Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dasilva13
New Contributor

Third Party tools

Has anyone used a third party tool to create a report of the system config of there fortigates? I have seen some software on the internet and thought it might come in handy, especially if you could do delta reports or something.
9 REPLIES 9
ede_pfau
Esteemed Contributor III

Check out AutoDoc for Fortigate (www.autodoc.ch) from Boll Engineering. Used it a couple of times. It does a decent job if you need a report for a revision/an audit. Personally I find it quite bloated though, a report can easily have 80+ pages.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Allwyn_Mascarenhas

ede_pfau wrote:
Check out AutoDoc for Fortigate (www.autodoc.ch) from Boll Engineering. Used it a couple of times. It does a decent job if you need a report for a revision/an audit. Personally I find it quite bloated though, a report can easily have 80+ pages.

Autodoc supports upto fortios v4.0 only. Anyone aware of any other open source software or knows a good way to document firewall policies, address objects etc?

ede_pfau
Esteemed Contributor III

Nope, not true. FortiOS up to v5.2.3 is supported by Autodoc version 9.55 (http://www.autodoc.ch).


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
emnoc
Esteemed Contributor III

I agreed AutoDoc is the way to go but like ede point out it's bloated imho. What reports are you trying to achieve?

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Allwyn_Mascarenhas
Contributor

my senior wants me to type out all our clients fgt devices config into an excel sheet. Feels like some vendetta. How do i deal with him and the task?

ede_pfau
Esteemed Contributor III

Sounds impractical and unnecessary to me. A config can easily have 4000+ lines for one medium sized FGT. What would an XL sheet provide that an Autodoc report won't? Or the config file itself? There are just too many features to list them all and keep an overview of all FGTs in use. You might tell him that is my opinion from supporting and maintaining dozens of FGTs from small to big over 10 years.

What you can do to keep control is to collect configs periodically and keep a history of diffs (easy because the files are text files). For important constructs (VIPs, VPNs details and such) you should take notes, maybe in XL or rather in a Wiki.

 

Just my .02 $.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Allwyn_Mascarenhas

ede_pfau wrote:

Sounds impractical and unnecessary to me. A config can easily have 4000+ lines for one medium sized FGT. What would an XL sheet provide that an Autodoc report won't? Or the config file itself? There are just too many features to list them all and keep an overview of all FGTs in use. You might tell him that is my opinion from supporting and maintaining dozens of FGTs from small to big over 10 years.

What you can do to keep control is to collect configs periodically and keep a history of diffs (easy because the files are text files). For important constructs (VIPs, VPNs details and such) you should take notes, maybe in XL or rather in a Wiki.

 

Just my .02 $.

My thoughts exactly. I couldn't believe the man expects to manually type all address objects, policies etc into an excel sheet. The config file has a datetime stamp which is more than enough for all backup needs. A best solution is a bat script which backups all fgts everyday in the eve.

 

As for autodoc the management simply won't be thrilled with the lic fees. Totally out of question.

 

Thanks for all the response.

mrandrew

Check out Solarwinds Kiwi CatTools.  It's free for a number of devices.  I think 20 devices.  I have the paid version since I'm over that.  Works for all of my network devices including Dell and Cisco.  I think there is a bug in FortiOS 5.2.5.  I'm working through that right now.  My other FortiGate devices are running 5.0.7 and 5.2.4 and CatTools backs them up every night and sends me a report.

 

This bug is fixed in Cattools version 3.11.

Andrew

Andrew
emnoc
Esteemed Contributor III

And to add;  revision controls is included in the last fortiOS. if you need to achieve a finer details of reports and/or management controls,  you  have other decent options  like  fortimanager or  skybox.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors