:00Rule modifiedTestRule1srczn

    127.0.0.1/32

    " + + "deleted:

    1.2.3.4/32

    " + + "added:

    2.3.4.5

    		dstzn

    1.2.3.4-1.2.3.5

    added:

    10.0.6.0/24

    		deleted:

    443/TCP

    " + + "added:

    not
    443/TCP

    		acceptnoneYdeleted:

    uid1

    		deleted:

    comment1

    added:

    new comment

    05.04.2023 12:00:00Rule modifiedTestRule2not
    TestUser1@1.2.3.4/32
    TestUser1@127.0.0.1/32    		deleted:

    not
    TestUser2@1.2.3.4-1.2.3.5

    added:

    TestUser2@1.2.3.4-1.2.3.5

    		deleted:

    not
    6666-7777/UDP

    added:

    6666-7777/UDP

    		denynonedeleted:

    Y

    added:

    N

    		uid2:123comment2
    05.04.2023 12:00:00Rule deleted

    TestRule2

    not
    TestUser1@1.2.3.4/32
    TestUser1@127.0.0.1/32

    not
    TestUser2@1.2.3.4-1.2.3.5

    not
    6666-7777/UDP

    deny

    none

    Y

    uid2:123

    comment2

    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true))); + } + + [Test] + public void ConnectionsGenerateHtml() + { + Log.WriteInfo("Test Log", "starting connection report html generation"); + ReportConnections reportConnections = new (query, userConfig, ReportType.Connections) + { + ReportData = ConstructConnectionReport(false) + }; + + string expectedHtmlResult = "Connections Report" + + "" + + "" + + "

    Connections Report

    " + + "

    Generated on: Z (UTC)

    " + + "

    Owners: TestOwner

    " + + "

    Filter: TestFilter

    " + + "

    TestOwner

    " + + "

    Connections

    " + + "" + + "" + + "" + + "" + + "
    No.IdNameFunctional ReasonSourceServicesDestination
    1101Conn1 AppServer1 (1.0.0.0) ServiceGroup1
    " + + " Service1 (1234/TCP)    		 AppRole1 ()
    " + + "

    Interfaces

    " + + "" + + "" + + "" + + "
    No.IdPublishedNameInterface DescriptionSourceServicesDestination
    1102Inter2 
    " + + " Service2 (2345/UDP)    		  ()
    " + + " AppServer2 (2.0.0.0)
    " + + "

    Own Common Services

    " + + "" + + "" + + "" + + "" + + "
    No.IdNameFunctional ReasonSourceServicesDestination
    1103ComSvc3 AppServer1 (1.0.0.0) 
    " + + " Service2 (2345/UDP)    		 AppServer2 (2.0.0.0)
    " + + + "

    Network Objects

    " + + "" + + "" + + "" + + "" + + "" + + "
    No.IdNameIpMembers
    121AppRole1AppServer1
    211AppServer11.0.0.0
    30
    412AppServer22.0.0.0
    " + + "

    Network Services

    " + + "" + + "" + + "" + + "" + + "" + + "
    No.IdNameProtocolPortMembers
    141ServiceGroup1Service1
    231Service1TCP1234
    30
    432Service2UDP2345
    " + + + "

    Global Common Services

    " + + "" + + "" + + "" + + "" + + "
    No.IdOwnerNameFunctional ReasonSourceServicesDestination
    1103App1ComSvc3AppServer1 (1.0.0.0)
    " + + "Service2 (2345/UDP)    		AppServer2 (2.0.0.0)
    " + + ""; + ClassicAssert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportConnections.ExportToHtml(), true))); + } + + [Test] + public void ResolvedRulesGenerateCsv() + { + Log.WriteInfo("Test Log", "starting rules report resolved csv generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedCsvResult = "# report type: Rules Report (resolved)" + + "# report generation date: Z (UTC)" + + "# date of configuration shown: 2023-04-20T15:50:04Z (UTC)" + + "# device filter: TestMgt [TestDev]" + + "# other filters: TestFilter" + + "# report generator: Firewall Orchestrator - https://fwo.cactus.de/en" + + "# data protection level: For internal use only#" + + "\"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"" + + "\"TestMgt\",\"TestDev\",\"1\",\"TestRule1\",\"srczn\",\"TestIp1 (1.2.3.4/32),TestIp2 (127.0.0.1/32)\",\"dstzn\",\"TestIpRange (1.2.3.4-1.2.3.5)\",\"TestService1 (443/TCP)\",\"accept\",\"none\",\"enabled\",\"uid1\",\"comment1\"" + + "\"TestMgt\",\"TestDev\",\"2\",\"TestRule2\",\"\",\"not(TestUser1@TestIp1 (1.2.3.4/32),TestUser1@TestIp2 (127.0.0.1/32))\",\"\",\"not(TestUser2@TestIpRange (1.2.3.4-1.2.3.5))\",\"not(TestService2 (6666-7777/UDP))\",\"deny\",\"none\",\"enabled\",\"uid2:123\",\"comment2\""; + ClassicAssert.AreEqual(expectedCsvResult, removeLinebreaks(removeGenDate(reportRules.ExportToCsv()))); + } + + [Test] + public void ResolvedRulesTechGenerateCsv() + { + Log.WriteInfo("Test Log", "starting rules report tech csv generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedCsvResult = "# report type: Rules Report (technical)" + + "# report generation date: Z (UTC)" + + "# date of configuration shown: 2023-04-20T15:50:04Z (UTC)" + + "# device filter: TestMgt [TestDev]" + + "# other filters: TestFilter" + + "# report generator: Firewall Orchestrator - https://fwo.cactus.de/en" + + "# data protection level: For internal use only#" + + "\"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"" + + "\"TestMgt\",\"TestDev\",\"1\",\"TestRule1\",\"srczn\",\"1.2.3.4/32,127.0.0.1/32\",\"dstzn\",\"1.2.3.4-1.2.3.5\",\"443/TCP\",\"accept\",\"none\",\"enabled\",\"uid1\",\"comment1\"" + + "\"TestMgt\",\"TestDev\",\"2\",\"TestRule2\",\"\",\"not(TestUser1@1.2.3.4/32,TestUser1@127.0.0.1/32)\",\"\",\"not(TestUser2@1.2.3.4-1.2.3.5)\",\"not(6666-7777/UDP)\",\"deny\",\"none\",\"enabled\",\"uid2:123\",\"comment2\""; + ClassicAssert.AreEqual(expectedCsvResult, removeLinebreaks(removeGenDate(reportRules.ExportToCsv()))); + } + + [Test] + public void ResolvedChangesGenerateCsv() + { + Log.WriteInfo("Test Log", "starting changes report resolved csv generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedCsvResult = "# report type: Changes Report (resolved)" + + "# report generation date: Z (UTC)" + + "# device filter: TestMgt [TestDev]" + + "# other filters: TestFilter" + + "# report generator: Firewall Orchestrator - https://fwo.cactus.de/en" + + "# data protection level: For internal use only#" + + "\"management-name\",\"device-name\",\"change-time\",\"change-type\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule added\",\"TestRule1\",\"srczn\",\"TestIp1 (1.2.3.4/32),TestIp2 (127.0.0.1/32)\"," + + "\"dstzn\",\"TestIpRange (1.2.3.4-1.2.3.5)\",\"TestService1 (443/TCP)\",\"accept\",\"none\",\"enabled\",\"uid1\",\"comment1\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule modified\",\"TestRule1\",\"srczn\",\"TestIp2 (127.0.0.1/32) deleted: TestIp1 (1.2.3.4/32) added: TestIp1Changed (2.3.4.5)\"," + + "\"dstzn\",\"TestIpRange (1.2.3.4-1.2.3.5) added: TestIpNew (10.0.6.0/24)\"," + + "\" deleted: TestService1 (443/TCP) added: not(TestService1 (443/TCP))\",\"accept\",\"none\",\"enabled\",\" deleted: uid1\",\" deleted: comment1 added: new comment\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule modified\",\"TestRule2\",\"\",\"not(TestUser1@TestIp1 (1.2.3.4/32),TestUser1@TestIp2 (127.0.0.1/32))\"," + + "\"\",\" deleted: not(TestUser2@TestIpRange (1.2.3.4-1.2.3.5)) added: TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"," + + "\" deleted: not(TestService2 (6666-7777/UDP)) added: TestService2 (6666-7777/UDP)\",\"deny\",\"none\",\" deleted: enabled added: disabled\",\"uid2:123\",\"comment2\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule deleted\",\"TestRule2\",\"\",\"not(TestUser1@TestIp1 (1.2.3.4/32),TestUser1@TestIp2 (127.0.0.1/32))\"," + + "\"\",\"not(TestUser2@TestIpRange (1.2.3.4-1.2.3.5))\",\"not(TestService2 (6666-7777/UDP))\",\"deny\",\"none\",\"enabled\",\"uid2:123\",\"comment2\""; + ClassicAssert.AreEqual(expectedCsvResult, removeLinebreaks(removeGenDate(reportChanges.ExportToCsv()))); + } + + [Test] + public void ResolvedChangesTechGenerateCsv() + { + Log.WriteInfo("Test Log", "starting changes report tech csv generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedCsvResult = "# report type: Changes Report (technical)" + + "# report generation date: Z (UTC)" + + "# device filter: TestMgt [TestDev]" + + "# other filters: TestFilter" + + "# report generator: Firewall Orchestrator - https://fwo.cactus.de/en" + + "# data protection level: For internal use only#" + + "\"management-name\",\"device-name\",\"change-time\",\"change-type\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule added\",\"TestRule1\",\"srczn\",\"1.2.3.4/32,127.0.0.1/32\",\"dstzn\",\"1.2.3.4-1.2.3.5\",\"443/TCP\",\"accept\",\"none\",\"enabled\",\"uid1\",\"comment1\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule modified\",\"TestRule1\",\"srczn\",\"127.0.0.1/32 deleted: 1.2.3.4/32 added: 2.3.4.5\",\"dstzn\",\"1.2.3.4-1.2.3.5 added: 10.0.6.0/24\",\" deleted: 443/TCP added: not(443/TCP)\",\"accept\",\"none\",\"enabled\",\" deleted: uid1\",\" deleted: comment1 added: new comment\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule modified\",\"TestRule2\",\"\",\"not(TestUser1@1.2.3.4/32,TestUser1@127.0.0.1/32)\",\"\",\" deleted: not(TestUser2@1.2.3.4-1.2.3.5) added: TestUser2@1.2.3.4-1.2.3.5\",\" deleted: not(6666-7777/UDP) added: 6666-7777/UDP\",\"deny\",\"none\",\" deleted: enabled added: disabled\",\"uid2:123\",\"comment2\"" + + "\"TestMgt\",\"TestDev\",\"05.04.2023 12:00:00\",\"Rule deleted\",\"TestRule2\",\"\",\"not(TestUser1@1.2.3.4/32,TestUser1@127.0.0.1/32)\",\"\",\"not(TestUser2@1.2.3.4-1.2.3.5)\",\"not(6666-7777/UDP)\",\"deny\",\"none\",\"enabled\",\"uid2:123\",\"comment2\""; + ClassicAssert.AreEqual(expectedCsvResult, removeLinebreaks(removeGenDate(reportChanges.ExportToCsv()))); + } + + + [Test] + public void RulesGenerateJson() + { + Log.WriteInfo("Test Log", "starting rules report json generation"); + ReportRules reportRules = new (query, userConfig, ReportType.Rules) + { + ReportData = ConstructRuleReport(false) + }; + + string expectedJsonResult = + "[{\"id\": 0,\"name\": \"TestMgt\"," + + "\"devices\": [{\"id\": 0,\"name\": \"TestDev\"," + + "\"rules\": [{\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0," + + "\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," + + "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + + "{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"}," + + "\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"}," + + "{\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," + + "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + + "{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," + + "\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," + + "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," + + "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," + + "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," + + "\"reportServiceObjects\": [{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," + + "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}," + + "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," + + "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}]," + + "\"reportUserObjects\": [{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," + + "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," + + "\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + + "\"Ignore\": false}]"; + // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportRules.ExportToJson(), true, true)))); + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true))); + } + + [Test] + public void ResolvedRulesGenerateJson() + { + Log.WriteInfo("Test Log", "starting resolved rules report json generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedJsonResult = + "{\"report type\": \"Rules Report (resolved)\",\"report generation date\": \"Z (UTC)\"," + + "\"date of configuration shown\": \"2023-04-20T15:50:04Z (UTC)\",\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\"," + + "\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," + + "\"managements\": [{\"TestMgt\": {\"gateways\": [{\"TestDev\": {" + + "\"rules\": [{\"number\": 1,\"name\": \"TestRule1\",\"source zone\": \"srczn\",\"source negated\": false," + + "\"source\": [\"TestIp1 (1.2.3.4/32)\",\"TestIp2 (127.0.0.1/32)\"],\"destination zone\": \"dstzn\",\"destination negated\": false," + + "\"destination\": [\"TestIpRange (1.2.3.4-1.2.3.5)\"],\"service negated\": false," + + "\"service\": [\"TestService1 (443/TCP)\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid1\",\"comment\": \"comment1\"}," + + "{\"number\": 2,\"name\": \"TestRule2\",\"source zone\": \"\",\"source negated\": true," + + "\"source\": [\"TestUser1@TestIp1 (1.2.3.4/32)\",\"TestUser1@TestIp2 (127.0.0.1/32)\"],\"destination zone\": \"\",\"destination negated\": true," + + "\"destination\": [\"TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"],\"service negated\": true," + + "\"service\": [\"TestService2 (6666-7777/UDP)\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}"; + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true))); + } + + [Test] + public void ResolvedRulesTechGenerateJson() + { + Log.WriteInfo("Test Log", "starting resolved rules report tech json generation"); + ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech) + { + ReportData = ConstructRuleReport(true) + }; + + string expectedJsonResult = + "{\"report type\": \"Rules Report (technical)\",\"report generation date\": \"Z (UTC)\"," + + "\"date of configuration shown\": \"2023-04-20T15:50:04Z (UTC)\"," + + "\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\"," + + "\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," + + "\"managements\": [{\"TestMgt\": {\"gateways\": [{\"TestDev\": {" + + "\"rules\": [{\"number\": 1,\"name\": \"TestRule1\",\"source zone\": \"srczn\",\"source negated\": false," + + "\"source\": [\"1.2.3.4/32\",\"127.0.0.1/32\"],\"destination zone\": \"dstzn\",\"destination negated\": false," + + "\"destination\": [\"1.2.3.4-1.2.3.5\"],\"service negated\": false," + + "\"service\": [\"443/TCP\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid1\",\"comment\": \"comment1\"}," + + "{\"number\": 2,\"name\": \"TestRule2\",\"source zone\": \"\",\"source negated\": true," + + "\"source\": [\"TestUser1@1.2.3.4/32\",\"TestUser1@127.0.0.1/32\"],\"destination zone\": \"\"," + + "\"destination negated\": true,\"destination\": [\"TestUser2@1.2.3.4-1.2.3.5\"],\"service negated\": true," + + "\"service\": [\"6666-7777/UDP\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}"; + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true))); + } + + [Test] + public void ChangesGenerateJson() + { + Log.WriteInfo("Test Log", "starting changes report json generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.Changes) + { + ReportData = ConstructChangeReport(false) + }; + + string expectedJsonResult = + "[{\"id\": 0,\"name\": \"TestMgt\"," + + "\"devices\": [{\"id\": 0,\"name\": \"TestDev\"," + + "\"rules\": null," + + "\"changelog_rules\": [{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"I\"," + + "\"old\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," + + "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}," + + "{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," + + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"new comment\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"},\"rule_froms\": [{\"object\": {\"obj_id\": 5,\"obj_name\": \"TestIp1Changed\",\"obj_ip\": \"2.3.4.5/32\",\"obj_ip_end\": \"2.3.4.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"host\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"dstzn\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 4,\"obj_name\": \"TestIpNew\",\"obj_ip\": \"10.0.6.0/32\",\"obj_ip_end\": \"10.0.6.255/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," + + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": true," + + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," + + "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"D\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," + + "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," + + "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," + + "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_dst_neg\": true,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [{\"object\": {\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," + + "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," + + "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," + + "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," + + "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," + + "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," + + "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," + + "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," + + "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," + + "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," + + "\"Ignore\": false}]"; + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true))); + } + + [Test] + public void ResolvedChangesGenerateJson() + { + Log.WriteInfo("Test Log", "starting resolved changes report json generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedJsonResult = + "{\"report type\": \"Changes Report (resolved)\",\"report generation date\": \"Z (UTC)\",\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\",\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," + + "\"managements\": [{\"TestMgt\": {\"gateways\": [{\"TestDev\": {\"rule changes\": [" + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule added\",\"name\": \"TestRule1\"," + + "\"source zone\": \"srczn\",\"source negated\": false,\"source\": [\"TestIp1 (1.2.3.4/32)\",\"TestIp2 (127.0.0.1/32)\"]," + + "\"destination zone\": \"dstzn\",\"destination negated\": false,\"destination\": [\"TestIpRange (1.2.3.4-1.2.3.5)\"]," + + "\"service negated\": false,\"service\": [\"TestService1 (443/TCP)\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid1\",\"comment\": \"comment1\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule modified\",\"name\": \"TestRule1\"," + + "\"source zone\": \"srczn\",\"source negated\": false,\"source\": [\"TestIp2 (127.0.0.1/32)\",\"deleted: TestIp1 (1.2.3.4/32)\",\"added: TestIp1Changed (2.3.4.5)\"]," + + "\"destination zone\": \"dstzn\",\"destination negated\": false,\"destination\": [\"TestIpRange (1.2.3.4-1.2.3.5)\",\"added: TestIpNew (10.0.6.0/24)\"]," + + "\"service negated\": \"deleted: false, added: true\",\"service\": [\"TestService1 (443/TCP)\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"deleted: uid1\",\"comment\": \"deleted: comment1, added: new comment\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule modified\",\"name\": \"TestRule2\"," + + "\"source zone\": \"\",\"source negated\": true,\"source\": [\"TestUser1@TestIp1 (1.2.3.4/32)\",\"TestUser1@TestIp2 (127.0.0.1/32)\"]," + + "\"destination zone\": \"\",\"destination negated\": \"deleted: true, added: false\",\"destination\": [\"TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"]," + + "\"service negated\": \"deleted: true, added: false\",\"service\": [\"TestService2 (6666-7777/UDP)\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": \"deleted: false, added: true\",\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule deleted\",\"name\": \"TestRule2\"," + + "\"source zone\": \"\",\"source negated\": true,\"source\": [\"TestUser1@TestIp1 (1.2.3.4/32)\",\"TestUser1@TestIp2 (127.0.0.1/32)\"]," + + "\"destination zone\": \"\",\"destination negated\": true,\"destination\": [\"TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"]," + + "\"service negated\": true,\"service\": [\"TestService2 (6666-7777/UDP)\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}"; + // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true)))); + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true))); + } + + [Test] + public void ResolvedChangesTechGenerateJson() + { + Log.WriteInfo("Test Log", "starting resolved changes report json generation"); + ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech) + { + ReportData = ConstructChangeReport(true) + }; + + string expectedJsonResult = + "{\"report type\": \"Changes Report (technical)\",\"report generation date\": \"Z (UTC)\",\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\",\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," + + "\"managements\": [{\"TestMgt\": {\"gateways\": [{\"TestDev\": {\"rule changes\": [" + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule added\",\"name\": \"TestRule1\"," + + "\"source zone\": \"srczn\",\"source negated\": false,\"source\": [\"1.2.3.4/32\",\"127.0.0.1/32\"]," + + "\"destination zone\": \"dstzn\",\"destination negated\": false,\"destination\": [\"1.2.3.4-1.2.3.5\"]," + + "\"service negated\": false,\"service\": [\"443/TCP\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid1\",\"comment\": \"comment1\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule modified\",\"name\": \"TestRule1\"," + + "\"source zone\": \"srczn\",\"source negated\": false,\"source\": [\"127.0.0.1/32\",\"deleted: 1.2.3.4/32\",\"added: 2.3.4.5\"]," + + "\"destination zone\": \"dstzn\",\"destination negated\": false,\"destination\": [\"1.2.3.4-1.2.3.5\",\"added: 10.0.6.0/24\"]," + + "\"service negated\": \"deleted: false, added: true\",\"service\": [\"443/TCP\"],\"action\": \"accept\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"deleted: uid1\",\"comment\": \"deleted: comment1, added: new comment\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule modified\",\"name\": \"TestRule2\"," + + "\"source zone\": \"\",\"source negated\": true,\"source\": [\"TestUser1@1.2.3.4/32\",\"TestUser1@127.0.0.1/32\"]," + + "\"destination zone\": \"\",\"destination negated\": \"deleted: true, added: false\",\"destination\": [\"TestUser2@1.2.3.4-1.2.3.5\"]," + + "\"service negated\": \"deleted: true, added: false\",\"service\": [\"6666-7777/UDP\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": \"deleted: false, added: true\",\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}," + + "{\"change time\": \"05.04.2023 12:00:00\",\"change action\": \"Rule deleted\",\"name\": \"TestRule2\"," + + "\"source zone\": \"\",\"source negated\": true,\"source\": [\"TestUser1@1.2.3.4/32\",\"TestUser1@127.0.0.1/32\"]," + + "\"destination zone\": \"\",\"destination negated\": true,\"destination\": [\"TestUser2@1.2.3.4-1.2.3.5\"]," + + "\"service negated\": true,\"service\": [\"6666-7777/UDP\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}"; + ClassicAssert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true))); + } + + + private NetworkLocation[] InitFroms(bool resolved, bool user = false) + { + if(resolved) + { + return new NetworkLocation[]{ new NetworkLocation(user ? TestUser1 : new NetworkUser(), new NetworkObject(){ ObjectGroupFlats = new GroupFlat[] + { + new GroupFlat(){ Object = TestIp1 }, + new GroupFlat(){ Object = TestIp2 } + }})}; + } + else + { + return new NetworkLocation[] + { + new NetworkLocation(user ? TestUser1 : new NetworkUser(), TestIp1), + new NetworkLocation(user ? TestUser1 : new NetworkUser(), TestIp2) + }; + } + } + + private NetworkLocation[] InitTos(bool resolved, bool user = false) + { + if(resolved) + { + return new NetworkLocation[]{ new NetworkLocation(user ? TestUser2 : new NetworkUser(), new NetworkObject(){ ObjectGroupFlats = new GroupFlat[] + { + new GroupFlat(){ Object = TestIpRange } + }})}; + } + else + { + return new NetworkLocation[] + { + new NetworkLocation(user ? TestUser2 : new NetworkUser(), TestIpRange), + }; + } + } + + private ServiceWrapper[] InitServices(NetworkService service, bool resolved) + { + if(resolved) + { + return new ServiceWrapper[]{new ServiceWrapper(){ Content = new NetworkService(){ServiceGroupFlats = new GroupFlat[] + { + new GroupFlat(){ Object = service } + }}}}; + } + else + { + return new ServiceWrapper[] + { + new ServiceWrapper(){ Content = service }, + }; + } + } + + private Rule InitRule1(bool resolved) + { + return new Rule() + { + Name = "TestRule1", + Action = "accept", + Comment = "comment1", + Disabled = false, + DisplayOrderNumber = 1, + Track = "none", + Uid = "uid1", + SourceZone = new NetworkZone(){ Name = "srczn" }, + SourceNegated = false, + Froms = InitFroms(resolved), + DestinationZone = new NetworkZone(){ Name = "dstzn" }, + DestinationNegated = false, + Tos = InitTos(resolved), + ServiceNegated = false, + Services = InitServices(TestService1, resolved), + Metadata = new RuleMetadata(){ LastHit = new DateTime(2022,04,19) } + }; + } + + private Rule InitRule2(bool resolved) + { + return new Rule() + { + Name = "TestRule2", + Action = "deny", + Comment = "comment2", + Disabled = false, + DisplayOrderNumber = 2, + Track = "none", + Uid = "uid2:123", + SourceNegated = true, + Froms = InitFroms(resolved, true), + DestinationNegated = true, + Tos = InitTos(resolved, true), + ServiceNegated = true, + Services = InitServices(TestService2, resolved) + }; + } + + private ReportData ConstructRuleReport(bool resolved) + { + Rule1 = InitRule1(resolved); + Rule2 = InitRule2(resolved); + return new ReportData() + { + ManagementData = new List() + { + new () + { + Name = "TestMgt", + ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange }, + ReportServices = new NetworkService[]{ TestService1, TestService2 }, + ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 }, + Devices = new DeviceReport[] + { + new () + { + Name = "TestDev", + Rules = new Rule[]{ Rule1, Rule2 } + } + } + } + } + }; + } + + private ReportData ConstructRecertReport() + { + RecertRule1 = InitRule1(false); + RecertRule1.Metadata.RuleRecertification = new List() + { + new () + { + NextRecertDate = DateTime.Now.AddDays(5), + FwoOwner = new FwoOwner(){ Name = "TestOwner1" }, + IpMatch = TestIp1.Name + }, + new () + { + NextRecertDate = DateTime.Now.AddDays(-5), + FwoOwner = new FwoOwner(){ Name = "TestOwner2" }, + IpMatch = TestIp2.Name + } + }; + RecertRule2 = InitRule2(false); + RecertRule2.Metadata.RuleRecertification = new List() + { + new () + { + NextRecertDate = DateTime.Now, + FwoOwner = new FwoOwner(){ Name = "TestOwner1" }, + IpMatch = TestIpRange.Name + } + }; + return new ReportData() + { + ManagementData = new List() + { + new () + { + Name = "TestMgt", + ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange }, + ReportServices = new NetworkService[]{ TestService1, TestService2 }, + ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 }, + Devices = new DeviceReport[] + { + new () + { + Name = "TestDev", + Rules = new Rule[]{ RecertRule1, RecertRule2 } + } + } + } + } + }; + } + + private ReportData ConstructNatRuleReport() + { + NatRule = InitRule1(false); + NatRule.NatData = new NatData() + { + TranslatedSourceNegated = false, + TranslatedFroms = new NetworkLocation[] + { + new (TestUser2, TestIp1Changed) + }, + TranslatedDestinationNegated = true, + TranslatedTos = new NetworkLocation[] + { + new (new NetworkUser(), TestIp1Changed), + new (new NetworkUser(), TestIpNew) + }, + TranslatedServiceNegated = false, + TranslatedServices = new ServiceWrapper[] + { + new (){ Content = TestService1 }, + new (){ Content = TestService2 } + } + }; + return new ReportData() + { + ManagementData = new List() + { + new () + { + Name = "TestMgt", + ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange, TestIpNew, TestIp1Changed }, + ReportServices = new NetworkService[]{ TestService1, TestService2 }, + ReportUsers = new NetworkUser[]{ TestUser2 }, + Devices = new DeviceReport[] + { + new (){ Name = "TestDev", Rules = new Rule[]{ NatRule }} + } + } + } + }; + } + + private ReportData ConstructChangeReport(bool resolved) + { + Rule1 = InitRule1(resolved); + Rule1Changed = InitRule1(resolved); + Rule2 = InitRule2(resolved); + Rule2Changed = InitRule2(resolved); + if(resolved) + { + Rule1Changed.Froms[0].Object.ObjectGroupFlats[0].Object = TestIp1Changed; + Rule1Changed.Tos = new NetworkLocation[]{new (new NetworkUser(), new NetworkObject(){ObjectGroupFlats = new GroupFlat[] + { + new (){ Object = TestIpRange }, + new (){ Object = TestIpNew } + }})}; + } + else + { + Rule1Changed.Froms[0].Object = TestIp1Changed; + Rule1Changed.Tos = new NetworkLocation[] + { + new (new NetworkUser(), TestIpRange), + new (new NetworkUser(), TestIpNew) + }; + } + Rule1Changed.Uid = ""; + Rule1Changed.ServiceNegated = true; + Rule1Changed.Comment = "new comment"; + + Rule2Changed.DestinationNegated = false; + Rule2Changed.ServiceNegated = false; + Rule2Changed.Disabled = true; + + RuleChange ruleChange1 = new () + { + ChangeAction = 'I', + ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) }, + NewRule = Rule1 + }; + RuleChange ruleChange2 = new () + { + ChangeAction = 'C', + ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) }, + OldRule = Rule1, + NewRule = Rule1Changed + }; + RuleChange ruleChange3 = new () + { + ChangeAction = 'C', + ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) }, + OldRule = Rule2, + NewRule = Rule2Changed + }; + RuleChange ruleChange4 = new () + { + ChangeAction = 'D', + ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) }, + OldRule = Rule2 + }; + return new ReportData() + { + ManagementData = new List() + { + new () + { + Name = "TestMgt", + Devices = new DeviceReport[] + { + new () + { + Name = "TestDev", + RuleChanges = new RuleChange[]{ ruleChange1, ruleChange2, ruleChange3, ruleChange4 } + } + } + } + } + }; + } + + private static ReportData ConstructConnectionReport(bool resolved) + { + ModellingAppServer AppServer1 = new() {Id = 11, Number = 1, Name = "AppServer1", Ip = "1.0.0.0"}; + ModellingAppServer AppServer2 = new() {Id = 12, Number = 2, Name = "AppServer2", Ip = "2.0.0.0"}; + ModellingAppRole AppRole1 = new() { Id = 21, Number = 3, Name = "AppRole1", Comment = "CommAR1", AppServers = new() { new() { Content = AppServer1 } } }; + ModellingService Service1 = new() { Id = 31, Number = 1, Name = "Service1", Port = 1234, Protocol = new() { Name = "TCP" } }; + ModellingService Service2 = new() { Id = 32, Number = 2, Name = "Service2", Port = 2345, Protocol = new() { Name = "UDP" } }; + ModellingServiceGroup ServiceGroup1 = new() { Id = 41, Number = 3, Name = "ServiceGroup1", Comment = "CommSG1", Services = new(){ new() { Content = Service1 } } }; + ModellingConnection Conn1 = new() + { + Id = 101, Name = "Conn1", + SourceAppServers = new(){ new() { Content = AppServer1 } }, + DestinationAppRoles = new(){ new() { Content = AppRole1 } }, + Services = new(){ new() { Content = Service1 } }, + ServiceGroups = new(){ new() { Content = ServiceGroup1 } } + }; + ModellingConnection Inter2 = new() + { + Id = 102, Name = "Inter2", + DestinationAppServers = new(){ new() { Content = AppServer2 } }, + DestinationAppRoles = new(){ new() {} }, + Services = new(){ new() { Content = Service2 } }, + ServiceGroups = new(){ new() {} } + }; + ModellingConnection ComSvc3 = new() + { + Id = 103, Name = "ComSvc3", App = new(){ Name = "App1" }, + SourceAppServers = new(){ new() { Content = AppServer1 } }, + DestinationAppServers = new(){ new() { Content = AppServer2 } }, + Services = new(){ new() { Content = Service2 } }, + ServiceGroups = new(){ new() {} } + }; + + ReportData reportData = new () + { + OwnerData = new () + { + new () + { + Name = "TestOwner", + Connections = new(){ Conn1, Inter2, ComSvc3 }, + RegularConnections = new(){ Conn1 }, + Interfaces = new(){ Inter2 }, + CommonServices = new(){ ComSvc3 }, + } + }, + GlobalComSvc = new(){ ComSvc3 } + }; + reportData.OwnerData.First().PrepareObjectData(); + return reportData; + } + + private static string removeGenDate(string exportString, bool html = false, bool json = false) + { + string dateText = html ? "

