Guia De Especificaçãoíndice analíticoCisco Security Manager 4.4 API Specification1(Version 1.1)1Version 1.0 Published: June 14, 20121Version 1.0 Revised: July 10, 2012 (added sample programs to Section 8)1Table of Contents2List of Figures4List of Tables81 Overview111.1 Scope111.2 Changes since previous version121.2.1 Unified Access Rules121.2.2 Security Policy Object121.2.3 Network object121.2.4 Return user/ticket that last modified a config rule.121.2.5 Add device status – up/down as part of the event service121.2.6 Exec command API call will be supporting custom timeouts.121.2.7 API enhancement to return list of all the shared Policies defined in CSM.121.2.8 Return the Device’s SysObjectID in the Device Object.131.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.131.2.10 New Firewall Policies131.3 Audience131.4 References131.5 Glossary141.6 Conventions141.7 Overview of CSM Message Flows161.8 Licensing171.9 Prerequisites181.10 API Administration Settings181.11 Debug Settings192 Common Service API202.1 Object Model202.1.1 Object Identifier202.1.2 Base Object202.1.3 Device212.1.3.1 Interface232.1.3.2 Firewall Capabilities242.1.4 DeviceGroup242.1.5 Port Identifier252.1.6 BaseError262.2 Methods282.2.1 Common Request & Response282.2.1.1 Pagination282.2.2 Method login292.2.2.1 Request292.2.2.2 Response312.2.3 Method logout342.2.3.1 Request342.2.3.2 Response352.2.4 Method: ping352.2.4.1 Request362.2.4.2 Response363 CSM Configuration Service API383.1 Object Model383.1.1 Base Policy383.1.2 BasePolicyObject413.1.3 Policy Utility Classes433.1.4 PolicyObject Derived Classes453.1.4.1 NetworkPolicyObject453.1.4.2 IdentityUserGroupPolicyObject463.1.4.3 PortListPolicyObject483.1.4.4 ServicePolicyObject493.1.4.5 InterfaceRolePolicyObject513.1.4.6 TimeRangePolicyObject523.1.4.7 SLA Monitor Policy Object543.1.4.8 Standard ACE Policy Object563.1.4.9 Extended ACE Policy Object56Figure 35: ExtendedACEPolicyObject XML Schema573.1.4.10 ACL Policy Object583.1.4.11 SecurityGroupPolicyObject583.1.5 Policy Derived Classes603.1.5.1 DeviceAccessRuleFirewallPolicy603.1.5.1.1 Policy Config Device Response Example633.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy663.1.5.3 DeviceStaticRoutingFirewallPolicy673.1.5.4 DeviceStaticRoutingRouterPolicy693.1.5.5 DeviceBGPRouterPolicy713.1.5.6 InterfaceNATRouterPolicy733.1.5.7 InterfaceNATStaticRulesRouterPolicy743.1.5.8 InterfaceNATDynamicRulesRouterPolicy773.1.5.9 DeviceNATTimeoutsRouterPolicy793.1.5.10 InterfaceNATAddressPoolFirewallPolicy813.1.5.11 DeviceNATTransOptionsFirewallPolicy823.1.5.12 InterfaceNATTransExemptionsFirewallPolicy833.1.5.13 InterfaceNATDynamicRulesFirewallPolicy853.1.5.14 InterfaceNATPolicyDynamicRulesFirewallPolicy873.1.5.15 InterfaceNATStaticRulesFirewallPolicy903.1.5.16 InterfaceNATManualFirewallPolicy933.1.5.17 InterfaceNAT64ManualFirewallPolicy983.1.5.18 InterfaceNATObjectFirewallPolicy993.1.5.19 InterfaceNAT64ObjectFirewallPolicy1023.2 Methods1033.2.1 Method GetServiceInfo1043.2.1.1 Request1043.2.1.2 Response1053.2.2 Method GetGroupList1063.2.2.1 Request1063.2.2.2 Response1073.2.3 Method GetDeviceListByCapability1103.2.3.1 Request1103.2.3.2 Response1113.2.4 Method GetDeviceListByGroup1133.2.4.1 Request1133.2.4.2 Response1143.2.5 Method GetDeviceConfigByGID1153.2.5.1 Request1153.2.5.2 Response1163.2.6 Method GetDeviceConfigByName1183.2.6.1 Request1183.2.6.2 Response1203.2.7 Method GetPolicyListByDeviceGID1213.2.7.1 Request1213.2.7.2 Response1233.2.8 Method GetPolicyConfigByName1243.2.8.1 Request1243.2.8.2 Response1263.2.9 Method GetPolicyConfigByDeviceGID1293.2.9.1 Request1293.2.9.2 Response1303.2.10 Method GetSharedPolicyNamesByType1303.2.10.1 REST Request:1303.2.10.2 Response Object:1324 CSM Events Service API1344.1 Methods1344.1.1 Method GetServiceInfo1344.1.2 Method EventSubcription1344.1.2.1 Request1344.1.2.2 Response1374.1.2.3 Syslog XML Event Notifications1404.1.2.4 Syslog PlainText Event Notifications1455 CSM Utility Service API1465.1 Object Model1465.2 Methods1465.2.1 Method GetServiceInfo1475.2.2 Method execDeviceReadOnlyCLICmds1485.2.2.1 Request1485.2.2.2 Response1506 API Scaling1537 CSM Client Protocol State Machine1547.1.1 Overview1547.1.2 Using the configuration and event service1568 Sample API Client Programs1588.1 CSM API pre-configuration checks1598.2 Login and ping test1628.3 Fetch CLI configuration of a firewall1658.4 Executing show access-list on a firewall device1698.5 Fetch CSM defined firewall policy1738.6 List shared policies assigned to all devices1768.7 List content of a given shared policy1828.8 Subscribing to change notifications – Deployment, OOB1869 Troubleshooting (Common Scenarios)19010 XML Schema19110.1 Common XSD19110.2 Config XSD19510.3 Event XSD21410.4 Utility XSD216Tamanho: 4 MBPáginas: 217Language: EnglishAbrir o manual
