Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

YohaDAVI
New Contributor

Firewall policy-address-services export

Hello,

I'm looking for a way to convert from config file in .txt for example to .csv following components :

  * Addresses
  * Addresses group
  * VIP
  * IPPOOL
  * Services
  * Service Group

During research, i found this subject : https://fusecommunity.fortinet.com/groups/community-home/digestviewer/viewthread?GroupId=1099&MID=424&CommunityKey=526bc34f-f3fe-4695-857c-2a7ad92ab83d&tab=digestviewer

But i'm not able to modified this for my usage. Moreover, i found a script in attachment for rules only.

So if you have any idea or another solution, feel free to suggest it !

Thanks a lot for you help.

Best regards

------------------------------
Yohann [LastName] [Designation]
Ing?nieur syst?me / r?seaux
[CompanyName]
[City] [State]
[Phone]
------------------------------
5 REPLIES 5
PC
New Contributor III

I have done this several ways in the past for audits:

1- manually edited the config item sections into a single line to be able to import into excel and then work there to create a nice format that shows the rules and what each item was in  a single line so they didn't have to do all the cross referencing. Not high tech but gets the task done. Some auditors though want to see the real thing so made sure what I was going to do was okay before spending the time.  
2 - similar to above but for large configs, worked with regex commands in textpad to limit the manual edits before I could pull into Excel
3 - Used image captures of the rules from the GUI and supplemented this with object details and group details so the auditor had the full info.
4-provided read only views on the firewall or shared desktops.
I have not found a good way to ever get a full conversion into a format in an automated fashion that was sufficient for the auditor.
Pete




------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
Andre_Machado_da_Sil

Notepad++ and excel can solve everything 

Andre Silva - AMSiNETWORKS.COM


------Original Message------

I have done this several ways in the past for audits:

1- manually edited the config item sections into a single line to be able to import into excel and then work there to create a nice format that shows the rules and what each item was in  a single line so they didn't have to do all the cross referencing. Not high tech but gets the task done. Some auditors though want to see the real thing so made sure what I was going to do was okay before spending the time.  
2 - similar to above but for large configs, worked with regex commands in textpad to limit the manual edits before I could pull into Excel
3 - Used image captures of the rules from the GUI and supplemented this with object details and group details so the auditor had the full info.
4-provided read only views on the firewall or shared desktops.
I have not found a good way to ever get a full conversion into a format in an automated fashion that was sufficient for the auditor.
Pete




------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
PC

Like duct tape or WD40 in the real world ( :

------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
Andre_Machado_da_Sil

Sure. Join lines on notepad , manipulate on excel and insert new lines  on notepad++   ... I just migrated 1200 lines form Cisco asa to fortigate doing this....

Andre Silva - AMSiNETWORKS.COM


------Original Message------

Like duct tape or WD40 in the real world ( :

------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
YohaDAVI

Hello,

Thanks for your reply. To be honest, notepad ++ and excel, i can't anymore. :)

When i found these 3 scripts, it was really helpfull and we just have to continue this good work. Moreover, i don't succeed in my quest for adapting these to service, vip, ippool...

Nobody doing this through python or perl like i've attached before ?

Best regards,

------------------------------
Yohann [LastName] [Designation]
Ing?nieur syst?me / r?seaux
[CompanyName]
[City] [State]
[Phone]
------------------------------