    Generated on: " : "report generation date" + (json ? "\"" : "") + ": " + (json ? "\"" : ""); + int startGenTime = exportString.IndexOf(dateText); + if(startGenTime > 0) + { + return exportString.Remove(startGenTime + dateText.Length, 19); + } + return exportString; + } + + private static string removeLinebreaks(string exportString) + { + while(exportString.Contains("\n ")) + { + exportString = exportString.Replace("\n ","\n"); + } + while(exportString.Contains(" \n")) + { + exportString = exportString.Replace(" \n","\n"); + } + while(exportString.Contains(" \r")) + { + exportString = exportString.Replace(" \r","\r"); + } + exportString = exportString.Replace("\r",""); + return exportString.Replace("\n",""); + } + } +} diff --git a/roles/test/files/FWO.Test/FWO.Test.csproj b/roles/test/files/FWO.Test/FWO.Test.csproj index 71395c9c9..f4df8c8a6 100644 --- a/roles/test/files/FWO.Test/FWO.Test.csproj +++ b/roles/test/files/FWO.Test/FWO.Test.csproj @@ -1,26 +1,30 @@  - net6.0 + net8.0 false enable enable - - - - + + + + + + + + diff --git a/roles/test/files/FWO.Test/FakeLocalTimeZone.cs b/roles/test/files/FWO.Test/FakeLocalTimeZone.cs new file mode 100644 index 000000000..c461e71a4 --- /dev/null +++ b/roles/test/files/FWO.Test/FakeLocalTimeZone.cs @@ -0,0 +1,29 @@ +using System.Reflection; + +namespace FWO.Test +{ + public class FakeLocalTimeZone : IDisposable + { + private readonly TimeZoneInfo _actualLocalTimeZoneInfo; + + private static void SetLocalTimeZone(TimeZoneInfo timeZoneInfo) + { + var info = typeof(TimeZoneInfo).GetField("s_cachedData", BindingFlags.NonPublic | BindingFlags.Static); + object cachedData = info.GetValue(null); + + var field = cachedData.GetType().GetField("_localTimeZone", BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.Static | BindingFlags.Instance); + field.SetValue(cachedData, timeZoneInfo); + } + + public FakeLocalTimeZone(TimeZoneInfo timeZoneInfo) + { + _actualLocalTimeZoneInfo = TimeZoneInfo.Local; + SetLocalTimeZone(timeZoneInfo); + } + + public void Dispose() + { + SetLocalTimeZone(_actualLocalTimeZoneInfo); + } + } +} diff --git a/roles/test/files/FWO.Test/FilterTest.cs b/roles/test/files/FWO.Test/FilterTest.cs index f46bbdbf4..e7488e279 100644 --- a/roles/test/files/FWO.Test/FilterTest.cs +++ b/roles/test/files/FWO.Test/FilterTest.cs @@ -2,13 +2,16 @@ using FWO.Report.Filter.Ast; using FWO.Report.Filter.Exceptions; using NUnit.Framework; +using NUnit.Framework.Legacy; using System; using System.Collections.Generic; using System.Text; +using FWO.GlobalConstants; using FWO.Api.Data; namespace FWO.Test { [TestFixture] + [Parallelizable] public class FilterTest { [SetUp] @@ -18,6 +21,7 @@ public void Initialize() } [Test] + [Parallelizable] public void EmptySearch() { ReportTemplate t = new ReportTemplate(); @@ -27,6 +31,7 @@ public void EmptySearch() } [Test] + [Parallelizable] public void WhitespaceSearch() { ReportTemplate t = new ReportTemplate(); @@ -36,6 +41,7 @@ public void WhitespaceSearch() } [Test] + [Parallelizable] public void TextOnlySearch() { ReportTemplate t = new ReportTemplate(); @@ -46,6 +52,7 @@ public void TextOnlySearch() } [Test] + [Parallelizable] public void AndOr() { ReportTemplate t = new ReportTemplate(); @@ -55,6 +62,7 @@ public void AndOr() } [Test] + [Parallelizable] public void TripleOr() { ReportTemplate t = new ReportTemplate(); @@ -64,6 +72,7 @@ public void TripleOr() } [Test] + [Parallelizable] public void NotEquals() { ReportTemplate t = new ReportTemplate(); @@ -73,6 +82,7 @@ public void NotEquals() } [Test] + [Parallelizable] public void ExactEquals() { ReportTemplate t = new ReportTemplate(); @@ -82,6 +92,7 @@ public void ExactEquals() } [Test] + [Parallelizable] public void ExactEquals2() { ReportTemplate t = new ReportTemplate(); @@ -91,6 +102,7 @@ public void ExactEquals2() } [Test] + [Parallelizable] public void ExactEquals3() { try @@ -103,11 +115,12 @@ public void ExactEquals3() } catch (SyntaxException exception) { - Assert.AreEqual("No token but one was expected", exception.Message); + ClassicAssert.AreEqual("No token but one was expected", exception.Message); } } [Test] + [Parallelizable] public void Disabled() { ReportTemplate t = new ReportTemplate(); @@ -116,8 +129,8 @@ public void Disabled() var res = Compiler.Compile(t); } - [Test] + [Parallelizable] public void Brackets() { ReportTemplate t = new ReportTemplate(); @@ -125,5 +138,6 @@ public void Brackets() t.ReportParams.ReportType = (int) ReportType.Rules; var res = Compiler.Compile(t); } + } } diff --git a/roles/test/files/FWO.Test/HtmlToPdfTest.cs b/roles/test/files/FWO.Test/HtmlToPdfTest.cs index 6c793ab0b..0271485fe 100644 --- a/roles/test/files/FWO.Test/HtmlToPdfTest.cs +++ b/roles/test/files/FWO.Test/HtmlToPdfTest.cs @@ -1,4 +1,5 @@ using NUnit.Framework; +using NUnit.Framework.Legacy; using System; using System.Collections.Generic; using System.Linq; @@ -10,6 +11,7 @@ namespace FWO.Test { [TestFixture] + [Parallelizable] internal class HtmlToPdfTest { // Pdf converter @@ -21,6 +23,7 @@ public HtmlToPdfTest() } [Test] + [Parallelizable] public void GeneratePdf() { Log.WriteInfo("Test Log", "starting PDF generation"); @@ -56,7 +59,7 @@ public void GeneratePdf() bw.Write(pdf); } Assert.That(filePath, Does.Exist); - Assert.Greater(new System.IO.FileInfo(filePath).Length, 5000); + ClassicAssert.Greater(new System.IO.FileInfo(filePath).Length, 5000); } [OneTimeTearDown] diff --git a/roles/test/files/FWO.Test/LockTest.cs b/roles/test/files/FWO.Test/LockTest.cs new file mode 100644 index 000000000..55263f852 --- /dev/null +++ b/roles/test/files/FWO.Test/LockTest.cs @@ -0,0 +1,140 @@ +using FWO.Logging; +using NUnit.Framework; +using NUnit.Framework.Legacy; +using System; +using System.Reflection; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + public class LockTest + { + private string lockFilePath = $"/var/fworch/lock/{Assembly.GetEntryAssembly()?.GetName().Name}_log.lock"; + private static Random random = new Random(); + + [SetUp] + public async Task SetUp() + { + await ExecuteFileAction(() => + { + if (File.Exists(lockFilePath)) + { + File.Delete(lockFilePath); + } + return Task.CompletedTask; + }); + + // Implicitly call static constructor so backround lock process is started + Log.WriteInfo("Startup", "Starting Lock Tests..."); + } + + [TearDown] + public async Task TearDown() + { + await ExecuteFileAction(() => + { + if (File.Exists(lockFilePath)) + { + File.Delete(lockFilePath); + } + return Task.CompletedTask; + }); + } + + [Test] + public async Task LogLock() + { + // Request lock + await ExecuteFileAction(async () => + { + using (var writer = new StreamWriter(lockFilePath)) + { + await writer.WriteLineAsync("REQUESTED"); + } + }); + + await Task.Delay(2000); + + // Assure lock is granted after request + await ExecuteFileAction(async () => + { + using (var reader = new StreamReader(lockFilePath)) + { + Assert.That((await reader.ReadToEndAsync()).Trim().EndsWith("GRANTED")); + } + }); + + // Assure write is NOT possible after lock was granted + Task logWriter = Task.Run(() => + { + Log.WriteDebug("TEST_TITLE", "TEST_TEXT"); + }); + + await Task.Delay(500); + + Assert.That(logWriter.IsCompleted, Is.False); + + // Release lock + await ExecuteFileAction(async () => + { + using (var writer = new StreamWriter(lockFilePath)) + { + await writer.WriteLineAsync("RELEASED"); + } + }); + + await Task.Delay(2000); + + // Assure write IS possible after lock was released + Assert.That(logWriter.IsCompletedSuccessfully, Is.True); + + // Request lock + await ExecuteFileAction(async () => + { + using (var writer = new StreamWriter(lockFilePath)) + { + await writer.WriteLineAsync("REQUESTED"); + } + }); + + await Task.Delay(12_000); + + // If not release in time make sure that the lock will be forcefully released + await ExecuteFileAction(async () => + { + using (var reader = new StreamReader(lockFilePath)) + { + Assert.That((await reader.ReadToEndAsync()).Trim().EndsWith("FORCEFULLY RELEASED")); + } + }); + } + + private static async Task ExecuteFileAction(Func action) + { + bool success = false; + int maxRetryAttempts = 50; + int retryCount = 0; + + // Handle IO Exception like file blocking from another process by retrying with a random delay + while (!success && retryCount < maxRetryAttempts) + { + try + { + await action(); + success = true; + } + catch (IOException) + { + retryCount++; + } + await Task.Delay(random.Next(50, 100)); + } + + if (!success) + { + Assert.Fail($"Lock file access failed after {maxRetryAttempts} retries."); + } + } + } +} diff --git a/roles/test/files/FWO.Test/ManagedIdStringTest.cs b/roles/test/files/FWO.Test/ManagedIdStringTest.cs new file mode 100644 index 000000000..2159393e9 --- /dev/null +++ b/roles/test/files/FWO.Test/ManagedIdStringTest.cs @@ -0,0 +1,129 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class ManagedIdStringTest + { + ModellingManagedIdString IdString1 = new(); + ModellingManagedIdString IdString2 = new("AR5001234-123"); + + static readonly ModellingNamingConvention NamingConvention1 = new() + { + NetworkAreaRequired = true, UseAppPart = false, FixedPartLength = 2, FreePartLength = 5, NetworkAreaPattern = "NA", AppRolePattern = "AR" + }; + static readonly ModellingNamingConvention NamingConvention2 = new() + { + NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "NA", AppRolePattern = "AR" + }; + ModellingNamingConvention NamingConvention3 = new() + { + NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "", AppRolePattern = "A" + }; + + + [Test] + public void TestManagedIdStringStartEmpty() + { + ClassicAssert.AreEqual("", IdString1.Whole); + ClassicAssert.AreEqual("", IdString1.FixedPart); + ClassicAssert.AreEqual("", IdString1.AppPart); + ClassicAssert.AreEqual("", IdString1.FreePart); + ClassicAssert.AreEqual("", IdString1.CombinedFixPart); + + IdString1.SetAppPartFromExtId("APP-0001"); + ClassicAssert.AreEqual("", IdString1.Whole); + ClassicAssert.AreEqual("", IdString1.FixedPart); + ClassicAssert.AreEqual("", IdString1.AppPart); + ClassicAssert.AreEqual("", IdString1.Separator); + ClassicAssert.AreEqual("", IdString1.FreePart); + ClassicAssert.AreEqual("", IdString1.CombinedFixPart); + + IdString1.NamingConvention = NamingConvention2; + IdString1.SetAppPartFromExtId("APP-0001"); + ClassicAssert.AreEqual(" 00001-", IdString1.Whole); + ClassicAssert.AreEqual(" ", IdString1.FixedPart); + ClassicAssert.AreEqual("00001-", IdString1.AppPart); + ClassicAssert.AreEqual("-", IdString1.Separator); + ClassicAssert.AreEqual("", IdString1.FreePart); + ClassicAssert.AreEqual(" 00001", IdString1.CombinedFixPart); + + IdString1.FixedPart = "x"; + ClassicAssert.AreEqual("x???00001-", IdString1.Whole); + ClassicAssert.AreEqual("x???", IdString1.FixedPart); + ClassicAssert.AreEqual("00001-", IdString1.AppPart); + ClassicAssert.AreEqual("-", IdString1.Separator); + ClassicAssert.AreEqual("", IdString1.FreePart); + ClassicAssert.AreEqual("x???00001", IdString1.CombinedFixPart); + + IdString1.FixedPart = "muchlonger"; + ClassicAssert.AreEqual("much00001-", IdString1.Whole); + ClassicAssert.AreEqual("much", IdString1.FixedPart); + ClassicAssert.AreEqual("00001-", IdString1.AppPart); + ClassicAssert.AreEqual("-", IdString1.Separator); + ClassicAssert.AreEqual("", IdString1.FreePart); + ClassicAssert.AreEqual("much00001", IdString1.CombinedFixPart); + } + + [Test] + public void TestManagedIdStringPrefilled() + { + ClassicAssert.AreEqual("AR5001234-123", IdString2.Whole); + ClassicAssert.AreEqual("", IdString2.FixedPart); + ClassicAssert.AreEqual("", IdString2.AppPart); + ClassicAssert.AreEqual("", IdString2.Separator); + ClassicAssert.AreEqual("AR5001234-123", IdString2.FreePart); + ClassicAssert.AreEqual("", IdString2.CombinedFixPart); + + IdString2.NamingConvention = NamingConvention1; + ClassicAssert.AreEqual("AR5001234-123", IdString2.Whole); + ClassicAssert.AreEqual("AR", IdString2.FixedPart); + ClassicAssert.AreEqual("", IdString2.AppPart); + ClassicAssert.AreEqual("", IdString2.Separator); + ClassicAssert.AreEqual("5001234-123", IdString2.FreePart); + ClassicAssert.AreEqual("AR", IdString2.CombinedFixPart); + + IdString2.NamingConvention = NamingConvention2; + ClassicAssert.AreEqual("AR5001234-123", IdString2.Whole); + ClassicAssert.AreEqual("AR50", IdString2.FixedPart); + ClassicAssert.AreEqual("01234-", IdString2.AppPart); + ClassicAssert.AreEqual("-", IdString2.Separator); + ClassicAssert.AreEqual("123", IdString2.FreePart); + ClassicAssert.AreEqual("AR5001234", IdString2.CombinedFixPart); + + IdString2.SetAppPartFromExtId("COM-99999"); + ClassicAssert.AreEqual("AR50199999-123", IdString2.Whole); + ClassicAssert.AreEqual("AR50", IdString2.FixedPart); + ClassicAssert.AreEqual("199999-", IdString2.AppPart); + ClassicAssert.AreEqual("-", IdString2.Separator); + ClassicAssert.AreEqual("123", IdString2.FreePart); + ClassicAssert.AreEqual("AR50199999", IdString2.CombinedFixPart); + + IdString2.NamingConvention = new(); + ClassicAssert.AreEqual("AR50199999-123", IdString2.Whole); + ClassicAssert.AreEqual("", IdString2.FixedPart); + ClassicAssert.AreEqual("", IdString2.AppPart); + ClassicAssert.AreEqual("", IdString2.Separator); + ClassicAssert.AreEqual("AR50199999-123", IdString2.FreePart); + ClassicAssert.AreEqual("", IdString2.CombinedFixPart); + } + + [Test] + public void TestReconstructAreaIdString() + { + ClassicAssert.AreEqual("NA", ModellingManagedIdString.ConvertAppRoleToArea("AR5000001", NamingConvention1)); + ClassicAssert.AreEqual("NA91", ModellingManagedIdString.ConvertAppRoleToArea("AR9104106-001", NamingConvention2)); + ClassicAssert.AreEqual("R91", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3)); + NamingConvention3.NetworkAreaPattern = "XYZ"; + ClassicAssert.AreEqual("XYZR91", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3)); + NamingConvention3.AppRolePattern = "AR91"; + ClassicAssert.AreEqual("XYZ", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3)); + NamingConvention3.AppRolePattern = "AR91123"; + ClassicAssert.AreEqual("XYZ", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3)); + } + } +} diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs new file mode 100644 index 000000000..c15bd51e8 --- /dev/null +++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs @@ -0,0 +1,167 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; +using FWO.Api.Data; +using FWO.Ui.Services; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class ModellingHandlerTest + { + static readonly SimulatedUserConfig userConfig = new() + { + ModNamingConvention = "{\"networkAreaRequired\":true,\"fixedPartLength\":4,\"freePartLength\":5,\"networkAreaPattern\":\"NA\",\"appRolePattern\":\"AR\"}" + }; + static readonly ModellingHandlerTestApiConn apiConnection = new(); + static readonly Action DisplayMessageInUi = DefaultInit.DoNothing; + static readonly FwoOwner Application = new(); + static readonly List> AvailableNwElems = new(); + static readonly List AvailableAppRoles = new(); + static readonly ModellingAppRole AppRole = new(); + static readonly bool AddAppRoleMode = false; + static readonly bool IsOwner = true; + + static readonly ModellingAppServer AppServerInside1 = new(){ Name = "AppServerInside1", Ip = "10.0.0.0" }; + static readonly ModellingAppServer AppServerInside2 = new(){ Name = "AppServerInside2", Ip = "10.0.0.5" }; + static readonly ModellingAppServer AppServerInside3 = new(){ Name = "AppServerInside3", Ip = "11.0.0.1" }; + static readonly List AvailableAppServers = new() + { + AppServerInside1, + AppServerInside2, + AppServerInside3, + new(){ Ip = "1.0.0.0" }, + new(){ Ip = "10.1.0.0" }, + new(){ Ip = "11.0.0.4" }, + new(){ Ip = "12.0.0.0" }, + new(){ Ip = "255.255.255.255" } + }; + + static readonly ModellingNetworkArea TestArea = new(){ Name = "Area1", IdString = "NA50", Subnets = new() + { + new(){ Content = new(){ Name = "Testsubnet1", Ip = "10.0.0.0/24", IpEnd = "10.0.0.0/24" }}, + new(){ Content = new(){ Name = "Testsubnet2", Ip = "11.0.0.0/30", IpEnd = "11.0.0.0/30" }} + }}; + + static readonly ModellingNamingConvention NamingConvention1 = new() + { + NetworkAreaRequired = true, UseAppPart = false, FixedPartLength = 4, FreePartLength = 5, NetworkAreaPattern = "NA", AppRolePattern = "AR" + }; + static readonly ModellingNamingConvention NamingConvention2 = new() + { + NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "NA", AppRolePattern = "AR" + }; + + ModellingAppRoleHandler? AppRoleHandler; + ModellingAppHandler? AppHandler; + + + [SetUp] + public void Initialize() + { + AppHandler = new (apiConnection, userConfig, Application, DisplayMessageInUi, IsOwner); + AppRoleHandler = new (apiConnection, userConfig, Application, AvailableAppRoles, AppRole, + AvailableAppServers, AvailableNwElems, AddAppRoleMode, DisplayMessageInUi, IsOwner); + } + + + // HandlerBase + [Test] + public async Task TestExtractUsedSrcInterface() + { + ModellingConnection conn = new(){ Id = 3, UsedInterfaceId = 1 }; + ClassicAssert.AreEqual("Interf1", await AppHandler.ExtractUsedInterface(conn)); + ClassicAssert.AreEqual(true, conn.SrcFromInterface); + ClassicAssert.AreEqual(false, conn.DstFromInterface); + ClassicAssert.AreEqual(0, conn.SourceAppServers.Count); + ClassicAssert.AreEqual("AppRole1", conn.SourceAppRoles[0].Content.Name); + ClassicAssert.AreEqual("NwGroup1", conn.SourceNwGroups[0].Content.Name); + ClassicAssert.AreEqual(0, conn.DestinationAppServers.Count); + ClassicAssert.AreEqual(0, conn.DestinationAppRoles.Count); + ClassicAssert.AreEqual(0, conn.DestinationNwGroups.Count); + ClassicAssert.AreEqual("ServiceGrp1", conn.ServiceGroups[0].Content.Name); + ClassicAssert.AreEqual(0, conn.Services.Count); + } + + [Test] + public async Task TestExtractUsedDstInterface() + { + ModellingConnection conn = new(){ Id = 4, UsedInterfaceId = 2 }; + ClassicAssert.AreEqual("Interf2", await AppHandler.ExtractUsedInterface(conn)); + ClassicAssert.AreEqual(false, conn.SrcFromInterface); + ClassicAssert.AreEqual(true, conn.DstFromInterface); + ClassicAssert.AreEqual(0, conn.SourceAppServers.Count); + ClassicAssert.AreEqual(0, conn.SourceAppRoles.Count); + ClassicAssert.AreEqual(0, conn.SourceNwGroups.Count); + ClassicAssert.AreEqual("AppServer2", conn.DestinationAppServers[0].Content.Name); + ClassicAssert.AreEqual("AppRole2", conn.DestinationAppRoles[0].Content.Name); + ClassicAssert.AreEqual(0, conn.DestinationNwGroups.Count); + ClassicAssert.AreEqual(0, conn.ServiceGroups.Count); + ClassicAssert.AreEqual("Service2", conn.Services[0].Content.Name); + } + + // AppHandler + [Test] + public void TestGetSrcDstSvcNames() + { + ModellingConnection conn = new() + { + UsedInterfaceId = 1, + SrcFromInterface = false, + SourceAppServers = new(){ new(){ Content = AppServerInside1 }, new(){ Content = AppServerInside2 }}, + SourceAppRoles = new(){ new(){ Content = new(){ Name = "AppRole1", IdString = "AR5000001", IsDeleted = true }}}, + SourceNwGroups = new(){ new(){ Content = TestArea }}, + DstFromInterface = true, + DestinationAppServers = new(){ new(){ Content = AppServerInside3 }}, + DestinationAppRoles = new(){}, + DestinationNwGroups = new(){}, + ServiceGroups = new(){ new(){ Content = new(){ Name = "SvcGroup1", IsGlobal = true}}}, + Services = new(){ new(){ Content = new(){ Name = "Svc1", Port = 1111, Protocol = new(){ Name = "UDP"}} }} + }; + List expectedSrc = new(){$" Area1 (NA50)", + $" !AppRole1 (AR5000001)", + $" AppServerInside1 (10.0.0.0)", + $" AppServerInside2 (10.0.0.5)"}; + List expectedDst = new(){$" AppServerInside3 (11.0.0.1)"}; + List expectedSvc = new(){$" SvcGroup1", + $" Svc1 (1111/UDP)"}; + ClassicAssert.AreEqual(expectedSrc, AppHandler.GetSrcNames(conn)); + ClassicAssert.AreEqual(expectedDst, AppHandler.GetDstNames(conn)); + ClassicAssert.AreEqual(expectedSvc, AppHandler.GetSvcNames(conn)); + } + + + // AppRoleHandler + [Test] + public async Task TestSelectAppServersFromArea() + { + List expectedResult = new() + { + new(AppServerInside1) { TooltipText = userConfig.GetText("C9002") }, + new(AppServerInside2) { TooltipText = userConfig.GetText("C9002") }, + new(AppServerInside3) { TooltipText = userConfig.GetText("C9002") } + }; + await AppRoleHandler.SelectAppServersFromArea(TestArea); + ClassicAssert.AreEqual(expectedResult, AppRoleHandler.AppServersInArea); + } + + [Test] + public async Task TestProposeFreeAppRoleNumber() + { + ModellingManagedIdString idFixString = new() { NamingConvention = NamingConvention1 }; + idFixString.ConvertAreaToAppRoleFixedPart(TestArea.IdString); + idFixString.SetAppPartFromExtId("APP-1234"); + ClassicAssert.AreEqual("00002", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString)); + + idFixString.NamingConvention = NamingConvention2; + idFixString.ConvertAreaToAppRoleFixedPart("NA91"); + idFixString.SetAppPartFromExtId("APP-1234"); + AppRoleHandler.NamingConvention = NamingConvention2; + ClassicAssert.AreEqual("003", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString)); + + idFixString.ConvertAreaToAppRoleFixedPart("NA99"); + ClassicAssert.AreEqual("001", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString)); + } + } +} diff --git a/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs new file mode 100644 index 000000000..5a3aa189b --- /dev/null +++ b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs @@ -0,0 +1,82 @@ +using FWO.Api.Client.Queries; +using GraphQL; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Test +{ +internal class ModellingHandlerTestApiConn : SimulatedApiConnection + { + const string AppRoleId1 = "AR5000001"; + const string AppRoleId2 = "AR9101234-002"; + const string AppRoleId3 = "AR9901234-999"; + ModellingAppRole AppRole1 = new(){ Id = 1, IdString = AppRoleId1 }; + ModellingAppRole AppRole2 = new(){ Id = 2, IdString = AppRoleId2 }; + ModellingAppRole AppRole3 = new(){ Id = 3, IdString = AppRoleId3 }; + + + public override async Task SendQueryAsync(string query, object? variables = null, string? operationName = null) + { + Type responseType = typeof(QueryResponseType); + if(responseType == typeof(List)) + { + List? appRoles = new(); + if(query == ModellingQueries.getNewestAppRoles) + { + if(variables != null) + { + string pattern = variables.GetType().GetProperties().First(o => o.Name == "pattern").GetValue(variables, null)?.ToString(); + if(pattern == AppRoleId1 || pattern == "AR50%") + { + appRoles = new(){ AppRole1 }; + } + else if(pattern == AppRoleId2 || pattern == "AR9101234%") + { + appRoles = new(){ AppRole2 }; + } + else if(pattern == AppRoleId3 || pattern == "AR9901234%") + { + appRoles = new(){ AppRole3 }; + } + } + } + else + { + appRoles = new(){ AppRole1 }; + } + + GraphQLResponse response = new(){ Data = appRoles }; + return response.Data; + } + else if(responseType == typeof(List)) + { + List? interfaces = new(); + string intId = variables.GetType().GetProperties().First(o => o.Name == "intId").GetValue(variables, null).ToString(); + if(intId == "1") + { + interfaces = new(){ new() + { + Name = "Interf1", + SourceAppRoles = new(){ new(){ Content = new(){ Name = "AppRole1" } } }, + SourceNwGroups = new(){ new(){ Content = new(){ Name = "NwGroup1" } } }, + ServiceGroups = new() { new(){ Content = new(){ Name = "ServiceGrp1" } } } + }}; + } + else if(intId == "2") + { + interfaces = new(){ new() + { + Name = "Interf2", + DestinationAppServers = new(){ new(){ Content = new(){ Name = "AppServer2" } } }, + DestinationAppRoles = new(){ new(){ Content = new(){ Name = "AppRole2" } } }, + Services = new() { new(){ Content = new(){ Name = "Service2" } } } + }}; + } + + GraphQLResponse response = new(){ Data = interfaces }; + return response.Data; + } + throw new NotImplementedException(); + } + } +} diff --git a/roles/test/files/FWO.Test/SanitizerTest.cs b/roles/test/files/FWO.Test/SanitizerTest.cs new file mode 100644 index 000000000..be5a28066 --- /dev/null +++ b/roles/test/files/FWO.Test/SanitizerTest.cs @@ -0,0 +1,86 @@ +using NUnit.Framework; +using NUnit.Framework.Legacy; +using FWO.GlobalConstants; +using FWO.Api.Data; + +namespace FWO.Test +{ + [TestFixture] + [Parallelizable] + internal class SanitizerTest + { + static readonly string OkText = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()[]{}$+<>#_"; + static readonly string TextToShorten = " A\"\\'!,; "; + static readonly string ShortenedText = "A"; + static readonly string OkLdapName = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()_"; + static readonly string LdapNameToShorten = " A+;,\"<>#= B "; + static readonly string ShortenedLdapName = "A B"; + static readonly string OkLdapPath = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()_,="; + static readonly string LdapPathToShorten = " A+;,\"<>#= B "; + static readonly string ShortenedLdapPath = "A,= B"; + static readonly string OkPassw = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()[]{}$+<>#"; + static readonly string PasswToShorten = " a \n\rb "; + static readonly string ShortenedPassw = "a b"; + static readonly string OkKey = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()[]{}$+<>#_\"\\'!,;"; + static readonly string KeyToShorten = " anykey "; + static readonly string ShortenedKey = "anykey"; + static readonly string OkComment = "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890.*-:?@/()[]{}$+<>#_\\!,;"; + static readonly string CommentToShorten = "\"anytext'"; + static readonly string ShortenedComment = "anytext"; + static readonly string OkCidr = "1234567890ABCDEFabcdef:./"; + static readonly string CidrToShorten = " FGHIJKLMNOPQRSTUVWXYZ fghijklmnopqrstuvwxyz?@()[]{}$+<>#_\\!,; "; + static readonly string ShortenedCidr = "Ff"; + + [SetUp] + public void Initialize() + {} + + [Test] + public void TestSanitizer() + { + bool shortened = false; + ClassicAssert.AreEqual(null, Sanitizer.SanitizeOpt(null, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(OkText, Sanitizer.SanitizeMand(OkText, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedText, Sanitizer.SanitizeMand(TextToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkLdapName, Sanitizer.SanitizeLdapNameMand(OkLdapName, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedLdapName, Sanitizer.SanitizeLdapNameMand(LdapNameToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkLdapPath, Sanitizer.SanitizeLdapPathMand(OkLdapPath, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedLdapPath, Sanitizer.SanitizeLdapPathMand(LdapPathToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkPassw, Sanitizer.SanitizePasswMand(OkPassw, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedPassw, Sanitizer.SanitizePasswMand(PasswToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkKey, Sanitizer.SanitizeKeyMand(OkKey, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedKey, Sanitizer.SanitizeKeyMand(KeyToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkComment, Sanitizer.SanitizeCommentMand(OkComment, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedComment, Sanitizer.SanitizeCommentMand(CommentToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + + shortened = false; + ClassicAssert.AreEqual(OkCidr, Sanitizer.SanitizeCidrMand(OkCidr, ref shortened)); + ClassicAssert.AreEqual(false, shortened); + ClassicAssert.AreEqual(ShortenedCidr, Sanitizer.SanitizeCidrMand(CidrToShorten, ref shortened)); + ClassicAssert.AreEqual(true, shortened); + } + } +} diff --git a/roles/test/files/FWO.Test/SimulatedApiConnection.cs b/roles/test/files/FWO.Test/SimulatedApiConnection.cs index 502be00fa..3f5facd35 100644 --- a/roles/test/files/FWO.Test/SimulatedApiConnection.cs +++ b/roles/test/files/FWO.Test/SimulatedApiConnection.cs @@ -1,15 +1,10 @@ using FWO.Api.Client; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; namespace FWO.Test { internal class SimulatedApiConnection : ApiConnection { - public override ApiSubscription GetSubscription(Action exceptionHandler, ApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null) + public override GraphQlApiSubscription GetSubscription(Action exceptionHandler, GraphQlApiSubscription.SubscriptionUpdate subscriptionUpdateHandler, string subscription, object? variables = null, string? operationName = null) { throw new NotImplementedException(); } @@ -28,5 +23,20 @@ public override void SetRole(string role) { throw new NotImplementedException(); } + + public override void SetProperRole(System.Security.Claims.ClaimsPrincipal user, List targetRoleList) + { + throw new NotImplementedException(); + } + + public override void SwitchBack() + { + throw new NotImplementedException(); + } + + protected override void Dispose(bool disposing) + { + throw new NotImplementedException(); + } } } diff --git a/roles/test/files/FWO.Test/SimulatedUserConfig.cs b/roles/test/files/FWO.Test/SimulatedUserConfig.cs new file mode 100644 index 000000000..f1d7fe483 --- /dev/null +++ b/roles/test/files/FWO.Test/SimulatedUserConfig.cs @@ -0,0 +1,84 @@ +using FWO.Config.Api; + +namespace FWO.Test +{ + internal class SimulatedUserConfig : UserConfig + { + public Dictionary DummyTranslate = new Dictionary() + { + {"Rules","Rules Report"}, + {"ResolvedRules","Rules Report (resolved)"}, + {"ResolvedRulesTech","Rules Report (technical)"}, + {"UnusedRules","Unused Rules Report"}, + {"Recertification","Recertification Report"}, + {"NatRules","NAT Rules Report"}, + {"Changes","Changes Report"}, + {"ResolvedChanges","Changes Report (resolved)"}, + {"ResolvedChangesTech","Changes Report (technical)"}, + {"Connections","Connections Report"}, + {"date_of_config","Time of configuration"}, + {"generated_on","Generated on"}, + {"negated","not"}, + {"users","Users"}, + {"rule_added","Rule added"}, + {"rule_deleted","Rule deleted"}, + {"rule_modified","Rule modified"}, + {"deleted","deleted"}, + {"added","added"}, + {"change_time","Change Time"}, + {"change_type","Change Type"}, + {"number","No."}, + {"name","Name"}, + {"source_zone","Source Zone"}, + {"source","Source"}, + {"destination_zone","Destination Zone"}, + {"destination","Destination"}, + {"services","Services"}, + {"action","Action"}, + {"track","Track"}, + {"enabled","Enabled"}, + {"uid","Uid"}, + {"comment","Comment"}, + {"type","Type"}, + {"ip_address","IP Address"}, + {"members","Members"}, + {"network_objects","Network Objects"}, + {"network_services","Network Services"}, + {"protocol","Protocol"}, + {"port","Port"}, + {"next_recert","Next Recertification Date"}, + {"owner","Owner"}, + {"ip_matches","IP address match"}, + {"last_hit","Last Hit"}, + {"trans_source","Translated Source"}, + {"trans_destination","Translated Destination"}, + {"trans_services","Translated Services"}, + {"from","from"}, + {"until","until"}, + {"C9001","This object was..."}, + {"C9002","This App Server was..."}, + {"is_in_use","Is in use"}, + {"devices","Devices"}, + {"owners","Owners"}, + {"filter","Filter"}, + {"id","Id"}, + {"ip","Ip"}, + {"group","Group"}, + {"host","Host"}, + {"network","Network"}, + {"ip_range","IP Range"}, + {"connections","Connections"}, + {"interfaces","Interfaces"}, + {"own_common_services","Own Common Services"}, + {"global_common_services","Global Common Services"}, + {"func_reason","Functional Reason"}, + {"interface_description","Interface Description"}, + {"published","Published"} + }; + + public override string GetText(string key) + { + return DummyTranslate[key]; + } + } +} diff --git a/roles/test/files/FWO.Test/TestInitializer.cs b/roles/test/files/FWO.Test/TestInitializer.cs index 410749f6d..981c5e241 100644 --- a/roles/test/files/FWO.Test/TestInitializer.cs +++ b/roles/test/files/FWO.Test/TestInitializer.cs @@ -1,25 +1,38 @@ using NUnit.Framework; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; +using NUnit.Framework.Legacy; +using System.Globalization; + namespace FWO.Test { [SetUpFixture] class TestInitializer { + private FakeLocalTimeZone? fakeLocalTimeZone; + [OneTimeSetUp] public void OnStart() { - + SetGermanCultureOnAllUnitTest(); + SetGermanTimeZoneOnAllUnitTest(); } [OneTimeTearDown] public void OnFinish() { + fakeLocalTimeZone?.Dispose(); + } + + public static void SetGermanCultureOnAllUnitTest() + { + Thread.CurrentThread.CurrentCulture = new CultureInfo("de-DE"); + Thread.CurrentThread.CurrentUICulture = new CultureInfo("de-DE"); + } + + public void SetGermanTimeZoneOnAllUnitTest() + { + fakeLocalTimeZone = new FakeLocalTimeZone(TimeZoneInfo.FindSystemTimeZoneById("Europe/Berlin")){}; } } } diff --git a/roles/test/files/auth/roles.ldif b/roles/test/files/auth/roles.ldif index 6c3e36073..7077311cd 100644 --- a/roles/test/files/auth/roles.ldif +++ b/roles/test/files/auth/roles.ldif @@ -88,3 +88,9 @@ objectClass: top objectClass: groupofuniquenames cn: reviewer description: T0017 + +dn: cn=modeller,ou=role,dc=fworch,dc=internal +objectClass: top +objectClass: groupofuniquenames +cn: modeller +description: T0018 diff --git a/roles/test/handlers/main.yml b/roles/test/handlers/main.yml index 1e5f77ced..257308696 100644 --- a/roles/test/handlers/main.yml +++ b/roles/test/handlers/main.yml @@ -3,36 +3,18 @@ user: name: test state: absent - remove: yes - become: yes + remove: true + become: true listen: "test importer handler" - name: delete test user cred config file file: path: "{{ fworch_secrets_dir }}/TestUserCreds.json" state: absent - become: yes + become: true listen: "test importer handler" - block: - - name: delete test fortinet gateway - postgresql_query: - db: "{{ fworch_db_name }}" - query: > - DO $do$ BEGIN - DELETE FROM device WHERE dev_name='{{ test_fortigate_name }}'; - END $do$ - listen: "test importer handler" - - - name: delete test fortinet management - postgresql_query: - db: "{{ fworch_db_name }}" - query: > - DO $do$ BEGIN - DELETE FROM management WHERE mgm_name='{{ test_fortigate_name }}'; - END $do$ - listen: "test importer handler" - - name: delete test checkpoint R8x credentials cascading to deletion of mgmt and gw postgresql_query: db: "{{ fworch_db_name }}" @@ -42,41 +24,23 @@ END $do$ listen: "test importer handler" - - name: delete tenant tenant1 - postgresql_query: - db: "{{ fworch_db_name }}" - query: > - DO $do$ BEGIN - DELETE FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}'; - END $do$ - listen: "test importer handler" - - # - name: delete devices for tenant tenant1 - # postgresql_query: - # db: "{{ fworch_db_name }}" - # query: > - # DO $do$ BEGIN - # DELETE FROM tenant_to_device WHERE tenant_id=(SELECT tenant_id FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}'); - # END $do$ - # listen: "test importer handler" - - - name: delete tenant tenant2 + - name: delete tenants tenant1_test and tenant2_test postgresql_query: db: "{{ fworch_db_name }}" query: > DO $do$ BEGIN - DELETE FROM tenant WHERE tenant_name='tenant2{{ sample_postfix }}'; + DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }}' OR tenant_name='tenant2{{ test_postfix }}'; END $do$ listen: "test importer handler" - become: yes + become: true become_user: postgres - name: find ldap entries with test_postfix command: "ldapsearch -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -y {{ ldap_manager_pwd_file }} -b {{ openldap_path }} -x '(|(cn=*{{ sample_postfix }}*)(ou=*{{ sample_postfix }}*)(uid=*{{ sample_postfix }}*))'" register: ldap_entries_to_delete listen: "test importer handler" - become: yes + become: true - set_fact: delete_list: "{{ ldap_entries_to_delete.stdout | replace('\n', '') }}" @@ -90,4 +54,4 @@ command: "ldapdelete -H {{ openldap_url }} -D {{ openldap_superuser_dn }} -y {{ ldap_manager_pwd_file }} -x {{ item | regex_replace('\\s', '') | regex_replace('dc=internal.*', 'dc=internal') }}" listen: "test importer handler" loop: "{{ delete_list2 }}" - become: yes + become: true diff --git a/roles/test/tasks/b64pad.yml b/roles/test/tasks/b64pad.yml index 6337fd29e..e7ffbf7a1 100644 --- a/roles/test/tasks/b64pad.yml +++ b/roles/test/tasks/b64pad.yml @@ -1,5 +1,5 @@ ## adding potentially missing base64 = padding to base64encoded string: -- set_fact: item="{{ item }}=" cacheable=yes +- set_fact: item="{{ item }}=" cacheable=true when: "item|length % 4 > 0" loop: - 1 diff --git a/roles/test/tasks/main.yml b/roles/test/tasks/main.yml index 472008928..526b04450 100644 --- a/roles/test/tasks/main.yml +++ b/roles/test/tasks/main.yml @@ -6,7 +6,7 @@ name: "{{ item }}" state: present loop: "{{ test_packages }}" - become: yes + become: true environment: "{{ proxy_env }}" - name: randomize test names to avoid interference with production data @@ -41,7 +41,7 @@ sample_fortigate_name: "{{ test_fortigate_name }}" sample_checkpoint_name: "{{ test_checkpoint_name }}" sample_config_user: fworchtest - sample_config_user_home: "/home/{{ sample_config_user }}" + # sample_config_user_home: "/home/{{ sample_config_user }}" when: "'sampleserver' in group_names" - name: include test auth data @@ -62,6 +62,7 @@ - name: auth testing import_tasks: test-auth.yml + when: "not run_on_github|bool" - name: api testing import_tasks: test-api.yml @@ -81,3 +82,11 @@ test_importer_handler_guard: stop changed_when: true notify: "test importer handler" + +- name: delete ldif files + file: + path: "{{ middleware_ldif_dir }}" + state: absent + become: true + when: "'middlewareserver' in group_names" + diff --git a/roles/test/tasks/test-api.yml b/roles/test/tasks/test-api.yml index 98907f970..d1c25fd48 100644 --- a/roles/test/tasks/test-api.yml +++ b/roles/test/tasks/test-api.yml @@ -10,7 +10,7 @@ query: "" body_format: json validate_certs: false - return_content: yes + return_content: true register: api_version changed_when: false failed_when: false @@ -31,7 +31,7 @@ query: "query { object(limit:3) {obj_name} }" body_format: json validate_certs: false - return_content: yes + return_content: true register: api_query_anonymous changed_when: false environment: "{{ proxy_env }}" @@ -39,7 +39,13 @@ - name: anonymous api access output debug: msg: "ERROR unexpected version test result (does not contain 'Missing Authorization header'): {{ api_query_anonymous.content }}" - when: api_query_anonymous.content is not search('Missing\sAuthorization\sheader') + when: > + not + ( + api_query_anonymous.content is search('Missing\sAuthorization\sheader') + or + api_query_anonymous.content is search('Missing ''Authorization'' or ''Cookie'' header') + ) - name: get sample jwt uri: @@ -52,7 +58,7 @@ Password: "{{ test_user1_pw }}" body_format: json validate_certs: false - return_content: yes + return_content: true register: sample_JWT changed_when: false environment: "{{ proxy_env }}" @@ -69,7 +75,7 @@ query: "query text { txt(limit:3) { id } }" body_format: json validate_certs: false - return_content: yes + return_content: true register: api_query_anonymous_with_JWT changed_when: false environment: "{{ proxy_env }}" @@ -84,7 +90,7 @@ slurp: src: "{{ fworch_secrets_dir }}/hasura_admin_pwd" register: api_hasura_admin_secret - become: yes + become: true - name: decode hasura admin secret set_fact: @@ -102,7 +108,7 @@ query: "query { object (limit: 1) {obj_name} }" body_format: json validate_certs: false - return_content: yes + return_content: true register: api_query_admin changed_when: false environment: "{{ proxy_env }}" diff --git a/roles/test/tasks/test-auth.yml b/roles/test/tasks/test-auth.yml index 0f431180e..dd400917c 100644 --- a/roles/test/tasks/test-auth.yml +++ b/roles/test/tasks/test-auth.yml @@ -20,10 +20,10 @@ Password: "{{ test_user1_pw }}" body_format: json validate_certs: false - return_content: yes + return_content: true register: sample_jwt changed_when: false - environment: "{{ proxy_env }}" +# environment: "{{ proxy_env }}" - debug: var=sample_jwt @@ -32,7 +32,7 @@ - debug: var=jwt_header ## adding potentially missing base64 "=" padding to header: -- set_fact: jwt_header="{{ jwt_header }}=" cacheable=yes +- set_fact: jwt_header="{{ jwt_header }}=" cacheable=true when: "jwt_header|length % 4 > 0" loop: - 1 @@ -56,7 +56,7 @@ - name: show jwt encoded payload pre padding debug: var=jwt_encoded_payload ## adding potentially missing base64 = padding to payload: -- set_fact: jwt_encoded_payload="{{ jwt_encoded_payload }}=" cacheable=yes +- set_fact: jwt_encoded_payload="{{ jwt_encoded_payload }}=" cacheable=true when: "jwt_encoded_payload|length % 4 > 0" loop: - 1 @@ -77,10 +77,10 @@ - set_fact: jwt_unique_user_name="{{ jwt_payload.name }}" when: "'name' in jwt_payload" -- name: middleware get jwt check valid creds output user user1_test... +- name: Verify JWT Middleware and Check Valid Credentials, Output User 'user1_test' debug: - msg: "ERROR unexpected jwt test result (username does not match 'user1{{ test_postfix }}'): {{ jwt_unique_user_name }}" - when: "jwt_unique_user_name is not match('user1{{ test_postfix }}')" + msg: "ERROR: Unexpected JWT test result (username does not match 'user1{{ test_postfix }}'): {{ jwt_unique_user_name }}" + when: "jwt_unique_user_name != 'user1' ~ test_postfix" - name: middleware test get jwt wrong creds uri: @@ -93,10 +93,10 @@ Password: wrong-pwd body_format: json validate_certs: false - return_content: yes + return_content: true register: sample_jwt changed_when: false - ignore_errors: yes + ignore_errors: true - debug: var: sample_jwt diff --git a/roles/test/tasks/test-csharp.yml b/roles/test/tasks/test-csharp.yml index e946219b1..5a7e36987 100644 --- a/roles/test/tasks/test-csharp.yml +++ b/roles/test/tasks/test-csharp.yml @@ -5,18 +5,19 @@ dest: "{{ test_dir }}/csharp" owner: "{{ fworch_user }}" group: "{{ fworch_group }}" - become: yes + become: true - name: csharp tests command: dotnet test args: chdir: "{{ csharp_test_start_dir }}" - become: yes + become: true become_user: "{{ fworch_user }}" register: csharp_tests - ignore_errors: no + ignore_errors: false environment: "{{ proxy_env }}" -- name: show test results +- name: show csharp test results in case of errors debug: var: csharp_tests + when: csharp_tests.rc != 0 diff --git a/roles/test/tasks/test-importer.yml b/roles/test/tasks/test-importer.yml index 87cfb6f7d..da38ce3a4 100644 --- a/roles/test/tasks/test-importer.yml +++ b/roles/test/tasks/test-importer.yml @@ -1,24 +1,33 @@ --- -- name: make test fortinet import - command: "./fworch-importer-single.pl mgm_name={{ test_fortigate_name }}" - args: - chdir: "{{ fworch_home }}/importer" - become_user: "{{ fworch_user }}" - become: yes - name: find management id for checkpoint test postgresql_query: db: fworchdb - query: > - SELECT mgm_id FROM management WHERE mgm_name='{{ test_checkpoint_name }}'; - become: yes + query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_checkpoint_name }}'; + become: true become_user: postgres register: test_checkpoint_mgm_id +- name: find management id for fortigate test + postgresql_query: + db: fworchdb + query: SELECT mgm_id FROM management WHERE mgm_name='{{ test_fortigate_name }}'; + become: true + become_user: postgres + register: test_fortigate_mgm_id + - name: make test checkpoint import - command: "python3 ./import-mgm.py -s -m{{ test_checkpoint_mgm_id.query_result.0.mgm_id }} -ihttps://fwodemodata.cactus.de/demo04_cpr8x.json" + command: "python3 ./import-mgm.py -f -s -m{{ test_checkpoint_mgm_id.query_result.0.mgm_id }}" + args: + chdir: "{{ fworch_home }}/importer" + become: true + become_user: "{{ fworch_user }}" + environment: "{{ proxy_env }}" + +- name: make test fortigate import + command: "python3 ./import-mgm.py -f -s -m{{ test_fortigate_mgm_id.query_result.0.mgm_id }}" args: chdir: "{{ fworch_home }}/importer" - become: yes + become: true become_user: "{{ fworch_user }}" environment: "{{ proxy_env }}" diff --git a/roles/test/tasks/test-web.yml b/roles/test/tasks/test-web.yml index 4ec17c085..941dadd25 100644 --- a/roles/test/tasks/test-web.yml +++ b/roles/test/tasks/test-web.yml @@ -1,6 +1,14 @@ # this playbook contains web server availabitlity tests -- name: test api version +# TODO - find out why UI sometimes crashes during upgrade of heavy data installations +- name: restart UI to avoid testing against crashed UI + ansible.builtin.systemd: + name: "{{ product_name }}-ui" + state: restarted + become: true + when: "'frontends' in group_names" + +- name: test web server availability uri: url: "{{ loop_url }}" method: GET @@ -8,10 +16,13 @@ Content-Type: html/text body: validate_certs: false - return_content: yes + return_content: true register: web_call_result changed_when: false failed_when: false + until: web_call_result.status == 200 + retries: 10 # 10 * 5 seconds + delay: 5 # Every 5 seconds loop: - "{{ middleware_uri }}/swagger/" - https://{{ ui_hostname }}/ diff --git a/roles/test/tasks/write-config-test-user-creds.yml b/roles/test/tasks/write-config-test-user-creds.yml index a9e32c13d..0cdf4be4c 100644 --- a/roles/test/tasks/write-config-test-user-creds.yml +++ b/roles/test/tasks/write-config-test-user-creds.yml @@ -10,4 +10,4 @@ content: "{{ config_json | to_nice_json }}" dest: "{{ fworch_secrets_dir }}/TestUserCreds.json" when: installation_mode != "uninstall" - become: yes + become: true diff --git a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs index c3f41fe40..d2246234e 100644 --- a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs +++ b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs @@ -4,6 +4,9 @@ using Microsoft.AspNetCore.Components.Authorization; using FWO.Config.Api; using FWO.Api.Client; +using FWO.Api.Client.Queries; +using FWO.GlobalConstants; +using FWO.Api.Data; using FWO.Ui.Services; using FWO.Middleware.Client; using FWO.Middleware.RequestParameters; @@ -12,108 +15,200 @@ using FWO.Logging; using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using System.Security.Authentication; +using System.Security.Principal; + namespace FWO.Ui.Auth { public class AuthStateProvider : AuthenticationStateProvider { - private ClaimsPrincipal? authenticatedUser; + private ClaimsPrincipal user = new ClaimsPrincipal(new ClaimsIdentity()); public override Task GetAuthenticationStateAsync() { - var identity = new ClaimsIdentity(); - var user = new ClaimsPrincipal(identity); return Task.FromResult(new AuthenticationState(user)); } - public async Task AuthenticateUser(string jwtString, UserConfig userConfig, ApiConnection apiConnection, CircuitHandlerService circuitHandler) + public async Task> Authenticate(string username, string password, ApiConnection apiConnection, MiddlewareClient middlewareClient, + GlobalConfig globalConfig, UserConfig userConfig, ProtectedSessionStorage sessionStorage, CircuitHandlerService circuitHandler) { - JwtReader jwt = new JwtReader(jwtString); + // There is no jwt in session storage. Get one from auth module. + AuthenticationTokenGetParameters authenticationParameters = new AuthenticationTokenGetParameters { Username = username, Password = password }; + RestResponse apiAuthResponse = await middlewareClient.AuthenticateUser(authenticationParameters); - if (jwt.Validate()) + if (apiAuthResponse.StatusCode == HttpStatusCode.OK) { + string jwtString = apiAuthResponse.Data ?? throw new Exception("no response data"); + await Authenticate(jwtString, apiConnection, middlewareClient, globalConfig, userConfig, circuitHandler, sessionStorage); + Log.WriteAudit("AuthenticateUser", $"user {username} successfully authenticated"); + } + + return apiAuthResponse; + } + + public async Task Authenticate(string jwtString, ApiConnection apiConnection, MiddlewareClient middlewareClient, + GlobalConfig globalConfig, UserConfig userConfig, CircuitHandlerService circuitHandler, ProtectedSessionStorage sessionStorage) + { + // Try to auth with jwt (validates it and creates user context on UI side). + JwtReader jwtReader = new JwtReader(jwtString); + + if (await jwtReader.Validate()) + { + // importer is not allowed to login + if (jwtReader.ContainsRole(Roles.Importer)) + { + throw new AuthenticationException("login_importer_error"); + } + + // Save jwt in session storage. + await sessionStorage.SetAsync("jwt", jwtString); + + // Tell api connection to use jwt as authentication + apiConnection.SetAuthHeader(jwtString); + + // Tell middleware connection to use jwt as authentication + middlewareClient.SetAuthenticationToken(jwtString); + + // Set user claims based on the jwt claims ClaimsIdentity identity = new ClaimsIdentity ( - claims: jwt.GetClaims(), + claims: jwtReader.GetClaims(), authenticationType: "ldap", nameType: JwtRegisteredClaimNames.UniqueName, roleType: "role" ); - authenticatedUser = new ClaimsPrincipal(identity); - - await userConfig.SetUserInformation(authenticatedUser.FindFirstValue("x-hasura-uuid"), apiConnection); - circuitHandler.User = userConfig.User; + // Set user information + user = new ClaimsPrincipal(identity); + string userDn = user.FindFirstValue("x-hasura-uuid"); + await userConfig.SetUserInformation(userDn, apiConnection); userConfig.User.Jwt = jwtString; + userConfig.User.Tenant = await getTenantFromJwt(userConfig.User.Jwt, apiConnection); + userConfig.User.Roles = await getAllowedRoles(userConfig.User.Jwt); + userConfig.User.Ownerships = await getAssignedOwners(userConfig.User.Jwt); + circuitHandler.User = userConfig.User; + + // Add jwt expiry timer + JwtEventService.AddJwtTimers(userDn, (int)jwtReader.TimeUntilExpiry().TotalMilliseconds, 1000 * 60 * globalConfig.SessionTimeoutNoticePeriod); - if(!userConfig.User.PasswordMustBeChanged) + if (!userConfig.User.PasswordMustBeChanged) { - NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(authenticatedUser))); + NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(user))); } } - else { Deauthenticate(); - } + } } - public async Task> Login(string username, string password, ApiConnection apiConnection, MiddlewareClient middlewareClient, - UserConfig userConfig, ProtectedSessionStorage sessionStorage, CircuitHandlerService circuitHandler) + public void Deauthenticate() { - // There is no jwt in session storage. Get one from auth module. - AuthenticationTokenGetParameters authenticationParameters = new AuthenticationTokenGetParameters { Username = username, Password = password }; - RestResponse apiAuthResponse = await middlewareClient.AuthenticateUser(authenticationParameters); + user = new ClaimsPrincipal(new ClaimsIdentity()); + NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(user))); + } - if (apiAuthResponse.StatusCode == HttpStatusCode.OK) + public void ConfirmPasswordChanged() + { + NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(user ?? throw new Exception("Password cannot be changed because user was not authenticated")))); + } + + public async Task getTenantId(string jwtString) + { + JwtReader jwtReader = new JwtReader(jwtString); + int tenantId = 0; + + if (await jwtReader.Validate()) { - string jwt = apiAuthResponse.Data ?? throw new Exception("no response data"); - JwtReader reader = new JwtReader(jwt); - reader.Validate(); + ClaimsIdentity identity = new ClaimsIdentity + ( + claims: jwtReader.GetClaims(), + authenticationType: "ldap", + nameType: JwtRegisteredClaimNames.UniqueName, + roleType: "role" + ); - // importer is not allowed to login - if (reader.ContainsRole("importer")) + // Set user information + user = new ClaimsPrincipal(identity); + + if (!int.TryParse(user.FindFirstValue("x-hasura-tenant-id"), out tenantId)) { - throw new AuthenticationException("login_importer_error"); + // TODO: log warning } + } + return tenantId; + } - Log.WriteAudit("AuthenticateUser", $"user {username} successfully authenticated"); + public async Task getTenantFromJwt(string jwtString, ApiConnection apiConnection) + { + JwtReader jwtReader = new JwtReader(jwtString); + Tenant tenant = new(); - // Save it in session storage. - await sessionStorage.SetAsync("jwt", jwt); + if (await jwtReader.Validate()) + { + ClaimsIdentity identity = new ClaimsIdentity + ( + claims: jwtReader.GetClaims(), + authenticationType: "ldap", + nameType: JwtRegisteredClaimNames.UniqueName, + roleType: "role" + ); - // Add all user relevant information to the current session. Also used when reloading page. - await CreateUserContext(jwt, apiConnection, middlewareClient, userConfig, circuitHandler); + // Set user information + user = new ClaimsPrincipal(identity); - // Add jwt expiry timer - JwtEventService.AddJwtTimers(userConfig.User.Dn, (int)reader.TimeUntilExpiry().TotalMilliseconds, 1000 * 60 * userConfig.SessionTimeoutNoticePeriod); + if (int.TryParse(user.FindFirstValue("x-hasura-tenant-id"), out int tenantId)) + { + tenant = await Tenant.GetSingleTenant(apiConnection, tenantId) ?? new(); + } + // else + // { + // // TODO: log warning + // } } - return apiAuthResponse; + return tenant; } - public void Deauthenticate() - { - ClaimsIdentity identity = new ClaimsIdentity(); - ClaimsPrincipal emptyUser = new ClaimsPrincipal(identity); - - NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(emptyUser))); + public async Task> getAllowedRoles(string jwtString) + { + return await GetClaimList(jwtString, "x-hasura-allowed-roles"); } - public async Task CreateUserContext(string jwt, ApiConnection apiConnection, MiddlewareClient middlewareClient, UserConfig userConfig, CircuitHandlerService circuitHandler) + public async Task> getAssignedOwners(string jwtString) { - // Tell api connection to use jwt as authentication - apiConnection.SetAuthHeader(jwt); - - // Tell middleware connection to use jwt as authentication - middlewareClient.SetAuthenticationToken(jwt); - - // Try to auth with jwt (validates it and creates user context on UI side). - await AuthenticateUser(jwt, userConfig, apiConnection, circuitHandler); + List ownerIds = new(); + List ownerClaims = await GetClaimList(jwtString, "x-hasura-editable-owners"); + if(ownerClaims.Count > 0) + { + string[] separatingStrings = { ",", "{", "}" }; + string[] owners = ownerClaims[0].Split(separatingStrings, StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries); + ownerIds = Array.ConvertAll(owners, x => int.Parse(x)).ToList(); + } + return ownerIds; } - public void ConfirmPasswordChanged() - { - NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(authenticatedUser ?? throw new Exception("Password cannot be changed because user was not authenticated")))); + private async Task> GetClaimList(string jwtString, string claimType) + { + List claimList = new List(); + JwtReader jwtReader = new JwtReader(jwtString); + if (await jwtReader.Validate()) + { + ClaimsIdentity identity = new ClaimsIdentity + ( + claims: jwtReader.GetClaims(), + authenticationType: "ldap", + nameType: JwtRegisteredClaimNames.UniqueName, + roleType: "role" + ); + foreach (Claim claim in identity.Claims) + { + if (claim.Type == claimType) + { + claimList.Add(claim.Value); + } + } + } + return claimList; } } } diff --git a/roles/ui/files/FWO.UI/Data/PopupSize.cs b/roles/ui/files/FWO.UI/Data/PopupSize.cs new file mode 100644 index 000000000..f79ba5657 --- /dev/null +++ b/roles/ui/files/FWO.UI/Data/PopupSize.cs @@ -0,0 +1,13 @@ + + +namespace FWO.Ui.Services +{ + public enum PopupSize + { + FullScreenWidth, + XLarge, + Large, + Medium, + Small + } +} \ No newline at end of file diff --git a/roles/ui/files/FWO.UI/FWO.Ui.csproj b/roles/ui/files/FWO.UI/FWO.Ui.csproj index 16e35bb73..5730b734d 100644 --- a/roles/ui/files/FWO.UI/FWO.Ui.csproj +++ b/roles/ui/files/FWO.UI/FWO.Ui.csproj @@ -1,21 +1,26 @@  - net6.0 + net8.0 enable enable + + + + + diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor index 110072d68..7af90212e 100644 --- a/roles/ui/files/FWO.UI/Pages/Certification.razor +++ b/roles/ui/files/FWO.UI/Pages/Certification.razor @@ -5,10 +5,12 @@ @using FWO.Report @using FWO.Report.Filter @using FWO.Ui.Pages.Reporting.Reports +@using FWO.GlobalConstants @using FWO.Api.Data @using FWO.Middleware.Client @page "/certification" +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")] @inject ApiConnection apiConnection @inject UserConfig userConfig @@ -20,35 +22,46 @@

