To quickly import a large number of existing objects on SN firewalls or to easily create objects, you can use a CSV file and import it on the SMC server from the web interface or command line interface.
With the help of such files, you can specify the firewalls on which each object is to be deployed, among other functions.
An example of a CSV file "example-import-objects.csv" is available on the server, in the folder /opt/stormshield/examples/csv/.
You can either export existing objects from a firewall or create a new CSV file.
To export the CSV file from a firewall:
- Connect to the firewall,
- Go to Objects > Network objects.
- Click on Export.
This file contains all the network objects and groups on your firewall, except router and time objects, which the firewall cannot export.
If you are modifying a CSV file that was exported from a firewall, check that the editing software has not modified the contents of the file, in which case the file may not be imported on the SMC server.
To create a new CSV file, and to find out details about header lines and the parameters to specify according to the object's category, you may:
- Choose to export objects from a firewall,
- Look up the example given on the SMC server as indicated above.
Specifying firewalls on which objects are to be deployed
By default, objects are deployed only on the firewalls that use them. However, in the CSV file, you may indicate the firewalls on which deployment will be forced using the #deployment column.
Example of a Host object being created:
- Enter the following parameters in the columns of the file header:
- Enter the values corresponding to the parameters in the lines after the header for each Host object to be imported (example):
host,dns1.google.com,188.8.131.52,2001:4860:4860::8888,,,ALL,"Google Public DNS Server"
The #deployment parameter may take on any of the following values:
- Empty or DEFAULT: this is its default behavior - the object is deployed only on the firewalls that use it.
- ALL: the object is deployed on all firewalls.
- "Firewall 1,Firewall 2": list of firewall names between quotation marks and separated by commas. The object is deployed on these firewalls as well as the firewalls that use it.
You need read/write privileges to import objects.
- In the Network objects menu, click on .
- Select Import.
- Select the CSV file to import.
- If necessary, select the option that allows you to update existing objects by replacing them with objects found in the file.
In case of error, refer to the import summary.
No other actions can be performed on the server while objects are being imported.
- Start by copying the CSV file on the SMC server using the SSH protocol in the /tmp folder for example.
- Log in to the SMC server via the console port or in SSH using the “root” account.
- To import all object types, enter the command:
smc-import-objects --csv-file /tmp/file.csv.
- To view imported objects in the SMC web interface, refresh the page or log off and log on again.
Whether each object or group has been imported will be indicated, as well as a summary when the import is complete.
You can also choose the types of objects to import. For example, to import only Host and IP address range objects from a CSV file, enter the command:
smc-import-objects --csv-file /tmp/file.csv --host --range
The commands to be entered according to the type of object are:
|DNS name (FQDN)||--fqdn|
|IP address range||--range|
Customized variables such as %CUSTOM_X% can be used instead of IPv4 or IPv6 address values in Host, Network and IP address range objects. These customized variables are defined in the Customized variables tab in the Edit firewall panel accessible by double clicking on the line of a firewall in monitoring view.
If an imported object already existed in SMC, an error will appear. You may use the
--update option to overwrite the existing object with the one indicated in the CSV file.