Getting Started with the Sophos Firewall SDK in Python

The Sophos Firewall SDK is a powerful tool for managing and automating Sophos firewalls. In this post, we'll cover the basics of getting started with the SDK in Python.

Step 1: Create a Python Virtual Environment

Before we begin, it's a good idea to create a virtual environment for our project. This will help keep our dependencies isolated and make it easier to manage our project. To create a virtual environment, open your terminal and run the following command:

Command Line:

python -m venv sophos-env

This will create a new virtual environment called sophos-env. To activate it, run:

Bash

 

source sophos-env/bin/activate

Powershell

 

./Sophos-env/bin/activate.ps1

Step 2: Install the Sophos Firewall SDK

Once our virtual environment is activated, we can install the Sophos Firewall SDK using pip:

Shell

 

pip install sophosfirewall-python

 

Step 3: Example Python app

Now that we have our virtual environment set up and our dependencies installed, we can start using the SDK. Here's an example of how to interact with SFOS Firewalls. It may be used to test credentials, or to retrieve configuration from a firewall:

 

Python <main.py>

import json

from argparse import ArgumentParser

 

from sophosfirewall_python.firewallapi import (

    SophosFirewall as SFOS,

    SophosFirewallAuthFailure,

)

 

def login(fw: SFOS, debug: bool):

    try:

        result = fw.login()

        print("Credentials are valid")

        if debug:

            print("DEBUG:", result)

    except SophosFirewallAuthFailure as e:

        print("Authentication failed", str(e))

 

def get_tag(fw: SFOS, data: str, debug: bool):

    try:

        result = fw.get_tag(data)

        if debug:

            print("result received:", 0 if result is None else len(result))

        print(json.dumps(result, indent=4))

    except Exception as e:

        print("exception type=", type(e), "message=", str(e))

    # raise NotImplementedError("'find' not implemented")

 

def new_argument_parser() -> ArgumentParser:

    new_parser = ArgumentParser(description="Process command line arguments.")

    new_parser.add_argument("--user", type=str)

    new_parser.add_argument("--pass", type=str)

    new_parser.add_argument("--host", type=str, help="Hostname or IP")

    new_parser.add_argument("--port", type=int, default=4444)

    new_parser.add_argument("--data", type=str, default=None, help="Data")

    new_parser.add_argument("--verify", type=str, choices=["yes", "no"], default="yes")

    new_parser.add_argument("--debug", type=str, choices=["yes", "no"], default="yes")

    return new_parser

 

def main():

    parser = new_argument_parser()

    args = parser.parse_args()

    fw = SFOS(

        username=args.username,

        password=args.password,

        hostname=args.hostname,

        port=args.port,

        verify=args.verify == "yes",

    )

    debug = args.debug == "yes"

    if args.data is None:

        login(fw, debug)

    else:

        get_tag(fw, args.data, debug)

 

if __name__ == "__main__":

    main()

 

 

Examples:

Test login credentials on a firewall with a self-signed certificate:

 Command Line

python main.py –user <USERNAME> --pass <PASSWORD> --host <IP_OR_HOSTNAME> --verify no

 

If the credentials are correct, then it will output:

Credentials are valid

 

To retrieve a list of all host objects:

python main.py –user <USERNAME> --pass <PASSWORD> --host <IP_OR_HOSTNAME> --data iphost --verify no

 

 

Conclusion

In this post, we covered the basics of getting started with the Sophos Firewall SDK in Python. We created a virtual environment, installed the SDK and additional requirements, and created script to exercise the API. This can be used as a starting point for your own exploration, and should give you a taste of how to start working with the SDK.