def add_group(self, **cfg): section='user group' name = cfg['name'] new_userg = FortiConfig(config_type='edit', name=cfg['name']) new_userg.set_param('member', quote(cfg['group_members'])) self.d.load_config(section) self.d.candidate_config[section][name] = new_userg
def add_interface(self, **cfg): section='system interface' new_int = FortiConfig(config_type='edit', name=cfg['name']) name = cfg['name'] del cfg['name'] for e in cfg: new_int.set_param(e, cfg[e]) self.d.candidate_config[section][name] = new_int
def add_service(self, name=None, tcp_portrange=None, udp_portrange=None, vdom=None, comment=None, visibility=None, category='General'): section = 'firewall service custom' new_ser = FortiConfig(config_type='edit', name=name) new_ser.set_param('category', '"%s"' % category) if comment: new_ser.set_param('comment', '"%s"' % comment) if tcp_portrange: new_ser.set_param('tcp-portrange', quote(tcp_portrange)) if udp_portrange: new_ser.set_param('udp-portrange', quote(udp_portrange)) if visibility: new_ser.set_param('visibility', visibility) self.d.load_config(section) self.d.candidate_config[section][name] = new_ser
def add_static_route(self, name=None, gateway = None, dst = None, device = None, vdom=None, comment = None): section = 'router static' new_r = FortiConfig(config_type='edit', name=name) if gateway: new_r.set_param('gateway', gateway) if comment: new_r.set_param('comment', comment) new_r.set_param('device', device) new_r.set_param('dst', dst) self.d.load_config(section) self.d.candidate_config[section][name] = new_r
def add_user(self, **cfg): section='user local' name = cfg['name'] new_user = FortiConfig(config_type='edit', name=cfg['name']) new_user.set_param('passwd', cfg['passwd']) new_user.set_param('email-to', cfg['email']) new_user.set_param('type', cfg['type']) self.d.load_config(section) self.d.candidate_config[section][name] = new_user
# Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig import sys if __name__ == '__main__': hostname = sys.argv[1] d = FortiOS(hostname, vdom='vpn') d.open() d.load_config('router bgp') new_neigh = FortiConfig('10.6.6.8', 'edit') new_neigh.set_param('remote-as', '123') new_neigh.set_param('remotas', '123') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) d.candidate_config['router bgp']['neighbor']['10.6.6.6'].set_param( 'remote-as', '444') d.candidate_config['router bgp']['neighbor'].del_block('10.6.6.7') print "This is the diff of the configs:" for line in d.compare_config(text=True): print line print "This is how to reach the desired state:" config_changes = d.compare_config() print config_changes print "Result of applying the changes:"
def add_fw_vip(self, name = None, vdom='root', extip = None, protocol = None, extintf = 'any', portforward=None, mappedip = None, extport = None, mappedport = None, comment = None): if not name: return None section = 'firewall vip' new_vip = FortiConfig(config_type='edit', name=name) new_vip.set_param('extip', extip) new_vip.set_param('extintf', extintf) new_vip.set_param('mappedip', mappedip) if portforward == 'enable': new_vip.set_param('portforward', portforward) new_vip.set_param('extport', extport) new_vip.set_param('mappedport', mappedport) if protocol: new_vip.set_param('protocol', protocol) if comment: new_vip.set_param('comment', '"%s"' % comment) self.d.load_config(section) self.d.candidate_config['firewall vip'][name] = new_vip
