FTD schemes update

drawings/cisco_ftd/ftd_any_any_rules.puml

@@ -0,0 +1,41 @@
+
+@startuml
+Title Алгоритм поиска ANY-ANY правил Cisco FTD
+
+!define DZ <font color=green>destination_zone</font> 
+!define SZ <font color=blue>source_zone</font> 
+!define NOT_VALID #pink:Правило <b>не</b> относится входящим/исходящим;
+
+start
+:Получаем правило Cisco FTD;
+:Смотрим на такие поля как:
+- SZ
+- DZ;
+if (SZ, DZ пустые?) then (Да)
+    :Значит у SZ и DZ
+    стоят значение any;
+    :Правило двунаправленное;
+    NOT_VALID
+    stop
+else (Нет)
+    switch (Проверка SZ и DZ на следующие кейсы) 
+    case ( SZ пустое\n DZ не пустое) 
+        #palegreen:Правило является входящим;
+        stop
+    case ( SZ не пустое\n DZ пустое) 
+        #palegreen:Правило является исходящим;
+        stop
+    case ( SZ не пустое\n DZ не пустое) 
+        if (SZ == DZ) then (Да)
+            :Правило двунаправленное;
+            NOT_VALID
+            stop
+        else (Нет)
+            :Правило также возможно\nдвунаправленное;
+            NOT_VALID
+            stop
+        endif
+    endswitch
+endif
+
+@enduml

drawings/cisco_ftd/ftd_incoming_outgoing_rules.puml

@@ -0,0 +1,40 @@
+@startuml
+Title Алгоритм поиска входящих/исходящих правил Cisco FTD
+
+!define DZ <font color=green>destination_zone</font> 
+!define SZ <font color=blue>source_zone</font> 
+!define NOT_VALID #pink:Правило <b>не</b> относится входящим/исходящим;
+
+start
+:Получаем правило Cisco FTD;
+:Смотрим на такие поля как:
+- SZ
+- DZ;
+if (SZ, DZ пустые?) then (Да)
+    :Значит у SZ и DZ
+    стоят значение any;
+    :Правило двунаправленное;
+    NOT_VALID
+    stop
+else (Нет)
+    switch (Проверка SZ и DZ на следующие кейсы) 
+    case ( SZ пустое\n DZ не пустое) 
+        #palegreen:Правило является входящим;
+        stop
+    case ( SZ не пустое\n DZ пустое) 
+        #palegreen:Правило является исходящим;
+        stop
+    case ( SZ не пустое\n DZ не пустое) 
+        if (SZ == DZ) then (Да)
+            :Правило двунаправленное;
+            NOT_VALID
+            stop
+        else (Нет)
+            :Правило также возможно\nдвунаправленное;
+            NOT_VALID
+            stop
+        endif
+    endswitch
+endif
+
+@enduml

drawings/cisco_ftd/ftd_rule_scheme.puml

@@ -0,0 +1,33 @@
+@startuml
+
+!include ./schemes_setup.wsd
+
+$table("CiscoFTDRuleModel", "CiscoFTDRuleModel") {
+    $pk("id") INTEGER NOT NULL
+    $column("action") VARCHAR
+    $column("name") VARCHAR
+    $column("position") VARCHAR
+    $column("rule_hits") VARCHAR
+    $column("safe_search") VARCHAR
+    $column("variable_set") VARCHAR
+}
+
+$table("CiscoFTDApplicationModel","CiscoFTDApplicationModel")   {
+    $pk("id") INTEGER NOT NULL
+    $fk("rule_id") INTEGER NOT NULL
+    $column("name") VARCHAR
+    $column("port") VARCHAR
+}
+CiscoFTDApplicationModel::rule_id }o--|| CiscoFTDRuleModel::id
+
+$table("CiscoFTDLoggingModel","CiscoFTDLoggingModel")   {
+    $pk("id") INTEGER NOT NULL
+    $fk("rule_id") INTEGER NOT NULL
+    $column("device_connector_beginning") BOOLEAN
+    $column("device_connector_end") BOOLEAN
+    $column("device_connector_files") BOOLEAN
+    $column("enabled") BOOLEAN
+}
+CiscoFTDLoggingModel::rule_id }o--|| CiscoFTDRuleModel::id
+
+@enduml

drawings/cisco_ftd/ftd_rules.puml

@@ -1,74 +1,149 @@
 @startuml 
-package time_range {
+!include ./schemes_setup.wsd
 
