Техническое РуководствоСодержаниеCisco Security Manager 4.4 API Specification1(Version 1.1)1Version 1.0 Published: June 14, 20121Version 1.0 Revised: July 10, 2012 (added sample programs to Section 8)1Table of Contents2List of Figures4List of Tables81 Overview111.1 Scope111.2 Changes since previous version121.2.1 Unified Access Rules121.2.2 Security Policy Object121.2.3 Network object121.2.4 Return user/ticket that last modified a config rule.121.2.5 Add device status – up/down as part of the event service121.2.6 Exec command API call will be supporting custom timeouts.121.2.7 API enhancement to return list of all the shared Policies defined in CSM.121.2.8 Return the Device’s SysObjectID in the Device Object.131.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.131.2.10 New Firewall Policies131.3 Audience131.4 References131.5 Glossary141.6 Conventions141.7 Overview of CSM Message Flows161.8 Licensing171.9 Prerequisites181.10 API Administration Settings181.11 Debug Settings192 Common Service API202.1 Object Model202.1.1 Object Identifier202.1.2 Base Object202.1.3 Device212.1.3.1 Interface232.1.3.2 Firewall Capabilities242.1.4 DeviceGroup242.1.5 Port Identifier252.1.6 BaseError262.2 Methods282.2.1 Common Request & Response282.2.1.1 Pagination282.2.2 Method login292.2.2.1 Request292.2.2.2 Response312.2.3 Method logout342.2.3.1 Request342.2.3.2 Response352.2.4 Method: ping352.2.4.1 Request362.2.4.2 Response363 CSM Configuration Service API383.1 Object Model383.1.1 Base Policy383.1.2 BasePolicyObject413.1.3 Policy Utility Classes433.1.4 PolicyObject Derived Classes453.1.4.1 NetworkPolicyObject453.1.4.2 IdentityUserGroupPolicyObject463.1.4.3 PortListPolicyObject483.1.4.4 ServicePolicyObject493.1.4.5 InterfaceRolePolicyObject513.1.4.6 TimeRangePolicyObject523.1.4.7 SLA Monitor Policy Object543.1.4.8 Standard ACE Policy Object563.1.4.9 Extended ACE Policy Object56Figure 35: ExtendedACEPolicyObject XML Schema573.1.4.10 ACL Policy Object583.1.4.11 SecurityGroupPolicyObject583.1.5 Policy Derived Classes603.1.5.1 DeviceAccessRuleFirewallPolicy603.1.5.1.1 Policy Config Device Response Example633.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy663.1.5.3 DeviceStaticRoutingFirewallPolicy673.1.5.4 DeviceStaticRoutingRouterPolicy693.1.5.5 DeviceBGPRouterPolicy713.1.5.6 InterfaceNATRouterPolicy733.1.5.7 InterfaceNATStaticRulesRouterPolicy743.1.5.8 InterfaceNATDynamicRulesRouterPolicy773.1.5.9 DeviceNATTimeoutsRouterPolicy793.1.5.10 InterfaceNATAddressPoolFirewallPolicy813.1.5.11 DeviceNATTransOptionsFirewallPolicy823.1.5.12 InterfaceNATTransExemptionsFirewallPolicy833.1.5.13 InterfaceNATDynamicRulesFirewallPolicy853.1.5.14 InterfaceNATPolicyDynamicRulesFirewallPolicy873.1.5.15 InterfaceNATStaticRulesFirewallPolicy903.1.5.16 InterfaceNATManualFirewallPolicy933.1.5.17 InterfaceNAT64ManualFirewallPolicy983.1.5.18 InterfaceNATObjectFirewallPolicy993.1.5.19 InterfaceNAT64ObjectFirewallPolicy1023.2 Methods1033.2.1 Method GetServiceInfo1043.2.1.1 Request1043.2.1.2 Response1053.2.2 Method GetGroupList1063.2.2.1 Request1063.2.2.2 Response1073.2.3 Method GetDeviceListByCapability1103.2.3.1 Request1103.2.3.2 Response1113.2.4 Method