Cisco ASA Firewall 2G Shell #1573
Quali-Community
started this conversation in
Integrations
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Cisco ASA Firewall 2G Shell
A Shell implements integration of a device model, application or other technology with CloudShell. A shell consists of a data-model that defines how the device and its properties are modeled in CloudShell along with an automation that enables interaction with the device via CloudShell.
This Shell provides you with management capabilities such as save and restore configurations, structure autoload functionality, upgrading firmware etc.
This Shell is based on the Shell Firewall Standard.
Shell Documentation
The shell documentation can be found at: Cisco ASA Firewall 2G Shell ReadMe.
Repository
Latest Release
README.md
Name
Cisco-ASA-Firewall-Shell-2G
Owner
QualiSystems
Type
2nd Gen Shell
Category
Connectivity
Min. Compatible CloudShell Version
8.0
Total Downloads
(All Releases)
52
Link
1.0.0
(Version / Tag)
TAR / ZIP
1.0.0 (TAR)
1.0.0 (ZIP)
Author
alexquali
Published On
07/06/2017 09:57 AM
Assets
CiscoAsaFirewallShell2G.zip
[11 KB]
cloudshell-firewall-cisco-asa-2-gen-dependencies-package-1.0.6.zip
[1.85 MB]
Cisco ASA Firewall 2G Shell
Release date: June 2017
Shell version: 2.0.0
Document version: 1.0
In This Guide
Overview
A shell integrates a device model, application or other technology with CloudShell. A shell consists of a data model that defines how the device and its properties are modeled in CloudShell, along with automation that enables interaction with the device via CloudShell.
Firewall Shells
CloudShell's Firewall shells enable you to manage your Firewall device similar to your networking equipment but without connectivity. In CloudShell, a Firewall shell runs commands, such as Autoload, Load, and Save Configuration.
Cisco ASA Firewall 2G Shell
The Cisco ASA Firewall 2G shell provides you with connectivity and management capabilities such as device structure discovery and power management for the Cisco ASA Firewall.
For more information on the Cisco ASA Firewall, see the official Cisco product documentation.
Standard version
The Cisco ASA Firewall 2G shell is based on the Firewall Shell Standard version 3.0.0.
For detailed information about the shell’s structure and attributes, see the Firewall Shell Standard in GitHub.
Supported OS
▪ Cisco Adaptive Security Appliance
Requirements
Release: Cisco ASA Firewall 2G shell
Note: If your CloudShell version does not support this shell, you should consider upgrading to a later version of CloudShell or contact customer support.
Data Model
The shell's data model includes all shell metadata, families, and attributes.
Cisco ASA Firewall 2G Shell Families and Models
The Cisco ASA Firewall 2G shell families and models are listed in the following table:
Cisco ASA Firewall 2G Shell Attributes
The attribute names and types are listed in the following section of the Firewall Shell Standard:
https://github.com/QualiSystems/cloudshell-standards/blob/master/Documentation/firewall_standard.md#attributes
Automation
This section describes the automation (driver) associated with the data model. The shell’s driver is provided as part of the shell package. There are two types of automation processes, Autoload and Resource. Autoload is executed when creating the resource in the Inventory dashboard, while resource commands are run in the sandbox.
The following resource commands are available on the Cisco ASA Firewall 2G shell:
For detailed information on each of the above commands, see the following section of the Firewall Shell Standard:
https://github.com/QualiSystems/cloudshell-standards/blob/master/Documentation/firewall_standard.md#commands
Downloading the Shell
The Cisco ASA Firewall 2G shell is available from the Quali Community Integrations page.
Download the files into a temporary location on your local machine.
The shell comprises:
Importing and Configuring the Shell
This section describes how to import the Cisco ASA Firewall 2G shell and configure and modify the shell’s devices.
Importing the shell into CloudShell
To import the shell into CloudShell:
Make sure you have the shell’s zip package. If not, download the shell from the Quali Community's Integrations page.
In CloudShell Portal, as Global administrator, open the Manage – Shells page.
Click Import.
In the dialog box, navigate to the shell's zip package, select it and click Open.
The shell is displayed in the Shells page and can be used by domain administrators in all CloudShell domains to create new inventory resources, as explained in Adding Inventory Resources.
Offline installation of a shell
Note: Offline installation instructions are relevant only if CloudShell Execution Server has no access to PyPi. You can skip this section if your execution server has access to PyPi. For additional information, see the online help topic on offline dependencies.
In offline mode, import the shell into CloudShell and place any dependencies in the appropriate dependencies folder. The dependencies folder may differ, depending on the CloudShell version you are using:
For CloudShell version 8.3 and above, see Adding Shell and script packages to the local PyPi Server repository.
