I am currently investigating how we can replace a dnsmasq(1) based dhcp server with FortiGate.
For that I need to enter a lot (and I mean a LOT) of dhcp reservations and I am looking for an efficient way to re-use or import the current dhcp reservation files from dnsmasqdhcp, at least for the initial configuration.
Such a reservations file can look like this:
[...]
40:b0:34:9d:10:aa,id:*,hf-lj-zi103,192.168.99.79,set:vlan80
##c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80
c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80-forti # Test GW=fortihf-81, dh.2010132004
[...]
"set:" is used to assign a tag that will provide different dhcp options (i.e. GW, DNS, etc.) in the config file.
But basically I need the entries in bold (I think), to be added to the right dhcp server.
Anyway, I can convert i.e. the first line into something like this in CLI (http://docs.fortinet.com/document/fortigate/6.4.2/cli-reference/57620/system-dhcp-server) (lines with # are added by me for clarification. I know that this is not valid in real CLI):
config system dhcp server
edit 4 # seems there is no way to name this differently in the GUI, can I name it here?
config reserved-address
edit 1
set ip 192.168.99.79 # when this line exists, set "action reserved seems" to be implicit?
set mac 40:b0:34:9d:10:aa
set action reserved # really needed if "set ip" is there?
set description "hf-lj-zi103"
next
end
next
end
However, this is s tedious task or I have to create a script (and I am not really a coder).
A one-liner would help too.
Is there a simpler way? Perhaps an import function for tables, .csv, etc. of dhcp reservations, which I have overseen?
(in the interface GUI, DHCP server, "Add from DHCP Client List".. would be nice to see an "import" button there)
Or is there perhaps already a script or tool available out there?
Other question:
Can I actually assign a proper name (instead of "4" or "1") to the dhcp server and the sub configurations?
Thanks
Dan
well you already have created the script.
You just need to add the rest of your reservatons to it.
If you have a load of them I suggest writing some Programm that reads the reservations from you dnsmasq and creates FGT cli script.
Then you can apply that script via FGT gui or paste it into cli.
And no it is not possible to name dhcp server or reservation neither on cli nor on gui.
This is the usuall structure on FGT. Even policies are numbered (but can have a name additinally).
The number is used everywhere needed internally in FortiOS.
Btw: the FGT uses the number "0" as wildcard. So if you keep setting "edit 0" on cli the FGT will do an auto increment for the number. This works for dhcp reservations as for polices and anything that is umbered on a FGT.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hey Dan,
I have used Excel's text formula's to write code like this in the past. I'm sure there is a better way, but it has worked well for me since I'm already very familiar with Excel. I think it would work well in your scenario.
Basically you dump the info from your dnsmasq and either it's already separated into the fields you need (sounds like it would be, since CSV) or you can use the LEFT(), RIGHT(), and MID() functions in Excel to extract the parts you need (sometimes combined with LEN() if the length of fields vary). Then you simply add the "config" parts to a cell further to the right on that row.
So you might have a cell that has "edit" in it, and another cell that is a number that fills down, then a cell that uses =CONCATENATE("set ip ",C1) to refer to the value for the IP address in column C (or wherever it is), then the next cell is =CONCATENATE("set mac ",A1) and so on, you get the idea. Then the final column on that row takes all the config pieces and puts them together with carriage returns, or CHAR(10), something like this: =F1 & CHAR(10) & G1 & CHAR(10) & H1 & CHAR(10) & I1
The end result when you copy/paste out of that last column into, say Notepad++ is a script that has double quotes around every line, so you simply do a find/replace to get rid of those and then boom, you're done. I've used this many times. As I say, there may be a better way and I'd love to learn it, but this works well for me especially since once I set up the spreadsheet I can use it again with similar inputs.
- Daniel
I could write somethig in c# that accepts a dnsmasq reservations file and outputs a fgt cli script file But I will earliest finde time to tonight after work maybe.
I could do with .net gui or without.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Additionally, if you're not in too much of a hurry, I could possibly wing up a script and add it to my list.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Ok I put something together in c#. It is a .net core console app. So it can be run on .net core in linux,osx or windows.
The Zip contains the sources and binary (binary is in dnsmasq2fgt\dnsmasq2fgt\bin.
I also left the example from this thread as a textfile there and one generated example output (reservations.conf).
a .net core app is run by using the dotnet command:
dotnet dnsmasq2fgt.dll <commandlineparams>
if you run my app without any params it will give you some help about the required params.
The code is open source under the cc-by-nc license. So feel free to use,modify or redistribute it under coverage of the license.
Addition: internal use in your company for internal administration purpuses to me is NOT commercial.
I did not put in any error handling so far now so on error condition it will crash with an exception ;)
I've put it up on my dropbox acc:
https://www.dropbox.com/s...n/dnsmasq2fgt.zip?dl=1
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Try my script here:
http://fortinet.camerabob.com/reservations.cgi
I used your sample input string, and any line beginning with a hash (#) was a comment and not included. The only change you may need to make before importing is the first "edit 0". That will need to be replaced with the actual DHCP scope number.
Enjoy
*** Made an overnight change
Any column may now be used to populate any field: IP, MAC or description. Just indicate which columns correspond at the bottom of the form before submitting it.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Way cool!
Thanks a lot to all of you.
Dan
Let us know how things worked out.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.