-}
+Title Cisco FTD pydantic rule scheme
-package eff_start_dt {
 
-}
+class CiscoFTDPolicyPyModel {
-package eff_end_dt {
+    action : str
-
+    applications : Optional[List]
-}
+    destination_networks : Optional[List]
-package start_time {
+    destination_ports : Optional[List]
-
+    destination_zones : Optional[List]
-}
+    logging : Optional[]
-package end_time {
+    name : str
-
+    position : int
-}
+    rule_hits : int
-package days {
+    safe_search : bool
-
+    source_networks : Optional[List]
-}
+    source_ports : Optional[List]
-package source_networks {
+    source_zones : Optional[List]
-
+    time_range : Optional[]
-}
+    url_entries : Optional[List]
-package destination_zones {
+    usernames : Optional[List]
-
+    variable_set : str
-}
-
-package source_zones {
-
-}
-package source_ise_metadata {
-
-}
-package action {
-
-}
-package position {
-
-}
-
-package name {
 }
 
 
-map CiscoFTDRule {
+
-    name *-> name
+class CiscoFTDLoggingModel {
-    position *-> position
+    device_connector_beginning : bool
-    action *-> action
+    device_connector_end : bool
-    source_ise_metadata *-> source_ise_metadata
+    device_connector_files : bool
-    source_zones *-> source_zones
+    enabled : bool
-    destination_zones *-> destination_zones
+}
-    source_networks *-> source_networks
+CiscoFTDPolicyPyModel::logging o-- CiscoFTDLoggingModel
-    destination_networks =>
+
-    source_ports =>
+class CiscoFTDZonePyModel {
-    destination_ports =>
+  name : str
-    application =>
+}
-    username =>
+CiscoFTDPolicyPyModel::source_zones o-- CiscoFTDZonePyModel
-    urls =>
+CiscoFTDPolicyPyModel::destination_zones o-- CiscoFTDZonePyModel
-    dc =>
+
-    beginning =>
+class CiscoFTDURLEntryPyModel {
-    end =>
+  name : str
-    files =>
+  url : str
-    safe_search =>
+}
-    rule_hits =>
+CiscoFTDPolicyPyModel::url_entries o-- CiscoFTDURLEntryPyModel
-    variable_set =>
+
-    time_range *-> time_range
+class CiscoFTDUsernamePyModel {
-    eff_start_dt *-> eff_start_dt
+  username : str
-    eff_end_dt *-> eff_end_dt
+}
-    start_time *-> start_time
+CiscoFTDPolicyPyModel::usernames o-- CiscoFTDUsernamePyModel
-    end_time *-> end_time
+
-    days *-> days
+package ports {
+    class CiscoFTDPortPyModel {
+        name : str
+        port : Union[]
+        protocol : int
+    }
+    CiscoFTDPolicyPyModel::source_ports o-- CiscoFTDPortPyModel
+    CiscoFTDPolicyPyModel::destination_ports o-- CiscoFTDPortPyModel
+
+    class CiscoFTDPortSingleValuePyModel {
+        value : int
+    }
+    CiscoFTDPortPyModel::port o-- CiscoFTDPortSingleValuePyModel
+
+    class CiscoFTDPortRangeValuePyModel {
+        end : int
+        start : int
+    }
+    CiscoFTDPortPyModel::port o-- CiscoFTDPortRangeValuePyModel
+
+    
 }
 