def add_fw_entry(self, vdom=None, name=None, srcintf=None, dstintf=None, srcaddr=None, dstaddr=None, service=None, nat="disable", auth_redirect_addr=None, auth_cert=None, status=None, profile_protocol_options=None, ips_sensor=None, utm_status=None, groups=None, action="accept", schedule='always', ippool=None, logtraffic=None, logtraffic_start=None, comments=""): section = 'firewall policy' new_fw = FortiConfig(config_type='edit', name=name) new_fw.set_param('srcintf', quote(srcintf)) new_fw.set_param('dstintf', quote(dstintf)) new_fw.set_param('srcaddr', quote(srcaddr)) new_fw.set_param('dstaddr', quote(dstaddr)) new_fw.set_param('service', quote(service)) new_fw.set_param('schedule', quote(schedule)) new_fw.set_param('nat', nat) new_fw.set_param('action', action) if status: new_fw.set_param('status', '"%s"' % status) if groups: new_fw.set_param('groups', '"%s"' % groups) if logtraffic: new_fw.set_param('logtraffic', '"%s"' % logtraffic) if logtraffic_start: new_fw.set_param('logtraffic_start', '"%s"' % logtraffic_start) if comments: new_fw.set_param('comments', '"%s"' % comments) self.d.load_config(section) self.d.candidate_config['firewall policy'][name] = new_fw
def add_address(self, name=None, subnet=None, fqdn=None, country=None, type=None, vdom=None, member=None, start_ip=None, end_ip=None, interface=None, comment=None): section = 'firewall address' new_addr = FortiConfig(config_type='edit', name=name) if comment: new_addr.set_param('comment', '"%s"' % comment) if country: type = 'geography' new_addr.set_param('country', country) if type: new_addr.set_param('type', type) if subnet: new_addr.set_param('subnet', subnet) if fqdn: new_addr.set_param('fqdn', fqdn) if start_ip and end_ip: new_addr.set_param('iprange', type) new_addr.set_param('start-ip', start_ip) new_addr.set_param('end-ip', end_ip) if member: new_addr.set_param('member', quote(member)) section = 'firewall addrgrp' if interface: new_addr.set_param('associated-interface', quote(interface)) self.d.load_config(section) self.d.candidate_config[section][name] = new_addr
# Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig if __name__ == '__main__': f = open('running.conf', 'r') running = f.read() f.close() d = FortiOS('') d.load_config(config_text=running) d.candidate_config['router bgp'].set_param('as', 123) d.candidate_config['router bgp']['neighbor']['10.240.4.3'].set_param('bfd', 'disable') d.candidate_config['router bgp']['neighbor'].del_block('10.240.4.24') new_neigh = FortiConfig('10.6.6.6', 'edit') new_neigh.set_param('as', '666') new_neigh.set_param('route-map-out', 'my_route_map') new_neigh.set_param('update-source', 'port6') new_neigh.set_param('bfd', 'enable') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) print "This is the diff of the conigs:" for line in d.compare_config(text=True): print line print "\n\n" print "This is how to reach the desired state:" print d.compare_config()
# creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig if __name__ == '__main__': f = open('running.conf', 'r') running = f.read() f.close() d = FortiOS('') d.load_config(config_text=running) d.candidate_config['router bgp'].set_param('as', 123) d.candidate_config['router bgp']['neighbor']['10.240.4.3'].set_param( 'bfd', 'disable') d.candidate_config['router bgp']['neighbor'].del_block('10.240.4.24') new_neigh = FortiConfig('10.6.6.6', 'edit') new_neigh.set_param('as', '666') new_neigh.set_param('route-map-out', 'my_route_map') new_neigh.set_param('update-source', 'port6') new_neigh.set_param('bfd', 'enable') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) print "This is the diff of the conigs:" for line in d.compare_config(text=True): print line print "\n\n" print "This is how to reach the desired state:" print d.compare_config()
# Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig import sys if __name__ == '__main__': hostname = sys.argv[1] d = FortiOS(hostname, vdom='vpn') d.open() d.load_config('router bgp') new_neigh = FortiConfig('10.6.6.8', 'edit') new_neigh.set_param('remote-as', '123') new_neigh.set_param('remotas', '123') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) d.candidate_config['router bgp']['neighbor']['10.6.6.6'].set_param('remote-as', '444') d.candidate_config['router bgp']['neighbor'].del_block('10.6.6.7') print "This is the diff of the configs:" for line in d.compare_config(text=True): print line print "This is how to reach the desired state:" config_changes = d.compare_config() print config_changes print "Result of applying the changes:"