@Override public boolean deletePaloAltoFirewall(DeletePaloAltoFirewallCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("No Palo Alto firewall device found with ID: " + fwDeviceId); } return deleteExternalFirewall(fwDeviceVO.getHostId()); }
@Override public List<Host> listExternalFirewalls(long physicalNetworkId, String deviceName) { List<Host> firewallHosts = new ArrayList<Host>(); NetworkDevice fwNetworkDevice = NetworkDevice.getNetworkDevice(deviceName); PhysicalNetworkVO pNetwork = null; pNetwork = _physicalNetworkDao.findById(physicalNetworkId); if (pNetwork == null) { throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId); } if ((pNetwork == null) || (fwNetworkDevice == null)) { throw new InvalidParameterValueException("Atleast one of ther required parameter physical networkId, device name is missing or invalid."); } PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), fwNetworkDevice.getNetworkServiceProvder()); if (ntwkSvcProvider == null) { return null; } List<ExternalFirewallDeviceVO> fwDevices = _externalFirewallDeviceDao.listByPhysicalNetworkAndProvider(physicalNetworkId, ntwkSvcProvider.getProviderName()); for (ExternalFirewallDeviceVO fwDevice : fwDevices) { firewallHosts.add(_hostDao.findById(fwDevice.getHostId())); } return firewallHosts; }
HostVO externalFirewall = null; if (fwDeviceVO != null) { externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); if (externalFirewall != null) { Long fwDeviceId = new Long(externalFirewall.getId());
public boolean manageRemoteAccessVpnUsers(Network network, RemoteAccessVpn vpn, List<? extends VpnUser> vpnUsers) throws ResourceUnavailableException { ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); if (externalFirewall == null) { return false; } List<VpnUser> addUsers = new ArrayList<VpnUser>(); List<VpnUser> removeUsers = new ArrayList<VpnUser>(); for (VpnUser user : vpnUsers) { if (user.getState() == VpnUser.State.Add || user.getState() == VpnUser.State.Active) { addUsers.add(user); } else if (user.getState() == VpnUser.State.Revoke) { removeUsers.add(user); } } VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(addUsers, removeUsers); addUsersCmd.setAccessDetail(NetworkElementCommand.ACCOUNT_ID, String.valueOf(network.getAccountId())); addUsersCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr()); Answer answer = _agentMgr.easySend(externalFirewall.getId(), addUsersCmd); if (answer == null || !answer.getResult()) { String details = (answer != null) ? answer.getDetails() : "details unavailable"; DataCenterVO zone = _dcDao.findById(network.getDataCenterId()); String msg = "External firewall was unable to add remote access users in zone " + zone.getName() + " due to: " + details + "."; s_logger.error(msg); throw new ResourceUnavailableException(msg, DataCenter.class, zone.getId()); } return true; }
@Override public boolean applyPortForwardingRules(Network network, List<? extends PortForwardingRule> rules) throws ResourceUnavailableException { // Find the external firewall in this zone long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<PortForwardingRuleTO> pfRules = new ArrayList<PortForwardingRuleTO>(); for (PortForwardingRule rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr()); pfRules.add(ruleTO); } sendPortForwardingRules(pfRules, zone, externalFirewall.getId()); return true; } }
@Override public PaloAltoFirewallResponse createPaloAltoFirewallResponse(ExternalFirewallDeviceVO fwDeviceVO) { PaloAltoFirewallResponse response = new PaloAltoFirewallResponse(); Map<String, String> fwDetails = _hostDetailDao.findDetails(fwDeviceVO.getHostId()); Host fwHost = _hostDao.findById(fwDeviceVO.getHostId()); response.setId(fwDeviceVO.getUuid()); PhysicalNetwork pnw = ApiDBUtils.findPhysicalNetworkById(fwDeviceVO.getPhysicalNetworkId()); if (pnw != null) { response.setPhysicalNetworkId(pnw.getUuid()); } response.setDeviceName(fwDeviceVO.getDeviceName()); if (fwDeviceVO.getCapacity() == 0) { long defaultFwCapacity = NumbersUtil.parseLong(_configDao.getValue(Config.DefaultExternalFirewallCapacity.key()), 50); response.setDeviceCapacity(defaultFwCapacity); } else { response.setDeviceCapacity(fwDeviceVO.getCapacity()); } response.setProvider(fwDeviceVO.getProviderName()); response.setDeviceState(fwDeviceVO.getDeviceState().name()); response.setIpAddress(fwHost.getPrivateIpAddress()); response.setPublicInterface(fwDetails.get("publicInterface")); response.setUsageInterface(fwDetails.get("usageInterface")); response.setPrivateInterface(fwDetails.get("privateInterface")); response.setPublicZone(fwDetails.get("publicZone")); response.setPrivateZone(fwDetails.get("privateZone")); response.setNumRetries(fwDetails.get("numRetries")); response.setTimeout(fwDetails.get("timeout")); response.setObjectName("paloaltofirewall"); return response; }
public boolean applyStaticNatRules(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException { long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<StaticNatRuleTO> staticNatRules = new ArrayList<StaticNatRuleTO>(); for (StaticNat rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, vlan.getVlanTag(), sourceIp.getAddress().addr(), -1, -1, rule.getDestIpAddress(), -1, -1, "any", rule.isForRevoke(), false); staticNatRules.add(ruleTO); } sendStaticNatRules(staticNatRules, zone, externalFirewall.getId()); return true; }
public boolean manageRemoteAccessVpn(boolean create, Network network, RemoteAccessVpn vpn) throws ResourceUnavailableException { ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
return true; HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());