    @if (processing == false) { - + } else { - + }
    @(userConfig.GetText("due_within")):
    - +
    - +
    @(userConfig.GetText("owner")):
    - + + + @owner.Name + +
    + + @if(collectedOwnerships.Count > 1) + { + @(userConfig.GetText("owner")) + + + @owner.Name + + + } +     - + @* ==== MAIN MIDDLE SECTION ==== *@ @@ -58,28 +71,29 @@
    @if(!readonlyMode) { - + @if(rulesFound) { - + } else { - + } - + }
    - + - + @if (AddCommentMode) { @@ -95,124 +109,95 @@
    - - + +
    @*==== RIGHT SIDEBAR ====*@ - -
    -
    @(userConfig.GetText("objects"))
    - - - - -
    -
    @(userConfig.GetText("collapse_all"))
    -
    -
    - - - -
    -     - -
    -
    @(userConfig.GetText("clear_all"))
    -
    @(userConfig.GetText("collapse_all"))
    -
    -
    - - $"{rule.DeviceName} - Rule {rule.Id} {rule.Name}") - NetworkObjectExtractor="rule => rule.Froms.Select(nl => nl.Object).Union(rule.Tos.Select(nl => nl.Object)).Union(rule.NatData.TranslatedFroms.Select(nl => nl.Object)).Union(rule.NatData.TranslatedTos.Select(nl => nl.Object)).OrderBy(o => o.Name).ToArray()" - NetworkServiceExtractor="rule => rule.Services.Select(sw => sw.Content).Union(rule.NatData.TranslatedServices.Select(sw => sw.Content)).OrderBy(s => s.Name).ToArray()" - NetworkUserExtractor="rule => rule.Froms.Select(nl => nl.User).Distinct().Where(u => u != null).OrderBy(u => u.Name).ToArray()" /> - -
    -     -     -     -
    -     - + @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; - private TabSet? rsbTabset; - private AnchorNavToRSB? anchorNavToRSB; + [CascadingParameter] + private Task? authenticationStateTask { get; set; } + + private FWO.Ui.Shared.TabSet rsbTabset; + private FWO.Ui.Shared.AnchorNavToRSB anchorNavToRSB; private const int rulesPerPage = 0; - private int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth; - private int sidebarRightWidth = GlobalConfig.kSidebarRightWidth; - private bool selectAll = true; + private int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth; + private int sidebarRightWidth = GlobalConst.kSidebarRightWidth; - private string filterInput = "remove=false and recertdisplay=0"; private bool processing = false; private bool rulesFound = false; - private CancellationTokenSource tokenSource = new CancellationTokenSource(); + private CancellationTokenSource tokenSource = new (); - private Management[] managements = new Management[0]; + private List managementsReport = new (); private bool readonlyMode = false; - private int selectedOwnerId = 0; - private List ownerList = new List(); - private List userOwnerships = new List(); - private List groupOwnerships = new List(); - private List combinedOwnershipIds = new List(); - private DeviceFilter deviceFilter = new DeviceFilter(); - private List selectedRules = new List(); + public FwoOwner? selectedOwner = null; + private List ownerList = new (); + private List userOwnerships = new (); + private List groupOwnerships = new (); + private List collectedOwnerships = new (); + private Dictionary recertInterval = new (); + private DeviceFilter deviceFilter = new (); + private List selectedRules = new (); private bool collapseDevices = false; - private CollapseState collapseControlObjects = new CollapseState(); private ReportBase? currentReport; + private ReportTemplate reportParams = new (); private Sidebar? deviceSelectionSidebar; private bool AddCommentMode = false; private string actComment = ""; + private int recertLookAheadDays = 0; + + private List Certifications = new (); + private Dictionary> deleteList = new (); - protected override void OnInitialized() + private TicketCreator ticketCreator; + + protected override async Task OnInitializedAsync() { - Task.Run(async () => + + try { - try - { - rulesFound = false; + apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List { Roles.Recertifier, Roles.Admin, Roles.Auditor }); + rulesFound = false; + ticketCreator = new (apiConnection, userConfig, authenticationStateTask!.Result.User, middlewareClient); - ownerList = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.OwnerQueries.getOwners); - await InitOwnerships(); + ownerList = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.OwnerQueries.getOwners); + await CollectOwnerships(); - deviceFilter.Managements = await apiConnection.SendQueryAsync>(DeviceQueries.getDevicesByManagements); - await InvokeAsync(StateHasChanged); - if (deviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices) - { - collapseDevices = true; - await InvokeAsync(StateHasChanged); - } - } - catch (Exception exception) + deviceFilter.Managements = await apiConnection.SendQueryAsync>(DeviceQueries.getDevicesByManagement); + await InvokeAsync(StateHasChanged); + if (deviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices) { - DisplayMessageInUi!(exception, userConfig.GetText("object_fetch"), "", true); + collapseDevices = true; + await InvokeAsync(StateHasChanged); } - }); + recertLookAheadDays = Convert.ToInt32(userConfig.RecertificationDisplayPeriod); + } + catch (Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("object_fetch"), "", true); + } } - private async Task InitOwnerships() + private async Task CollectOwnerships() { userOwnerships = await apiConnection.SendQueryAsync>(OwnerQueries.getOwnerIdsForUser, new {userDn = userConfig.User.Dn}); - List ownerGroups = await GroupAccess.GetGroupsFromInternalLdap(middlewareClient, userConfig, DisplayMessageInUi!, true); - List ownerGrpDns = new List(); + List ownerGroups = await GroupAccess.GetGroupsFromInternalLdap(middlewareClient, userConfig, DisplayMessageInUi, true); + List ownerGrpDns = new (); foreach(var grp in ownerGroups) { if(grp.Users.FirstOrDefault(x => x.Dn == userConfig.User.Dn) != null) @@ -227,21 +212,30 @@ foreach(var owner in userOwnerships) { - combinedOwnershipIds.Add(owner.Id); + collectedOwnerships.Add(owner); + recertInterval.Add(owner.Id, owner.RecertInterval ?? userConfig.RecertificationPeriod); } foreach(var owner in groupOwnerships) { - combinedOwnershipIds.Add(owner.Id); + if(collectedOwnerships.FirstOrDefault(x => x.Id == owner.Id) == null) + { + collectedOwnerships.Add(owner); + recertInterval.Add(owner.Id, owner.RecertInterval ?? userConfig.RecertificationPeriod); + } + } + if(collectedOwnerships.Count == 1) + { + selectedOwner = collectedOwnerships[0]; } } private async Task GenerateRecertificationReport() { processing = true; - readonlyMode = selectedOwnerId > 0; + readonlyMode = !authenticationStateTask!.Result.User.IsInRole(Roles.Recertifier) || selectedOwner == null; selectedRules.Clear(); - Management[] managementsOrig = managements; + List managementsOrig = managementsReport; try { tokenSource = new CancellationTokenSource(); @@ -249,179 +243,89 @@ if (!deviceFilter.isAnyDeviceFilterSet()) // display pop-up with warning { - DisplayMessageInUi!(null, userConfig.GetText("no_device_selected"), userConfig.GetText("E1001"), true); + DisplayMessageInUi(null, userConfig.GetText("no_device_selected"), userConfig.GetText("E1001"), true); processing = false; return; } - SyncFilterToDisplay(); - RecertFilter recertFilter = new RecertFilter() { RecertOwnerList = (selectedOwnerId > 0 ? new List(){ selectedOwnerId } : combinedOwnershipIds) }; - ReportTemplate reportParams = new ReportTemplate("", deviceFilter, (int) ReportType.Recertification, null, recertFilter); - currentReport = ReportBase.ConstructReport(reportParams, userConfig); - - DateTime startTime = DateTime.Now; - managements = new Management[0]; // reset management data when switching between reports + prepareReport(); + managementsReport = new (); // reset management data when switching between reports try { - await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection, - managementsReportIntermediate => + if(currentReport != null) { - managements = managementsReportIntermediate; - return InvokeAsync(StateHasChanged); - }, token); + await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection, + managementsReportIntermediate => + { + managementsReport = managementsReportIntermediate.ManagementData; + return InvokeAsync(StateHasChanged); + }, token); + } } catch (OperationCanceledException e) { Log.WriteDebug("Generate Report", $"Cancelled: {e.Message}"); } - rulesFound = false; - foreach (Management management in managements) - foreach (Device device in management.Devices) - if (device.ContainsRules()) - { - rulesFound = true; - if (device.Rules != null) - foreach (Rule rule in device.Rules) - rule.Metadata.UpdateRecertPeriods(userConfig.RecertificationPeriod, userConfig.RecertificationNoticePeriod); - } + postProcessReport(); processing = false; await InvokeAsync(StateHasChanged); if(!rulesFound) { - DisplayMessageInUi!(null, userConfig.GetText("generate_report"), userConfig.GetText("E4002"), true); + DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4002"), true); } } catch (Exception exception) { processing = false; - managements = managementsOrig; + managementsReport = managementsOrig; StateHasChanged(); - DisplayMessageInUi!(exception, userConfig.GetText("generate_report"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("generate_report"), "", true); } } private void CancelGeneration() { tokenSource.Cancel(); - DisplayMessageInUi!(null, userConfig.GetText("report_data_fetch"), userConfig.GetText("E1003"), true); + DisplayMessageInUi(null, userConfig.GetText("report_data_fetch"), userConfig.GetText("E1003"), true); } - private void SyncFilterToDisplay() + private void prepareReport() { - filterInput = Regex.Replace(filterInput, "recertdisplay=" + @"-?\d+", $"recertdisplay={(userConfig.RecertificationPeriod-userConfig.RecertificationDisplayPeriod).ToString()}"); + List ownerList = new List(); + if (selectedOwner != null) + { + ownerList.Add(selectedOwner.Id); + } + + ReportParams reportParams = new ReportParams((int) ReportType.Recertification, deviceFilter); + reportParams.RecertFilter = new RecertFilter() + { + RecertOwnerList = ownerList, + RecertShowAnyMatch = true, + RecertificationDisplayPeriod = recertLookAheadDays + }; + currentReport = ReportBase.ConstructReport(new ReportTemplate("", reportParams), userConfig); } - const byte all = 10, report = 20, rule = 30, all_nobj = 11, all_nsrv = 12, all_user = 13, report_nobj = 21, report_nsrv = 22, report_user = 23; - public async Task FetchContent(byte contentType, Func callback, long id = 0, bool nat = false) + private void postProcessReport() { - Log.WriteDebug("Fetching Content..", ""); - - Management[] managements = new Management[0]; - - try + rulesFound = false; + foreach (var management in managementsReport) { - string query = ""; - Dictionary queryVars = new Dictionary(); - - bool newObjects = true; - int fetchCount = 0; - - bool gotAllObjects = true; - - switch (contentType) + foreach (var device in management.Devices) { - case all: - query = ObjectQueries.getAllObjectDetails; - break; - case all_nobj: - query = ObjectQueries.getNetworkObjectDetails; - break; - case all_nsrv: - query = ObjectQueries.getNetworkServiceObjectDetails; - break; - case all_user: - query = ObjectQueries.getUserDetails; - break; - case rule: - if (nat) - query = RuleQueries.getNatRuleDetails; - else - query = RuleQueries.getRuleDetails; - break; - } - - switch (contentType) - { - case all or all_nobj or all_nsrv or all_user: - - queryVars = new Dictionary() - { - { "limit", userConfig.ElementsPerFetch }, - { "offset", 0 }, - { "management_id", (int) id } - }; - - break; - - case report or report_nobj or report_nsrv or report_user: - - queryVars = new Dictionary() - { - { "limit", userConfig.ElementsPerFetch }, - { "offset", 0 }, - { "mgmIds", (int) id } - }; - - if (currentReport != null) - gotAllObjects = await currentReport.GetObjectsForManagementInReport(queryVars, (byte)(contentType - report), userConfig.AutoFillRightSidebar ? int.MaxValue : userConfig.MaxInitialFetchesRightSidebar, apiConnection, callback); - - if (!gotAllObjects) - DisplayMessageInUi!(null, userConfig.GetText("object_fetch_warning"), userConfig.GetText("E0021"), true); - - return; - - case rule: - - queryVars = new Dictionary() - { - { "limit", userConfig.ElementsPerFetch }, - { "offset", (int)0 }, - { "rule_id", id } - }; - - break; - } - - // lazy fetch all objects for right sidebar - while (newObjects && (++fetchCount <= userConfig.MaxInitialFetchesRightSidebar || userConfig.AutoFillRightSidebar)) - { - Management[] managementsCurrentFetch = await apiConnection.SendQueryAsync(query, queryVars); - if (fetchCount == 1) + if (device.ContainsRules()) { - managements = managementsCurrentFetch; - } - else - { - newObjects = managements.Merge(managementsCurrentFetch); + rulesFound = true; + foreach (var rule in device.Rules!) + { + rule.Metadata.UpdateRecertPeriods(userConfig.RecertificationPeriod, userConfig.RecertificationNoticePeriod); + } } - - if (queryVars.ContainsKey("offset")) - queryVars["offset"] = (int)queryVars["offset"] + userConfig.ElementsPerFetch; - await callback(managements); } - - Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({userConfig.ElementsPerFetch} at a time)"); - - if (fetchCount > userConfig.MaxInitialFetchesRightSidebar && !userConfig.AutoFillRightSidebar) - DisplayMessageInUi!(null, userConfig.GetText("object_fetch_warning"), userConfig.GetText("E0021"), true); - } - catch (Exception exception) - { - DisplayMessageInUi!(exception, userConfig.GetText("object_fetch"), "", true); - // TODO: Error Interface for all Components, that enables displaying a message in the ui } } @@ -441,105 +345,143 @@ actComment = Sanitizer.SanitizeMand(actComment, ref shortened); if(shortened) { - DisplayMessageInUi!(null, userConfig.GetText("execute_selected"), userConfig.GetText("U0001"), true); + DisplayMessageInUi(null, userConfig.GetText("execute_selected"), userConfig.GetText("U0001"), true); } if(userConfig.CommentRequired && actComment == "") { - DisplayMessageInUi!(null, userConfig.GetText("execute_selected"), userConfig.GetText("E4001"), true); + DisplayMessageInUi(null, userConfig.GetText("execute_selected"), userConfig.GetText("E4001"), true); return; } AddCommentMode = false; try { - // collect selected recerts + decerts - List RecertIds = new List(); - List DecertIds = new List(); - List Certifications = new List(); + AnalyzeSelected(); + await DoRecerts(); - foreach (Management management in managements) + // create delete tickets + if(userConfig.RecAutoCreateDeleteTicket) { - foreach (Device device in management.Devices) + foreach(var device in deleteList) { - if(device.Rules != null) + await ticketCreator.CreateDecertRuleDeleteTicket(device.Key, device.Value, actComment, DateTime.Now.AddDays(userConfig.RuleRemovalGracePeriod)); + } + } + + // reload updated report + await GenerateRecertificationReport(); + } + catch (Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("execute_selected"), "", true); + } + } + + private void AnalyzeSelected() + { + // collect selected recerts + decerts + Certifications = new List(); + + foreach (var management in managementsReport) + { + foreach (var device in management.Devices) + { + if(device.Rules != null) + { + foreach (var rule in device.Rules) { - foreach (Rule rule in device.Rules) + if(rule.Metadata.Recert || rule.Metadata.ToBeRemoved) { - if(rule.Metadata.Recert) //Todo: remove - { - RecertIds.Add(rule.Metadata.Id); - } - else if(rule.Metadata.ToBeRemoved) //Todo: remove - { - DecertIds.Add(rule.Metadata.Id); - } - if(rule.Metadata.Recert || rule.Metadata.ToBeRemoved) - { - Certifications.Add(rule); - } + rule.DeviceId = device.Id; + Certifications.Add(rule); } } } } + } + } - // execute recertifications - if (RecertIds.Count > 0) //Todo: remove - { - var apiVariables = new - { - ids = RecertIds.ToArray(), - certDate = DateTime.Now, - userDn = userConfig.User.Dn, - comment = actComment - }; - await apiConnection.SendQueryAsync(RuleQueries.updateRuleMetadataRecert, apiVariables); - } - - // execute decertifications - if (DecertIds.Count > 0) //Todo: remove - { - var apiVariables = new - { - ids = DecertIds.ToArray(), - decertDate = DateTime.Now, - comment = actComment - }; - await apiConnection.SendQueryAsync(RuleQueries.updateRuleMetadataDecert, apiVariables); - } + private async Task DoRecerts() + { + int recerts = 0; + int decerts = 0; + deleteList = new Dictionary>(); - int recerts = 0; - if (Certifications.Count > 0) + if (Certifications.Count > 0) + { + foreach(var certRule in Certifications) { - foreach(var cert in Certifications) + if(await Recertify(certRule)) { - var variables = new - { - ruleMetadataId = cert.Metadata.Id, - ruleId = cert.Id, - ipMatch = cert.IpMatch, - ownerId = cert.OwnerId, - userDn = userConfig.User.Dn, - recertified = cert.Metadata.Recert, - recertDate = DateTime.Now, - comment = actComment - }; - await apiConnection.SendQueryAsync(RuleQueries.newRecertification, variables); - if(cert.Metadata.Recert) + if(certRule.Metadata.Recert) { recerts++; } + else + { + decerts++; + if(await checkAllDecertified(certRule)) + { + if(!deleteList.ContainsKey(certRule.DeviceId)) + { + deleteList.Add(certRule.DeviceId, new List()); + } + deleteList[certRule.DeviceId].Add(certRule.Uid ?? ""); + } + } } } + // refresh view ? + } + string txt = userConfig.GetText("recerts_executed") + recerts.ToString() + ", " + + userConfig.GetText("decerts_executed") + decerts.ToString(); + DisplayMessageInUi(null, userConfig.GetText("execute_selected"), txt, false); + } - string txt = userConfig.GetText("recerts_executed") + recerts.ToString() + ", " + - userConfig.GetText("decerts_executed") + (Certifications.Count-recerts).ToString(); - DisplayMessageInUi!(null, userConfig.GetText("execute_selected"), txt, false); + private async Task checkAllDecertified(Rule rule) + { + var variables = new + { + ruleId = rule.Id, + }; + return ((await apiConnection.SendQueryAsync>(RecertQueries.getOpenRecertsForRule, variables)).Count == 0); + } - // reload updated report - await GenerateRecertificationReport(); + private async Task Recertify(Rule rule) + { + var variables = new + { + ruleId = rule.Id, + ownerId = (selectedOwner ?? throw new Exception("Recertification without owner not allowed.")).Id, + userDn = userConfig.User.Dn, + recertified = rule.Metadata.Recert, + recertDate = DateTime.Now, + comment = actComment + }; + bool recertOk = (await apiConnection.SendQueryAsync(RecertQueries.recertify, variables)).AffectedRows > 0; + if(recertOk && rule.Metadata.Recert) + { + await InitRecert(rule); } - catch (Exception exception) + return recertOk; + } + + private async Task InitRecert(Rule rule) + { + if (recertInterval != null && selectedOwner != null && recertInterval.ContainsKey(selectedOwner.Id)) + { + var prepvariables = new + { + ruleMetadataId = rule.Metadata.Id, + ruleId = rule.Id, + ipMatch = rule.IpMatch != "" ? rule.IpMatch : null, + ownerId = (selectedOwner ?? throw new Exception("Recertification without owner not allowed.")).Id, + nextRecertDate = DateTime.Now.AddDays(recertInterval[selectedOwner.Id]) + }; + await apiConnection.SendQueryAsync(RecertQueries.prepareNextRecertification, prepvariables); + } + else { - DisplayMessageInUi!(exception, userConfig.GetText("execute_selected"), "", true); + DisplayMessageInUi(null, userConfig.GetText("execute_selected"), userConfig.GetText("missing_owner_id"), true); } } } diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor new file mode 100644 index 000000000..6893fc07f --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor @@ -0,0 +1,55 @@ +@using FWO.Config.Api +@using FWO.Config.Api.Data + +@inherits LayoutComponentBase +@layout MainLayout + +@inject UserConfig userConfig + + +
    +
      +
    • +
      @(userConfig.GetText("network_zones"))
      +
      • + +
    • + + @(userConfig.GetText("configuration")) + +
      • +       +
    • + + @(userConfig.GetText("matrix")) + +
      • +
    • + + @(userConfig.GetText("checks")) + +
      • +
    +
    +     + + +
    + @Body +
    + +@code +{ + private int sidebarWidth = 250; + + protected override void OnInitialized() + { + userConfig.OnChange += OnChange; + } + + private void OnChange(Config _, ConfigItem[] __) + { + Task.Run(async () => await InvokeAsync(StateHasChanged)); + } +} + diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor new file mode 100644 index 000000000..ab90a9621 --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor @@ -0,0 +1,68 @@ +@using NetTools; + +@inject UserConfig userConfig +@inject NetworkZoneService networkZoneService + + + + + + + + + + + + + + + + + + + + +
    @(userConfig.GetText("subzones")):
    + @if (networkZone.Subzones.Length > 0) + { + ComplianceNetworkZone zone = networkZone; + + } + else + { + @(userConfig.GetText("None")) + } +     +
    + +@code +{ + [Parameter] + public ComplianceNetworkZone? Superzone { get; set; } = null; + + [Parameter] + public ComplianceNetworkZone[] NetworkZones { get; set; } = new ComplianceNetworkZone[0]; +} diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor new file mode 100644 index 000000000..fe4bebc0b --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor @@ -0,0 +1,195 @@ +@using NetTools; + +@page "/compliance/zones/checks" + +@layout ComplianceLayout + +@inject UserConfig userConfig +@inject NetworkZoneService networkZoneService + +