GetDeviceListByGroup1133.2.4.1 Request1133.2.4.2 Response1143.2.5 Method GetDeviceConfigByGID1153.2.5.1 Request1153.2.5.2 Response1163.2.6 Method GetDeviceConfigByName1183.2.6.1 Request1183.2.6.2 Response1203.2.7 Method GetPolicyListByDeviceGID1213.2.7.1 Request1213.2.7.2 Response1233.2.8 Method GetPolicyConfigByName1243.2.8.1 Request1243.2.8.2 Response1263.2.9 Method GetPolicyConfigByDeviceGID1293.2.9.1 Request1293.2.9.2 Response1303.2.10 Method GetSharedPolicyNamesByType1303.2.10.1 REST Request:1303.2.10.2 Response Object:1324 CSM Events Service API1344.1 Methods1344.1.1 Method GetServiceInfo1344.1.2 Method EventSubcription1344.1.2.1 Request1344.1.2.2 Response1374.1.2.3 Syslog XML Event Notifications1404.1.2.4 Syslog PlainText Event Notifications1455 CSM Utility Service API1465.1 Object Model1465.2 Methods1465.2.1 Method GetServiceInfo1475.2.2 Method execDeviceReadOnlyCLICmds1485.2.2.1 Request1485.2.2.2 Response1506 API Scaling1537 CSM Client Protocol State Machine1547.1.1 Overview1547.1.2 Using the configuration and event service1568 Sample API Client Programs1588.1 CSM API pre-configuration checks1598.2 Login and ping test1628.3 Fetch CLI configuration of a firewall1658.4 Executing show access-list on a firewall device1698.5 Fetch CSM defined firewall policy1738.6 List shared policies assigned to all devices1768.7 List content of a given shared policy1828.8 Subscribing to change notifications – Deployment, OOB1869 Troubleshooting (Common Scenarios)19010 XML Schema19110.1 Common XSD19110.2 Config XSD19510.3 Event XSD21410.4 Utility XSD216Размер: 4,4 МБСтраницы: 217Язык: EnglishПросмотреть
Руководство ПользователяСодержаниеCisco Security Manager 4.12 API Specification1(Version 2.4)1Table of Contents2List of Figures5List of Tables111 Overview151.1 Scope151.2 Changes in Revision 1.1161.2.1 Unified Access Rules161.2.2 Security Policy Object161.2.3 Network object161.2.4 Return user/ticket that last modified a config rule161.2.5 Add device status – up/down as part of the event service161.2.6 Exec command API call will be supporting custom timeouts161.2.7 API enhancement to return list of all the shared Policies defined in CSM161.2.8 Return the Device’s SysObjectID in the Device Object161.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.171.2.10 New Firewall Policies171.3 Changes in Revision 2.0171.3.1 Write API171.3.1.1 Policy Objects171.3.1.2 Policy171.3.1.3 Administration Page181.3.2 All CSM Server Mode Support181.3.3 Deployment API181.3.4 API to Read Policy Object181.3.5 Access-Rule Changes181.4 Changes in Revision 2.1191.4.1 CreateSharedPolicy191.4.2 DeleteSharedPolicy191.4.3 RenameSharedPolicy191.4.4 AssignSharedPolicy201.4.5 UnassignSharedPolicy201.4.6 InheritSharedPolicy201.5 Changes in Revision 2.220In this revision, the following CSM Configuration Service read API method for getting list of policy objects for a specific object type is introduced.201.5.1 getPolicyObjectsListByType201.6 Audience201.7 References201.8 Glossary211.9 Conventions211.10 Overview of CSM Message Flows221.11 Licensing231.12 Prerequisites241.13 API Administration Settings241.14 Debug Settings252 Common Service API262.1 Object Model262.1.1 