For CloudShell version 8.2, perform the appropriate procedure: Adding Shell and script packages to the local PyPi Server repository or Setting the python pythonOfflineRepositoryPath configuration key.
For CloudShell versions prior to 8.2, see Setting the python pythonOfflineRepositoryPath configuration key.
Adding shell and script packages to the local PyPi Server repository
If your Quali Server and/or execution servers work offline, you will need to copy all required Python packages, including the out-of-the-box ones, to the PyPi Server's repository on the Quali Server computer (by default C:\Program Files (x86)\QualiSystems\CloudShell\Server\Config\Pypi Server Repository).
For more information, see Configuring CloudShell to Execute Python Commands in Offline Mode.
To add Python packages to the local PyPi Server repository:
If you haven't created and configured the local PyPi Server repository to work with the execution server, perform the steps in Add Python packages to the local PyPi Server repository (offline mode).
For each shell or script you add into CloudShell, do one of the following (from an online computer):
Connect to the Internet and download each dependency specified in the requirements.txt file with the following command:
pip download -r requirements.txt
.The shell or script's requirements are downloaded as zip files.
In the Quali Community's Integrations page, locate the shell and click the shell's Download link. In the page that is displayed, from the Downloads area, extract the dependencies package zip file.
Place these zip files in the local PyPi Server repository.
Setting the python PythonOfflineRepositoryPath configuration key
Before PyPi Server was introduced as CloudShell’s python package management mechanism, the
PythonOfflineRepositoryPath
key was used to set the default offline package repository on the Quali Server machine, and could be used on specific Execution Server machines to set a different folder.To set the offline python repository:
Download the cloudshell-firewall-cisco-asa-2-gen-dependencies-package-1.0.6.zip file, see Downloading the Shell.
Unzip it to a local repository. Make sure the execution server has access to this folder.
On the Quali Server machine, in the ~\CloudShell\Server\customer.config file, add the following key to specify the path to the default python package folder (for all Execution Servers):
<add key="PythonOfflineRepositoryPath" value="repository full path"/>
If you want to override the default folder for a specific Execution Server, on the Execution Server machine, in the ~TestShell\Execution Server\customer.config file, add the following key:
<add key="PythonOfflineRepositoryPath" value="repository full path"/>
Restart the Execution Server.
Configuring a new resource
This section explains how to create a new resource from the shell.
In CloudShell, the component that models the device is called a resource. It is based on the shell that models the device and allows the CloudShell user and API to remotely control the device from CloudShell.
You can also modify existing resources, see Managing Resources in the Inventory.
To create a resource for the device:
In the CloudShell Portal, in the Inventory dashboard, click Add New.
From the list, select Cisco ASA Firewall 2G.
Enter the Name and IP address of the Cisco ASA Firewall.
Click Create.
In the Resource dialog box, enter the device's settings. For details, see Cisco ASA Firewall 2G Shell Attributes. Make sure you enter the device's SNMP version and credentials.
Click Continue.
CloudShell validates the device’s settings and updates the new resource with the device’s structure.
Updating Python Dependencies for Shells
This section explains how to update your Python dependencies folder. This is required when you upgrade a shell that uses new/updated dependencies. It applies to both online and offline dependencies.
Updating offline Python dependencies
To update offline Python dependencies:
Download the latest Python dependencies package zip file locally.
Extract the zip file to the suitable offline package folder(s).
Terminate the shell’s instance, as explained here.
Updating online Python dependencies
In online mode, the execution server automatically downloads and extracts the appropriate dependencies file to the online Python dependencies repository every time a new instance of the driver or script is created.
To update online Python dependencies:
Typical Workflows
Workflow 1 - Save configuration
In CloudShell Portal, add the device resource to your blueprint and reserve the blueprint.
Run the Save command on the device with the following inputs:
The configuration is saved to a file named <startup/running-config>-, which will reside in the folder path you entered.
Workflow 2 - Restore Configuration
In CloudShell Portal, add the device resource to your blueprint and reserve the blueprint.
Run the Restore resource command.
Enter the following parameters:
Workflow 3 - Load firmware
In CloudShell Portal, add the device resource to your blueprint and reserve the blueprint.
Run the Load Firmware resource command.
Enter the following parameters:
References
To download and share integrations, see Quali Community's Integrations.
For instructional training and documentation, see Quali University.
To suggest an idea for the product, see Quali's Idea box.
To connect with Quali users and experts from around the world, ask questions and discuss issues, see Quali's Community forums.
Release Notes
What's New
For release updates, see the shell's GitHub releases page.
* Please allow 30-60 seconds for manual update changes to take effect.
ofir eldar 07/06/2017 11:40 AM
· 1722 ·
Beta Was this translation helpful? Give feedback.
All reactions