    @userConfig.GetText("network_zone_check")

    + +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    +
    + @if (displayOutput) + { + + @if (!compliant) + { +
    +
    + @(userConfig.GetText("rule_violations")) +
    +
    + + + @foreach ((ComplianceNetworkZone, ComplianceNetworkZone) forbiddenCommunication in forbiddenCommunicationsOutput) + { + + + + + + } + +
    @(forbiddenCommunication.Item1.Name)@(forbiddenCommunication.Item2.Name)
    +
    +
    + } + } +
    +
    + + +@code +{ + IPAddressRange? sourceIpRange; + IPAddressRange? destinationIpRange; + bool displayOutput = false; + bool compliant = false; + List<(ComplianceNetworkZone, ComplianceNetworkZone)> forbiddenCommunicationsOutput = new List<(ComplianceNetworkZone, ComplianceNetworkZone)>(); + + private void CheckIpRangeInputCompliance() + { + displayOutput = false; + if (sourceIpRange != null && destinationIpRange != null) + { + displayOutput = true; + compliant = CheckCompliance + ( + new List() { sourceIpRange }, + new List() { destinationIpRange }, + out forbiddenCommunicationsOutput + ); + } + } + + private bool CheckRuleCompliance(Rule rule, out List<(ComplianceNetworkZone, ComplianceNetworkZone)> forbiddenCommunication) + { + List froms = new List(); + List tos = new List(); + + foreach (NetworkLocation networkLocation in rule.Froms) + { + // Determine all source ip ranges + froms.AddRange(ParseIpRange(networkLocation.Object)); + } + foreach (NetworkLocation networkLocation in rule.Tos) + { + // Determine all destination ip ranges + tos.AddRange(ParseIpRange(networkLocation.Object)); + } + + return CheckCompliance(froms, tos, out forbiddenCommunication); + } + + private bool CheckCompliance(List source, List destination, out List<(ComplianceNetworkZone, ComplianceNetworkZone)> forbiddenCommunication) + { + // Determine all matching source zones + List sourceZones = DetermineZones(source); + + // Determine all macthing destination zones + List destinationZones = DetermineZones(destination); + + forbiddenCommunication = new List<(ComplianceNetworkZone, ComplianceNetworkZone)>(); + + foreach (ComplianceNetworkZone sourceZone in sourceZones) + { + foreach (ComplianceNetworkZone destinationZone in destinationZones) + { + if (!sourceZone.CommunicationAllowedTo(destinationZone)) + { + forbiddenCommunication.Add((sourceZone, destinationZone)); + } + } + } + + return forbiddenCommunication.Count == 0; + } + + + private List DetermineZones(List ranges) + { + List result = new List(); + List> unseenIpAddressRanges = new List>(); + + for (int i = 0; i < ranges.Count; i++) + { + unseenIpAddressRanges.Add(new List() + { + new IPAddressRange(ranges[i].Begin, ranges[i].End) + }); + } + + foreach (ComplianceNetworkZone zone in networkZoneService.NetworkZones) + { + if (zone.OverlapExists(ranges, unseenIpAddressRanges)) + { + result.Add(zone); + } + } + + // Get ip ranges that are not in any zone + List undefinedIpRanges = unseenIpAddressRanges.SelectMany(x => x).ToList(); + if (undefinedIpRanges.Count() > 0) + { + result.Add + ( + new ComplianceNetworkZone() + { + Name = userConfig.GetText("internet_local_zone"), + } + ); + } + + return result; + } + + private List ParseIpRange(NetworkObject networkObject) + { + List ranges = new List(); + + if (networkObject.Type == new NetworkObjectType() { Name = ObjectType.IPRange }) + { + ranges.Add(IPAddressRange.Parse($"{networkObject.IP}-{networkObject.IpEnd}")); + } + else if (networkObject.Type != new NetworkObjectType() { Name = ObjectType.Group }) + { + for (int j = 0; j < networkObject.ObjectGroupFlats.Length; j++) + { + if (networkObject.ObjectGroupFlats[j].Object != null) + { + ranges.AddRange(ParseIpRange(networkObject.ObjectGroupFlats[j].Object!)); + } + } + } + else + { + // CIDR notation or single (host) IP can be parsed directly + ranges.Add(IPAddressRange.Parse(networkObject.IP)); + } + + return ranges; + } +} diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor new file mode 100644 index 000000000..1dd333c1e --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor @@ -0,0 +1,439 @@ +@using NetTools; +@using System.Diagnostics; + +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")] + +@page "/compliance/zones/configuration" + +@layout ComplianceLayout + +@inject ApiConnection apiConnection +@inject UserConfig userConfig +@inject NetworkZoneService networkZoneService + +