Guia Do Programadoríndice analítico1 Overview101.1 Scope101.2 Audience111.3 References111.4 Glossary111.5 Conventions121.6 Overview of CSM Message Flows131.7 Licensing141.8 Prerequisites151.9 API Administration Settings151.10 Debug Settings162 Common Service API172.1 Object Model172.1.1 Object Identifier172.1.2 Base Object172.1.3 Device182.1.3.1 Interface202.1.3.2 Firewall Capabilities212.1.4 DeviceGroup212.1.5 Port Identifier222.1.6 BaseError232.2 Methods252.2.1 Common Request & Response252.2.1.1 Pagination252.2.2 Method login262.2.2.1 Request272.2.2.2 Response282.2.3 Method logout302.2.3.1 Request312.2.3.2 Response312.2.4 Method: ping322.2.4.1 Request322.2.4.2 Response333 CSM Configuration Service API353.1 Object Model353.1.1 Base Policy353.1.2 BasePolicyObject383.1.3 Policy Utility Classes403.1.4 PolicyObject Derived Classes423.1.4.1 NetworkPolicyObject423.1.4.2 IdentityUserGroupPolicyObject433.1.4.3 PortListPolicyObject443.1.4.4 ServicePolicyObject453.1.4.5 InterfaceRolePolicyObject473.1.4.6 TimeRangePolicyObject483.1.4.7 SLA Monitor Policy Object503.1.4.8 Standard ACE Policy Object523.1.4.9 Extended ACE Policy Object52Figure 35: ExtendedACEPolicyObject XML Schema533.1.4.10 ACL Policy Object543.1.5 Policy Derived Classes553.1.5.1 DeviceAccessRuleFirewallPolicy553.1.5.1.1 Policy Config Device Response Example583.1.5.2 DeviceStaticRoutingFirewallPolicy613.1.5.3 DeviceStaticRoutingRouterPolicy633.1.5.4 DeviceBGPRouterPolicy653.1.5.5 InterfaceNATRouterPolicy673.1.5.6 InterfaceNATStaticRulesRouterPolicy683.1.5.7 InterfaceNATDynamicRulesRouterPolicy713.1.5.8 DeviceNATTimeoutsRouterPolicy733.1.5.9 InterfaceNATAddressPoolFirewallPolicy753.1.5.10 DeviceNATTransOptionsFirewallPolicy763.1.5.11 InterfaceNATTransExemptionsFirewallPolicy773.1.5.12 InterfaceNATDynamicRulesFirewallPolicy793.1.5.13 InterfaceNATPolicyDynamicRulesFirewallPolicy813.1.5.14 InterfaceNATStaticRulesFirewallPolicy843.1.5.15 InterfaceNATManualFirewallPolicy873.1.5.16 InterfaceNATObjectFirewallPolicy923.2 Methods953.2.1 Method GetServiceInfo963.2.1.1 Request963.2.1.2 Response973.2.2 Method GetGroupList983.2.2.1 Request983.2.2.2 Response993.2.3 Method GetDeviceListByCapability1023.2.3.1 Request1023.2.3.2 Response1033.2.4 Method GetDeviceListByGroup1053.2.4.1 Request1053.2.4.2 Response1063.2.5 Method GetDeviceConfigByGID1073.2.5.1 Request1073.2.5.2 Response1083.2.6 Method GetDeviceConfigByName1103.2.6.1 Request1103.2.6.2 Response1123.2.7 Method GetPolicyListByDeviceGID1133.2.7.1 Request1133.2.7.2 Response1153.2.8 Method GetPolicyConfigByName1163.2.8.1 Request1163.2.8.2 Response1183.2.9 Method GetPolicyConfigByDeviceGID1213.2.9.1 Request1213.2.9.2 Response1224 CSM Events Service API1234.1 Methods1234.1.1 Method GetServiceInfo1234.1.2 Method EventSubcription1234.1.2.1 Request1234.1.2.2 Response1264.1.2.3 Syslog XML Event Notifications1294.1.2.4 Syslog PlainText Event Notifications1325 CSM Utility Service API1335.1 Object Model1335.2 Methods1335.2.1 Method GetServiceInfo1345.2.2 Method execDeviceReadOnlyCLICmds1355.2.2.1 Request1355.2.2.2 Response1376 API Scaling1407 CSM Client Protocol State Machine1417.1.1 Overview1417.1.2 Using the configuration and event service1438 Sample API Client Programs1458.1 CSM API pre-configuration checks1468.2 Login and ping test1498.3 Fetch CLI configuration of a firewall1528.4 Executing show access-list on a firewall device1568.5 Fetch CSM defined firewall policy1608.6 List shared policies assigned to all devices1638.7 List content of a given shared policy1698.8 Subscribing to change notifications – Deployment, OOB1739 Troubleshooting (Common Scenarios)17810 XML Schema17910.1 Common XSD17910.2 Config XSD18310.3 Event XSD20010.4 Utility XSD202Tamanho: 3 MBPáginas: 203Language: EnglishAbrir o manual