IDEA I/O home  | about  | cheat sheets  | github

Useful FortiGate Tools

A collection of useful scripts to make your life with FortiGates easier.

Convert configuration file to csv

A little python script to convert FortiGate configuration files to csv. It is hosted on GitHub: An example output is shown below.

$ python -i fortigate.csv

It can be used to review firewall policies together with a customer or to manipulate a large policy rule set. If I want to append a new UTM profile (IDS, Application Control, …) to multiple policies matching a certain criteria, I use this procedure:

  1. Download the FortiGate configuration file.
  2. Convert it to CSV with fgpoliciestocsv.
  3. Load and filter it in Excel according to my criteria.
  4. Copy the policy ID’s to a temporary file on an Linux machine (policy_ids.txt)
  5. Append the missing configuration with a bash one-liner (shown below).
  6. Copy script output to FortiGate CLI.
for policyid in $(cat policy_ids.txt); 
    do echo "edit $policyid \n
             set webfilter-profile newprofile\n

This generates output in the form below:

edit 1
        set webfilter-profile newprofile
edit 2
        set webfilter-profile newprofile
edit 3
        set webfilter-profile newprofile