Useful FortiGate Tools

Olivier
Olivier

A collection of useful scripts to make your life with FortiGates easier.

Convert configuration file to csv

A little python script to convert FortiGate configuration files to csv. It is hosted on GitHub: https://github.com/maaaaz/fgpoliciestocsv. An example output is shown below.

$ python fgpoliciestocsv.py -i fortigate.csv
id;srcintf;dstintf;srcaddr;dstaddr;action;schedule;service:logtraffic-app;webcache;nat
1;internal;wan1;all;all;accept;always;ANY;disable;enable;enable

It can be used to review firewall policies together with a customer or to manipulate a large policy rule set. If I want to append a new UTM profile (IDS, Application Control, ...) to multiple policies matching a certain criteria, I use this procedure:

  1. Download the FortiGate configuration file.
  2. Convert it to CSV with fgpoliciestocsv.
  3. Load and filter it in Excel according to my criteria.
  4. Copy the policy ID's to a temporary file on an Linux machine (policy_ids.txt)
  5. Append the missing configuration with a bash one-liner (shown below).
  6. Copy script output to FortiGate CLI.
for policyid in $(cat policy_ids.txt); 
    do echo "edit $policyid \n
             set webfilter-profile newprofile\n
             next";
    done

This generates output in the form below:

edit 1
        set webfilter-profile newprofile
next
edit 2
        set webfilter-profile newprofile
next
edit 3
        set webfilter-profile newprofile
next
...