    @userConfig.GetText("network_zone_config")

    + + + + +@*Show Top-Level Zones*@ + + +@if (networkZoneInEdit != null) +{ + + +
    +
    +
    + + +
    +
    + + +
    +
    + + - } - else - { - + } + else + { + @@ -105,23 +111,22 @@ @if(ReqHandler.ActImplTask.TaskType == TaskType.access.ToString()) { -
    +
    @if (ReqHandler.EditImplTaskMode) { - + + + @action.Name + + } else { - + }
    @@ -132,16 +137,15 @@
    @if (ReqHandler.EditImplTaskMode) { - + + + @track.Name + + } else { - + }
    @@ -180,29 +184,36 @@ } -
    + else if(ReqHandler.ActImplTask.TaskType == TaskType.rule_delete.ToString()) + { + + } +
    - @if(ReqHandler.ImplementImplTaskMode) + @if(ReqHandler.ImplementImplTaskMode || ReqHandler.ReviewImplTaskMode) { - + }
    - @if(ReqHandler.ImplementImplTaskMode) - { -
    -
    - @foreach(var action in offeredActions) +
    +
    + @foreach(var action in offeredActions) + { + @if(ReqHandler.ImplementImplTaskMode || ReqHandler.ReviewImplTaskMode || RequestStateAction.IsReadonlyType(action.ActionType)) { - +
    + +
    } -
    + }
    - } +
    } @@ -210,64 +221,94 @@
    @if (ReqHandler.EditImplTaskMode) { - + - + - + } - else if (ReqHandler.ImplementImplTaskMode) + else if ((ReqHandler.ImplementImplTaskMode || ReqHandler.ReviewImplTaskMode) && !newOwnerAssigned) { - + - + - + } - + @if((ReqHandler.EditImplTaskMode || ReqHandler.ImplementImplTaskMode || ReqHandler.ReviewImplTaskMode) && !newOwnerAssigned) + { + + } + else + { + + }
    - - +@if(IncludePopups) +{ + + + + +} @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; + [CascadingParameter] + private Task? authenticationStateTask { get; set; } + [Parameter] public WorkflowPhases Phase { get; set; } = WorkflowPhases.planning; [Parameter] - public RequestHandler ReqHandler { get; set; } + public RequestHandler ReqHandler { get; set; } = new (); [Parameter] - public Func ResetParent { get; set; } + public Func ResetParent { get; set; } = DefaultInit.DoNothing; [Parameter] - public StateMatrix StateMatrix { get; set; } = new StateMatrix(); + public StateMatrix StateMatrix { get; set; } = new (); [Parameter] - public RequestStateDict States { get; set; } = new RequestStateDict(); + public RequestStateDict States { get; set; } = new (); + [Parameter] + public bool IncludePopups { get; set; } = true; - private List ruleActions = new List(); - private List trackings = new List(); - - List actSources = new List(); - List actDestinations = new List(); - List actServices = new List(); + + private List ruleActions = new (); + private List trackings = new (); - private List offeredActions = new List(); + private List actSources = new (); + private List actDestinations = new (); + private List actServices = new (); + private List actRules = new (); + private Device? actDevice; + private RuleAction? actRuleAction; + private Tracking? actTracking; + private FwoOwner? actOwner; + private FwoOwner? oldOwner; + private bool newOwnerAssigned = false; + private bool firstParamSet = false; + + private List offeredActions = new (); private string allComments = ""; + private string message = ""; + private bool assignOwnerMode = false; protected override async Task OnInitializedAsync() @@ -276,10 +317,11 @@ { ruleActions = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.StmQueries.getRuleActions); trackings = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.StmQueries.getTracking); + firstParamSet = true; } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("fetch_data"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true); } } @@ -287,42 +329,77 @@ { try { - if (ReqHandler.DisplayImplTaskMode) + if (ReqHandler.DisplayImplTaskMode && firstParamSet) { + firstParamSet = false; InitElements(); await InitComments(); - offeredActions = ReqHandler.ActionHandler.GetOfferedActions(ReqHandler.ActImplTask, RequestObjectScopes.ImplementationTask, ReqHandler.Phase); + if(IncludePopups) + { + offeredActions = ReqHandler.ActionHandler.GetOfferedActions(ReqHandler.ActImplTask, RequestObjectScopes.ImplementationTask, ReqHandler.Phase); + } + actDevice = ReqHandler.Devices.FirstOrDefault(x => x.Id == ReqHandler.ActImplTask.DeviceId); + actRuleAction = ruleActions.FirstOrDefault(x => x.Id == ReqHandler.ActImplTask.RuleAction); + actTracking = trackings.FirstOrDefault(x => x.Id == ReqHandler.ActImplTask.Tracking); + actOwner = ReqHandler.ActReqTask.Owners.FirstOrDefault()?.Owner; + oldOwner = actOwner; + newOwnerAssigned = false; } } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("init_environment"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("init_environment"), "", true); } } private void InitElements() { - actSources = ReqHandler.ActImplTask.getNwObjectElements(AccessField.source); - actDestinations = ReqHandler.ActImplTask.getNwObjectElements(AccessField.destination); - actServices = ReqHandler.ActImplTask.getServiceElements(); + actSources = ReqHandler.ActImplTask.GetNwObjectElements(ElemFieldType.source); + actDestinations = ReqHandler.ActImplTask.GetNwObjectElements(ElemFieldType.destination); + actServices = ReqHandler.ActImplTask.GetServiceElements(); + actRules = ReqHandler.ActImplTask.GetRuleElements(); } private async Task InitComments() { - allComments = ReqHandler.ActImplTask.getAllComments(); + allComments = ReqHandler.ActImplTask.GetAllComments(); + ReqHandler.DisplayImplTaskCommentMode = false; } private async Task Close() { await ResetParent(); + ReqHandler.DisplayPromoteImplTaskMode = false; + ReqHandler.DisplayImplTaskMode = false; + firstParamSet = true; + } + + private async Task CancelPromote() + { + ReqHandler.DisplayPromoteImplTaskMode = false; } private async Task PerformAction(RequestStateAction action) { - await ReqHandler.ActionHandler.performAction(action, ReqHandler.ActImplTask, RequestObjectScopes.ImplementationTask); + await ReqHandler.ActionHandler.PerformAction(action, ReqHandler.ActImplTask, RequestObjectScopes.ImplementationTask); + } + + private void RequestAssignOwner() + { + message = userConfig.GetText("U8004"); + assignOwnerMode = true; + } + + private async Task AssignOwner() + { + SetChangedOwner(); + await ReqHandler.ChangeOwner(); + actOwner = ReqHandler.ActReqTask.Owners.FirstOrDefault()?.Owner; + newOwnerAssigned = true; + assignOwnerMode = false; } - private async Task InitAddComment() + private void InitAddComment() { ReqHandler.SetImplTaskPopUpOpt(ObjAction.displayComment); } @@ -336,31 +413,38 @@ private void UpdateElements() { - foreach(var oldElem in ReqHandler.ActImplTask.ImplElements.Where(x => x.Id > 0 && (x.Field == AccessField.source.ToString() || - x.Field == AccessField.destination.ToString() || x.Field == AccessField.service.ToString()))) + foreach(var oldElem in ReqHandler.ActImplTask.ImplElements.Where(x => x.Id > 0 && (x.Field == ElemFieldType.source.ToString() || + x.Field == ElemFieldType.destination.ToString() || x.Field == ElemFieldType.service.ToString() || x.Field == ElemFieldType.rule.ToString()))) { if(actSources.FirstOrDefault(x => x.ElemId == oldElem.Id) == null && actDestinations.FirstOrDefault(x => x.ElemId == oldElem.Id) == null && - actServices.FirstOrDefault(x => x.ElemId == oldElem.Id) == null) + actServices.FirstOrDefault(x => x.ElemId == oldElem.Id) == null && + actRules.FirstOrDefault(x => x.ElemId == oldElem.Id) == null) { ReqHandler.ActImplTask.RemovedElements.Add(oldElem); } } - ReqHandler.ActImplTask.ImplElements.RemoveAll(x => (x.Field == AccessField.source.ToString() || - x.Field == AccessField.destination.ToString() || x.Field == AccessField.service.ToString())); + ReqHandler.ActImplTask.ImplElements.RemoveAll(x => (x.Field == ElemFieldType.source.ToString() || + x.Field == ElemFieldType.destination.ToString() || x.Field == ElemFieldType.service.ToString() || x.Field == ElemFieldType.rule.ToString())); foreach(var source in actSources) { - ReqHandler.ActImplTask.ImplElements.Add(source.ToImplElement(AccessField.source)); + ReqHandler.ActImplTask.ImplElements.Add(source.ToImplElement(ElemFieldType.source)); } foreach(var destination in actDestinations) { - ReqHandler.ActImplTask.ImplElements.Add(destination.ToImplElement(AccessField.destination)); + ReqHandler.ActImplTask.ImplElements.Add(destination.ToImplElement(ElemFieldType.destination)); } foreach(var service in actServices) { - ReqHandler.ActImplTask.ImplElements.Add(service.ToImplElement(AccessField.service)); + ReqHandler.ActImplTask.ImplElements.Add(service.ToImplElement()); + } + foreach(var rule in actRules) + { + RequestImplElement implElem = rule.ToImplElement(); + implElem.ImplAction = ReqHandler.ActImplTask.ImplAction; + ReqHandler.ActImplTask.ImplElements.Add(implElem); } } @@ -370,8 +454,16 @@ { if (ReqHandler.ActImplTask.Sanitize()) { - DisplayMessageInUi!(null, userConfig.GetText("save_task"), userConfig.GetText("U0001"), true); + DisplayMessageInUi(null, userConfig.GetText("save_task"), userConfig.GetText("U0001"), true); } + ReqHandler.ActImplTask.DeviceId = actDevice?.Id; + ReqHandler.ActImplTask.RuleAction = actRuleAction?.Id; + ReqHandler.ActImplTask.Tracking = actTracking?.Id; + if(ReqHandler.ActImplTask.TaskType == TaskType.rule_delete.ToString()) + { + ReqHandler.ActImplTask.ImplAction = RequestAction.delete.ToString(); + } + SetChangedOwner(); UpdateElements(); if (CheckImplTaskValues()) { @@ -388,7 +480,22 @@ } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("save_task"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("save_task"), "", true); + } + } + + private void SetChangedOwner() + { + if(actOwner != oldOwner) + { + if(oldOwner != null) + { + ReqHandler.ActReqTask.RemovedOwners.Add(oldOwner); + } + if(actOwner != null) + { + ReqHandler.ActReqTask.NewOwners.Add(actOwner); + } } } @@ -396,11 +503,11 @@ { foreach (var implElem in ReqHandler.ActImplTask.ImplElements) { - if (implElem.NetworkId == null && implElem.ServiceId == null) + if (implElem.Field == ElemFieldType.service.ToString() && implElem.ServiceId == null) { if (implElem.Port < 1 || implElem.Port > 65535) { - DisplayMessageInUi!(null, userConfig.GetText("save_element"), userConfig.GetText("E5103"), true); + DisplayMessageInUi(null, userConfig.GetText("save_element"), userConfig.GetText("E5103"), true); return false; } } @@ -408,7 +515,7 @@ return true; } - private async Task InitPromoteImplTask() + private void InitPromoteImplTask() { ReqHandler.SetImplTaskPopUpOpt(ObjAction.displayPromote); } diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor index 956fe12de..e9f6cbf3c 100644 --- a/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor +++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor @@ -1,13 +1,13 @@ @using FWO.Api.Client @using FWO.Config.Api -@attribute [Authorize(Roles = "admin, requester, approver, planner, implementer, reviewer, auditor, fw-admin")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")] @inject ApiConnection apiConnection @inject UserConfig userConfig - + @if (Display) { @@ -17,8 +17,8 @@ } else { -
    - +
    +
    @@ -26,7 +26,7 @@ }
    - +
    @@ -34,7 +34,7 @@ @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; [Parameter] public bool Display { get; set; } = false; @@ -43,13 +43,12 @@ public EventCallback DisplayChanged { get; set; } [Parameter] - public Func ResetParent { get; set; } + public Func ResetParent { get; set; } = DefaultInit.DoNothing; [Parameter] - public RequestReqTask ReqTask { get; set; } = new RequestReqTask(); + public RequestReqTask ReqTask { get; set; } = new (); - - private List deviceList = new List(); + private List deviceList = new (); protected override async Task OnParametersSetAsync() @@ -63,7 +62,7 @@ } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("init_environment"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("init_environment"), "", true); } } diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor index efcbdac01..d351a0317 100644 --- a/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor +++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor @@ -1,126 +1,141 @@ @using FWO.Config.Api @using FWO.Ui.Services -@attribute [Authorize(Roles = "admin, requester, approver, planner, implementer, reviewer, auditor, fw-admin")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")] @inject UserConfig userConfig -@if (ReqHandler.EditTicketMode) +@if(ReqHandler.InitDone) { - -} -@if (ReqHandler.ActTicket.Tasks.Count > 0) -{ -
    - - - + + + + + + + - } - else - { - + - - - } -
    -
    + + + + @if(Phase == WorkflowPhases.approval) + { + + + + } + else + { + + + + + + } + +
    + } } - - - + + + @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; [Parameter] public WorkflowPhases Phase { get; set; } = WorkflowPhases.request; [Parameter] - public RequestStateDict States { get; set; } = new RequestStateDict(); + public RequestStateDict States { get; set; } = new (); [Parameter] - public RequestHandler ReqHandler { get; set; } + public RequestHandler ReqHandler { get; set; } = new (); [Parameter] - public Func ResetParent { get; set; } + public Func ResetParent { get; set; } = DefaultInit.DoNothing; [Parameter] - public Func? StartPhase { get; set; } + public Func StartPhase { get; set; } = DefaultInit.DoNothing; [Parameter] - public Func? StartImplPhase { get; set; } + public Func StartImplPhase { get; set; } = DefaultInit.DoNothing; + + static List validRoles = new (){Roles.Planner, Roles.FwAdmin}; - static List validRoles = new List(){"planner", "fw-admin"}; private async Task Reset() { @@ -134,17 +149,17 @@ ReqHandler.SelectReqTask(reqTask, ObjAction.display); } - private async Task AddReqTask() + private void AddReqTask() { ReqHandler.SelectReqTask(new RequestReqTask(){ RuleAction = 1, Tracking = 1 }, ObjAction.add); } - private async Task EditReqTask(RequestReqTask reqTask) + private void EditReqTask(RequestReqTask reqTask) { ReqHandler.SelectReqTask(reqTask, ObjAction.edit); } - private async Task DeleteReqTask(RequestReqTask reqTask) + private void DeleteReqTask(RequestReqTask reqTask) { ReqHandler.SelectReqTaskPopUp(reqTask, ObjAction.displayDelete); } @@ -154,7 +169,7 @@ ReqHandler.SelectReqTaskPopUp(reqTask, ObjAction.displayApprovals); } - private async Task AssignTask(RequestReqTask reqTask) + private void AssignTask(RequestReqTask reqTask) { ReqHandler.SelectReqTaskPopUp(reqTask, ObjAction.displayAssign); } diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor index b90bac591..be27d0eb0 100644 --- a/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor +++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor @@ -1,14 +1,15 @@ @using FWO.Api.Client @using FWO.Config.Api @using FWO.Ui.Services +@using FWO.Ui.Pages.NetworkModelling -@attribute [Authorize(Roles = "admin, requester, approver, planner, implementer, reviewer, auditor, fw-admin")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")] @inject ApiConnection apiConnection @inject UserConfig userConfig - + @if (ReqHandler.DisplayReqTaskMode) { @@ -22,50 +23,16 @@
    - @if(ReqHandler.ActReqTask.TaskType == TaskType.access.ToString() && !ReqHandler.ActStateMatrix.PhaseActive[WorkflowPhases.planning] && userConfig.ReqAutoCreateImplTasks == AutoCreateImplTaskOptions.enterInReqTask) - { -
    -
    - -
    - -
    -
    -
    -
    -
    - -
    - @if (ReqHandler.EditReqTaskMode) - { - - } - else - { - - } -
    -
    -
    - } - else - { -
    -
    - -
    - -
    +
    +
    + +
    +
    - } +
    -
    +
    @@ -76,8 +43,8 @@
    - -
    + +
    @@ -91,79 +58,114 @@
    -
    +
    @if (ReqHandler.EditReqTaskMode) { - - } + + + @(userConfig.GetText(type.ToString())) + + + } else { - + }
    - @if(ReqHandler.ActReqTask.TaskType == TaskType.access.ToString()) + @if(actTaskType == TaskType.access && !ReqHandler.ActStateMatrix.PhaseActive[WorkflowPhases.planning] && userConfig.ReqAutoCreateImplTasks == AutoCreateImplTaskOptions.enterInReqTask) {
    - +
    @if (ReqHandler.EditReqTaskMode) { - + + + @device.Name + + } else { - + }
    } + else if(actTaskType == TaskType.rule_delete) + { +
    +
    + +
    + @if (ReqHandler.EditReqTaskMode) + { + + + @device.Name + + + } + else + { + + } +
    +
    +
    + } + else if(actTaskType == TaskType.new_interface) + { +
    +
    + @if (ReqHandler.EditReqTaskMode) + { + + } + else + { + + + } +
    +
    + }
    - @if(ReqHandler.ActReqTask.TaskType == TaskType.generic.ToString()) + @if(actTaskType == TaskType.generic) { -
    +
    -
    - +
    +
    - +
    } else { -
    - +
    +
    - +
    } -
    - +
    +
    - +
    -
    - +
    +
    - +
    @@ -122,79 +159,33 @@
    - + - + - - + + - +
    - - - @if (DeleteMode) - { -

    @(deleteMessage)