 
+package time_range{
+    class CiscoFTDTimeRangePyModel {
+        eff_end_datetime : Optional[str]
+        eff_start_datetime : Optional[str]
+        name : str
+        time_range : Union[]
+        time_range_type
+    }
+    CiscoFTDPolicyPyModel::time_range o-- CiscoFTDTimeRangePyModel
+
+    class CiscoFTDTimeRangeRangeIntervalPyModel {
+        end_day : Optional[str]
+        end_time : Optional[str]
+        start_day : Optional[str]
+        start_time : Optional[str]
+    }
+    CiscoFTDTimeRangeRangeIntervalPyModel o-- CiscoFTDTimeRangePyModel::time_range
+
+    class CiscoFTDTimeRangeDailyIntervalPyModel {
+        days : Optional[str]
+        end_time : Optional[str]
+        start_time : Optional[str]
+    }
+    CiscoFTDTimeRangeDailyIntervalPyModel o-- CiscoFTDTimeRangePyModel::time_range
+}
+
+package source_destinations {
+
+    class CiscoFTDNetworkRootPyModel {
+        name : str
+        object_type: Enum
+    }
+    CiscoFTDPolicyPyModel::source_networks o-- CiscoFTDNetworkRootPyModel
+    CiscoFTDPolicyPyModel::destination_networks o-- CiscoFTDNetworkRootPyModel
+
+    class CiscoFTDNetworkCountriesGroupPyModel {
+        countries_count : int
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkCountriesGroupPyModel
+
+    class CiscoFTDNetworkCountryPyModel {
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkCountryPyModel
+
+    class CiscoFTDNetworkFQDNObjectPyModel {
+        fqdn_address : str
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkFQDNObjectPyModel
+
+    class CiscoFTDNetworkGroupPyModel {
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkGroupPyModel
+
+    class CiscoFTDNetworkIPv4NetworkPyModel {
+        address : str
+        netmask : Optional[int]
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkIPv4NetworkPyModel
+
+    class CiscoFTDNetworkIPv6NetworkPyModel {
+        address : str
+        prefix_length : Optional[int]
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkIPv6NetworkPyModel
+
+    class CiscoFTDNetworkRangePyModel {
+        end_address : str
+        start_address : str
+    }
+    CiscoFTDNetworkRootPyModel <|-- CiscoFTDNetworkRangePyModel
+}
+
 @enduml

drawings/cisco_ftd/ftd_rules_downloader_service.puml

@@ -0,0 +1,51 @@
+@startuml
+class InitServiceMixin {
+  firewall
+  services_classes : dict
+}
+
+class RulesDownloaderService {
+  services_classes : dict
+  get_all_rules()
+  remove_oldest_objects()
+}
+
+RulesDownloaderService --|> InitServiceMixin
+package "CISCO firewalls downloaders" {
+class CiscoFTDDownloaderService {
+  CLASS_NAME : str
+  cisco_ftd
+  create_rule(rule: CiscoFTDPolicyPyModel) -> Optional[Rule]
+  download_rules_from_firewall() -> List[dict]
+  load_rules_to_database(rules: List[CiscoFTDPolicyPyModel]) -> List[Rule]
+}
+CiscoFTDDownloaderService --* RulesDownloaderService
+
+
+class CiscoDownloaderService {
+  all_objects_by_context : dict
+  create_rule(rule: models.CiscoRule) -> Rule
+  download_rules_from_firewall() -> List[dict]
+  get_action(rule: models.CiscoRule) -> str
+  get_context(rule: models.CiscoRule) -> str
+  get_description(rule: models.CiscoRule) -> str
+  get_destinations(rule: models.CiscoRule) -> List[NetworkObject]
+  get_enabled(rule: models.CiscoRule) -> bool
+  get_logging(rule: models.CiscoRule) -> Optional[Logging]
+  get_name(rule: models.CiscoRule) -> str
+  get_parsed_data(rule: models.CiscoRule) -> dict
+  get_path_to_rule(rule: models.CiscoRule) -> dict
+  get_policy_name(rule: models.CiscoRule) -> str
+  get_position(rule: models.CiscoRule) -> int
+  get_rule_id(rule: models.CiscoRule) -> str
+  get_services(rule: models.CiscoRule) -> List
+  get_sources(rule: models.CiscoRule) -> List[NetworkObject]
+  get_times(rule: models.CiscoRule) -> List[Time]
+  get_users(rule: models.CiscoRule) -> List[User]
+  load_rules_to_database(rules: List[dict]) -> List[Rule]
+}
+}
+
+CiscoDownloaderService --* RulesDownloaderService
+
+@enduml

drawings/cisco_ftd/schemes_setup.wsd

@@ -0,0 +1,31 @@
+@startuml
+hide empty methods
+
+!procedure $table($name, $slug)
+entity "<b>$name</b>" as $slug << (T, Orange) table >>
+!endprocedure
+
+!procedure $type($name, $slug)
+entity "<b>$name</b>" as $slug << (E, Cyan) type (enum) >>
+!endprocedure
+
+!procedure $pk($name)
+<color:#GoldenRod><&key></color> <b><i>$name</i></b>: 
+!endprocedure
+
+!procedure $enum_link($name)
+<color:#Orange><&tag></color> <i>$name</i>: 
+!endprocedure
+
+!procedure $fk($name)
+<color:#Silver><&key></color> <i>$name</i>:
+!endprocedure
+
+!procedure $column($name)
+{field} <color:#grey><&chevron-right></color> <i>$name</i>:
+!endprocedure
+
+!procedure $enum_field($name)
+{field} <color:#grey><&chevron-right></color> $name
+!endprocedure
+@enduml