Object Identifier262.1.2 Base Object262.1.3 Device272.1.3.1 Interface292.1.3.2 Firewall Capabilities302.1.4 DeviceGroup302.1.5 Port Identifier312.1.6 BaseError322.2 Methods342.2.1 Common Request & Response342.2.1.1 Pagination342.2.2 Method login352.2.2.1 Request362.2.2.2 Response382.2.3 Method logout402.2.3.1 Request402.2.3.2 Response412.2.4 Method: ping422.2.4.1 Request422.2.4.2 Response433 CSM Configuration Service API453.1 Object Model453.1.1 Base Policy453.1.2 BasePolicyObject483.1.3 Policy Utility Classes503.1.4 PolicyObject Derived Classes523.1.4.1 NetworkPolicyObject523.1.4.2 IdentityUserGroupPolicyObject533.1.4.3 PortListPolicyObject553.1.4.4 ServicePolicyObject563.1.4.5 InterfaceRolePolicyObject583.1.4.6 TimeRangePolicyObject593.1.4.7 SLA Monitor Policy Object613.1.4.8 Standard ACE Policy Object613.1.4.9 Extended ACE Policy Object62Figure 35: ExtendedACEPolicyObject XML Schema633.1.4.10 ACL Policy Object643.1.4.11 SecurityGroupPolicyObject643.1.5 Policy Derived Classes663.1.5.1 DeviceAccessRuleFirewallPolicy663.1.5.1.1 Policy Config Device Response Example693.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy723.1.5.3 FirewallACLSettingsPolicy723.1.5.4 DeviceStaticRoutingFirewallPolicy743.1.5.5 DeviceStaticRoutingRouterPolicy763.1.5.6 DeviceBGPRouterPolicy783.1.5.7 InterfaceNATRouterPolicy803.1.5.8 InterfaceNATStaticRulesRouterPolicy803.1.5.9 InterfaceNATDynamicRulesRouterPolicy833.1.5.10 DeviceNATTimeoutsRouterPolicy853.1.5.11 InterfaceNATAddressPoolFirewallPolicy873.1.5.12 DeviceNATTransOptionsFirewallPolicy883.1.5.13 InterfaceNATTransExemptionsFirewallPolicy893.1.5.14 InterfaceNATDynamicRulesFirewallPolicy913.1.5.15 InterfaceNATPolicyDynamicRulesFirewallPolicy933.1.5.16 InterfaceNATStaticRulesFirewallPolicy963.1.5.17 InterfaceNATManualFirewallPolicy993.1.5.18 InterfaceNAT64ManualFirewallPolicy1033.1.5.19 InterfaceNATObjectFirewallPolicy1043.1.5.20 InterfaceNAT64ObjectFirewallPolicy1073.2 Methods1073.2.1 Method GetServiceInfo1093.2.1.1 Request1093.2.1.2 Response1103.2.2 Method GetGroupList1113.2.2.1 Request1113.2.2.2 Response1123.2.3 Method GetDeviceListByCapability1153.2.3.1 Request1153.2.3.2 Response1163.2.4 Method GetDeviceListByGroup1183.2.4.1 Request1183.2.4.2 Response1193.2.5 Method GetDeviceConfigByGID1203.2.5.1 Request1203.2.5.2 Response1213.2.6 Method GetDeviceConfigByName1223.2.6.1 Request1233.2.6.2 Response1243.2.7 Method GetPolicyListByDeviceGID1253.2.7.1 Request1253.2.7.2 Response1263.2.8 Method GetPolicyConfigByName1283.2.8.1 Request1283.2.8.2 Response1303.2.9 Method GetPolicyConfigByDeviceGID1333.2.9.1 Request1333.2.9.2 Response1343.2.10 Method GetSharedPolicyNamesByType1343.2.10.1 REST Request:1343.2.10.2 Response Object:1353.2.11 Method CreateCSMSession1363.2.11.1 Request1373.2.11.2 Response1383.2.12 Method ValidateCSMSession1393.2.12.1 Request1393.2.12.2 Response1403.2.13 Method SubmitCSMSession1423.2.13.1 Request1433.2.13.2 Response1433.2.14 Method DiscardCSMSession1433.2.14.1 Request1443.2.14.2 Response1443.2.15 Method ApproveCSMSession1453.2.15.1 Request1453.2.15.2 Response1463.2.16 Method OpenCSMSession1473.2.16.1 Request1473.2.16.2 Response1483.2.17 Method CloseCSMSession1483.2.17.1 