    - } - -
    -
    - - - - - - - - - -
    -
    -     + + + - - - @if (CleanupMode) - { -

    @(cleanupMessage)

    - } - -
    -
    - - - - - - - - - -
    -
    -     - - - - @if (workInProgress) - { -
    - -
    - } - -     @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; private List actActions = new List(); private List credentials = new List(); @@ -225,29 +216,38 @@ { JwtReader jwt = new JwtReader(userConfig.User.Jwt); jwt.Validate(); - if (jwt.ContainsAllowedRole("admin") || jwt.ContainsAllowedRole("fw-admin")) - credentials = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getCredentials); + if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin)) + credentials = await + apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getCredentials); else - credentials = await apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets); + credentials = await + apiConnection.SendQueryAsync>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets); - foreach (ImportCredential cred in credentials) - { - if (cred.Name.EndsWith("_demo")) - { - sampleCredentials.Add(cred); - } - } - showCleanupButton = (sampleCredentials.Count > 0); + AnalyseSampleCredentials(); } catch (System.Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("fetch_credentials"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("fetch_credentials"), "", true); } } + private void AnalyseSampleCredentials() + { + sampleCredentials = new List(); + foreach (ImportCredential cred in credentials) + { + if (cred.Name.EndsWith("_demo")) + { + sampleCredentials.Add(cred); + } + } + showCleanupButton = (sampleCredentials.Count > 0); + } + private void Edit(ImportCredential credential) { actCredential = new ImportCredential(credential); + // privateKey = actCredential.Secret; EditMode = true; } @@ -258,13 +258,14 @@ actCredential = credential; var Variables = new { importCredentialId = credential.Id }; - var result = - await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.getMgmtNumberUsingCred, Variables); + var result = + await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.getMgmtNumberUsingCred, + Variables); int? numberOfManagementsUsingCredentials = result?.Aggregate?.Count; if (numberOfManagementsUsingCredentials != null && numberOfManagementsUsingCredentials != 0) { - DisplayMessageInUi!(null, userConfig.GetText("delete_credential"), userConfig.GetText("E5117"), true); + DisplayMessageInUi(null, userConfig.GetText("delete_credential"), userConfig.GetText("E5117"), true); } else { @@ -273,25 +274,28 @@ } } - private async Task Delete(ImportCredential credential) + private async Task Delete() { try { DeleteMode = false; workInProgress = true; - var Variables = new { id = credential.Id }; - int delId = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.deleteCredential, Variables)).DeletedId; - if (delId == credential.Id) + StateHasChanged(); + var Variables = new { id = actCredential.Id }; + int delId = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.deleteCredential, + Variables)).DeletedId; + if (delId == actCredential.Id) { - credentials.Remove(credential); + credentials.Remove(actCredential); } workInProgress = false; } catch (Exception exception) { workInProgress = false; - DisplayMessageInUi!(exception, userConfig.GetText("delete_credential"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("delete_credential"), "", true); } + StateHasChanged(); } private void RequestRemoveSampleData() @@ -305,7 +309,8 @@ { foreach (ImportCredential credential in sampleCredentials) { - await Delete(credential); + actCredential = credential; + await Delete(); } CleanupMode = false; showCleanupButton = false; @@ -315,7 +320,7 @@ private void Add() { AddMode = true; - newCredential = new ImportCredential() {}; + newCredential = new ImportCredential() { }; Edit(newCredential); } @@ -327,16 +332,31 @@ Edit(newCredential); } - private async Task Save() + public async Task Save() { try { if (actCredential.Sanitize()) { - DisplayMessageInUi!(null, userConfig.GetText("save_credential"), userConfig.GetText("U0001"), true); + DisplayMessageInUi(null, userConfig.GetText("save_credential"), userConfig.GetText("U0001"), true); } if (CheckValues(actCredential, userConfig.GetText("save_credential"))) { + + string mainKey = AesEnc.GetMainKey(); + string encryptedSecret = actCredential.Secret; + + // only encrypt secret if it was not already encrypted + try + { + string decryptedSecret = AesEnc.Decrypt(actCredential.Secret, mainKey); + } + catch (Exception) + { + encryptedSecret = AesEnc.Encrypt(actCredential.Secret, mainKey); + actCredential.Secret = encryptedSecret; + } + if (AddMode) { // insert new credentials @@ -350,7 +370,8 @@ cloudClientId = actCredential.CloudClientId, cloudClientSecret = actCredential.CloudClientSecret }; - ReturnId[]? returnIds = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.newCredential, Variables)).ReturnIds; + ReturnId[]? returnIds = (await + apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.newCredential, Variables)).ReturnIds; if (returnIds != null) { actCredential.Id = returnIds[0].NewId; @@ -369,30 +390,32 @@ isKeyPair = actCredential.IsKeyPair, username = actCredential.ImportUser, sshPublicKey = actCredential.PublicKey, - secret = actCredential.Secret, + secret = encryptedSecret, cloudClientId = actCredential.CloudClientId, cloudClientSecret = actCredential.CloudClientSecret }; - int udId = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.updateCredential, Variables)).UpdatedId; + int udId = (await apiConnection.SendQueryAsync(FWO.Api.Client.Queries.DeviceQueries.updateCredential, + Variables)).UpdatedId; EditMode = (udId == actCredential.Id ? false : true); credentials[credentials.FindIndex(x => x.Id == actCredential.Id)] = actCredential; } + AnalyseSampleCredentials(); } StateHasChanged(); } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("save_credential"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("save_credential"), "", true); } } private bool CheckValues(ImportCredential cred, string checkCause) { - if (cred.Name == null || cred.Name == "" || - cred.ImportUser == null || cred.ImportUser == "" || - cred.Secret == null) + if (cred.Name == null || cred.Name == "" || + cred.ImportUser == null || cred.ImportUser == "" || + cred.Secret == null) { - DisplayMessageInUi!(null, checkCause, userConfig.GetText("E5102"), true); + DisplayMessageInUi(null, checkCause, userConfig.GetText("E5102"), true); return false; } return true; diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor new file mode 100644 index 000000000..588271904 --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor @@ -0,0 +1,188 @@ +@using FWO.Config.Api; +@using FWO.Config.Api.Data; +@using FWO.Api.Client +@using FWO.Ui.Services + +@page "/settings/customtexts" +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] + +@inject ApiConnection apiConnection +@inject GlobalConfig globalConfig +@inject UserConfig userConfig + +
    +

    @(userConfig.GetText("customize_texts"))

    + +
    +@(userConfig.GetText("U5321")) +
    +
    + +
    + + + @(userConfig.GetText(language.Name)) + + +
    +
    + +
    +
    +@if(dictsLoaded) +{ +
    + +
    + +
    +
    + +
    +
    + + +
    +
    + + +
    +
    +} +@if(displayResults) +{ +
    + + + + + + + + + +
    +
    +} +
    + + + + + + + + + +@code +{ + [CascadingParameter] + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; + + public class TextEntry + { + public string Key { get; set; } = ""; + public string Text { get; set; } = ""; + public string CustomText { get; set; } = ""; + public bool Delete { get; set; } + } + + private Language selectedLanguage = new(); + private Dictionary actCustomDict = new(); + private Dictionary actDict = new(); + private bool dictsLoaded = false; + private string searchString = ""; + private List results = new(); + private bool displayResults = false; + private bool ignoreHelpTexts = true; + private bool caseSensitive = false; + + protected override void OnInitialized() + { + selectedLanguage = globalConfig.uiLanguages.FirstOrDefault() ?? new Language(); + } + + private async Task LoadDicts(Language lang) + { + actCustomDict = await userConfig.GetCustomDict(lang.Name); + try + { + actDict = new(); + List uiTexts = await apiConnection.SendQueryAsync>(ConfigQueries.getTextsPerLanguage, new { language = selectedLanguage.Name }); + foreach (UiText text in uiTexts) + { + actDict.Add(text.Id, text.Txt); + } + dictsLoaded = true; + } + catch (Exception exception) + { + Log.WriteError("Load dictionary", $"Could not load texts.", exception); + } + } + + private async Task Search() + { + results = new(); + foreach(var entry in actDict) + { + if (!(ignoreHelpTexts && entry.Key.StartsWith("H")) && (caseSensitive ? entry.Value.Contains(searchString) : entry.Value.ToLower().Contains(searchString.ToLower()))) + { + results.Add(new TextEntry(){ Key = entry.Key, Text = entry.Value, CustomText = actCustomDict.ContainsKey(entry.Key) ? actCustomDict[entry.Key] : ""}); + } + } + foreach(var entry in actCustomDict) + { + if (!(ignoreHelpTexts && entry.Key.StartsWith("H")) && entry.Value.Contains(searchString)) + { + if(results.FirstOrDefault(x => x.Key == entry.Key) == null) + { + results.Add(new TextEntry(){ Key = entry.Key, Text = actDict.ContainsKey(entry.Key) ? actDict[entry.Key] : "", CustomText = entry.Value}); + } + } + } + displayResults = true; + } + + private async Task Save() + { + try + { + foreach(TextEntry entry in results.Where(e => e.Delete)) + { + var text = new + { + id = entry.Key, + lang = selectedLanguage.Name, + }; + await apiConnection.SendQueryAsync(ConfigQueries.deleteCustomText, text); + entry.Delete = false; + entry.CustomText = ""; + } + + foreach(TextEntry entry in results.Where(e => e.CustomText != "")) + { + var text = new + { + id = entry.Key, + lang = selectedLanguage.Name, + text = entry.CustomText + }; + await apiConnection.SendQueryAsync(ConfigQueries.upsertCustomText, text); + } + await LoadDicts(selectedLanguage); + DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); + } + catch (Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("save"), "", true); + } + } +} diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor index 0050bdf0a..3f3bb8c8a 100644 --- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor +++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor @@ -5,93 +5,111 @@ @page "/settings/workflowcustomizing" -@attribute [Authorize(Roles = "admin, auditor")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] @inject ApiConnection apiConnection @inject GlobalConfig globalConfig @inject UserConfig userConfig -

    @(userConfig.GetText("customizing"))

    +
    +

    @(userConfig.GetText("customizing"))

    + +
    @(userConfig.GetText("U5314"))
    @if (InitComplete && configData != null) { -
    - - @foreach (TaskType type in Enum.GetValues(typeof(TaskType))) - { - @if(type != TaskType.master) + +
    + + @foreach (TaskType type in Enum.GetValues(typeof(TaskType))) { -
    - - -
    + @if(type != TaskType.master) + { +
    + + +
    + } } - } - -
    - -
    -
    - - - - - - - - - - - -
    +
    + +
    +
    + + + + + + + + + + + +
    +
    +
    - -
    - -
    - +
    + +
    + +
    - -
    - -
    - +
    + +
    + +
    - -
    - -
    - + +
    + +
    + +
    - -
    - -
    - +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + + + @(userConfig.GetText(opt.ToString())) + + +
    - + - + - +

    @@ -108,7 +126,7 @@ else @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; private ConfigData? configData; private bool InitComplete = false; @@ -134,7 +152,7 @@ else } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false); + DisplayMessageInUi(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false); } } @@ -155,7 +173,7 @@ else configData.ReqAvailableTaskTypes = JsonSerializer.Serialize(availableTaskTypes); configData.ReqPriorities = JsonSerializer.Serialize(prioList); await globalConfig.WriteToDatabase(configData, apiConnection); - DisplayMessageInUi!(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); + DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); } else { @@ -164,7 +182,7 @@ else } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("change_default"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("change_default"), "", true); } } } diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor index d8ad76fd0..40c13bd80 100644 --- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor +++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor @@ -3,187 +3,174 @@ @using FWO.Config.Api.Data @page "/settings/defaults" -@attribute [Authorize(Roles = "admin, auditor")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] @inject ApiConnection apiConnection @inject GlobalConfig globalConfig @inject UserConfig userConfig -

    @(userConfig.GetText("standards"))

    +
    +

    @(userConfig.GetText("standards"))

    + +
    @(userConfig.GetText("U5311"))
    @if (configData != null) { -
    - -
    - +
    +
    +
    + +
    + +
    +
    + @*
    + +
    + +
    +
    *@ +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + @if (configData!.AutoFillRightSidebar) { - + } - -
    - -
    - -
    - -
    -
    -
    - -
    - -
    -
    - @*
    - -
    - -
    -
    *@ -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - @if (configData!.AutoFillRightSidebar) - { - - } - else - { - - } -
    -
    -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - -
    -
    -
    - -
    - + else + { + + } +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    +
    + + +
    +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    + + + @(userConfig.GetText(opt.ToString())) + + +
    - + - + - +

    @@ -201,19 +188,24 @@ else @code { [CascadingParameter] - Action? DisplayMessageInUi { get; set; } + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; private ConfigData? configData; + private Language selectedLanguage = new Language(); + private DateTime startDate = DateTime.Today; + private DateTime startTime = DateTime.Now.AddSeconds(-DateTime.Now.Second); protected override async Task OnInitializedAsync() { try { configData = await globalConfig.GetEditableConfig(); + selectedLanguage = globalConfig.uiLanguages.FirstOrDefault(l => l.Name == configData.DefaultLanguage) ?? new Language(); + startDate = startTime = configData.AutoDiscoverStartAt; } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false); + DisplayMessageInUi(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false); } } @@ -223,8 +215,10 @@ else { if (configData != null) { + configData.DefaultLanguage = selectedLanguage.Name; + configData.AutoDiscoverStartAt = startDate.Date.Add(startTime.TimeOfDay); await globalConfig.WriteToDatabase(configData, apiConnection); - DisplayMessageInUi!(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); + DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); } else { @@ -233,7 +227,7 @@ else } catch (Exception exception) { - DisplayMessageInUi!(exception, userConfig.GetText("change_default"), "", true); + DisplayMessageInUi(exception, userConfig.GetText("change_default"), "", true); } } } diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor new file mode 100644 index 000000000..2f6bbd59e --- /dev/null +++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor @@ -0,0 +1,250 @@ +@using FWO.Api.Client +@using FWO.Config.Api +@using FWO.Middleware.Client +@using FWO.Config.Api.Data +@using System +@using FWO.Mail +@using FWO.Encryption + +@page "/settings/email" +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")] + +@inject ApiConnection apiConnection +@inject MiddlewareClient middlewareClient +@inject GlobalConfig globalConfig +@inject UserConfig userConfig + +
    +

    @(userConfig.GetText("email_settings"))

    + +
    +@(userConfig.GetText("U5319")) +
    + + + + +
    + +
    + +
    +
    +
    + +
    + +
    +
    + +
    + +

    + + @foreach (var option in Enum.GetValues(typeof(EmailEncryptionMethod))) + { + @option
    + } +     +

    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +     +
    + +
    + + + + + + + + + + +
    + +@code +{ + [CascadingParameter] + Action DisplayMessageInUi { get; set; } = DefaultInit.DoNothing; + + private EmailForm emailForm = new EmailForm() { }; + private ConfigData? editableConfig; + private EmailConnection actEmailConnection = new (); + + protected override async Task OnInitializedAsync() + { + try + { + editableConfig = await globalConfig.GetEditableConfig(); + if (editableConfig.EmailServerAddress != "") + { + actEmailConnection = new EmailConnection( + editableConfig.EmailServerAddress, + editableConfig.EmailPort, + editableConfig.EmailTls, + editableConfig.EmailUser, + editableConfig.EmailPassword, + editableConfig.EmailSenderAddress + ); + } + } + catch (Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false); + } + } + + private async Task Save() + { + try + { + if (actEmailConnection != null && CheckValues() && editableConfig != null) + { + editableConfig.EmailServerAddress = actEmailConnection.ServerAddress; + editableConfig.EmailPort = actEmailConnection.Port; + editableConfig.EmailTls = actEmailConnection.Encryption; + if (actEmailConnection.User != null) + { + editableConfig.EmailUser = actEmailConnection.User; + } + else + { + editableConfig.EmailUser = ""; + } + if (actEmailConnection.Password != null) + { + string mainKey = AesEnc.GetMainKey(); + string encryptedSecret = actEmailConnection.Password; + + // only encrypt secret if it was not already encrypted + try + { + string decryptedSecret = AesEnc.Decrypt(actEmailConnection.Password, mainKey); + } + catch (Exception) + { + encryptedSecret = AesEnc.Encrypt(actEmailConnection.Password, mainKey); + actEmailConnection.Password = encryptedSecret; + } + + editableConfig.EmailPassword = actEmailConnection.Password; + } + else + { + editableConfig.EmailPassword = ""; + } + if (actEmailConnection.SenderEmailAddress != null) + { + editableConfig.EmailSenderAddress = actEmailConnection.SenderEmailAddress; + } + else + { + editableConfig.EmailSenderAddress = ""; + } + await globalConfig.WriteToDatabase(editableConfig, apiConnection); + DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false); + } + } + catch (Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("change_default"), "", true); + } + } + + private bool CheckValues() + { + if (actEmailConnection.ServerAddress == null || actEmailConnection.ServerAddress == "") + { + DisplayMessageInUi(null, userConfig.GetText("save_email_conn"), userConfig.GetText("E5102"), true); + return false; + } + if (actEmailConnection.Port < 1 || actEmailConnection.Port > 65535) + { + DisplayMessageInUi(null, userConfig.GetText("save_email_conn"), userConfig.GetText("E5103"), true); + return false; + } + if (actEmailConnection.SenderEmailAddress != null && !actEmailConnection.SenderEmailAddress.Contains('@')) + { + DisplayMessageInUi(null, userConfig.GetText("save_email_conn"), userConfig.GetText("E5108"), true); + return false; + } + return true; + } + + private async Task TestConnection() + { + try + { + // decrypt password if set + string encryptedPassword = ""; + if (actEmailConnection.Password != null) + { + encryptedPassword = actEmailConnection.Password; + actEmailConnection.Password = AesEnc.Decrypt(actEmailConnection.Password, AesEnc.GetMainKey()); + } + MailKitMailer mailer = new(actEmailConnection); + if (userConfig.User.Email == null || userConfig.User.Email == "") + { + DisplayMessageInUi(null, userConfig.GetText("test_email_connection"), userConfig.GetText("E8101"), true); + } + else + { + MailData mailData = new MailData(new List { userConfig.User.Email }, "Test mail from Firewall Orchestrator", "... this is the body - just testing ..."); + + if (await mailer.SendAsync(mailData, actEmailConnection, new CancellationToken())) + { + DisplayMessageInUi(null, userConfig.GetText("test_email_connection"), userConfig.GetText("U5402"), false); + } + else + { + DisplayMessageInUi(null, userConfig.GetText("test_email_connection"), "could not send message", true); + } + } + // if password was set, re-assign the enrypted password + if (actEmailConnection.Password != null) + { + actEmailConnection.Password = encryptedPassword; + } + } + catch (System.Exception exception) + { + DisplayMessageInUi(exception, userConfig.GetText("test_email_connection"), "", true); + } + } + +} diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor index 635a6d2bf..e28cb339b 100644 --- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor +++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor @@ -1,30 +1,34 @@ -@using BlazorTable +@using FWO.GlobalConstants @using FWO.Api.Data @using FWO.Api.Client @using FWO.Config.Api +@using FWO.Middleware.Client @page "/settings/gateways" -@attribute [Authorize(Roles = "admin, auditor, fw-admin")] +@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")] @inject ApiConnection apiConnection @inject UserConfig userConfig -

    @(userConfig.GetText("gateways"))

    +
    +

    @(userConfig.GetText("gateways"))

    + +
    @(userConfig.GetText("U5112"))
    - + -
    - +
    +