Request1483.2.17.2 Response1493.2.18 Method AddPolicyObject1493.2.18.1 Request1493.2.18.2 Response1513.2.19 Method ModifyPolicyObject1523.2.19.1 Request1523.2.19.2 Response1533.2.20 Method DeletePolicyObject1543.2.20.1 Request1543.2.20.2 Response1553.2.21 Method GetPolicyObject1553.2.21.1 Request1553.2.21.2 Response1563.2.22 Method GetPolicyObjectByGID1593.2.22.1 Request1593.2.22.2 Response1603.2.23 Method GetListofDeployableDevices1603.2.23.1 Request1603.2.23.2 Response1613.2.24 Method DeployConfigByGID1633.2.24.1 Request1633.2.24.2 Response1663.2.25 Method GetDeployJobStatus1683.2.25.1 Request1683.2.25.2 Response1693.2.26 Method AddPolicyConfigByGID1703.2.26.1 Request1713.2.26.2 Response1723.2.27 Method AddPolicyConfigByName1743.2.27.1 Request1743.2.27.2 Response1753.2.28 Method ModifyPolicyConfigByGID1753.2.28.1 Request1763.2.28.2 Response1763.2.29 Method ModifyPolicyConfigByName1773.2.29.1 Request1773.2.29.2 Response1783.2.30 Method DeletePolicyConfigByGID1783.2.30.1 Request1783.2.30.2 Response1793.2.31 Method DeletePolicyConfigByName1793.2.31.1 Request1793.2.31.2 Response1803.2.32 Method ReorderPolicyConfigByGID1803.2.32.1 Request1803.2.32.2 Response1823.2.33 Method ReorderPolicyConfigByName1823.2.33.1 Request1823.2.33.2 Response1823.2.34 Method CreateSharedPolicy1833.2.34.1 Request1833.2.34.2 Response1843.2.35 Method DeleteSharedPolicy1853.2.35.1 Request1853.2.35.2 Response1873.2.36 Method RenameSharedPolicy1873.2.36.1 Request1873.2.36.2 Response1893.2.37 Method InheritSharedPolicy1893.2.37.1 Request1903.2.37.2 Response1913.2.38 Method AssignSharedPolicy1923.2.38.1 Request1933.2.38.2 Response1943.2.39 Method UnAssignSharedPolicy1953.2.39.1 Request1953.2.39.2 Response1963.2.40 Method getPolicyObjectsListByType1973.2.40.1 Request197Figure 169: getPolicyObjectsListByType Request XSD1983.2.40.2 Response198Table 109: getPolicyObjectsListByType Method Error Codes1993.3 Policy-Specific Handling1993.3.1 DeviceAccessRuleFirewallPolicy1993.3.2 FirewallACLSettingsPolicy1994 CSM Events Service API2004.1 Methods2004.1.1 Method GetServiceInfo2004.1.2 Method EventSubcription2004.1.2.1 Request2004.1.2.2 Response2034.1.2.3 Syslog XML Event Notifications2064.1.2.4 Syslog PlainText Event Notifications2115 CSM Utility Service API2125.1 Object Model2125.2 Methods2125.2.1 Method GetServiceInfo2135.2.2 Method execDeviceReadOnlyCLICmds2145.2.2.1 Request2145.2.2.2 Response2166 Error Code and Description2197 API Scaling2258 CSM Client Protocol State Machine2268.1.1 Overview2268.1.2 Using the configuration and event service2288.1.3 Using CSMSession and Write APIs2299 Sample API Client Programs2319.1 CSM API pre-configuration checks2319.2 Login and ping test2359.3 Fetch CLI configuration of a firewall2389.4 Executing show access-list on a firewall device2419.5 Fetch CSM defined firewall policy2459.6 List shared policies assigned to all devices2489.7 List content of a given shared policy2549.8 Subscribing to change notifications – Deployment, OOB25710 Troubleshooting (Common Scenarios)26211 XML Schema26311.1 Common XSD26311.2 Config XSD26811.3 Event XSD30011.4 Utility XSD301Размер: 3,8 МБСтраницы: 302Язык: EnglishПросмотреть
